Today’s systems must anticipate future attacks. Any comprehensive system – whether for authenticated communications, secure data storage, or electronic commerce – is likely to remain in use for five years or more. It must be able to withstand the future: smarter attackers, more computational power, and greater incentives to subvert a widespread system. There won’t be time to upgrade it in the field.

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.

Synaptic Laboratories are developing robust cryptographic frameworks and cryptographic components designed to aggressively manage the worst case security risks that may face mission-critical production systems deployed globally in the field. Our approach has been to survey the most conservative design techniques and security recommendations and forge them together to build a cryptographic ecosystem that takes into consideration the complex web of human and device interaction and potential attacks from new classes of super-computer running at the ultimate computational limits permitted by the laws of physics as understood today.

Select from an solution below to learn more about which Synaptic technologies may be most suitable for your application.

In May 2009, the United States' President Barack Obama ordered a 60-day cyberspace policy review.  The project was headed up by Melissa Hathaway.  The subsequent Report identified the need and called for trustworthy and dependable computing infrastructure.  This explicitly included traditional Information and Communication Technology (ICT) systems as well as Industrial Control Systems (ICS).  The Report has been a catalyst for wide ranging cyber security initiatives in the USA, including the January 2011 Department of Homeland Security Broad Agency Announcement (BAA 11-02).

Synaptic Labs’ Trustworthy Resilient Universal Secure Infrastructure Platform (TruSIP) is our proposal to create a universally trustworthy and dependable computing platform suitable for hosting mission critical operations that addresses the above needs.  Our platform will uniformly deliver unprecedented confidentiality, integrity, availability, reliability, safety and authenticity assurances for all stakeholders against continuous and evolving insider and outsider attacks (i.e. all malicious actors), in a way that is credible and can be audited.

For more information on our proposals see the following links (hosted on the ICT Gozo Malta website):

Consider the use of smart cards, smart badges, or other hardware tokens for especially critical functions.  Although more costly than software, when properly implemented the assurance gain is great.  The form-factor is not as important as the existence of an isolated processor and address space for assured operations – an ‘Island of Security,’ if you will.  Such devices can communicate with each other through secure protocols and provide a web of security connecting secure nodes located across a sea of insecurity in the global net.

Synaptic has carefully designed our new security ecosystem using smart cards as one of its primary foundations. We have purpose built our primitives and protocols to leverage the best security features available in today's smart cards so they can rapidly address the immediate security requirements facing the global community.  High performance has been achieved by exploiting high speed hardware dedicated implementations of DES and AES (where available) as the fundamental building blocks to create stronger, faster, higher assurance cryptographic hash functions and digital signatures.  Synaptic Labs' solutions are eminently suited to ambient intelligence devices that employ technologies found in current generation smart card.

The following Synaptic technologies are optimised specifically for smart card (CPU+Symmetric Co-processor) currently in production:

• All Synaptic Labs' Key Exchange technologies, including Identity Based Encryption support
  
• All Synaptic Labs' Digital Signature related technologies
• Synaptic Labs' PQSDES cipher-hash family optimised firstly for smart cards, then desktops
• Synaptic Labs' PQSAES cipher-hash family optimised for high bandwidth applications on desktops and next-gen smart cards with AES in hardware

Information in particular has become a precious asset that must be protected against threats to its confidentiality, integrity and availability.

But conventional security is not enough.

The complexity of today's operational environment means organisations must embrace a level of business resilience that is normally associated with the protection of critical national infrastructure.

To achieve the highest level of security Synaptic are designing our desktop and server solutions to take full advantage of smart card hardware security modules. Our protocols are designed to work entirely on smart cards, or on smart cards with the assistance of a partially trusted high performance host processor.

The following Synaptic technologies are optimised specifically for desktop and server environments:

• All Synaptic Labs' Key Exchange technologies, including Identity Based Encryption support
  
• All Synaptic Labs' Digital Signature related technologies
• Synaptic Labs' PQSDES cipher-hash family optimised for maximum device support
• Synaptic Labs' PQSAES cipher-hash family optimised for higher bandwidth applications

Given today’s common hardware and software architectural paradigms, operating systems security is a major primitive for secure systems – you will not succeed without it. This area is so important that it needs all the emphasis it can get. It is the current ‘black hole’ of security.

The problem is innately difficult because from the beginning (ENIAC, 1944), due to the high cost of components, computers were built to share resources (memory, processors, buses, etc.). If you look for a one-word synopsis of computer design philosophy, it was and is SHARING. In the security realm, the one word synopsis is SEPARATION: keeping the bad guys away from the good guys’ stuff!

So today, making a computer secure requires imposing a ‘separation paradigm’ on top of an architecture built to share. That is tough! Even when partially successful, the residual problem is going to be covert channels.

High performance hardware security modules with hardened operating systems and hardened physical execution environments are uniquely situated to increase the information assurance of business and enterprise business processes. Synaptic has targeted many of our technologies to run efficiently on hardware security modules built from 32/64-bit general purpose and DSP architectures as the business server platform of choice. By achieving efficiency in currently deployed hardware security module Synaptic enables the next generation of security and business applications to run entirely within trusted environments.

The following Synaptic technologies are optimised specifically for hardware security module environments:

• All Synaptic Labs' Key Exchange technologies, including Identity Based Encryption support
  
• All Synaptic Labs' Digital Signature related technologies
• Synaptic Labs' PQSDES cipher-hash family optimised for maximum device support
• Synaptic Labs' PQSAES cipher-hash family optimised for higher bandwidth applications

Build-in Security: Ensure that security is considered and built into the design of new infrastructure, so that our critical assets are protected from the start and more resilient to naturally-occurring and deliberate threats throughout their life-cycle.

Wireless ad hoc sensor mesh networks, RFID devices, and other highly constrained devices often manage some of the most valuable and sensitive personal information. The argument that strong cryptography could not be efficiently supported in small devices has been used to justify deploying insecure devices in the field. This predictably led to an outraged community and media backlash against these otherwise useful devices.

Synaptic has specialised in the design of high assurance hardware efficient and area constrained hardware ciphers and cryptosystems such as VEST and PQSDES.

For the first time it is now possible to extend a tiny 8-bit MCU with a 3k gate hardware DES co-processor using PQSDES to improve the performance (speed and power efficiency) of all essential cryptographic operations: many-to-many key exchanges, identity based encryption, message encryption, message integrity, collision resistant hashing, and even digital signatures. There is no longer any need to implement modular arithmetic coprocessors or elliptic curve accelerators to achieve a complete system. Furthermore PQSDES can achieve full 100-year security ratings in these devices.

For small devices without a MCU, or with highly constrained power requirements or higher throughput requirements the low-area VEST-4 and VEST-8 cipher-hash functions can provide acceleration for: many-to-many key exchanges, identity based encryption, message encryption, message integrity, and collision resistant hashing. Digital signatures can be supported in network attached devices without a MCU through the use of Synaptic Labs' Notary Digital Signature technologies.

Never underestimate the attention, risk, money and time that an opponent will put into reading traffic.

Synaptic Labs' range of VEST ciphers are purpose built for low-latency high speed chip-to-chip and network communications. VEST was first published in 2005 as part of the ECRYPT NoE eSTREAM cipher competition. VEST's range of cipher-hash technologies are designed to switch between stream cipher, single pass authenticated stream cipher and collision resistant hashing operations.

Chip-to-chip privacy and integrity is required for ensuring the correct operation of a hardware device against malice where an attacker has physical access to a device. Chip-to-Chip data privacy is useful for reducing compromising signal emanations from a device.

System on Chip designs can reuse the one cipher module to act as a security co-processor for a MCU and for high-speed chip-to-chip operations as required.

The VEST-16 and VEST-32 modules are both capable of 10 gigabit/s single pass authenticated encryption in 110nm standard cell ASIC environments making them ideal for high bandwidth applications. VEST achieve this at approximately 6x less power consumption per bit of output than the cryptographically weaker US NIST AES-GCM standard.

It's not good enough to have a system where everyone (using the system) must be trusted, it must also be made robust against insiders!

The design and manufacture of standard cell ASIC chips is exponentially increasing. Mechanisms to protect against over-manufacture in the first 6 to 12 months after initial product release can have a significant impact on the viability of the investment. However protecting against over manufacture is only one point of contention. IP theft can occur anywhere in the implementation, production and deployment of the chip and its associated software.

Synaptic offers a comprehensive solution that addresses the risks throughout the entire life cycle.  Over and above Synaptic Labs' range of hardware efficient cipher technologies, Synaptic also offers technologies for securing the software (Verilog, VHDL, C) source code of a chip and its associated firmware / software during implementation, production and out in the field.  Click here to read more about our range of IC protection technologies.

The Synaptic ecosystem includes the vision for a new universal secure network carrier that offers Network of the Future capability with inbuilt 100 year security including security against code breaking quantum computers.  ‘Universal network carrier’ means the capability of carrying all existing networks including the telephone and Internet in a design that offers to accommodate future networks.  ‘Network of the Future capability’ means sustaining over 1 gigabit/sec bidirectional flows to homes and offices.  ‘100 year security’ includes security against conventional computers and quantum computers based on current understanding of the expected rates of growth in computational performance.  ‘Secure universal network carrier’ means that it is designed as a cryptographic project from its onset to host all mainstream communications network protocols in a secure fashion.

The protocols in development have been optimised to enable new small and large devices to communicate directly on the network at lower cost than over the Internet Protocol stack.