cs
Computer

Applied Cryptography

Owl

Modern times bring new requirements and protecting information assets is one of the top-most priorities of any organization nowadays. Not only because there is a strengthening trend in terms of regulatory standards but also because the data became the most valuable asset where any leakage, damages or losses may quickly lead to business operation problems and monetary damages as well.

Our experience with practical cryptography dates back to before our company was established. Trustica's founder, Dominik Pantůček, is a leading cryptography expert specializing in both latest developments of Elliptic-Curve Cryptography topics and practical usage of Public Key Infrastructure in general. His long-term focus on related topics dates back to 1999 since when he had the opportunity to work with the brightest minds in the field.

Our mission is to bridge the gap between the cryptographic algorithms needed to fulfill all the data protection requirements and our customers needs. Whether the requirements come from applicable regulations like European General Data Protection Regulation (GDPR), United Kingdom's Data Protection Act (DPA), EIDAS or NIS2, our solutions have been used by many customers to satisfy such needs.

Securing Protocols

Although many recent systems use HTTPS as their protocol of choice and rely on readily-available trusted certificates such as those issued by the Let's Encrypt certificate authority, in reality these protect only the confidentiality and integrity of data during transfer. Client-side certificates or modern means of multiple-factor authentication should always be used on top of such transport protocol when ensuring the availability of the data only to authorized personnel and systems.

Other protocols need consideration too. Be it Secure Shell Protocol (SSH) which should not rely on password-based authentication but use asymmetric cryptography primitives, or Virtual Private Networks (VPNs) that can be readily secured by standard Public Key Infrastructure systems, we always do our best to choose the right solution.

Key Management Systems

Most of the aforementioned systems do not handle issuing new certificates or revoking compromised ones as a part of the protocol. However any PKI used with such systems can typically use multiple key management systems and tools. Choosing the right one and assessing the overall security implications of the choice is yet another service we usually offer to our customers.

For small-scale systems something very simple like Easy-RSA self-hosted Certificate Authority (CA) may be well sufficient but there are scenarios where more complex solutions are appropriate. Integrating the system of choice can sometimes be quite challenging but our team always likes challenges like this.

Encrypted Formats Tools

Over the years we have developed special applications for analyzing and using encrypted data formats and protocols. Some tools were used for replacing access or encryption keys in encrypted files, some for re-encrypting the data on-the-fly and some of the tools were used for detecting encrypted data within plain-text data sets.

With these building blocks we were even able to devise a tool for reliable detecting ransomware attacks in data storage systems by combining statistical analysis and cryptanalysis in one software.

Cryptanalysis

Designing new systems or extending existing formats a proper cryptanalysis of all the cryptography primitives and their correct composition is always necessary. Our long-term work in the field allowed us to gain the experience required for performing such cryptanalysis properly and thoroughly. If anyone needs to assess the choice and usage of cryptography in applied scenarios, we are more than happy to help with such endeavor.