Skunk Works Labs
SafeLogic is proud to announce our Skunk Works Lab, where we work on cool stuff that either becomes a product, a feature of a product, or something to provide to the community. We’d like to introduce you to a couple of ongoing projects:
Wearables and connected “things” are going to be a very big part of the future of computing, metaphorically although not literally. The need for security and privacy within these devices is paramount, as they collect, process, and archive crucially private information. As these things get smaller and more embedded, space and performance become an increased concern for running strong cryptographic solutions.
SafeLogic has an answer for this, and CryptoCompact is a critical piece. We trimmed down our CryptoComply product to run on devices like Google Glass and Samsung Gear watches. But that’s not good enough. We’re going bigger, actually, smaller. CryptoCompact is undergoing a bit of an overhaul and when ready will include the following:
- FIPS 140 testing on a new class of devices
- Lightweight and resource friendly
- Strong crypto
- Some other things we can’t let out of the bag yet
CryptoCompact is being streamlined and will proudly join SafeLogic’s lineup of world class, independently validated encryption modules as soon as possible. Our pilot program is now closed as we wrap up development. Stay tuned for full product release details.
Entropy is an amount of information contained within a data stream, and strong entropy (i.e., a high degree of unpredictability) is a core need for strength of system-generated cryptographic keys. Since software and computing systems are designed to be predictable, it’s quite difficult to achieve statistically random values for use in seeds for key generation.
To comply with FIPS 140, keys should be generated with a deterministic random bit generator (DRBG), which is seeded with a value derived from the OS (i.e., via dev/random). The value here is unpredictable input. The stronger the entropy, the stronger the output from the DRBG, and the stronger the key. That’s what is important- making sure that that output from the DRBG is as unpredictable and strong as possible. The only real way to do that is to have a true, very good, very high level of entropy going into it.
SafeLogic developed ChaosControl to bring statistically random entropy to software environments. Further, this patent-pending solution:
- Complies with 800-90
- Includes test suite from 800-22
- Is available cross-platform
- Conforms to draft FIPS Implementation Guidance for entropy
ChaosControl will be bundled with a future version of CryptoComply. Stay tuned for details.
Codename: Crosstown Traffic
Cryptographic algorithms should be tested for conformance to their respective standard. The FIPS 140 program requires exhaustive black-box testing as defined by validation suites produced by the Cryptographic Algorithm Validation Program (CAVP). Running these tests is intensive and difficult over transport layer to implementations that may housed in remote labs or data centers, etc.
SafeLogic’s FIPS Algorithm Cryptographic Tester (FACT) system uses a simple network protocol for transmitting cryptographic commands and parameters from the host application to the implementation under test. The result is an efficient way to conduct algorithm testing for remote devices.
- Protocol specification which specifies the message formats and requirements for test devices
- Design specification for Host Application and Test Stub
- Utilities to parse request files generated by the testing lab and to format results properly for lab consumption
FACT will be freely available as GPL software.