SlideShare a Scribd company logo
1 of 4
Download to read offline
2023 JET Technology Labs Inc
Secure KeyTM
Cryptographic Library
JET Technology Labs has developed the Secure KeyTM
Cryptographic Library to enable high-performance
cybersecurity solutions that achieve an unprecedented level of security. The Secure Key Library
implements algorithms required to protect National Security Systems up to the Top-Secret level. The
library protects Critical Security Parameters and data through a combination of novel software and
processor security technologies. Using the Secure Key Cryptographic Library establishes a High Assurance
framework upon which modern cybersecurity services can be built.
High Performance Cryptography
The Secure Key Library enables high-performance security solutions using the latest generation of AMD
and Intel x86-64 processors. The library uses x86 Advanced Vector Extensions (AVX) and AES-NI along
with Secure Key software AES-NI ShieldTM
to enable secure use of cryptographic hardware acceleration.
The library supports bandwidths of 10Gbps+ per core using AES-256-GCM - a single 1U server can
achieve over 100Gbps throughput.
Flexible and Extensible
Available as plugins for OpenSSL, strongSwan, and Vector Packet Processor (VPP), the Secure Key Library
can enhance the security of existing solutions as a drop-in upgrade. The Secure Key Library can be
customized for a wide range of operating scenarios. Enable advanced security features to protect
workloads in untrusted environments like public clouds. Alternatively, enable the highest performance
settings when deploying to protected environments like private clouds or on-premises data centers. The
library allows run time configuration to optimize deployments in a Virtual Machine and achieve high
performance and high security even when sharing compute resources.
2023 JET Technology Labs Inc.
Security Rooted in Silicon
The Secure Key Library integrates with Trusted Execution Environment (TEE) technology for security
rooted to the processor silicon. Unlike other cryptographic libraries that are designed for general
purpose solutions, the Secure Key library utilizes TEE technologies to protect the software and data while
running. AMD Secure Encryption Virtualization (SEV) and Intel Trust Domain Extensions (TDX) provide
Data-in-Use protections and allow certificate-based Root of Trust and platform attestation. These
technologies are used by the Secure Key software to validate platform and runtime environments, while
providing continual threat detection and mitigation. Additionally, Zero Trust Architectures can utilize the
Secure Key Library TEE integration to provide advanced device and user attestation services that are
unachievable by a software only solution.
Advanced Software Protections
The Secure Key software has been purposefully designed to protect against broad categories of attacks
traditionally used to compromise software. Existing cryptographic libraries are susceptible to Zero-Day,
Side Channel, and Hardware access attacks. The Secure Key library uses innovative isolation mechanisms
and software-based memory encryption and authentication to protect Critical Security Parameters from
these types of attacks. The novel AES-NI Shield feature protects against known limitations of AES-NI,
while providing mitigations from timing and power analysis attacks. Using layered, Defense-in-Depth
security provided by the Secure Key Library enables use in various operating environments from public
cloud, on-premises private cloud, and even edge deployments.
Comparison with FIPS Cryptographic Libraries
When compared with software certified for FIPS 140-3 the Secure Key Crypto Library provides much
more in the way of security features and protection from advanced threats. Most FIPS certified libraries
have limited algorithm support (e.g., no AES-GCM support) and place severe restrictions on the
2023 JET Technology Labs Inc.
applications using the library. As an example, Critical Security Parameter handling for symmetric
encryption keys is the responsibility of the application using the library, which expands the security risk
beyond just the certified library into the application process. The Secure Key Crypto Library provides
interfaces to completely remove application software from handling symmetric keys at all by
implementing full life-cycle protection of key material from creation to use. Additionally, cryptographic
zeroization is handled completely by the Secure Key Library without placing requirements on the
application.
Security Comparison
Secure KeyTM
Library vs FIPS certified libraries
FIPS Certified
Crypto Libraries
(OpenSSL, WolfSSL,
Libgcrypt)
Secure KeyTM
Crypto Library
Algorithms FIPS Approved X** X
CNSA Limited X
CNSA 2.0 *
Run Time
Tests
Power On Self-Tests X X
Run Time Tests Limited X
Advanced Run-Time Tests
(e.g., TEE, Memory Integrity, KATs)
X
Side
Channel
Protections
Constant Time Crypto X X
Hardware Side Channel Protection
(e.g., Cold Boot, Power Analysis, Evil Maid)
X
Software Side Channel Protection
(e.g., Spectre, Inception, Downfall, Zenbleed,
Prime+Probe)
Limited X
Advanced AES-NI Protection X
Data
Protections
Compiler Protection
(e.g., Control Flow Integrity/Enforcement,
Sanitizers, Stack Defense)
Limited X
Memory Protection
(e.g., Buffer Overflow, Code Corruption,
Memory Leak)
X
Advanced Key Protection
(e.g., Key Encryption and Integrity)
X
Advanced Fail-Safe Design
(e.g., Physical Redundancy, Zeroization)
X
TEE
Integration
AMD SEV X
Intel TDX *
Certification FIPS X** *
*In Progress
** Limited algorithm support (Example: WolfSSL does not support AES-GCM in FIPS mode)
2023 JET Technology Labs Inc.
C TACT S
INFO JETTECHLA S.COM
www.jettechlabs.com

More Related Content

Similar to Secure Key Crypto - Tech Paper JET Tech Labs

lamacchia-palladium
lamacchia-palladiumlamacchia-palladium
lamacchia-palladium
Ned Hayes
 
ASPIRE by Edge Solutions Media Technologies
ASPIRE by Edge Solutions Media TechnologiesASPIRE by Edge Solutions Media Technologies
ASPIRE by Edge Solutions Media Technologies
Stephen Woodward
 

Similar to Secure Key Crypto - Tech Paper JET Tech Labs (20)

Bloombase StoreSafe Specifications
Bloombase StoreSafe SpecificationsBloombase StoreSafe Specifications
Bloombase StoreSafe Specifications
 
SECRY - Secure file storage on cloud using hybrid cryptography
SECRY - Secure file storage on cloud using hybrid cryptographySECRY - Secure file storage on cloud using hybrid cryptography
SECRY - Secure file storage on cloud using hybrid cryptography
 
Azure Sphere - GAB 2019
Azure Sphere - GAB 2019Azure Sphere - GAB 2019
Azure Sphere - GAB 2019
 
Comparative analysis of algorithms
Comparative analysis of algorithmsComparative analysis of algorithms
Comparative analysis of algorithms
 
Thales bloombase store_safe_sb
Thales bloombase store_safe_sbThales bloombase store_safe_sb
Thales bloombase store_safe_sb
 
Intel software guard extension
Intel software guard extensionIntel software guard extension
Intel software guard extension
 
secureTF: A Secure TensorFlow Framework
secureTF: A Secure TensorFlow FrameworksecureTF: A Secure TensorFlow Framework
secureTF: A Secure TensorFlow Framework
 
lamacchia-palladium
lamacchia-palladiumlamacchia-palladium
lamacchia-palladium
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
Embedded presentation
Embedded presentationEmbedded presentation
Embedded presentation
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pki
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOps
 
ASPIRE by Edge Solutions Media Technologies
ASPIRE by Edge Solutions Media TechnologiesASPIRE by Edge Solutions Media Technologies
ASPIRE by Edge Solutions Media Technologies
 
NetExplorer security leaflet
NetExplorer security leafletNetExplorer security leaflet
NetExplorer security leaflet
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Bloombase transparent at-rest data encryption security for Dell EqualLogic
Bloombase transparent at-rest data encryption security for Dell EqualLogic Bloombase transparent at-rest data encryption security for Dell EqualLogic
Bloombase transparent at-rest data encryption security for Dell EqualLogic
 
IBM Spectrum Scale Security
IBM Spectrum Scale Security IBM Spectrum Scale Security
IBM Spectrum Scale Security
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data Encryption
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 

Recently uploaded

scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
HenryBriggs2
 
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
dannyijwest
 
INTERRUPT CONTROLLER 8259 MICROPROCESSOR
INTERRUPT CONTROLLER 8259 MICROPROCESSORINTERRUPT CONTROLLER 8259 MICROPROCESSOR
INTERRUPT CONTROLLER 8259 MICROPROCESSOR
TanishkaHira1
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 

Recently uploaded (20)

Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2
 
Danikor Product Catalog- Screw Feeder.pdf
Danikor Product Catalog- Screw Feeder.pdfDanikor Product Catalog- Screw Feeder.pdf
Danikor Product Catalog- Screw Feeder.pdf
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE  and Energy Efficient BUILDINGS ptxCOST-EFFETIVE  and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
Ground Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth ReinforcementGround Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth Reinforcement
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptx
 
Post office management system project ..pdf
Post office management system project ..pdfPost office management system project ..pdf
Post office management system project ..pdf
 
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To Curves
 
INTERRUPT CONTROLLER 8259 MICROPROCESSOR
INTERRUPT CONTROLLER 8259 MICROPROCESSORINTERRUPT CONTROLLER 8259 MICROPROCESSOR
INTERRUPT CONTROLLER 8259 MICROPROCESSOR
 
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
 
Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)
 
Augmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxAugmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptx
 

Secure Key Crypto - Tech Paper JET Tech Labs

  • 1. 2023 JET Technology Labs Inc Secure KeyTM Cryptographic Library JET Technology Labs has developed the Secure KeyTM Cryptographic Library to enable high-performance cybersecurity solutions that achieve an unprecedented level of security. The Secure Key Library implements algorithms required to protect National Security Systems up to the Top-Secret level. The library protects Critical Security Parameters and data through a combination of novel software and processor security technologies. Using the Secure Key Cryptographic Library establishes a High Assurance framework upon which modern cybersecurity services can be built. High Performance Cryptography The Secure Key Library enables high-performance security solutions using the latest generation of AMD and Intel x86-64 processors. The library uses x86 Advanced Vector Extensions (AVX) and AES-NI along with Secure Key software AES-NI ShieldTM to enable secure use of cryptographic hardware acceleration. The library supports bandwidths of 10Gbps+ per core using AES-256-GCM - a single 1U server can achieve over 100Gbps throughput. Flexible and Extensible Available as plugins for OpenSSL, strongSwan, and Vector Packet Processor (VPP), the Secure Key Library can enhance the security of existing solutions as a drop-in upgrade. The Secure Key Library can be customized for a wide range of operating scenarios. Enable advanced security features to protect workloads in untrusted environments like public clouds. Alternatively, enable the highest performance settings when deploying to protected environments like private clouds or on-premises data centers. The library allows run time configuration to optimize deployments in a Virtual Machine and achieve high performance and high security even when sharing compute resources.
  • 2. 2023 JET Technology Labs Inc. Security Rooted in Silicon The Secure Key Library integrates with Trusted Execution Environment (TEE) technology for security rooted to the processor silicon. Unlike other cryptographic libraries that are designed for general purpose solutions, the Secure Key library utilizes TEE technologies to protect the software and data while running. AMD Secure Encryption Virtualization (SEV) and Intel Trust Domain Extensions (TDX) provide Data-in-Use protections and allow certificate-based Root of Trust and platform attestation. These technologies are used by the Secure Key software to validate platform and runtime environments, while providing continual threat detection and mitigation. Additionally, Zero Trust Architectures can utilize the Secure Key Library TEE integration to provide advanced device and user attestation services that are unachievable by a software only solution. Advanced Software Protections The Secure Key software has been purposefully designed to protect against broad categories of attacks traditionally used to compromise software. Existing cryptographic libraries are susceptible to Zero-Day, Side Channel, and Hardware access attacks. The Secure Key library uses innovative isolation mechanisms and software-based memory encryption and authentication to protect Critical Security Parameters from these types of attacks. The novel AES-NI Shield feature protects against known limitations of AES-NI, while providing mitigations from timing and power analysis attacks. Using layered, Defense-in-Depth security provided by the Secure Key Library enables use in various operating environments from public cloud, on-premises private cloud, and even edge deployments. Comparison with FIPS Cryptographic Libraries When compared with software certified for FIPS 140-3 the Secure Key Crypto Library provides much more in the way of security features and protection from advanced threats. Most FIPS certified libraries have limited algorithm support (e.g., no AES-GCM support) and place severe restrictions on the
  • 3. 2023 JET Technology Labs Inc. applications using the library. As an example, Critical Security Parameter handling for symmetric encryption keys is the responsibility of the application using the library, which expands the security risk beyond just the certified library into the application process. The Secure Key Crypto Library provides interfaces to completely remove application software from handling symmetric keys at all by implementing full life-cycle protection of key material from creation to use. Additionally, cryptographic zeroization is handled completely by the Secure Key Library without placing requirements on the application. Security Comparison Secure KeyTM Library vs FIPS certified libraries FIPS Certified Crypto Libraries (OpenSSL, WolfSSL, Libgcrypt) Secure KeyTM Crypto Library Algorithms FIPS Approved X** X CNSA Limited X CNSA 2.0 * Run Time Tests Power On Self-Tests X X Run Time Tests Limited X Advanced Run-Time Tests (e.g., TEE, Memory Integrity, KATs) X Side Channel Protections Constant Time Crypto X X Hardware Side Channel Protection (e.g., Cold Boot, Power Analysis, Evil Maid) X Software Side Channel Protection (e.g., Spectre, Inception, Downfall, Zenbleed, Prime+Probe) Limited X Advanced AES-NI Protection X Data Protections Compiler Protection (e.g., Control Flow Integrity/Enforcement, Sanitizers, Stack Defense) Limited X Memory Protection (e.g., Buffer Overflow, Code Corruption, Memory Leak) X Advanced Key Protection (e.g., Key Encryption and Integrity) X Advanced Fail-Safe Design (e.g., Physical Redundancy, Zeroization) X TEE Integration AMD SEV X Intel TDX * Certification FIPS X** * *In Progress ** Limited algorithm support (Example: WolfSSL does not support AES-GCM in FIPS mode)
  • 4. 2023 JET Technology Labs Inc. C TACT S INFO JETTECHLA S.COM www.jettechlabs.com