GDBMK Ltd summary

The primary objective of GDBMK is to assist companies developing cryptographic systems or products with the difficult process of having them Accredited or Evaluated and seeks to supply experience and effort on a freelance, subcontract, full or part-time basis on or off site. Assistance can also be provided in cryptographic system and architectural design, with hardware and software implementation, key management and checking for suitability for accreditation or evaluation. Companies in this niche field are typically looking for either:

  • A National Technical Authority COMSEC evaluation, for example by CESG CAPs for UK HMG to High Grade Enhanced Grade or Baseline,
  • A European evaluation to Common Criteria level EAL6 - EAL1,
  • A US NIST evaluation to FIPS140-2 levels 4-1
  • A third party review/report to assess suitability for protecting their interests or as a preliminary for evaluation

There may also be TEMPEST and FCC/CE testing and documentation associated with products and for Aerospace products there may be specialist design analysis such as FMECA, Reliability etc.

More specifically assistance can be provided working with the designers and architects and writing the following documents and performing analysis:

  • System/product requirements and High Level Design - writing Risk Assessments, Security Targets, Profiles, Policies and contributing to the architectural,
  • Detailed Specifications - Design Documents, Crytpographic Specifications, Key Management Plans, Key Specifications, Security Test Plans, Software and VHDL reviews
  • Analysis documents - Vendor evidence, Failure Analysis,
  • Security Test Methods and Reports

The rare skill set offered is a combination of:

  • an extensive, very broad and current, hands on hardware/software design background including lots of crypto designs,
  • an ability to fit in with a multi-disciple design team and get up to speed quickly,
  • experience with evaluators (CESG/FIPs/CC/IPSEC/etc)having been through multiple evaluation cycles with different equipments,
  • the ability and desire to write the required documents
  • experience testing, integrating, deploying, keying and operating high security HMG equipments

Having working on secure products with Thales e-Security, EADs-Astrium, Cogent DSN, Mass Consulting, AEP, Baltimore Tech, Zergo, as an electronic designer with Matra Marconi, BAe Space, Radstone, MOD, Aculab and BCN Data Systems and with designs in Space, Military, Industrial and volume Commercial applications GDBMK is well placed to offer assistance to a wide variety of situations.