Capabilities

Over the past two decades, Cybernetica has developed several mission critical systems, most of them still in use today. We have done ground-breaking research in the field of cryptography and information security and developed innovative technologies based on the findings. Our team of cryptographers, system and software engineers has gathered considerable experience. We believe that our strength today lies in the following areas:

Building Mission Critical Systems

Cybernetica has designed many mission critical systems. Sometimes, human life is on the line, for example, with distress calls handled by our maritime radio communication system. The system is fully redundant, without a single point of failure. Different parts of the system are located at several sites, most of them unmanned. Built-in diagnostics and maintenance functions enable efficient preventive maintenance.

We have developed the X-Road (exported as UXP), which serves as a backbone for digital government in Estonia and elsewhere. The X-Road system has been in production for more than 17 years with no downtime and currently handles more than 600 million transactions annually. The distributed architecture of the X-Road allows it to continue growing to several order of magnitudes of the current load.

Specialising in Architecture

Experienced developers know – performance, security, reliability and extensibility of any system cannot be added as afterthoughts after the system is implemented. Adding hardware and additional components (network and application level firewalls, gateways, etc.) can only take you so far. We at Cybernetica know this and focus on the technical issues early on. Only by making security, reliability and scalability our priorities from the very beginning did we build scalable and reliable systems that can support an entire country.

In addition to external properties, Cybernetica has a strong culture of building “beautiful” systems. To us, beauty means very pragmatic things : functions of the system are divided between subsystems in a logical manner; dependencies between subsystems are optimized and minimized; appropriate protocols are selected or designed for reliable communication between subsystems; interfaces between subsystems are reliable; the downtime of a single component usually does not bring down entire system.

Cybernetica’s software development process makes the architecture first-class citizen in the project. From the beginning the focus is on identifying and mitigating technical risks. We do not consider the risk solved unless we see working code. This approach forces us to start coding and testing activities very early. By the time we start implementing bulk of the functionality, the architectural core of the system is already implemented and tested. Putting the candidate architecture through its paces we get the confidence that the system being built fulfills the important requirements of the customer.

Expertise in Protocol Design

Many of Cybernetica’s products and solutions contain (cryptographic) protocols designed in house. In many cases, the standard protocols are not available. In other cases, standard protocols must be used in an innovative manner to satisfy the requirements. And, for more innovative/groundbreaking systems, standards to not yet exist. The choice of using an existing protocol versus creating a new one is driven by concerns such as the required security properties, available hardware and software, assumptions that can be made about users and other systems/components, availability of a trusted computing base, etc.

Cybernetica has strong track record in protocol design. We have designed protocols for use in VPN systems, timestamping systems. Our current flagship products UXP, SplitKey, Sharemind as well as the Estonian Internet voting system all contain protocol-level innovations.

Our protocol design experience is complemented by our experience in formal analysis of cryptographic protocols, as well as in quantitative risk analysis of systems, enabling us to precisely qualify and quantify, as well as explain the guarantees that the protocols provide.

Secure Implementation

Great architecture and design are not worth much without competent implementation. Cybernetica is committed to creating clean, readable and secure code. We hold regular trainings for the developers, including about secure programming techniques. All the code written is peer reviewed by other developers. We employ static analysis tools to discover bugs and security issues before they are released to production. Also routine is performing internal or external security testing to ensure that the result is secure.

Cybernetica has extensive experience in using Java and C/C++ programming languages. But that is not all we know – parts of our systems are written in Python, Ruby, Haskell, Javascript and other languages. When needed, we create our own programming languages, such as SecreC that is used to write privacy-preserving computations for the Sharemind platform.

Cybernetica has ISO 9001 certified quality management system and ISO/IEC 27001 certified information security management system. This means that our output is consistently of high quality and you can rely on us to ensure safety of your data.

Public Key Infrastructure

Cybernetica has designed many mission critical systems implemented in nearly 40 countries all over the world – from the US and Japan to several Western African and European countries.

Confidence and realiability of our data exchange and digital identity solutions are ensured by proven principles of public key cryptography and Public Key Infrastructure (PKI), which rely on the concept of public and private key pairs. This has ensured strong and solid verification of user identity.

We have built core systems used in Estonian e-government – we are the architects of the X-Road and were piloting the first ID-cards in the early 1990s. The X-Road uses PKI to ensure confidentiality and authenticity of all the transactions exchanged over the platform. The X-Road is a good example of how standard PKI protocols can be used in a secure and scalable manner.

Our newest mobile authentication and digital signature platform, SplitKey, is implemented in the Smart-ID solution and used by hundreds of e-services and over two million end-users in the Baltics. This innovative technology utilises threshold cryptosystem – it does not require any devices for key storage and, for security purposes, splits the private key into individually unusable and illegible shares, never combined in a single location.

We like to say that the strength of our solutions is defined by the importance and wide use of the systems they’re implemented in, allowing no compromises on security.