ISARA Corporation

Waterloo, Canada
Paul Lucier, VP, Sales, Business Development & Marketing
Which of the following best describes your company?
Small- or medium-sized company

Type of company (check all applicable)
  • Software
  • Systems Integration
  • Consulting/IT Services

If other, please specify
Cybersecurity and Quantum Computer Threat Protection Tools and Services

Area of Specialization
  • Big Data (Data Governance/Data Science & Analytics)
  • Cybersecurity
  • Data Storage Encryption Technology
  • SaaS (software as a service)

If other, please specify
Quantum-Safe Cryptography and Crtyptographic Agility Solutions

Do you have a need for / interest in hiring a coop/intern student?
Not at this time

Describe your company's current technology and solutions
Company Overview:

Established in 2015 by the former heads of the BlackBerry Security practice, Scott Totzke and Mike Brown, ISARA Corp (ISARA) is a cybersecurity company based in Waterloo, Ontario, Canada that is focused on delivering agile, quantum safe security solutions. As a scale up, ISARA has raised over $26M USD of investment to date and has a team of 37 full time and 7 part-time employees based primarily in the Waterloo headquarters with additional offices in San Mateo, CA and London, UK.

ISARA's formation was based on the premise that advancements in quantum computing would enable efficient attacks that would leave current asymmetric encryption standards completely vulnerable and obsolete. Addressing this security issue is a global concern requiring standards leadership from groups such as ETSI (European Telecommunications Standards Institute), NIST (National Institute of Standards and Technology) and the IETF (Internet Engineering Task Force) to define new global standards quantum-safe algorithms used by government agencies and enterprises in a post-quantum world. ISARA is actively engaged across a number of organizations to help define these standards.

In addition to our involvement in the development of global standards, ISARA conducts deep cryptographic primitive research, resulting in relevant and meaningful enhancements and optimizations in cryptographic functionality. This work is embodied in commercial-ready products to assist original equipment manufacturers (OEMs) and governments with the onset of quantum threat mitigation work. ISARA is also focused on developing agile cryptographic solutions and tools to enable enterprises and governments to prepare their infrastructure and existing systems for transition to quantum-safe security.

ISARA is also focused on solving the equally difficult problems of addressing a large-scale cryptographic migration that may take decades to complete. Focusing on these problems has led to unique areas of product development and intellectual property with the goal of enabling technology ecosystems to reduce their switching costs while making the migration seamless and transparent to the end user.

ISARA provides quantum-safe security across a variety of industries and use cases starting at the lowest level of hardware security and extending up the value chain. ISARA relies on a variety of capabilities, experiences and skillsets, including Full Product Life Cycle Management, Cryptographic Research and Optimization, Certification, Standards, Regulatory Policy and Compliance.

Commercially Launched Products:

ISARA Radiate -- Quantum-Safe Toolkit

ISARA has launched the Radiate - Quantum Safe Toolkit, a commercial quantum-safe toolkit that provides the first layer necessary for quantum-safe security. This is the lowest level component needed to develop solutions that OEMs can use to embed quantum-safe security into their product lines. ISARA Radiate helps OEM's, Enterprise and Government through research and development is focused on achieving:

Optimized implementations of various encryption schemes that are able to meet performance and security requirements in a variety of environments, including highly sensitive and constrained IoT devices.
Technical capabilities for key management and key distribution that address the unique challenges of deploying quantum safe solutions in environments ranging from smartcards and hardware security modules to large-scale data centres. Each of these environments require unique approaches to solve complex problems in dealing with quantum-safe technology.
Integrations of the ISARA Radiate Toolkit are included in commercially available hardware and software solutions from partners including, Thales, Utimaco, Digicert, and BlackBerry.

ISARA Catalyst OpenSSL Connector

The ISARA Catalyst OpenSSL Connector allows you to easily integrate the ISARA Radiate™ Quantum-safe Toolkit's cryptographic library of quantum-safe algorithms into your existing OpenSSL deployment. .

ISARA Catalyst TLS Test Bed

The ISARA Catalyst™ TLS Testbed expands on TLS 1.2 to include agility in the form of hybrid key establishment, supported by a selection of ready-to-use classic and quantum-safe hybrid cipher suites allowing you to begin your migration to quantum-safe security today.

ISARA Catalyst Digital Certificate Methodology

In October 2019, the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) X.509 (10/2019) introduced new extensions to the X.509 digital certificate standard. This optional extension lets a certificate contain additional subject public keys and issuer signatures. These extensions provide a clear path to quantum-safe security for digital certificates by enabling support for both classic and quantum-safe algorithms in one X.509 digital certificate. ISARA Catalyst Agile Digital Certificate Technology gives you the ability to seamlessly migrate complex PKI systems in phases by enabling backward compatibility with legacy components. Taking advantage of the new extension to X.509 certificates described above, ISARA Catalyst Technology creates an enhanced X.509 digital certificate that simultaneously contains two sets of subject public keys and issuer signatures. This allows gradual PKI migration with full backwards compatibility.

Research and Professional Integration Services

Benchmarking and Testing quantum safe algorithms, roadmap planning and cryptographic migration support, system design and architecture, custom research, developer support and enterprise readiness proof of concept projects.

(Under Development) Agile Cryptography Enterprise Solution -- Discover, Triage, Manage and Remediate

The ISARA team is deep into developing a crypto agility solution with the objective of enabling enterprises with simple to highly complex systems and infrastructure to understand the location and type of cryptography they have deployed in use. This solution will provide management capabilities for cryptography to simplify and ease any cryptographic migrations now or in future when a transition to quantum-safe encryption will be necessary to protect data and systems from any potential quantum computer attacks. Our target date for customer trials is January 2021.

Notable Industry Experience:

The following projects highlight some of the real-world enterprise and government projects ISARA has leveraged capabilities:

Aerospace Supplier - Quantum Safe Communications

ISARA was contracted to build a test environment for a tier 1 aerospace provider to demonstrate that elements within the part control environment could use quantum-safe algorithms to securely communicate at an acceptable performance rate. Utilizing the Radiate Toolkit, ISARA was able to utilize quantum-safe algorithms, including Dilithium and Kyber KEM.

Chipset Vendor - Quantum Safe Root of Trust (Trust Anchor)

For this project ISARA was provided with specific performance requirements for digital signature validation during the secure boot process. ISARA provided an optimized version of the Leighton-Micali Signature (LMS) algorithm to meet the vendors performance requirements.

Thales - Quantum Safe HSM (Hardware Security Module)

Collaborating with Thales, ISARA has developed a production grade add-on module for the LUNA HSM that is currently available through Thales' commercial channels. The add-on module allows customers to use stateful hash-based signatures to sign software/firmware for long-lived devices.

BlackBerry - Code Signing Appliance for Automotive OEMs

BlackBerry licensed the ISARA Radiate Toolkit from ISARA and integrated the stateful hash-based signature algorithm functionality into their BlackBerry signing appliance code signing appliance.

DigiCert - Catalyst Hybrid Certificates for Cryptographic Agility

DigiCert licensed ISARA's Catalyst technology for creating hybrid certificates that contain both classical and quantum safe elements in a single X.509 certificate. This technology allows customers to streamline their PKI migrations.

International Government - Telecommunications Protocols

A European government security agency contracted with ISARA to evaluate the impact that quantum safe cryptography would have on existing secure communications and collaboration protocols.

Canadian Government - Network testing and benchmarking tool

ISARA has been contracted by a Canadian government agency to build a networking test and benchmarking tool based on TLS 1.3. This tool will allow for the customer to configure the protocol to use various combinations of classical and quantum safe algorithms in order to understand the impact on network performance.

Defense Contractor/US Military - Cryptographic Agility and Migration

ISARA is currently working with a large US-based defense contractor and a branch of the US military to build out and test cryptographic agility capabilities. Using ISARA's Catalyst X.509 digital certificate technology, ISARA is helping the customer to build cryptographic migration capabilities into existing.

Automotive Parts Manufacturing Association (APMA) Karma Concept Car - Quantum Safe Communications

ISARA was selected to provide a secure quantum-safe communications network between onboard services and back end cloud infrastructure for the 2020 Karma Revero GT Tech Integration car that was featured in the auto tech section of CES 2020.

Are you aware of any current government challenges or opportunities that would be addressed by using your technology solution? Or a future need you can identify?
The short answer is no. Expanded comments can be found in final relections below.

As the COVID crisis continues, please describe specific opportunities where your technology might support Canadian needs / government needs
N/A

Do you have any final reflections or comments?
Today, most customers just beginning to realize they need a quantum threat mitigation strategy. In the absence of large-scale quantum computers and/or global quantum-safe algorithm standards, addressing the quantum threat is receiving low attention and there is no sense of urgency to tacke this threat. This is dangerous because the threat to existing cryptography is real and unprecedented. It will take years, vast resources and large budgets to fix. The time to start is now or we will run out of time and give up the advantages of feasibility, efficiency and seamless transition. The US has started to allocate budget and issue challenges. Canada is falling behind despite having global leading quantum and quantum-safe security expertise. ISARA and others will struggle to survive unless the government takes action in short term.