http://www.counterpane.com

Company Information

Counterpane Systems is a cryptography and computer security consulting firm. We are a virtual company based in Minneapolis, with three full-time employees and six part-time contractors. Counterpane provides expert consulting in the following areas:

Design and Analysis. This is the majority of Counterpane's work: making and breaking commercial cryptographic systems and system designs. We can analyze all aspects of a security system, from the threat model to the cryptographic algorithms, and from the protocols to the implementation and procedures. Our detailed reports provide clients with information on security problems as well as suggested fixes.

Counterpane Systems has worked in areas such as:

- Hard disk and file encryption

- E-mail encryption and authentication

- Emergency password and data recovery

- Software and information piracy prevention

- Virtual private networks

- Certificate Authority systems

- Digital timestamping

- Digital telecommunications security

- Biometric security applications

- Java security

- Electronic commerce systems

- Stored-value card security

- Secure audit logs

Implementation and Testing. Counterpane Systems also turns designs into commercial programs. We have implemented and tested many cryptographic systems, both from our own designs and from industry standards such as SET, S/MIME, and SSL. Counterpane also performs security testing and verification of software implementations and products.

Threat Modeling. Using attack tree analysis, Counterpane Systems provides a comprehensive threat analysis of systems and products. This kind of analysis can determine a system's vulnerability and the avenues of attack most likely to succeed. We can calculate the time, money, and resources necessary to attack a system, determine the security effects of different business decisions, and list the security assumptions a system is based on. Attack trees can compare attacks and countermeasures, and isolate areas where security can most profitably be improved--or most profitably be attacked.

Product Research and Forecasting. Counterpane Systems assesses potential product ideas, and gives opinions on their viability in the marketplace. We also maintain a large database of competitive information, and can provide information on existing security-related products. We publish occasional reports on different areas of commercial cryptography--electronic commerce, Internet security, public-key infrastructure, secure tokens--and make these reports available to clients.

Classes and Training. Counterpane Systems provides a wide variety of training services, from hour-long tutorials on the basics of computer security to week-long classes on the mathematics of cryptography or the philosophy of secure system design. Other classes include advanced protocol design and analysis, Internet security protocols, public-key infrastructure, and electronic commerce security. Classes can be tailored to suit individual needs.

Intellectual Property. Counterpane Systems has considerable experience writing patent disclosures for cryptographic inventions. We provide opinions on patentability and prior art, and can help clients find new ways to implement systems which avoid infringing on existing patents. We maintain a database of more than 1000 cryptography-related patents.

Export Consulting. Counterpane Systems can help clients go through the process of receiving Commodity Jurisdictions from the U.S. Department of State, and get their products approved for export from the U.S. Department of Commerce.

Theoretical and Applied Cryptographic Research. Counterpane Systems continually pursues cryptographic research. By publishing papers at international academic conferences, we maintain our state-of-the-art knowledge and experience in cryptography.

Clients. Counterpane Systems has provided consulting services for clients on five continents, including American Express, Canon, Citibank, Compaq, Dallas Semiconductor, Disney, Hughes Data Systems, Intel, Intuit, MCI, Merrill Lynch, Microsoft, Mitsubishi, National Semiconductor, Netscape, NSA, Oracle, Security Dynamics, Silicon Graphics, Stac Electronics, Veridicom, Visa, and Xerox. Contracts range from short-term expert opinions and design evaluations to multi-year design and development efforts.

COUNTERPANE SYSTEMS PERSONNEL

BRUCE SCHNEIER is president of Counterpane Systems. He is the author of Applied Cryptography (John Wiley & Sons, 1994 & 1996), the seminal work in its field. Now in its second edition, Applied Cryptography has sold over 80,000 copies world-wide and has been translated into four languages. His papers have appeared at international conferences, and he has written dozens of articles on cryptography for major magazines. He is a contributing editor to Dr. Dobb's Journal, where he edited the "Algorithms Alley" column, and has been a contributing editor to Computer and Communications Security Reviews. He designed the popular Blowfish encryption algorithm, still unbroken after years of cryptanalysis.

Schneier served on the Board of Directors of the International Association for Cryptologic Research, is a member of the Advisory Board for the Electronic Privacy Information Center, and is on the Board of Directors of the Voter's Telcom Watch. Schneier has an M.S. in Computer Science from American University and a B.S. in Physics from the University of Rochester. He is a frequent writer and lecturer on the topics of cryptography, computer security, and privacy.

JOHN KELSEY is an experienced cryptographer, cryptanalyst, and programmer who has designed several algorithms and protocols. He pioneered research on secure random number generators, differential related-key cryptanalysis on block ciphers, and the chosen-protocol attack against cryptographic protocols. His research has been presented at several international conferences, and he has broken many proposed commercial cryptographic algorithm, protocol, and system designs. He has a degree in economics and computer science from the University of Missouri in Columbia.

CHRIS HALL is experienced in mathematical cryptography (including elliptic curves), protocol design and analysis, and source-code security verification. He helped build various PGP products, including some cryptographic protocols and software in PGPfone. He discovered a major weaknesses in two different X Windows authentication schemes (the attacks and fixes weren't announced for six months so that major vendors could fix their software). Hall has a B.S. in Computer Science and Mathematics at the University of Colorado in Boulder.

DAVID WAGNER is a graduate student in cryptography at the University of California Berkeley. His cryptographic expertise includes both algorithms and protocols. He has publicly cryptanalyzed the Netscape random number generator, SSL 3.0, and the U.S. digital cellular encryption standard.

CONTACT INFORMATION

Counterpane Systems

101 E Minnehaha Parkway

Minneapolis, MN 55419

phone: (612) 823-1098 or (708) 524-9461

fax: (612) 823-1590

email: info@counterpane.com

web: http://www.counterpane.com