Security Architecture
AllEyes Resilient
A radical security philosophy: 6 independent isolation domains, CPU-Blind design, 71 exfiltration channels analysed. Built for the most demanding CISOs and CTOs.
6 Isolation Domains
Each domain is physically and logically independent. No single domain can access the encryption keys.
AMD EPYC CPU
Host processor. Manages networking and orchestration but never sees cryptographic keys. CPU-Blind architecture.
FPGA PL (AES-GCM)
FPGA Programmable Logic. Pure hardware AES-256-GCM engines. Keys remain within the FPGA fabric, inaccessible to the CPU.
FPGA PS (ASM Firmware)
Embedded Processing System. Bare-metal assembly firmware, zero software dependencies. Handles sessions and PQC negotiations.
Sovereign GARANCE PKI
Post-quantum ML-DSA-87 PKI hosted on SecNumCloud. Sole source of keys, verifiable signatures, hot rotation.
Isolated crypto zone
AES-256-GCM engines confined to a memory-isolated FPGA zone. Not exposed on PCIe, unreachable by the host CPU.
STM32 Kill Switch
Independent STM32 controller on a separate bus. Tamper detection and immediate auto-zeroisation of keys upon physical attack.
CPU-Blind Design
In a conventional architecture, the CPU handles encryption keys in memory. This makes it vulnerable to Spectre, Meltdown, cold boot, DMA and side-channel attacks.
With the CPU-Blind architecture, keys never leave the isolated crypto zone inside the FPGA. The host CPU orchestrates network flows but cannot read, copy or exfiltrate the cryptographic keys.
71 Exfiltration Channels Analysed
Every identified channel is covered by one or more isolation domains. No known attack vector remains unaddressed.
Electromagnetic Channels
EMI emissions, TEMPEST radiation, inductive coupling, PCIe bus RF leakage.
Timing Channels
Timing attacks, latency variations, cache timing (Spectre/Meltdown), branch prediction.
Power Channels
Power analysis (SPA/DPA), voltage fluctuations, glitch attacks, fault injection.
Memory & Cache Channels
Cold boot, DMA attacks, Rowhammer, cache side-channel, shared memory.
Network Channels
Packet interception, man-in-the-middle, replay attacks, traffic analysis, DNS leak.
Physical Channels
Enclosure opening, debug probe, JTAG, chip extraction, hardware modification.
Kill Switch & Auto-Zeroisation
In the event of physical intrusion or perimeter breach, all keys are destroyed instantly.
Full erasure of all keys in the isolated FPGA crypto zone.
Secure Element STMicroelectronics TrustZone. Separate bus, cannot be disabled by software.
Enclosure opening sensors, abnormal temperature, voltage and clock monitoring.
Four Eyes Resilient Model
To access the encryption keys, an attacker must simultaneously compromise 3 independent domains out of 6. No single vulnerability is sufficient.
FPGA PL
GARANCE PKI
FPGA PS or STM32
Nation-state threat model
Designed to withstand the most advanced adversaries. Each layer eliminates a distinct attack vector.
Cross-silicon
No single component holds the complete key. Security relies on two independent manufacturers.
Zeroisation < 1 ms
Hardware tamper switch. All keys are erased in under one millisecond upon physical intrusion.
Traffic Flow Confidentiality
Constant 24/7 throughput, fixed-size packets, encrypted padding. Zero exploitable metadata even via fibre tap.
Measured & verified boot
Any firmware or OS modification triggers an automatic fail-safe. No keys without verified boot.
ANSSI-Hardened Linux
Hardened per ANSSI recommendations. Read-only rootfs, verified integrity, signed modules, no memory access even as root.
Forward secrecy 2 min
Key rotation every 2 minutes. Each session is independent and irreversible.
Let’s Talk Security
Request a detailed technical briefing on the AllEyes Resilient architecture.
Request a Briefing