Kirei is run by its two founders; Jakob Schlyter and Fredrik Ljunggren. Together we have almost 30 years’ experience within our field. On the basis of academic, analytical and efficient working practices and business understanding, Kirei focuses primarily on four main areas of IT security:
- Information Security Management
- Security Analysis & System Architecture
- DNSSEC
- Research & Development
Below you can find a description of each area, together with some examples of previous or ongoing projects.
キレイ
Information Security Management
In the area of Information Security Management Systems (ISMS), we are working on the basis of implementing controls and procedures that work in the technical environment. We bridge the gap between the wording of standards such as ISO/IEC 27002 and the daily operations of IT systems. We also help analyzing the business’s dependencies on the IT systems and assess vulnerabilities in order to balance and document the right security level, and then assist the operational and administrative departments to meet these business requirements.
.SE (The Internet Infrastructure Foundation)
Kirei has been supporting .SE in the introduction of a comprehensive Information Security Management System and are continuously working with their PDCA process (Plan-Do-Check-Act). We have established a baseline protection level based on ISO/IEC 27002, which is implemented and maintained for all production-critical systems within the organization.
キレイ
Security Analysis & System Architecture
When introducing new or updating old systems, it is important that security and quality aspects are taken into account from the beginning, and that system security can be maintained even after the project has been completed. We therefore support the project through all phases by formulating security requirements and providing system architecture design, procurement support, and security- and quality control.
In our assignments we can also assume the role of auditors, where we audit against relevant standards, regulatory or business requirements, certain identified risks or any combination thereof. In other situations we evaluate security functions on a more technical level, often using CC/CEM as a framework (or against a Protection Profile) for validating certain components or parts of a system all the way down to the implementation, including hardware and software review.
Skånetrafiken – Security Analysis
Skånetrafiken Public Transport Authority (supporting 10 major cities, regional buses and trains in Skåne) together with four other PTAs (Hallandstrafiken, Jönköpings Länstrafik, Länstrafiken i Kronoberg and Blekingetrafiken), has deployed a new system for Automatic Fare Collection (ACF) based on contactless smart cards (MiFare) and Near Field Communication (NFC). Kirei has provided risk assessment, audited the system from a security point of view, and established guidelines for the operation and administration of each PTA.
Multicom Security – High security network for alarm transmission
Kirei has designed, specified, procured and implemented a nation-wide redundant IPv4/v6 network for reliable fixed and mobile monitored alarm transmission, connecting the majority of Multicom Security’s 50,000 customers.
SOS Alarm – Multimedia Emergency Services
For SOS Alarm, the Swedish national PSAP operator, Kirei has designed and specified a new platform for handling multimedia emergency services (e.g. VoIP) over an IP-network. The service has strict requirements regarding availability and security, and is designed to comply with the IETF ECRIT framework.
SL (Stockholm Public Transport) – Tubnet3
Kirei took part in the design and requirement specification of the next generation IP network (Tubnet3) for the Stockholm subway system. The network, based on 10 Gbps Ethernet, has exceptional availability and capacity requirements as more than 4,000 surveillance cameras will be connected and transmit high-resolution media streams to a central control system. Kirei also provided SL with support during procurement, product and vendor evaluation, acceptance testing and deployment planning.
キレイ
DNSSEC
For over 10 years, Kirei has been working on development and deployment of DNSSEC, something which has given us unique experience and qualifications in this area. We combine our expertise in DNS with the experience from our other main business areas in order to offer full support at the introduction of DNSSEC in larger organizations and registries (ccTLD/gTLD).
DNSSEC deployment at the top level is a major challenge. The security level of the registry is normative for the whole subtree in the DNS hierarchy. Based on this, we design transparent solutions based on verifiable security, where no part of the system design nor processes are kept secret, in order to establish trust.
We assist with the drafting of the DPS which is used as a governing policy for all DNSSEC operations, and which is published to the relying parties that are dependent on the security of system.
Traditionally, DNS without security extensions has been a very forgiving technology. With the introduction of DNSSEC, the requirements on the entity that administers and maintains the zone increase substantially. Errors on the TLD-level can have disastrous consequences for all domains in the zone under the TLD. Because of this, a large part of the deployment of DNSSEC is to ensure availability and plan for emergencies. As a consequence, our services also include risk management, integration, control and auditing.
Kirei works with both commercial and open-source based products. Depending on the customer’s requirements and needs, we deliver systems based on Secure64, OpenDNSSEC and ISC BIND, together with appropriate hardware security modules (HSM) to protect the private keys in use by DNSSEC.
.SE (The Internet Infrastructure Foundation)
.SE has been a driving force within the DNSSEC area and has financed the standardization work we have performed in the IETF since 1999. As a result of this collaboration, .SE was the first ccTLD in the world to deploy DNSSEC in 2005.
ICANN (Internet Corporation for Assigned Names and Numbers)
Under contract with ICANN, Kirei takes part in the Root DNSSEC Design Team together with other leading experts from ICANN and VeriSign. Based on the requirements from NTIA (National Telecommunications and Information Administration), the team is working on a system design and architecture together with the required processes and controls for key management, auditing and testing, and will be publishing this in a DNSSEC Practice statement (DPS).
PIR (Public Interest Registry)
DNSSEC deployment expert consulting for .ORG.
Nominet UK
DNSSEC deployment expert consulting for UK.
キレイ
Research & Development
Unbound
Architectural work on Unbound, a validating recursive name server.
DNSCheck
Design and implementation of the DNSCheck engine.
OpenDNSSEC
Principal architecture, design and implementation of OpenDNSSEC, a DNSSEC signer package.