We provide comprehensive Public Key Infrastructure (PKI) solutions designed to secure digital identities and communications, offering streamlined integration of certificate management into enterprise systems, along with robust support for Hardware Security Modules to ensure maximum protection.

We offer secure and compliant digital signature services that adhere to international standards, delivering high-efficiency solutions designed to support critical business transactions with reliability and trust.

We specialize in the design and implementation of bespoke cybersecurity architectures, providing continuous development and full life-cycle support to ensure robust and adaptable security solutions tailored to evolving organizational needs.

Crypto Agility

The future of cryptography faces significant uncertainty, as the security landscape is susceptible to rapid transformation driven by multiple influences. Advances in quantum computing research could potentially render existing encryption methods obsolete, while shifts in international laws and regulatory policies might impose new requirements or restrictions on cryptographic practices. Additionally, the discovery of unforeseen vulnerabilities in currently deployed algorithms could expose critical systems to risk, underscoring the need for constant awareness and preparedness in this field. Organizations must anticipate these possibilities and develop strategies to safeguard their data and operations against such disruptive developments.

To effectively manage this unpredictable environment, a proactive stance centered on adaptability is essential. Our key takeaways for implementing cryptographic agility encompass a detailed and practical set of actions designed to ensure resilience:

• Collect up-to-date information on issued certificates, including their compliance status with established policies for key sizes and cryptographic algorithms.
• Enable certificates issued with short lifespans and prioritize automation for efficient management.
• Keep initial enrollment secure, with an optional approval workflow, and ensure fully automatic renewal processes.
• Implement support for classical, hybrid, and post-quantum safe algorithms to cover a broad spectrum of security needs.
• Support quick and easy migration from one cryptographic algorithm to another to adapt to new threats.
• Simplify the monitoring process of issued certificates to ensure they remain valid and do not expire unexpectedly.

This structured approach ensures organizations can respond effectively to changes while maintaining a strong security posture.

Post-Quantum

Quantum computers are getting alot of attention right now in newspapers, on social media, and across various platforms, particularly due to concerns about their potential impact on security and traditional cryptography. However, there remains considerable uncertainty about the timeline for developing a fully functional, general-purpose quantum computer. Even greater uncertainty surrounds when quantum computers might be capable of breaking widely used cryptographic systems like RSA or ECDSA—the backbone of today's enterprise security landscape.

Despite this uncertainty, now is an opportune time to begin planning and preparing to mitigate the potential impact of quantum computers, should they become a reality. A robust public key infrastructure must be agile enough to adapt swiftly to changes in the security landscape, as unexpected breakthroughs could emerge. One immediate threat to consider is the "harvest now, decrypt later" attack vector, where adversaries collect vast amounts of encrypted data today with the intent to decrypt it in the future using a quantum computer.

For several years, the National Institute of Standards and Technology (NIST) evaluated 82 initial submissions for post-quantum safe cryptography standards through multiple rounds, assessing them based on security, performance, and implementation feasibility. In 2024, NIST finalized and released its first three post-quantum encryption standards:

• FIPS 203 - Primary standard for general encryption, using ML-KEM (CRYSTALS-Kyber)
• FIPS 204 - Primary standard for digital signatures, using ML-DSA (CRYSTALS-Dilithium)
• FIPS 205 - Secondary standard for digital signatures, using SLH-DSA (Sphincs+)

Below is a table of the different key sizes for the three post-quantum encryption standards, along with classical RSA and ECDSA as a point of reference (Generated using Bouncy Castle PQC Java Provider 1.80):

Algorithm	Public Key Size (bytes)	Private Key Size (bytes)
ML-KEM-512 (Kyber-512)	822	1632
ML-KEM-768 (Kyber-768)	1206	2400
ML-KEM-1024 (Kyber-1024)	1590	3168
ML-DSA-44 (Dilithium-2)	1336	2560
ML-DSA-65 (Dilithium-3)	1976	4032
ML-DSA-87 (Dilithium-5)	2616	4896
SLH-DSA-SHA2-128f (Sphincs+ SHA256-128f)	47	118
SLH-DSA-SHA2-192f (Sphincs+ SHA256-192f)	63	167
SLH-DSA-SHA2-256f (Sphincs+ SHA256-256f)	79	217
RSA-2048	294	1216
RSA-4096	550	2375
ECDSA secp256r1 (P-256)	91	67
ECDSA secp384r1 (P-384)	120	80

Automotive

Abero Security have extensive experience in delivering PKI and Security related solutions for the automotive industry.

Connected PKI

We assisted customers in implementing PKI services to provision certificates for connected vehicle solutions, both onboard and offboard. We have customized globally distributed PKI systems to meet the specific requirements of the vehicle manufacturing industry.

Abero has also developed cloud-native solutions for the automated management of certificates in a cloud-based vault, streamlining the process of enrolling certificates in a containerized environment.

Plug and Charge

Plug and Charge is a technology designed to enhance the charging experience for electric vehicle users by enabling their vehicles to automatically authenticate and commence charging as soon as they are connected to a compatible charging station. This innovative system streamlines the entire process, eliminating the need for manual payment methods or interaction with a mobile application, thereby offering greater convenience and efficiency to drivers.

Abero has played a key role in supporting the deployment and implementation of Plug and Charge solutions, ensuring seamless integration with Hubject's platform for the registration and management of provisioned certificates. Our expertise has helped facilitate this advanced technology, contributing to its reliability and accessibility for electric vehicle ecosystems.

Digital Key

CCC Digital Key, created by the Car Connectivity Consortium, is a standardized technology that enables users to securely lock, unlock, and start their vehicles using smartphones or other NFC-enabled devices. This system provides a reliable and convenient way for vehicle owners to access and operate their cars through a secure digital interface, leveraging the capabilities of modern mobile technology.

Abero offers comprehensive support in configuring and managing the setup and enrollment workflow associated with the CCC Digital Key. Our assistance focuses particularly on handling the custom certificate extensions outlined in the CCC Digital Key Standard, ensuring that the implementation process is smooth, secure, and fully aligned with the specific requirements of this advanced technology.

Secure Boot

We offer comprehensive digital signing solutions to secure software and firmware within the Secure Boot process. Our services include offline signing of root metadata, along with a tailored workflow for remote signing of new releases, seamlessly integrated into your existing build processes.

Additionally, we provide expert support for integrating Hardware Security Modules (HSMs) to sign fuseblobs and other artifacts specific to Secure Boot requirements, ensuring robust security and compliance.

V2X

We bring extensive, long-standing experience in developing Vehicle-to-Everything (V2X) solutions, enabling secure and efficient communication between vehicles, infrastructure, and other road users. Our expertise spans the design, implementation, and optimization of technologies tailored to meet the demands of modern intelligent transportation systems.

As part of our contributions to the field, we have authored an open-source project called c2c-common, a robust Java library designed to simplify V2X development. This library can generate data structures and protocols as defined in key industry standards, including ETSI TS 103 097, ETSI TS 102 941, and IEEE 1609.2 (US). By providing developers with a versatile and reliable toolset, c2c-common supports the creation of interoperable, standards-compliant V2X applications, accelerating innovation and deployment in both European and U.S. markets.