CIFER LogoCIFER
Security Documentation

Security at CIFER

Transparency is fundamental to trust. This page documents our threat model, security architecture, and how to responsibly report vulnerabilities.

Threat Model

CIFER is designed to protect data confidentiality even when infrastructure is compromised. Our threat model assumes attackers may have:

  • Full access to network traffic (encrypted in transit)
  • Root/administrator access to host systems
  • Access to storage containing encrypted data
  • Ability to modify non-TEE code and configurations

Despite these capabilities, attackers cannot decrypt data or extract keys because cryptographic operations occur exclusively within hardware-isolated Trusted Execution Environments.

What We Protect

  • Keys generated and stored exclusively within TEE enclaves
  • ML-KEM-768 post-quantum key encapsulation
  • Remote attestation for enclave verification
  • Memory encryption for data at rest in enclaves
  • Policy-based access control enforced by hardware
  • No plaintext key extraction possible
  • Audit logging within tamper-resistant environment
  • Defense against rollback and replay attacks

Out of Scope

  • Physical attacks requiring hardware access
  • Side-channel attacks on client applications
  • Compromise of user authentication credentials
  • Social engineering attacks on end users
  • Denial of service through network-level attacks
  • Vulnerabilities in user-provided integration code

Security Architecture

Trusted Execution Environments

CIFER leverages Intel SGX and AMD SEV to create hardware-isolated enclaves where all cryptographic operations occur. These TEEs provide:

  • Memory Encryption: All enclave memory is encrypted with CPU-internal keys
  • Attestation: Cryptographic proof of enclave integrity and code identity
  • Sealing: Data encrypted to specific enclave configurations

Post-Quantum Cryptography

All key encapsulation uses ML-KEM-768 (CRYSTALS-Kyber), the NIST-standardized post-quantum algorithm. This protects against "harvest now, decrypt later" attacks where adversaries collect encrypted data today to decrypt with future quantum computers.

Zero-Knowledge Key Management

Keys never exist outside TEE boundaries. CIFER operators, infrastructure administrators, and even CIFER as a company cannot access your encryption keys or decrypt your data. Access is controlled entirely through cryptographic policies enforced within the hardware-isolated environment.

Responsible Disclosure

We take security vulnerabilities seriously and appreciate responsible disclosure from security researchers. If you discover a vulnerability, please report it following these guidelines:

Reporting Process

  1. Email us at security@cifer-security.com with details of the vulnerability
  2. Include steps to reproduce, potential impact, and any proof-of-concept code
  3. Allow us 90 days to investigate and remediate before public disclosure
  4. Do not access or modify data belonging to other users

Security Contact

For security-related inquiries and vulnerability reports:

security@cifer-security.com