SHACE – Super High Assurance Cryptographic Endpoint
Project SHACE by AIC is a Raspberry Pi–based high-assurance cryptographic endpoint offering FIDO2 seeding, post-quantum readiness, and policy-driven packet encryption for edge and in-chain deployments — a sovereign, software-defined alternative to traditional hardware encryptors.
Category
Commercial
Category
Commercial
Category
Commercial
Client
Internal R&D / Defence
Client
Internal R&D / Defence
Client
Internal R&D / Defence
Services
Embedded, Crypto Architecture, Policy Engine
Services
Embedded, Crypto Architecture, Policy Engine
Services
Embedded, Crypto Architecture, Policy Engine
Location
UK / Lab
Location
UK / Lab
Location
UK / Lab
Year
2025
Year
2025
Year
2025
TRL
5
TRL
5
TRL
5
Overview
Project SHACE (Super High Assurance Cryptographic Endpoint) is AIC’s next-generation, Raspberry Pi–based cryptographic endpoint platform — a compact, software-defined alternative to traditional hardware encryptors and MiniCAT-class devices.
Designed for edge, tactical, and in-chain network deployments, SHACE provides selective packet encryption, FIDO2 seeding, and post-quantum cryptography (PQC) readiness, establishing a robust, verifiable trust perimeter in hostile or bandwidth-constrained environments.
Built on AIC’s zero-trust architecture and hardened Linux kernel, SHACE delivers cryptographic assurance at the data-flow layer — encrypting only what policy dictates, when and where it’s required.
Whether deployed as a gateway, relay, or chain node, SHACE ensures that every packet, identity, and handshake is provably authentic, integrity-checked, and recoverable under mission-grade conditions.
Mission
To redefine endpoint cryptography by combining the assurance of certified hardware with the agility of software-defined encryption, empowering operators to protect critical data at the edge without dependence on proprietary hardware or closed ecosystems.
Core Capabilities
Policy-Driven Packet Encryption – Apply fine-grained encryption and routing rules (Decrypt-and-Forward, Relay-Without-Decrypt, Rewrap-and-Relay).
FIDO2 Seeding & Credential Injection – Bootstraps trusted keys using FIDO2 hardware tokens for identity provenance and operator accountability.
Post-Quantum Readiness (PQC) – Incorporates hybrid key exchange using NIST-candidate algorithms (Kyber, Dilithium) for long-term resilience.
Chain & Edge Modes – Operates as a standalone node, chain link, or distributed mesh endpoint for secure data transit.
Device-Level Isolation – Sandboxed crypto services prevent key exfiltration or side-channel leakage.
Full Telemetry & Audit – Cryptographic operations logged, hashed, and time-stamped for forensic validation.
Cross-Domain Gateway – Bridges clean/dirty networks with sanitisation, packet rewrapping, and metadata enforcement.
Offline Key Roll & Re-Provisioning – Supports complete air-gapped rekeying cycles with encrypted configuration payloads.
Technical Architecture
Layer | Function | Key Technologies |
|---|---|---|
Hardware Layer | Secure compute base | Raspberry Pi 5 / CM4, TPM 2.0, Secure Boot |
OS & Runtime | Hardened minimal kernel | Ubuntu Core + AppArmor / SELinux |
Crypto Core | Encryption, signing, PQC operations | OpenSSL 3.2 +, liboqs, ECDSA / X25519 / Kyber |
Policy Engine | Defines per-flow encryption & routing | YAML / JSON policy schema |
FIDO2 Seed Service | Hardware-based identity root | YubiKey, FIDO2 API |
Comms Stack | Encrypted packet transport | WireGuard / TLS 1.3 / gRPC |
Management API | Remote control & telemetry | REST / gRPC / WebSocket |
Audit Ledger | Immutable log of cryptographic events | SHA-256 chains, MongoDB Atlas Ledger Collections |
Operational Modes
Edge-to-Edge: Two or more SHACE endpoints create a secure link between field nodes and command systems.
Edge-Chain: Multiple chained devices relay encrypted traffic, rewrapping keys and enforcing hop-by-hop policy validation.
In-Chain: Intermediate node performing policy-driven inspection, re-encryption, or routing under strict governance.
Security & Compliance
SHACE is engineered to satisfy and exceed the assurance expectations of:
NCSC CPA Foundation & Commercial Product Assurance (target alignment)
NIST FIPS 140-3 cryptographic module standards
ISO 19790 / 27001 information security controls
UK MoD JSP 440 / 604 cross-domain and protective security guidelines
Zero Trust Architecture (NIST SP 800-207) principles
Every deployed unit operates with sealed configuration, immutable logs, and cryptographically bound firmware hashes, providing end-to-end provenance and anti-tamper assurance.
Use Cases
Deployed Edge Encryption: Portable protection for tactical networks, vehicles, and forward operating nodes.
Cross-Domain Bridging: Controlled transfer between clean, dirty, or coalition networks.
Industrial IoT Security: Drop-in cryptographic enforcement for OT and SCADA gateways.
Secure Relay Clients: Acts as encryption front-end for AIC’s Content Distribution Portal or other clean-cloud systems.
Sovereign Data Transmission: Ensures national data flows remain verifiable and recoverable without foreign dependencies.
Strategic Value
Project SHACE defines a new category of high-assurance cryptographic endpoints — blending the portability of Raspberry Pi hardware with the rigour of certified encryption stacks.
It offers Defence, Government, and Critical Infrastructure operators an independent, sovereign path to deploy cryptographic trust wherever data moves — without reliance on third-party HSMs or vendor-locked encryptors.
By aligning with AIC’s Zero-Trust and Clean-Cloud architecture, SHACE completes the trust chain between the edge, the cloud, and the command node, providing a software-defined, hardware-hardened encryption platform built entirely under UK control.
Overview
Project SHACE (Super High Assurance Cryptographic Endpoint) is AIC’s next-generation, Raspberry Pi–based cryptographic endpoint platform — a compact, software-defined alternative to traditional hardware encryptors and MiniCAT-class devices.
Designed for edge, tactical, and in-chain network deployments, SHACE provides selective packet encryption, FIDO2 seeding, and post-quantum cryptography (PQC) readiness, establishing a robust, verifiable trust perimeter in hostile or bandwidth-constrained environments.
Built on AIC’s zero-trust architecture and hardened Linux kernel, SHACE delivers cryptographic assurance at the data-flow layer — encrypting only what policy dictates, when and where it’s required.
Whether deployed as a gateway, relay, or chain node, SHACE ensures that every packet, identity, and handshake is provably authentic, integrity-checked, and recoverable under mission-grade conditions.
Mission
To redefine endpoint cryptography by combining the assurance of certified hardware with the agility of software-defined encryption, empowering operators to protect critical data at the edge without dependence on proprietary hardware or closed ecosystems.
Core Capabilities
Policy-Driven Packet Encryption – Apply fine-grained encryption and routing rules (Decrypt-and-Forward, Relay-Without-Decrypt, Rewrap-and-Relay).
FIDO2 Seeding & Credential Injection – Bootstraps trusted keys using FIDO2 hardware tokens for identity provenance and operator accountability.
Post-Quantum Readiness (PQC) – Incorporates hybrid key exchange using NIST-candidate algorithms (Kyber, Dilithium) for long-term resilience.
Chain & Edge Modes – Operates as a standalone node, chain link, or distributed mesh endpoint for secure data transit.
Device-Level Isolation – Sandboxed crypto services prevent key exfiltration or side-channel leakage.
Full Telemetry & Audit – Cryptographic operations logged, hashed, and time-stamped for forensic validation.
Cross-Domain Gateway – Bridges clean/dirty networks with sanitisation, packet rewrapping, and metadata enforcement.
Offline Key Roll & Re-Provisioning – Supports complete air-gapped rekeying cycles with encrypted configuration payloads.
Technical Architecture
Layer | Function | Key Technologies |
|---|---|---|
Hardware Layer | Secure compute base | Raspberry Pi 5 / CM4, TPM 2.0, Secure Boot |
OS & Runtime | Hardened minimal kernel | Ubuntu Core + AppArmor / SELinux |
Crypto Core | Encryption, signing, PQC operations | OpenSSL 3.2 +, liboqs, ECDSA / X25519 / Kyber |
Policy Engine | Defines per-flow encryption & routing | YAML / JSON policy schema |
FIDO2 Seed Service | Hardware-based identity root | YubiKey, FIDO2 API |
Comms Stack | Encrypted packet transport | WireGuard / TLS 1.3 / gRPC |
Management API | Remote control & telemetry | REST / gRPC / WebSocket |
Audit Ledger | Immutable log of cryptographic events | SHA-256 chains, MongoDB Atlas Ledger Collections |
Operational Modes
Edge-to-Edge: Two or more SHACE endpoints create a secure link between field nodes and command systems.
Edge-Chain: Multiple chained devices relay encrypted traffic, rewrapping keys and enforcing hop-by-hop policy validation.
In-Chain: Intermediate node performing policy-driven inspection, re-encryption, or routing under strict governance.
Security & Compliance
SHACE is engineered to satisfy and exceed the assurance expectations of:
NCSC CPA Foundation & Commercial Product Assurance (target alignment)
NIST FIPS 140-3 cryptographic module standards
ISO 19790 / 27001 information security controls
UK MoD JSP 440 / 604 cross-domain and protective security guidelines
Zero Trust Architecture (NIST SP 800-207) principles
Every deployed unit operates with sealed configuration, immutable logs, and cryptographically bound firmware hashes, providing end-to-end provenance and anti-tamper assurance.
Use Cases
Deployed Edge Encryption: Portable protection for tactical networks, vehicles, and forward operating nodes.
Cross-Domain Bridging: Controlled transfer between clean, dirty, or coalition networks.
Industrial IoT Security: Drop-in cryptographic enforcement for OT and SCADA gateways.
Secure Relay Clients: Acts as encryption front-end for AIC’s Content Distribution Portal or other clean-cloud systems.
Sovereign Data Transmission: Ensures national data flows remain verifiable and recoverable without foreign dependencies.
Strategic Value
Project SHACE defines a new category of high-assurance cryptographic endpoints — blending the portability of Raspberry Pi hardware with the rigour of certified encryption stacks.
It offers Defence, Government, and Critical Infrastructure operators an independent, sovereign path to deploy cryptographic trust wherever data moves — without reliance on third-party HSMs or vendor-locked encryptors.
By aligning with AIC’s Zero-Trust and Clean-Cloud architecture, SHACE completes the trust chain between the edge, the cloud, and the command node, providing a software-defined, hardware-hardened encryption platform built entirely under UK control.
Overview
Project SHACE (Super High Assurance Cryptographic Endpoint) is AIC’s next-generation, Raspberry Pi–based cryptographic endpoint platform — a compact, software-defined alternative to traditional hardware encryptors and MiniCAT-class devices.
Designed for edge, tactical, and in-chain network deployments, SHACE provides selective packet encryption, FIDO2 seeding, and post-quantum cryptography (PQC) readiness, establishing a robust, verifiable trust perimeter in hostile or bandwidth-constrained environments.
Built on AIC’s zero-trust architecture and hardened Linux kernel, SHACE delivers cryptographic assurance at the data-flow layer — encrypting only what policy dictates, when and where it’s required.
Whether deployed as a gateway, relay, or chain node, SHACE ensures that every packet, identity, and handshake is provably authentic, integrity-checked, and recoverable under mission-grade conditions.
Mission
To redefine endpoint cryptography by combining the assurance of certified hardware with the agility of software-defined encryption, empowering operators to protect critical data at the edge without dependence on proprietary hardware or closed ecosystems.
Core Capabilities
Policy-Driven Packet Encryption – Apply fine-grained encryption and routing rules (Decrypt-and-Forward, Relay-Without-Decrypt, Rewrap-and-Relay).
FIDO2 Seeding & Credential Injection – Bootstraps trusted keys using FIDO2 hardware tokens for identity provenance and operator accountability.
Post-Quantum Readiness (PQC) – Incorporates hybrid key exchange using NIST-candidate algorithms (Kyber, Dilithium) for long-term resilience.
Chain & Edge Modes – Operates as a standalone node, chain link, or distributed mesh endpoint for secure data transit.
Device-Level Isolation – Sandboxed crypto services prevent key exfiltration or side-channel leakage.
Full Telemetry & Audit – Cryptographic operations logged, hashed, and time-stamped for forensic validation.
Cross-Domain Gateway – Bridges clean/dirty networks with sanitisation, packet rewrapping, and metadata enforcement.
Offline Key Roll & Re-Provisioning – Supports complete air-gapped rekeying cycles with encrypted configuration payloads.
Technical Architecture
Layer | Function | Key Technologies |
|---|---|---|
Hardware Layer | Secure compute base | Raspberry Pi 5 / CM4, TPM 2.0, Secure Boot |
OS & Runtime | Hardened minimal kernel | Ubuntu Core + AppArmor / SELinux |
Crypto Core | Encryption, signing, PQC operations | OpenSSL 3.2 +, liboqs, ECDSA / X25519 / Kyber |
Policy Engine | Defines per-flow encryption & routing | YAML / JSON policy schema |
FIDO2 Seed Service | Hardware-based identity root | YubiKey, FIDO2 API |
Comms Stack | Encrypted packet transport | WireGuard / TLS 1.3 / gRPC |
Management API | Remote control & telemetry | REST / gRPC / WebSocket |
Audit Ledger | Immutable log of cryptographic events | SHA-256 chains, MongoDB Atlas Ledger Collections |
Operational Modes
Edge-to-Edge: Two or more SHACE endpoints create a secure link between field nodes and command systems.
Edge-Chain: Multiple chained devices relay encrypted traffic, rewrapping keys and enforcing hop-by-hop policy validation.
In-Chain: Intermediate node performing policy-driven inspection, re-encryption, or routing under strict governance.
Security & Compliance
SHACE is engineered to satisfy and exceed the assurance expectations of:
NCSC CPA Foundation & Commercial Product Assurance (target alignment)
NIST FIPS 140-3 cryptographic module standards
ISO 19790 / 27001 information security controls
UK MoD JSP 440 / 604 cross-domain and protective security guidelines
Zero Trust Architecture (NIST SP 800-207) principles
Every deployed unit operates with sealed configuration, immutable logs, and cryptographically bound firmware hashes, providing end-to-end provenance and anti-tamper assurance.
Use Cases
Deployed Edge Encryption: Portable protection for tactical networks, vehicles, and forward operating nodes.
Cross-Domain Bridging: Controlled transfer between clean, dirty, or coalition networks.
Industrial IoT Security: Drop-in cryptographic enforcement for OT and SCADA gateways.
Secure Relay Clients: Acts as encryption front-end for AIC’s Content Distribution Portal or other clean-cloud systems.
Sovereign Data Transmission: Ensures national data flows remain verifiable and recoverable without foreign dependencies.
Strategic Value
Project SHACE defines a new category of high-assurance cryptographic endpoints — blending the portability of Raspberry Pi hardware with the rigour of certified encryption stacks.
It offers Defence, Government, and Critical Infrastructure operators an independent, sovereign path to deploy cryptographic trust wherever data moves — without reliance on third-party HSMs or vendor-locked encryptors.
By aligning with AIC’s Zero-Trust and Clean-Cloud architecture, SHACE completes the trust chain between the edge, the cloud, and the command node, providing a software-defined, hardware-hardened encryption platform built entirely under UK control.
Let’s Shape the Future of Industry Together
Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.
Let’s Shape the Future of Industry Together
Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.
Let’s Shape the Future of Industry Together
Strategic consultancy, secure technology, and mission-ready expertise, connect with AIC to deliver change where it matters most.