Back in 2017, the internet was flooded by news related to Bitcoin and the importance it will have in the future. This all started 9 years prior in 2008, a year where many innovations in tech were made such as the revolutionary iPhone, 3G technology. 2008 was also the year when Facebook reached over 1 million active users and the first Android device was released and so on. Other technologies like the GPS, something that was uninteresting to the public in previous years suddenly became widely used because of the smartphone.

Bitcoin has had a mysterious and interesting origin. It was developed in 2008 by an individual or group of individuals under the name Satoshi Nakamoto with the domain bitcoin dot org being registered in August of that year. The Bitcoin network was released in January next year when the first blockchain was mined by Satoshi known as the genesis block.

Cryptography has a major role in the blockchain. It is a process of securing communications from third parties and is used to prevent these parties from intercepting and reading the information sent. The use of cryptography can be found in many disciplines and areas such as mathematics, electrical engineering, computer science, computer passwords, military communications and lastly, cryptocurrencies such as Bitcoin. The opposite of this is cryptanalysis which is a discipline meant to break encrypted messages.

This discipline has been practiced even before modern computers came into existence. This practice goes back thousands of years and is used for the same purpose such as securing messages. In modern times cryptography is much more complicated and is used mainly in computer and network security.

In symmetric encryption, a single key is used to encrypt and decrypt the information between two ends. The sender and the receiver must have access to the same key for the information to be decrypted. This is different from asymmetric encryption that we will explore in a bit. Symmetric encryption uses an algorithm to encrypt data in a way that cannot be deciphered by anybody intercepting the data without the right key. The key is an algorithm that can reverse the encryption, returning the message to its former readable state. The security drawback of this process is the key exchange that can either be delivered to the receiver online or in a pen drive. A third party intercepting the key will be able to read the information.

Asymmetric encryption is a newer and more advanced method of encryption that uses 2 keys, one which is a public key and one is a private key. This method is also known as public-key encryption. This method requires 2 processes to be made: authentication and encryption. The authentication process requires the public key to make sure that the message was sent by the ones who own the private key. The encryption process is when the owner of the private key is decrypting the message that was encrypted with the public key.

Cryptocurrencies cannot be held, it cannot be seen and can only be accessed in the digital environment. It can only be accessed via the internet by using a computer or mobile phone. It is not centralized and it exists on a large network of computers and other devices and relies entirely on a peer-to-peer network. Peer-to-peer networks are computer systems connected via an internet connection.

Files can be easily shared between systems without the need for a centralized server, meaning that each device becomes both a file server and client. The way files are shared is by using a P2P software that allows a device to search for files on the devices of other people and at the same time, another users system can search for fields on your computer. The idea may seem frightening to some but keep in mind that the files that can be shared are typically located within a single folder that the user has designated to share.

Blockchain and cryptocurrencies can greatly change the way that we do business and it is a technology that is slowly being incorporated by many industries. Malta, for example, is looking to become a major hub of cryptocurrency and blockchain technology. New technology and digital endeavours have always been welcomed in Malta and are one of the first countries to have legislation in support of iGaming and among the most respected jurisdictions in the world.

Many other countries around the world have accepted the use of cryptocurrency, each of them to various degrees with some countries going so far as to ban them completely while others are embracing it. Many seem to agree that internet gaming platforms such as the online casino Starvegas and many others can greatly benefit from blockchain technology, improving the players gaming experience, securing personal information and also offer more transparency.

In more creative industries, some companies make use of what is known as smart property that can track and help secure the digital rights for creators by storing IP information on a digital network which then makes it able for artists to define their licensing terms. This includes the music industry, video content creation, articles and other artistic content such as plastic arts and even book authors.

Featured image: IEEESpectrum

See the article here:
Cryptography and Cryptocurrency - Coindoo

Taiwan has deployed a massive location-tracking system to monitor 55,000 people who are being quarantined at home to combat the spread of the coronavirus. The Taiwanese government is launching an electronic fence via smartphones to make sure infected people remain indoors. Taiwans success to date at battling Covid-19 has led computer scientists, engineers and governments around the world to use cryptography to track people with some efforts proceeding without draconian surveillance measures.

Yun William Yu, a professor of mathematics at the University of Toronto, tells Wired, you can develop an app that both serves contact-tracing and preserves privacy for users in order to flatten the curve on authoritarianism while combating the virus.

Several different projects under development, however, point to varying objectives, with certain teams focusing on governments that want more data while others are building applications that can protect as much private data as possible.

Senior writer Andy Greenberg at Wired examines major projects using cryptography, the practice of integrating techniques to make communication secret and secure against adversarial third parties, often by combining math, computer science and electrical engineering.

Covid-Watch is a Stanford-led, privacy-preserving mobile app that uses Bluetooth signals to track contact points without capturing a users identity. Instead, it uses automatic decentralized contact tracing.

According to the website,

The app could be installed by anyone with a Bluetooth-capable smartphone, alerting them to their risk of having been in contact with a confirmed case of COVID-19, and helping them to protect themselves and their friends, families, and other contacts altruistically.

Safe Paths is an MIT-led app that attempts to use GPS tracking while minimizing surveillance. People who test positive for Covid-19 could log their locations in order to generate data that could be shared with healthcare workers, having certain information redacted. People who download the app can then discover if their whereabouts roughly match the locations of someone who has tested positive for Covid-19.

MIT researchers say theyre working on an iteration that would avoid hash cracking to maintain privacy.

Patients redacted and blurred location trail is released. Private Kit: Safe Paths notifies users who came in close contact with a diagnosed patient. Healthy users data never leaves their phone.

A consortium of computer scientists are also working on a solution for the Canadian government that is designed to send anonymized location information to healthcare workers through a mixer comprised of at least three servers. Mixing services are often used in Bitcoin transactions to obscure the trail of transfers so that someone reviewing Bitcoins open ledger is unable to know the origin of the sender or identify the recipient.

The Covid-19 mixing network would jumble the hashed and timestamped data, which is represented by tokens tagged to a patient who has tested positive for the virus. Once the data is forwarded to the government, the patients identity would be unknown.

According to a report entitled Contact Tracing Mobile Apps for COVID-19: Privacy Considerations and Related Trade-offs, written by computer scientists at the University of Pennsylvania, the University of Toronto, and MIT and Harvards Broad Institute,

When Bob is diagnosed with COVID-19, he partitions the tokens he wishes to send (depending on the setup of the system, either his own tokens, or those of his contacts) into M groups, and sends each group to one of the mixing servers. The mixing servers then combine Bobs data with that of other users diagnosed with COVID-19 before forwarding it onto Grace.

The Johns Hopkins real-time data tracker for coronavirus currently reports 1.4 million confirmed cases worldwide with over 400,000 of those cases in the United States, representing roughly .12% of the population of 327 million.

Taiwan has a total of 379 cases, representing roughly .001% of the population of 28 million.

Featured Image: Shutterstock/Media Whalestock/creativeneko

Here is the original post:
Computer Scientists Turn to Cryptography to Fight Pandemic Using Location-Tracking Devices - The Daily Hodl

In times of crisis, the ever-present balancing act between security and privacy always rises to the surface.

Sure, some sacrifices to privacy are considered justified in the short term. But Im concerned with the long-term consequences of giving central governments too much control and access into our lives.

And theres one government control mechanism under serious consideration right now which will have consequences that could far outlive the current global state of emergency: The abolition of paper currency.

True, coronavirus can live on surfaces for days on end, including on your pocket change. In fact, some countries have mandated their banks sanitize all paper currency before it can be withdrawn.

But wouldnt it be easier, says government officials, to simply do away with paper money altogether? Wouldnt a purely digital currency be better for your health? And if we did that, no one would need Bitcoin, right?

Wrong!

True cryptocurrencies, like Bitcoin and leading altcoins, protect their owners from government devaluation and confiscation. Government-controlled digital money does nothing of the kind.

In fact, ultimately, it could give governments the ability to dictate exactly how much money you can own and the conditions under which your assets can be stripped away from you.

All with the push of a button!

With privacy under severe attack, some citizens may suddenly find that the only alternative to government-controlled digital money is privacy coins crypto assets that prioritize protecting the identity of those involved in a transaction.

And one of the most prominent privacy coins according to our Weiss Ratings Model is Monero (XMR, Rated C+).

Itssimilar to Bitcoin (BTC, Rated B+) in that it's a Proof-of-Work crypto, 100% dedicated to processing payments.

But it does so in such a way that the sender, receiver and amount transferred are carefully cloaked behind cutting-edge cryptography.

This means that for Monero, privacy is a permanent fixture. If you use Monero, your payments will always be hidden fromeveryoneexcept parties to the transaction.

The developers behind Monero were sticklers for the original goal of cryptocurrencies: To be censorship-resistant money.

They felt privacy was relatively lacking in Bitcoin. So, they decided to make privacy far more robust.

Like Bitcoin, Monero was founded by an anonymous individual and based largely on open-source technology. When the founder later tried to implement a series of changes that the community of developers disagreed with, the community split off the original project.

Thats when they created the Monero we know today.

Trouble is, most governments dont like Monero. They fear its privacy features will enable criminals and spies.

We dont deny that risk is real. But as weve stressed here repeatedly: Technology is neutral.

And this type of privacy may become an essential feature demanded by millions of honest actors in the years to come.

Check out Weiss Crypto Ratings and Indexes:https://www.benzinga.com/cryptocurrency/weiss-crypto-ratings/https://www.benzinga.com/cryptocurrency/weiss-crypto-indexes/

Photo by Andr Franois McKenzie on Unsplash

See more from Benzinga

2020 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

See the article here:
Monero Offers Protection From Crisis Overreach - Yahoo Finance

Before the Covid-19 pandemic, any system that used smartphones to track locations and contacts sounded like a dystopian surveillance nightmare. Now, it sounds like a dystopian surveillance nightmare that could also save millions of lives and rescue the global economy. The paradoxical challenge: to build that vast tracking system without it becoming a full-on panopticon.

Since Covid-19 first appeared, governments and tech firms have proposedand in some cases already implementedsystems that use smartphone data to track where people go and with whom they interact. These so-called contact-tracing apps help public health officials get ahead of the spread of Covid-19, which may in turn allow an easing of social distancing requirements.

The downside is the inherent loss of privacy. If abused, raw location data could reveal sensitive information about everything from political dissent to journalists' sources to extramarital affairs. But as these systems roll out, teams of cryptographers have been racing to do the seemingly impossible: Enable contact-tracing systems without mass surveillance, building apps that notify potentially exposed users without handing over location data to the government. In some cases, they're trying to keep even an infected individual's test results private while still warning anyone who might have entered their physical orbit.

"This is possible," says Yun William Yu, a professor of mathematics at the University of Toronto who has worked with one group developing a contact-tracing app for the Canadian government. "You can develop an app that both serves contact-tracing and preserves privacy for users." Richard Janda, a privacy-focused law professor at McGill University working on the same contact-tracing project, says they hope to "flatten the curve on authoritarianism" as well as infections. "We're trying to ensure that the way this rolls out is with consent, with privacy protection, and that we don't regret after the virus has passedas we hope it doesthat we've all handed over information to public authorities that we shouldn't have given."

WIRED spoke to researchers at three of the leading projects offering designs for privacy-preserving contact-tracing appsall of whom are also collaborating with each other to varying degrees. Here are some of their approaches to the problem.

Bluetooth Contact Tracing

The best way to protect geolocation data from abuse, argues Stanford computer scientist Cristina White, is not to collect it in the first place. So Covid-Watch, the project White leads, instead anonymously tracks contacts between individuals based on their phones' Bluetooth signals. It never needs to record location data, or even to tie those Bluetooth communications to someone's identity.

Covid-Watch uses Bluetooth as a kind of proximity detector. The app constantly pings out Bluetooth signals to nearby phones, looking for others that might be running the app within about two meters, or six and a half feet. If two phones spend 15 minutes in range of each other, the app considers them to have had a "contact event." They each generate a unique random number for that event, record the numbers, and transmit them to each other.

Got a coronavirus-related news tip? Send it to us at covidtips@wired.com.

If a Covid-Watch user later believes they're infected with Covid-19, they can ask their health care provider for a unique confirmation code. (Covid-Watch would distribute those confirmation codes only to caregivers, to prevent spammers or faulty self-diagnoses from flooding the system with false positives.) When that confirmation code is entered, the app would upload all the contact event numbers from that phone to a server. The server would then send out those contact event numbers to every phone in the system, where the app would check if any of the codes matched their own log of contact events from the last two weeks. If any of the numbers match, the app alerts the user that they made contact with an infected person, and displays instructions or a video about getting tested or self-quarantining.

"People's identities aren't tied to any contact events," says White. "What the app uploads instead of any identifying information is just this random number that the two phones would be able to track down later but that nobody else would, because it's stored locally on their phones."

Redacted Location Tracing

Bluetooth tracing has limitations, though. Apple blocks its use for apps running in the background of iOS, a privacy safeguard intended to prevent exactly the sort of tracking that now seems so necessary. The novel coronavirus that causes Covid-19 can also remain on some surfaces for extended periods of time, meaning infection can happen without phones having the opportunity to communicate. Which means GPS location tracking will likely play a role in contact-tracing apps, too, with all of the privacy risks that come with sharing a map of your movements.

One MIT project called Private Kit: Safe Paths, which says it's already in discussions with the WHO, is working on a way to exploit GPS while minimizing surveillance. MIT's app is rolling out in iterations, starting with a simple prototype that allows people to log their locations and share them with health care providers if they're diagnosed with Covid-19. The current version asks users to tell health care providers which sensitive locations they should redactlike homes or workplacesrather than being able to do it themselves. But the next iteration of the app will build in the ability to sort all the recorded locations of any users diagnosed as Covid-19 positive into "tiles" of a few square miles, and then cryptographically "hash" each piece of location and time data. That hashing process uses a one-way function to transform each location and timestamp in a user's history into a unique numbera process that's designed to be irreversible, so those hashes can't be used obtain the location and time information. And only those hashes, sorted by what "tile" of several-square-mile areas they fall into, would be stored on a server.

Read all of our coronavirus coverage here.

To check if a healthy user has crossed paths with an infected one, a Safe Paths user will choose "tiles" on a map that they've traveled in. Their app then downloads all the hashes of the timestamped locations of infected users within those tiles. It then performs the same hashing function on all the timestamped locations in their own history, compares those hashes to the downloaded ones, and alerts them if it finds that a hash matches with one of the downloaded ones. That match means they were at the same place, at roughly the same time, as someone who's Covid-19 positive.

Continue reading here:
Clever Cryptography Could Protect Privacy in Covid-19 Contact-Tracing Apps - WIRED

Cryptography is technique of securing information and communications through use of codes so that only those person for whom the information is intended can understand it and process it. Thus preventing unauthorized access to information. The prefix crypt means hidden and suffix graphy means writing.

In Cryptography the techniques which are use to protect information are obtained from mathematical concepts and a set of rule based calculations known as algorithms to convert messages in ways that make it hard to decode it. These algorithms are used for cryptographic key generation, digital signing, verification to protect data privacy, web browsing on internet and to protect confidential transactions such as credit card and debit card transactions.

Techniques used For Cryptography:In todays age of computers cryptography is often associated with the process where an ordinary plain text is converted to cipher text which is the text made such that intended receiver of the text can only decode it and hence this process is known as encryption. The process of conversion of cipher text to plain text this is known as decryption.

Features Of Cryptography are as follows:

Types Of Cryptography:In general there are three types Of cryptography:

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.

thumb_up 4

Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.

Post navigation

Previous

Next

Here is the original post:
Cryptography and its Types - GeeksforGeeks

A patent recently approved for the mining system Microsoft Bitcoin will revolutionize the way that people view the mining operations cryptographic. The technology giant, Microsoft, has patented a new solution of mining cryptographic. Using the data of body activity to reward people with digital cash when doing certain tasks.

The last patent of the giant technology, Microsoft, refers to revolutionize a system of mining is cryptographic. This rewarding the human with cryptocurrencies by performing physical tasks. The new and promising mining system Microsofts goal is to reduce the calculation power. And, in turn, increase the processing speed. In this way, the data of the human body are recorded when a person performs any type of physical activity. In this sense, the information is received with the brain waves or body heat, generated by the people when performing certain tasks. Like to see an ad, or using certain Internet services, and rewarded with criptos. Unlike conventional cryptography as the Blockchain of Bitcoin. Since, the miners use an expensive hardware equipment to remove Bitcoin (BTC). The new system, Microsoft uses the data generated in function of the body activity of a user as proof of work. Thus, it enables users to solve unconsciously the difficult computer problem.

The patent document that is going to revolutionize the mining of the Microsoft Bitcoin sheds further light on the innovative concept that combines both the health and the cryptography. The system aims to reduce the computation power needed to exploit digital assets, while speeding up the extraction process. Microsoft said: Some embodiments exemplary of the present disclosure may use the activity of the human body associated with a task provided to a user, as a solution to the challenges of the mining cryptocurrencies. In the place of work of mass computing that require some cryptographic systems conventional, the data generated in function of the body activity of the user can be a proof-of-work. Therefore, a user can resolve unconsciously, the problem of difficulty of calculation. Also, Microsoft added: A server may provide a task to a device of a user that is coupled communicatively to the server. A sensor coupled communicatively to the user device or included in it can detect the physical activity of the user. Also, a system of cryptography integrated on the users device can verify whether the data of bodily activity meet one or more conditions. And so, grant cryptography the user whose activity data body check.

Read the rest here:
Microsoft raises revolutionize the mining Bitcoin - Cryptocurrency Market

ZeroDark is honored to announce the newest member of its Board of Directors: senior information security executive Tarah Wheeler.

Wheeler is widely acclaimed for her expertise in operational security management and media commentary on international security. She began her tech career a quarter century ago in computer repair, became a Linux systems administrator and web application developer, and moved into security operations at companies such as Silent Circle, Symantec and Splunk.

ZeroDark is a brilliant, economical infrastructure solution built solidly on the fundamentals of cybersecurity by the people who invented a huge amount of the cryptography baked into the worlds most ubiquitous products, said Wheeler. In these changing times, Im thrilled to work with a team of global security experts to bring real encryption to everyone, not just governments and multinational corporations. Everyone deserves privacy and confidentiality, and the right to own their own data.

Wheelers 2018 article In Cyberwar, There Are No Rules is the top Foreign Policy article on cyberwarfare. Wheeler has testified on cybersecurity to the Washington State Senate, and spoken at the Malaysian Securities Commission, on Bloomberg Asia, at the United States Federal Trade Commission, Stanford University, the University of Oxford, and the United States Military Academy at West Point. She is an oft-invited cybersecurity expert at the Organization for Economic Cooperation and Development in Paris. She wrote the 2016 bestselling career bookWomen In Tech.

We are very excited to have Tarah join our Board of Directors said ZeroDark Chief Executive Officer Vinnie Moscaritolo. Her world-class risk assessment and operational skills will enableZeroDark to become the premier independent cloud for consumers.

In addition to Wheeler, ZeroDarks Board of Directors includes Jon Callas, Robbie Hanson, and Vinnie Moscaritolo.

For more information, visithttps://www.zerodark.coop.

About ZeroDark Cooperative

ZeroDark Cooperative was founded by Vincent Moscaritolo and Robbie Hanson. Moscaritolo pioneered technologies for secure messaging and email as co-founder of Silent Circle and Principal Crypto Engineer at PGP, Inc. Hanson is an AWS, Sync, and Blockchain expert and a top 100 Github Star. Their advisors include the well-known cryptographer and ACLU senior technology fellow, Jon Callas, and Phillip Dunkelberger, the President & CEO at Nok Nok Labs, who has more than 30-years in cybersecurity experience. Lastly, TK Eppley also brings his leadership experience gained during his career as a cybersecurity executive and a United States Navy SEAL.

More here:
Experienced Security Executive & International Conflict Policy Expert Tarah Wheeler Joins ZeroDark Board Of Directors - PRUnderground

HONG KONG, April 7, 2020 /PRNewswire/ --The Hong Kong Applied Science and Technology Research Institute (ASTRI) has kicked off a significant initiative that will see the railway system in Hong Kong become smarter and safer.

ASTRI will explore innovations that will apply its award-winning technology solutions in a collaboration with MTR Corporation. The two parties last Friday signed a Memorandum of Understanding (MOU) to establish the MTR ASTRI Joint Railway Innovation Laboratory.

ASTRI Chief Executive Officer Mr Hugh Chow said: "ASTRI pursues innovation that enhances Hong Kong's technology-based industries and improves the lives of its residents and that includes how they get to work or go about for leisure. The MOU will set in motion far-reaching opportunities as ASTRI's award-winning research and innovation will be put to real-life use cases to help the city's railway operator enhance efficiency and productivity."

About ASTRI

Hong Kong Applied Science and Technology Research Institute (ASTRI) was founded by the Government of the Hong Kong Special Administrative Region in 2000 with the mission of enhancing Hong Kong's competitiveness in technology-based industries through applied research. ASTRI's core R&D competence in various areas is grouped under five Technology Divisions, namely Artificial Intelligence and Big Data Analytics, Communications, Cybersecurity, Cryptography and Trusted Technologies, Integrated Circuits and Systems, and IoT and Sensors. Five areas of applications including Smart City, Financial Technologies, Intelligent Manufacturing, Health Technologies, and Application Specific Integrated Circuits.

For further information, please visit http://www.astri.org.

Media Enquiries:

Mr Terry LeeHead of Public AffairsTel: +852 3406 2517Email: terrylee@astri.org

SOURCE Hong Kong Applied Science and Technology Research Institute (ASTRI)

See the original post:
ASTRI sets up joint innovation lab with railway operator for smarter railway - Yahoo Finance

In my last blog post about Zoom, I noted that the company says "that critics have misunderstood how they do encryption." New research from Citizen Lab show that not only were the critics correct, Zoom's design shows that they're completely ignorant about encryption. When companies roll their own crypto, I expect it to have flaws. I don't expect those flaws to be errors I'd find unacceptable in an introductory undergraduate class, but that's what happened here.

Let's start with the egregious flaw. In this particular context, it's probably not a real threat I doubt if anyone but a major SIGINT agency could exploit it but it's just one of these things that you should absolutely never do: use the Electronic Code Book (ECB) mode of encryption for messages. Here's what I've told my students about ECB:

Again, it would be hard to exploit here, but it suggests that the encryption code was written by someone who knew nothing whatsoever about the subject and lays open the suspicion that there are deeper, more subtle problems. I mean, subtle problems are hard to avoid in cryptography even when you know what you're doing.

The more important error isn't that egregious, but it does show a fundamental misunderstanding of what "end-to-end encryption" means. The definition from a recent Internet Society brief is a good one:

End-to-end (E2E) encryption is any form of encryption in which only the sender and intended recipient hold the keys to decrypt the message. The most important aspect of E2E encryption is that no third party, even the party providing the communication service, has knowledge of the encryption keys.

As shown by Citizen Lab, Zoom's code does not meet that definition:

By default, all participants' audio and video in a Zoom meeting appear to be encrypted and decrypted with a single AES-128 key shared amongst the participants. The AES key appears to be generated and distributed to the meeting's participants by Zoom servers.

Zoom has the key, and could, in principle, retain it and use it to decrypt conversations. They say they do not do so, which is good, but this clearly does not meet the definition [emphasis added]: no third party, even the party providing the communication service, has knowledge of the encryption keys."

Doing key management that is, ensuring that the proper parties and only the proper parties know the key is a hard problem, especially in a multiparty conversation. At a minimum, you need assurance that someone you're talking to is indeed the proper party, and not some interloper or eavesdropper. That, in turn, requires that anyone who is concerned about the security of the conversation has to have some reason to believe in the other parties' identities, whether via direct authentication or because some trusted party has vouched for them. On today's Internet, when consumers log on to a remote site, they typically supply a password or the like to authenticate themselves, but the site's own identity is established via a trusted third party known as a certificate authority.

Zoom can't quite do identification correctly. You can have a login with Zoom, and meeting hosts generally do, but often, participants do not. Again, this is less of an issue in an enterprise setting, where most users could be registered, but that won't always be true for, say, university or school classes. Without participant identification and authentication, it isn't possible for Zoom to set up a strongly protected session, no matter how good their cryptography; you could end up talking to Boris or Natasha when you really wanted to talk confidentially to moose or squirrel.

You can associate a password or PIN with a meeting invitation, but Zoom knows this value and uses it for access control, meaning that it's not a good enough secret to use to set up a secure, private conference.

Suppose, though, that all participants are strongly authenticated and have some cryptographic credentials they can use to authenticate themselves. Can Zoom software then set up true end-to-end encryption? Yes, it can, but it requires sophisticated cryptographic mechanisms. Zoom manifestly does not have the right expertise to set up something like that, or they wouldn't use ECB mode or misunderstand what end-to-end encryption really is.

Suppose that Zoom wants to do everything right. Could they retrofit true end-to-end encryption, done properly? The sticking point is likely to be authenticating users. Zoom likes to outsource authentication to its enterprise clients, which is great for their intended market but says nothing about the existence of cryptographic credentials.

All that said, it might be possible to use a so-called Password-authenticated key exchange (PAKE) protocol to let participants themselves agree on a secure, shared key. (Disclaimer: many years ago, a colleague and I co-invented EKE, the first such scheme.) But multiparty PAKEs are rather rare. I don't know if there are any that are secure enough and would scale to enough users.

So: Zoom is doing its cryptography very badly, and while some of the errors can be fixed pretty easily, others are difficult and will take time and expertise to solve.

Visit link:
Zoom Cryptography and Authentication Problems - CircleID

Identiq uses cryptographic algorithms and preserves customer privacy while enabling companies to to identify new customers through a network of trust.

An ID validation and fraud prevention startup has developed what it claims is the first and only truly anonymous peer-to-peer verification network that enables companies to work together to validate identities without sharing or exposing any personal customer data. Identiq uses cryptographic algorithms to anonymously compare new user data against identities already trusted by other network members while preserving customer privacy, the company said. It was named a Gartner "Cool Vendor" for privacy.

Neither blockchain or artificial intelligence are usedonly cryptography, said Uri Arad, co-founder and vice president of product. So far, he said, over 20 companies in retail, ridesharing, travel, gaming, and social networking have expressed interest in joining the network when it launches this quarter.

Member B2C companies "can validate their users by working together as a network to ask questions about people and data points they don't know'' and vouch for them as trustworthy users, explained Identiq Chief Marketing Officer Shmuli Goldberg.

He added that no data is ever shared among network members or with Identiq. "This is in direct contrast with how this industry has been running" for over 20 years, Goldberg said, noting that Equifax and other credit bureaus collect and allow a company to validate a consumer's data against what they have in their databases.

"We are posing the exact opposite [model] and we believe, and our tech has shown, we can create a better user experience trying to validate user identities without sharing any data whatsoever," he said.

SEE:Windows 10 security: A guide for business leaders(TechRepublic Premium)

The technology can sniff out fraudsters and verify identity without relying on the usual methods of checking against third-party data providers, Goldberg said. It does it without sharing or storing any information at all, thus eliminating ID theft and personal information sprawl, he said.

After spending several years at PayPal managing risk analysts and data scientists, Arad said, he came to the realization that even very large companies "struggle to manage risk when it comes to new customers or any information they have not seen before," and that "this is what fraudsters are taking advantage of.''

If new information is coming in when a person opens an account online, he said. "there's nothing for you to say this looks suspicious. The only way companies are able to make any progress in this area is by going to external data vendors and asking them what they think,'' he said.

The idea is to make it easy for companies to identify who their new customers are through a "network of trust," he said. They can do that without sharing the customer's personal information, he said.

"We looked into a branch of cryptography called multi-party computation, which is over 30 to 40 years old," Arad said. "This branch deals with the question of how multiple parties can calculate some function together without revealing their own individual inputs."

For example, if you were conducting an online auction, every participant can make a bid and multi-party computation can allow the participants to find out who the winner is without revealing individual bids, he said.

Another example would be in a ride sharing scenario--it's very important to validate the identity of both the driver and the riders for the safety of both, said Goldberg.

"Instead of building a large database to solve identity, we are the first company that says we don't want your datawe see no data, we buy/sell/share no data," he stressed. "That's the inverse of the model of the vast majority of solutions on the market today."

Multi-party computation allows parties to make sure they both have the same phone number or more sensitive information like credit card data "without me having to tell you what I have and vice versa,'' Goldberg said.

Since it is a provider-less technology company, Identiq's revenue model will be to take a small portion of what people pay to use the network, he said.

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

See the original post here:
Fraud prevention startup working on anonymous peer-to-peer verification network - TechRepublic