LouvainlaNeuve, Belgium February 23rdt, 2017 Barco Silex, leading provider of security IP cores, announces that Neowine, the Korean leader in security solutions for mobile communication and IoT applications, has selected Barco Silex IP core for public key cryptography. With an unrivaled ratio between performance and size, the BA414EP core will add asymmetric encryption to Neowines product line of ASICs, which are designed to secure communication and data exchanges in e.g. smartphones and IoT devices.

Public key cryptography is widely used to set up secured communication such as voice or data exchanges, over an open network where there is no hidden channel to exchange secret keys. However, the complex algorithms that are required, take a heavy toll on the computational resources of an application. The BA414EP IP core from Barco Silex allows the complete offloading of the computations involved in public key exchange, to dedicated hardware in the most efficient way.

Neowine designs ASIC security solutions that bring added value to e.g. smartphones, sensors or other IoT devices. But the manufacturers of these products will only integrate these ASICs if they dont impact speed, power and the bill of materials. Therefore, when we were looking for a public key core, our requirement was the combination of maximal performance with a minimal silicon footprint, says John E. Lee, CEO of Neowine. The Barco Silex public key IP core (BA414EP) fits these requirements perfectly and we selected Barco Silex as our Crypto IP provider for our next-generation products

The BA414EP IP block is part of a comprehensive library of crypto IP blocks offered by Barco Silex. These are recognized as the best performing and most versatile available in the industry. This is because we have created our IP blocks with flexibility and scalability in mind, says Pieter Willems, marketing manager security products at Barco Silex. As a result, they can fit in any ASIC or FPGA footprint requirement and still perform extremely well, even in environments where the available footprint is as low as in Neowines ASICs.

About Barco Silex

Barco Silex is a world leader in security IP cores and platforms, encryption and video processing, as well as in electronic design services (ASIC, FPGA, DSP, Board). Thanks to its continued stream of innovations, Barco Silex provides state-of-the-art security solutions, with security platforms and encryption cores that deliver unrivaled speed and performance in a very compact footprint. Barco Silex is a subsidiary of Barco (NYSE Euronext Brussels: BAR), the global leader in networked visualization products for the entertainment, enterprise and healthcare markets. For more information about Barco Silex: http://www.barco-silex.com

About Neowine

Neowine is a leading provider of ICs, algorithms and IP to IoT devices and mobile products. Headquartered in Seongnam (Korea), the company helps its customers to add value to their products, enhancing them with a high level of security. Under the tagline For a more secure world", the company markets its ALPU and DORCA series ICs designed for system copy protection and IoT security.

Product page: http://www.barco-silex.com/products/security/public-key-asymmetric/

See the original post:
Neowine selects Barco Silex public key cryptography IP as most efficient hardware block - Design and Reuse (press release)

The world of assets is taking on a digital nature. To accommodate this transition, new exchanges have to be created where digital assets can be traded in a user-friendly and secure environment. Lykke, a Swiss-based digital exchange enabling peer-to-peer trades and second-by-second interest payments, is en route to becoming one of the big players in this sector.

The Lykke team envisions a bright future of trading digital assets through a global marketplace based on blockchain technology. All platform users can trade national currencies, cryptocurrencies, and cryptographic tokens through their mobile device. More importantly, the company charges no fees and puts a lot of focus on colored coins, which hold a lot of potential in the world of digital assets.

The way things stand right now, Lykke is well underway to become one of the worlds first regulated marketplaces using cryptographic technology. To celebrate the teams achievements to date, a special event was organized in Switzerland on February 9, 2017. During this event, the company announced its proprietary 1-year forward offering, which is quite similar to forward contracts as we know them today.

At the same this, Lykkes forward offering is very different compared to traditional forward contract. The instrument provided by Lykke runs for the entirety of the contract period. Traditional forward contracts are only settled on the settlement date. Providing second-by-second interest rates is quite a novelty in the financial sector, which makes Lykke a very unique and attractive platform. This special investment vehicle is only available until February 28, 2047, though.

As part of Lykkes 1-year forward offering, investors can obtain a 20% discount subject to holding Lykke coins for one full year. The team plans to sell 50 million coins priced at CHF 0.04 per coin to raise close to 2 million Swiss francs. All issued coins are registered on the blockchain and a batch of 100 coins equals one Lykke share.

Lykke CBDO Demetrios Zamboglou stated:

Genuine change in todays financial services jungle can only be achieved through robust technology that serves the betterment of all, rather than just its gatekeepers. Lykke is committed to creating a means for anyone to conduct financial transactions and store their assets in secure digital blockchains, secured from any single authority or counterparty. Blockchain-powered crypto-currencies are actively demonstrating their superiority over the fiat-paper status-quo, for so long the bastion of big banks. Blockchain technology is here to show financial services as a sector that there is a better way, and theres no turning back.

It is important to note the Lykke project received US$2.8m in funding once the project was announced in 2015. Right now, the company is in talks with the FCA to receive an investment firm license for their multilateral trading facility. By focusing on national currencies, cryptocurrencies, and other digital assets, Lykke is well underway to appeal to different types of investors. With a centralized matching engine and a decentralized settlement system, Lykke holds all of the trump cards to disrupt the financial trading sector in the future.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news

More:
Cryptography-based Decentralized Marketplace Lykke Announces 1-year Forward Offering - The Merkle

Many developers consider the Libsodium library the go-to source of application-layer cryptography. It is thought to offer a portable, cross-compilable, easy-to-use library that can be applied to most standard crypto functions such as encryption, decryption, signatures and password hashing.

Now, the PHP core will be bound with the Libsodium cryptography libraries as of version 7.2. This merger is scheduled to emerge toward the end of this year, Bleeping Computer reported.

The impetus for the change involved a new kind of environment that PHP which powers at least 82 percent of websites, according to Bleeping Computer encountered when running the WordPress content management system (CMS). Researchers have found numerous WordPress vulnerabilities of late, and the solution usually includes another PHP extension that functions as a CMS security-oriented extension.

However, problems can arise when using a shared host provider (SHP) rather than kind that provides root access in the cloud by default. SHPs do not want all sorts of PHP extensions roaming throughout their systems because if PHP breaks breaks something, they have to clean up the resulting mess. These limitations could lead to unsecured WordPress environments.

Scott Arciszewski, chief development officer at Paragon Initiative Enterprises, told Bleeping Computer that having all the raw, cryptographical goodness of Libsodium under the hood of PHP will have many salutary effects.

For example, he believes that Libsodium can eliminate the need for the number of PHP extensions otherwise required for a WordPress installation. The basic and secure cryptography, he reasoned, would be supported by default, and WordPress developers will be attracted to the newer and more secure functions.

Arciszewski further explained his reasoning on the Paragon Initiative blog. There he added that PHPs commitment to cryptography is the first of its kind, and any future developments or similar relationships should only enhance security.

It remains to be seen whether adding Libsodium to PHP will increase the use of cryptography tools and result in more concrete security. However, its a step in the right direction for sure.

View original post here:
PHP Will Incorporate Libsodium for Crypto - Security Intelligence (blog)

Typos aren't just a headache they can sometimes have very costly consequences.

On Friday, digital currency Zcoin announced that a typographical error had let an unidentified attacker make a profit of around $400,000 (320,000).

Zcoin is similar to Bitcoin it's a digital currency powered by cryptography, and without any single central bank. It's based on Zerocoin, a software protocol that was developed to to provide its users with "complete financial privacy and anonymity."

But in implementing it, the Zcoin made a single screw-up. "Yesterday, our team found a bug in our implementation of Zerocoin," Zcoin community manager Reuben Yap wrote in a blog post on Friday. "A typographical error on a single additional character in code allowed an attacker to create Zerocoin spend transactions without a corresponding mint."

In other words, they got a single letter wrong in their code and this let a hacker steal coins by cashing out from single transactions multiple times.

Yap emphasises that there's nothing wrong with Zcoin's cryptography it was just the typo that was the problem. "The exploit happened due to the bug in the code and not from any weakness in the cryptography. The bug from the typo error allowed the attacker to reuse his existing valid proofs to generate additional Zerocoin spend transactions," he wrote.

In short: It's human error, they argue, rather than any fatal flaw in the Zcoin project.

The still-unidentified attacker was able to steal around 370,000 Zcoins around $680,000-worth (546,000) at current exchange rates, according to CoinMarketCap. Almost all of these have already been sold on, netting the attacker a profit of around 410 bitcoin $437,000 (351,000) according to Zcoin.

The attacker evaded detection for weeks by slowly making payments and withdrawals. "From what we can see, the attacker (or attackers) is very sophisticated and from our investigations, he (or she) did many things to camouflage his tracks through the generation of lots of exchange accounts and carefully spread out deposits and withdrawals over several weeks," Yap wrote.

"We estimate the attacker has created about 370,000 Zcoins which has been almost completely sold except for about 20,000+ Zcoin and absorbed on the market with a profit of around 410 BTC. In other words, the damage has already been mostly absorbed by the markets."

Get the latest Bitcoin price here.

More from AOL.com: After a local college went Bigfoot hunting, a state senator introduced a bill nobody would have ever thought necessary Texas woman claims Popeyes served her flesh-eating worms Man spotted swimming dangerously close to lava

Read more here:
A single typo let hackers steal $400000 from a bitcoin rival - AOL News

Artificial intelligence was a hot topic at RSA, but a panel of cryptography experts at RSA was not convinced that it would have a significant impact on cybersecurity.

A panel ofesteemedcryptographers at RSA 2017 expressed doubt over artificial intelligence's applicability in the cybersecurity space, tossing cold water on what otherwise appeared to be a hot technology at the conference.

"The real problem is that what AI and machine learning is great at is lots of data and dealing with it effectively and what we'redealing with, with the serious attacks are anomalous situations and AI does not look like it's going to be useful there," said Susan Landau, professor of cybersecurity policy and professor of computer science at Worcester Polytechnic Institute, during the session earlier this week.

Adi Shamir,Borman professor of computer science at the Weizmann Institute in Israel, said that AI would likely be helpful in defending against attacks when they happen, but not sniffing out threats before they materialize.

"I think that AI can be very helpful on the defensive side," said Shamir, who earlier this month was named a recipient of the 2017 Japan Prize. "I doubt it would be so helpful for new zero days because this requires more ingenuity and originality. But when you talk about finding deviations from normal behavior, I think that AI systems are going to be very useful... So I'm optimistic about AI being useful in defense, but not in offense."

Ronald Rivest, a professor at the MIT Institute, said that he was "skeptical" that AI would have a significant impact on security. He did, however, acknowledge that AI played an important role in spreading fake news and propaganda during the U.S. election. "There are AI bots talking on chat rooms... adding misinformation and disinformation," said Rivest. "I can imagine 10 or 15 years from now, we're going to find ourselves competing to find the humans among just a sea of bots talking to each other intelligently."

But Shamir had a different vision for AI as it becomes super intelligent in the next 15 years: I can foresee a situation which we'll give all of the available data about cybersecurity to this program and it will think for a long time and then say in a calm voice, 'In order to save the Internet I'll have to kill it,'" said Shamir, facetiously. "'Cause the Internet as we know it today is beyond salvaging. I really think we should start over. AI could help us do it."

Rivest and Shamir are co-inventors of the RSA crypto system.

See the rest here:
Cryptography experts cast doubt on AI's role in cybersecurity - SC Magazine

Quantum computing and artificial intelligence have seen significant gains over the past few years. Some people have grown concerned about what this means for the cryptographic sector, as powerful quantum computers could virtually break any type of encryption we know today. Various cryptographers feel these potential repercussions are overstated. Moreover, they feel AI and quantum computing may not affect computer security all that much in the long run.

It is impossible to predict what the future may hold for computer security as a whole. Some things will need to change sooner rather than later, that much is certain. Unlike what to most people may assume, those changes may not be driven by artificial intelligence and quantum computing. Various cryptographers feel both of these technologies will have a minimal impact on computer security for the foreseeable future.

To put this news into perspective, artificial intelligence can be quite useful when it comes to computer security. Processing a big dataeffectively will require AI-based solutions. Turning big data streams into smart data humans can comprehend is not a task any person can complete by any means. Various companies are using artificial intelligence for this specific type of purpose already, with varying degrees of success along the way.

Moreover, artificial intelligence can be quite powerful when it comes to defending computer systems as a whole. Looking at behavioral patterns with this technology will cause the number of successful cyber attacks todecrease as time progresses. However, when it comes to offensive capabilities, there doesnt seem to be much chance of success in its current form. Identifying zero-day exploits, for example will require a bit more ingenuity.

On the quantum computing front, cryptographers are showing fewer signs of concern. While there have been significant advances in the field of quantum computing these days, quantum cryptography seems to be following a very different path. In fact, there is no real indication RSA encryption can be affected by quantum computing anytime soon. It is expected no real progress will be made in quantum crypto before 2031, although that deadline is not set in stone by any means.

Cryptographers are more concerned about other tangible threats that may affect encryption and cryptography in the future. Weakening encryption, either on the software or hardware side, is a big problem. Weakened encryption is a direct threat to national interests, according to various cryptographers. Building a secure backdoor only the government can use is very impractical at best and will only leave the door open for criminals to access these services as well.

For the time being, there is no real threat from either quantum computing or AI when it comes to cryptography. There are other concerns that pose a more pressing threat to cryptographic standards. The growing number of restrictions on cryptographic research in specific regions, for example, has a lot of experts concerned right now. The government needs to focus on what really matters, rather than trying to introduce weakened standards.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Read the original post:
AI And Quantum Computing Pose No Threat To Cryptography ... - The Merkle

SAN FRANCISCO -- Each year at RSA Conference, the world's top cryptographers gather on stage after the show's opening keynotes to share their views and opinions on cryptography trends.

This year, the panel was moderated for the fourth consecutive time by Paul Kocher, president in the cryptography research division of Rambus. Kocher opened the session by pointing out that with exponential growth experienced in recent years with the internet, the internet of things and related technologies, each doubling of growth brings about more change than in all prior doublings -- combined.

Kocher said one bright spot this year is that cryptography is one of the few technologies that has been able to withstand "decades of scaling" and exponential growth.

Before diving into the latest cryptography trends, Kocher began the session by congratulating Adi Shamir on winning the Japan Prize, "a prestigious international award presented to individuals whose original and outstanding achievements are not only scientifically impressive, but have also served to promote peace and prosperity for all mankind."

Shamir, Borman Professor of Computer Science at the Weizmann Institute in Israel, said the honor was "much more than a personal prize," because the award is granted for all areas of science and technology, and the fact that they chose to honor achievement in cryptography was a sign of the importance of the field. Last year, two panel participants -- Whitfield Diffie and Martin E. Hellman, professor emeritus of electrical engineering at Stanford University, received the A.M. Turing Award for their foundational work in developing the fundamental basis of public-key cryptography.

Kocher's first question to the panel was how artificial intelligence would affect computer security. Ronald Rivest, a professor in the MIT Department of Electrical Engineering and Computer Science, opined that based on what was seen during last year's presidential election, chatbots might dominate in 10 to 15 years.

Shamir was more forceful, noting that when computers become super-intelligent they will be likely to say, "in order to save the internet I have to kill it. The internet as we know it today is beyond salvaging," when asked how to solve internet security problems. He added that "AI can be very helpful on the defensive side," but he doubted it would be very helpful in finding new zero-days because of the need for human originality. However, AI will be useful for finding deviations from normal behavior that will help compare "strange behaviors" to identify threats.

In response to a question about whether and how long it will take for quantum computers to be available to threaten traditional cryptosystems, Whitfield Diffie, cryptographer and security expert at Cryptomathic, suggested it would not be worth worrying about as "we'll be dead by then."

There's a "higher chance" that RSA will be broken by classical attempts, Shamir said, though he admitted it "could turn out quantum computers will be able to break all the quantum proof schemes we're working on now."

"We've tried to factor quickly for about two thousand years," said Susan Landau, Professor of Cybersecurity Policy and Professor of Computer Science at Worcester Polytechnic Institute, but she's "not seeing same level of math research behind proposed quantum algorithms," which she called "worrying." Many modern cryptosystems rely on the difficulty of factoring products of large primes to protect encrypted data.

In response to a question about controversy swirling around the 2016 election, Rivest pointed out that while allegations of rigging are not new, "trying to convince the winner" that he won is unusual. "We should have done post-election audits everywhere to see if there were problems."

The Russians, Landau said, see this as "war by other means" and are attacking the west this way. The techniques they use for hacking are "old-fashioned," but they are using the information in a new way. "We've known for 20 years that we need to protect government data," Landau said, but now that smaller civic organizations with fewer resources are being targeted, "that's a much broader swath of society we have to protect."

"The U.S. [has] done its share of similar dirty ops to influence other country's elections," Shamir added. "Using stolen documents that are compromising is not a new invention."

"I'm shocked -- shocked! -- by what the Russians have been doing, but they are not alone," Shamir said.

Kocher asked the panel about the recent statement by Attorney General Jeff Sessions, calling for the ability of law enforcement to "overcome encryption." Rivest said, "overcoming encryption, to me, means a backdoor," but Landau suggested there are other ways, and that she has not found those in Congress necessarily supporting Session's position.

For U.S. companies, Shamir said that putting backdoors in their products would be "shooting themselves in the foot."

Find out more about the voter database hacks that triggered election concerns

Learn about elliptic curve cryptography in ticketing

Keep up with the rest of the RSA Conference 2017

Excerpt from:
RSA panel covers cryptography trends, elections and more - TechTarget

CrackBerry.com

BlackBerry teams up with ISARA to work on quantum resistant cryptography CrackBerry.com Over the past few months, BlackBerry has been adding to their catalog of partners and today, have added another to the list. As announced on the Inside BlackBerry Blog, BlackBerry has now announced a new partnership with ISARA Corporation, the ... RSA Security Conference: ISARA and InfoSec Global Partner to ...Yahoo Finance RSA Security Conference: ISARA Launches Security Solution Suite to Prepare Businesses and Governments for ...EconoTimes BlackBerry Ltd.: BlackBerry Partners with ISARA to Secure the Quantum FutureThe Wall Street Transcript BetaKit all 6 news articles »

Link:
BlackBerry teams up with ISARA to work on quantum resistant cryptography - CrackBerry.com

Long term, who wins: the cryptographers or the code breakers?

Nobody breaks codes anymore, strictly speaking. When you hear about broken crypto, its most of the time about bugs in the implementation or about the use of insecure algorithms. For example, the DROWN attack that just won the Pwnie Award of the Best Cryptographic Attack at Black Hat USA exploits weaknesses in: 1) a protocol already known to be shaky, and 2) an algorithm already known to be insecure. So weve got unbreakable crypto, we just need to learn how to use it.

What innovations in cybersecurity should companies implement today?

The hot topic in my field is end-to-end encryption, or encryption all the way from the senders device to the recipients device. This is therefore the strongest form of encryption. WhatsApp and Facebook recently integrated end-to-end encryption in their messaging platforms for the benefit of their users privacy. Enterprise encryption software lags behind, however, with encryption solutions that often expose the unencrypted data to an intermediate server. Thats acceptable, for example, for compliance or controllability reasons, but otherwise you should make sure that you use end-to-end encryption to protect sensitive information, such as VoIP phone calls (telecommunication standards, including the latest LTE, are not end-to-end encrypted).

What are the implications of mobile technology and wearables in personal security?

Companies creating those products often neglect security and privacy concerns to save cost (or through ignorance) while security experts tend to exaggerate these concerns. Well have to find a middle ground between the needs and expectations of users and regulations. Meanwhile, the lack of security in IoT systems creates great opportunities for conference talks and marketing FUD.

In the Internet of things, is everything hackable, and if so, will someone hack all the pacemakers some day and turn them off?

The everything is hackable mantra is actually less scary than it sounds. Literally everything is hackable: from your refrigerators micro controller to your mobile phone, as long as you put enough effort in it. One shouldnt think in terms of mere possibility but instead in terms of risk and economic interests: if I spend X days and Y dollars to hack a pacemaker, will my profit be worth the X-day and $Y investment? A secure pacemaker is obviously better than an insecure one, but the scenario you describe is unlikely to happen; it would just make a great movie plot.

Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, and holds a PhD in applied cryptography from EPFL. Switzerland. He has talked at top-tier information security conferences such as Black Hat, DEFCON, and RSA about applications of cryptography and quantum technologies. He designed the popular cryptographic algorithms BLAKE2 and SipHash, and organized the Password Hashing Competition project. He wrote the 2015 book The Hash Function BLAKE, and is currently writing a book on modern cryptography for a general audience. JP tweets as @veorq.

Tags cryptography Cybersecurity Encryption end-to-end encryption enterprise encryption Hackers jean-philippe aumasson

See more here:
Four Questions For: Jean-Philippe Aumasson - WebWorkerDaily

SUNNYVALE, Calif.--(BUSINESS WIRE)--

Intertrust Technologies Corporation, the worlds leading provider of secure and trusted distributed computing products and services, today announced the companys whiteCryption product line will support Swift programming language as part of its suite of enhancedapplicationsecurity solutions.

As the open-source Swift community becomes more popular among developers, we received requests from macOS and iOS developers for protecting Swift apps with our world-class app security solution, said Bill Horne, vice president and general manager of Intertrust Secure Systems. As a result, we now offer Swift support for our package of code protection solutions.

The Swift programming language was created for iOS, macOS and tvOS apps and was built on the best of C and Objective-C, without the constraint of C compatibility. According to recent GitHub data, Swift has grown 262 percent in 2016 and hit the top 10 list as one of the most popular programming languages. Swifts rise stems from its unique features that include an adopted safe programming environment, tools that make programming easier, and its flexibility.

whiteCryption products include software application security and white-box cryptography. Using whiteCryption, software developers and distributors can ensure that their applications function as intended, and that the data used by those applications is accessible only to those for whom it is intended.

Gartner has estimated that 26 billion devices will be online by 2020, Horne said. With connected devices come DDoS attacks, hacks, breaches and stolen data. Many of these apps and devices will be used in the healthcare, automotive and mission-critical infrastructure markets. This is not just about protecting data anymore; its about protecting lives. Our solutions offer enhanced protection, security and trust services to protect against a broad spectrum of malicious activities.

whiteCryption products include Code Protection, which consists of a comprehensive toolset for hardening modern software applications, and Secure Key Box, which is a cryptographic library that implements standard cryptographic algorithms in a way that completely hides the keys.

Swift support will be commercially available in the spring 2017. whiteCryption will be showcasing its application security software solutions Feb. 13-16, 2017, at the RSA Conference USA 2017, booth #N4334, Moscone Center, San Francisco, CA.

About Intertrust Technologies Corporation

Intertrust provides trusted computing products and services to leading global corporations from mobile and CE manufacturers and service providers to enterprise software platform companies. Intertrust holds hundreds of patents that are key to Internet security, trust, and privacy management components of operating systems, trusted mobile code and networked operating environments, web services, and cloud computing. The company has been privately held since 2003, and previously, publicly listed on NASDAQ from 1999. whiteCryption offers software code protection, white-box cryptography products and trust services to the world's leading software, hardware and content companies in the entertainment, automotive, IoT, health care and finance industries. For more information, visit http://www.whitecryption.com.

View source version on businesswire.com: http://www.businesswire.com/news/home/20170213005389/en/

View post:
Intertrust Announces whiteCryption Swift Support for Application Security Solutions - Yahoo Finance