Steve Anderrson Sunday, 12 January 2020, 12:59 EST Modified date: Sunday, 12 January 2020, 13:00 EST

Blockchain Technology quite famous in the areas where entertainment is involved since the propaganda is often used instead of theory. Another reason for it can be because everyone is used to the causal routine in cognition.

As it goes with the people, they tend to see the effect first, and then look at the cause. This method may be generally useful, but it is not always practical since it ignores the middle layer.

An easy way to explain this is to give the example of Huawei company. The standard effect of Huawei is high innovation and high profit.This is a fallacy since this cause and effect ignores Huaweis important middle tier.

Huawei had spent ten years, smashing billions of dollars, finally completing it with the support of IBM.As of the year 2019, many companies are preparing for the digital transformation in the next five years. Therefore, Huawei has achieved high-quality implementation for more than a decade ago.

Presently, for Baidu, we can notice that the blockchain has four elements: distributed data storage, point-to-point transmission, consensus mechanism, and lastly, encryption algorithm. However, these four elements are not the truth of the blockchain and only the four characteristics of the blockchain. The blockchain has its own middle layer.

Satoshi Nakamoto what the first one to create a decentralized experimental financial system successfully. It was operating on the Internet-Bitcoin, which considered as the origin of todays generalized blockchain.

Satoshi Nakamoto just focused on how to build a secure and reliable Internet. He had no idea that time that it will emerge as the basic tenet of blockchain teaching.His skilled application of cryptography and encryption algorithms considered to be one of the most admirable geniuses in the Bitcoin system.

The asymmetric encryption algorithm invented in 1976. After continuous optimization and evolution, it now considered being the most secure encryption algorithm for human beings.

Post the emergence of asymmetric encryption algorithms. They have widely used in security authentication as well as information transmission encryption.

Theoretically, the practice of secure operation of the Bitcoin system for so many years also proves the security and effectiveness it provides. Two users can freely and securely transfer large amounts of money.

Concluding it, the actual Bitcoin transaction is a bit more complicated, which is mainly due to the symmetric encryption conversion between public key and wallet address.

In fact, in the bitcoin world, private keys are essential. If you lose them, you really can not find them. It has estimated that the number of Bitcoins that cannot recovered due to the loss of the private key is more than 20%.

Read the original:
Understanding the Blockchain Apprehension Through Bitcoins Middle Tier Knowledge - The Coin Republic

Jan 12, 2020 at 10:20 // News

International Business Machines (IBM), an American multinational information technology firm, has managed to double the power of its quantum computer (QC) but this effort didnt break the encryption of Bitcoin (BTC), the original blockchain-based cryptocurrency.

During the CES 2020 conference that happened on January 8, the company revealed that it fruitfully completed a Quantum Volume (QV) of 32 with the help of its 28-qubit quantum PC called Raleigh.

In a nutshell, Quantum Volume is the metric used to define the intricacy of snags which can be deciphered and worked on by a QC. The QV can be employed to relate the performance of various quantum PCs and the information tech company has successfully doubled this value on a yearly basis, ever since 2016 (four years now).

The computer machines have for a good time been addressed as one of the powerful novelties happening within this very century, with budding applications in well-nigh every single sector such as healthcare, internet of things, artificial intelligence (AI), blockchain, financial modeling, etc.

Even though IBM's state-of-the-art advancements can be thought of as momentous progress, QCs can at this time only be applied for very definite errands, for instance, these machines are many miles in front of the universal classical PCs that we have been familiarly using. Per se, major fears have been developed thinking that these gadgets could be at one point in time be applied to break the cryptography employed to safeguard digital assets such as Bitcoin remain speculative, at any rate for the time being.

It is also claimed that since the system is designed completely around cryptographically protected transactions, then, it requires a much more powerful QC to crack and fissure the encryption that is applied to produce the private keys for BTC. As a matter of fact, as per the paper released in June 2017 by several authors including Martin Roetteler, the type of a quantum computer requires to command processing power of about 2,500 qubits in order to breakdown the 256-bit encryption being used by BTC.

Remember, the most powerful QC that we have now only has about 72-qubit processor, and this implies that it will take more time (in years) to touch encryption-intimidating levels. But that doesnt rule out the rate at which IBM and Google are trying to double the computing power year-in-year-out, hence becoming major threats to Bitcoin and the entire cryptocurrency community.

Read more here:
Bitcoin Remains Secure Regardless of IBM's Quantum Computing Boost - Coin Idol

Apple Inc is once again in the cross hairs of the US Department of Justice and the Federal Bureau of Investigation (FBI). In privacy-vs.-security case being dispute between Apple and the federal government.

Once again, the US Department of Justice is demanding that the company break into a locked iPhone. Once again, the company is resisting. And once again, the rest of us are worried spectators in a game of Whom do you trust?

In particular, the FBI wants Apples help in unlocking two phones belonging to Mohammed Saeed Alshamrani. The Saudi Air Force trainee who killed three people last month at Pensacola Naval Air Station.

Apple says it has turned over all the data it possesses but refuses to go any further. The FBI wants Apple to create a backdoor past the encryption that protects its devices.

Weve traveled this road before and the path is instructive. In 2016, the FBI demanded that Apple develop special software that would allow it to unlock an iPhone 5C used by Syed Rizwan Farook. One of two shooters in a terror attack that killed 14 people in San Bernardino.

When Apple refused, the government obtained a court order. Most of big tech weighed in on Apples side. Before the companys appeal could be heard, however, the FBI surprised everybody with the announcement that it had unlocked Farooks phone.

The DOJs inspector general later found that the FBI had not exhausted all possibilities before taking Apple to court. In particular and its important to follow the rabbit down the hole here the FBIs Cryptographic and Electronic Analysis Unit had not asked for the assistance of the Remote Operations Unit of the Technical Surveillance Section of its own Operational Technology Division.

This mouthful of alphabet-soup matters because, as it turns out, the head of the Remote Operations Unit knew of a vendor that was almost 90% of the way to finding a way to break into a locked iPhone. Upon learning of this, the department invited the vendor to demonstrate the capability. The next day, the suit against Apple was dropped.

Presumably in-house communications have been better this time around. Even so, one can understand why the FBI is back to asking Apple for help. Back in 2016, techies agreed that whatever trick DOJ used would work only once.

Apple would find out how the unnamed vendor broke the encryption, and close that vulnerability in the next generation of phones. Besides, Farooks device was an iPhone 5. As as security goes, thats practically the horse-and-buggy days. Quite likely, then, none of those alphabet-soup players have yet figured out how to break defeat the encryption on the newer devices.

Why does Apple continue to resist? And why do so many of us, notwithstanding our fears about terrorism, think Apple is right?

Heres one reason: The company does not currently have a means of breaking into a locked iPhone. Forced to develop one, Apple would most likely create a software update that, once sent to the device, would allow the phone to be unlocked through some means other than a password (or facial recognition or fingerprint).

But the mere existence of such a technology is inconsistent with the basis on which the phone is sold. The company proudly trumpets its own inability to recover data from a locked iPhone once the user has exhausted 10 tries at entering the password. The value of this encryption is priced into the device.

Even if we assume that the value of this feature to the consumer is quite small perhaps no more than one percent of the sale price the total value is quite considerable to Apple. In the 12 months ended September 28, 2019, Apples total revenue from selling iPhones was a bit over $142 billion. Thus a one percent security premium would come to $1.4 billion not pocket change even for a company whose market cap is currently thirteen figures.

Even if the value of the encryption to the buyer is only one half of one percent of the price of the phone, the loss to Apple is $700 million. If, on the other hand, you think the value of the security component is greater than one percent very much my own suspicion well, you can do the arithmetic.

In any case, lots of users are attracted to the notion that the Apple does not possess any secret way into the iPhone. (I certainly am.) The government, aware of this concern, insists its not asking Apple to create a backdoor; it only seeks a way to extract all the data on a pair of phones.

This bizarre bit of linguistic legerdemain is meaningless. To borrow from one of my mentors, you can call it Thucydides or you can call it banana peel, but its a backdoor all the same. Whatever the label, software that enables recovery of data without the password would mean a lot less privacy for users.

Still, perhaps youre wary of absolutes; maybe you believe that in a particular case, the need to prevent crimes particularly acts of terrorism should outweigh the individuals right to privacy. Fair enough. But do ask yourself this: Does history teach that the federal government, once in possession of a surveillance tool, will remain discreet and humble in its use?

Sadly, the record isnt good. Thats why were back here again. And why this time around, the fight will likely be to the finish.

____________

Stephen L. Carter is a Bloomberg Opinion columnist. He is a professor of law at Yale University and was a clerk to U.S. Supreme Court Justice Thurgood Marshall. His novels include The Emperor of Ocean Park, and his latest nonfiction book is Invisible: The Forgotten Story of the Black Woman Lawyer Who Took Down Americas Most Powerful Mobster.

Original post:
Apples iPhone Once Again in the Cross Hairs of the FBI - Chiang Rai Times

In the past, technology was a topic of discussion primarily among engineers and scientists. Debates would erupt over technology, but they were confined to esoteric conferences, labs or lecture halls.

Our connected world has changed all that. Now its not unusual for people to talk about technology its benefits, challenges and social implications. And those people are not always technical experts.

AI and autonomous cars, cloud, connected medicine and data breaches continue to be hot topics. But various policy and societal factors are pushing another technology issue encryption into the collective consciousness. Thats why we can expect 2020 to be the Year of Encryption.

This year, dialogue about encryption from a business, consumer and policy standpoint will reach a crescendo. This will happen in the U.S. and beyond. Here are a few examples.

Businesses are stepping up their strategies to ensure compliance with the 2020 California Consumer Privacy Act (CCPA). CCPA, which took effect Jan. 1, gives California residents control over their personal data. This will prompt more discussion and education about personal data privacy. And that will give businesses new incentives to employ encryption technology.

Theres movement on encryption at the federal level, too. A bipartisan group of Capitol Hill lawmakers have re-energized a push for encryption backdoors. And the Australian, U.K. and U.S. governments are pressuring Facebook to scrap plans for end-to-end encryption of Facebook Messenger.

Meanwhile, organizations with an international presence continue their work on General Data Protection Regulation (GDPR) compliance. They also must understand how Brexit will impact regulations governing storage and sharing of sensitive data. Such efforts have new urgency given that British lawmakers in December approved the Brexit bill. And businesses want to avoid the significant GDPR fines theyve seen some of their peers absorb.

As for consumers, they want more control and privacy over their data. And the advancement in facial recognition software and concerns about voter information protection leading up the U.S. election only amplify their concerns. Yet consumers are often confused about what data privacy really means and how to enable it.

But a growing number of individuals are now aware that encryption is part of the conversation. Encryption may never be a water cooler topic of conversation on par with Game of Thrones. However, in 2020, it will be more readily understood, discussed and debated than ever before.

Weve also been hearing about the arrival of the autonomous car for some time now. Autonomous cars were once a futuristic idea. But theyre here today, and several businesses have been investing in and experimenting with them.

That has prompted people to talk about autonomous vehicles and their potential benefits and dangers. When these vehicles first arrived on the scene, much of the talk was about their benefits. But experiments dont always go as planned; in fact, some are catastrophic failures.

This highlights the need for organizations to devote more time and effort to tackle the challenges autonomous vehicles present. (One of those challenges involves how to prevent tampering by bad actors.) As a result, the broad use of autonomous cars will be further in the future than originally expected. And the use cases for these vehicles largely will be limited to short distances and specific routes and speeds.

Cloud technology also continues to move forward while simultaneously taking a step back.

On the forward-moving front, worldwide public cloud spending is expected to approach $500 billion in 2023. If that plays out, it would be more than twice the public cloud spend from 2019.

But while adoption of public cloud is growing, many organizations are revisiting private cloud strategies. This boomerang effect is occurring as some organizations realize public cloud doesnt meet all their needs. That is sometimes due to security issues or the challenges of having to rewrite applications. As a result, many organizations that had planned to go 100% public cloud are opting to also use on-premises resources.

If you thought house calls were a thing of the past, think again. Like the cloud, medicine is also now coming back in house, at least to some extent.

In the year ahead expect to see more medical devices make their way into our homes. That includes equipment like breathing machines that used to be found solely in medical facilities.

Technological advances are now enabling manufacturers to make these devices smaller. And the fact that these devices are connected means they can be used at home. That can save time and money for consumers and the medical industry.

Data breaches continued to rise in 2019. And the growing number of medical and other connected devices only increases the threat surface and raises the stakes of cybersecurity. And our data-rich medical records have become the gold standard for todays cyber thieves.

That said, organizations must do more to safeguard the health and well-being of their customers. That involves having the right cybersecurity and personal data protection measures and technology in place.

But they need to do that without creating a lot of friction for their customers.

Finding the right balance is a significant challenge. But its worth the time and effort for organizations, which should figure encryption into the equation.

Too little security can result in loss of business, reputation and even stock value. Meanwhile, the right balance enables compliance, builds trust and allows for business growth and longevity.

Link:
Encryption Will Take Center Stage in 2020 - Security Boulevard

Expect the U.S. Department of Justice and officials from allied countries to push harder for large technology companies to give them access to customers' encrypted communications, and expect the tech companies to continue to resist.

The current push for tech companies to provide encryption backdoors started back in 2014, when then-FBI Director James Comey complained about law enforcement agencies "going dark" because of a lack of access to encrypted email, texts, and other communications. But current Attorney General William Barr and allies in the United Kingdom and other countries have stepped up the pressure on tech companies in recent months.

Encryption has "empowered criminals" as terrorists, human traffickers, and sexual predators shield their activities from police, Barr said in a speech in October. "As we work to secure our data and communications from hackers, we must recognize that our citizens face a far broader array of threats," he said. "While we should not hesitate to deploy encryption to protect ourselves from cybercriminals, this should not be done in a way that eviscerates society's ability to defend itself against other types of criminal threats."

The debate shifted into high gear in December. On Dec. 9, Facebook sent a letter to U.S., U.K., and Australian officials, rejecting their request that the company scrap its plans to offer end-to-end encryption across messaging services.

"We all want people to have the ability to communicate privately and safely, without harm or abuse from hackers, criminals, or repressive regimes," the letter said. "Every day, billions of people around the world use encrypted messages to stay in touch with their family and friends, run their small businesses, and advocate for important causes. In these messages, they share private information that they only want the person they message to see."

A day later, in a Senate Judiciary Committee hearing, Chairman Lindsey Graham threatened Facebook and Apple officials with legislation if they didn't give law enforcement encryption back doors.

"You're going to find a way to do this, or we're going to go do it for you," said Graham, a Republican from South Carolina. "We're not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion."

Many cybersecurity experts, however, have warned against the push for encryption back doors.

If law enforcement agencies get access to encrypted communications, it's only a matter of time before criminals figure it out, said Michael Frederick, CEO of software development firm Flatirons Development. There is no "middle ground" compromise to the encryption debate, he added.

"Any back door that is open to law enforcement to allow them to access encrypted materials will inevitably be discovered and abused by those with malicious intentions," he said. "That could be hackers in the U.S., or it could be overseas governments taking advantage of the loophole, presenting a risk to our national security."

When the loophole is discovered and shut down, "we will start this conversation over again," he predicted.

It's "impossible" to allow law enforcement access without also risking hacker access to encrypted communications, added Daniel Goldberg, security researcher at Guardicore, a cloud and data center security vendor.

"Regardless of the method, whether its key escrow or weakened access or any other buzzword of the month, encryption only works if it's total," he said. "If we go down this path, not far is the day when criminal groups or nation-states will have easy access to all private communications of common citizens."

Nevertheless, the push for access isn't all "fear, uncertainty, and doubt," Goldberg added. "By choosing privacy for all citizens, we also allow privacy to criminals," he said. "Law enforcement today relies on a hodgepodge of methods that try to go around end-to-end encryption, allowing sophisticated criminals freedom of action."

Meanwhile, security experts were split in their predictions on whether Congress would act to require law enforcement access. Some saw too much disagreement in Congress to move forward, while others predicted eventual action to require some type of access.

"Unfortunately, I can see Congress, in light of a national emergency or threat, taking action to weaken individual access to encryption technology," said Llewellyn Gibbons, a cyberlaw professor at the University of Toledo College of Law. "I doubt that Congress will take action on this as part of a reasoned debate that considers the commercial as well as individual privacy concerns."

Congressional action would be a significant change in U.S. government policy related to the internet, Gibbons added. "Such a change would be a dramatic shift from the self-government model that the U.S. government has encouraged on the internet."

View post:
Debate over access to encryption isn't going away - Washington Examiner

Although today much of the internet traffic is encrypted, attackers can still exploit it. While the need to examine encrypted traffic is obvious, the way to carry out decryption often remains a conundrum. Decrypting traffic can introduce performance bottlenecks and introduce potential privacy and compliance issues if the traffic is fully unshrouded. Finding a way to maintain performance and ensure compliance while also being able to properly examine traffic is becoming critical.

Encrypted traffic needs to be examined to uncover potential functions for controlling botnets and malware that are often hidden within secure tunnels. Examining encrypted traffic will also help investigate various issues. Take, for instance, a workstation that abruptly started to communicate using an outdated encryption algorithm. Such is likely a clear sign of being compromised. Or consider users communicating with servers with untrusted certificates. The ability to analyze encrypted communications such as these is growing more crucial each day for the effective enforcement of security policies.

While only half of internet traffic was encrypted in 2017, today it is over 80%. The era of a fully encrypted internet is already knocking on the door and, naturally, professionals responsible for security and risk management in companies are paying more attention. Encryption complicates the use of traditional security technologies, such as firewalls, and also often makes their use impossible. If you do not know what is hiding in packets, you cannot fully protect the corporate network or individual workstations from malware.

Today, the analysis of encrypted communication should be part of the portfolio of network monitoring and security for every company. Some security solutions are adding such capability, providing the ability to analyze header information of encrypted traffic without having to open the payload. Thanks to this functionality, enterprises are now able to display important details of encrypted communication, including detecting hidden malware. However, the encrypted content cannot be viewed without decryption. So it is important to get as much information as possible when the communication is not yet encrypted during the process of establishing the connection when the exchange of encryption keys and certificates is being conducted.

An example of this connection setup is a SSL/TLS handshake, which is required for establishing encrypted communication during which different TLS parameters are available and visible, including the TLS protocol version used by the server, encryption set, server name (SNI) indication, certificate issuer, public key, certificate validity, JA3 fingerprint and more.

The connection data can then be analyzed or used in different ways to manage the security of the organization. Based on the data, one can receive notifications of changes and events or use it for automatic alerts that are linked to other actions (emailing, running a user script, sending a syslog or an asynchronous notification in the form of an SNMP trap, etc.).

One of the easiest ways to detect malware and process indicator of compromise (IoC) is to analyze JA3 fingerprints. Using JA3 method, one can easily create SSL/TLS fingerprints on any platform. It is much more effective to use JA3 fingerprints to detect malware within SSL/TLS than to monitor the IP or domain IoC. It does not depend on whether the malware uses domain generation algorithms (DGA) or changes the IP addresses for each of its command and control (C2) hosts, not even when it uses, for example, Twitter, to control it. Since JA3 detects a client application directly, it can detect malware based on how it communicates instead of what it communicates through. Thanks to this, special tools such as those in Flowmon, in cooperation with the publicly available JA3 fingerprint database, can detect potential threats from specific JA3 fingerprints in encrypted communication.

Many companies rely on HTTPS communication and certificates issued by a certification authority for a given period to secure their internal communication or web presence. It is important to monitor the validity of the issued certificate to avoid a situation where data remains unsecured for some time. This can be elegantly solved by analyzing encrypted traffic, which provides, among other things, an overview of each certificates expiration. This allows one to monitor expiring certificates and completely avoid the problem of expired certificates altogether. One can also easily detect weak TLS 1.0 encryption with enough time to take all the necessary corrective steps.

Some security solutions provide encrypted traffic analysis on two levels. The first focuses on cryptographic evaluation, i.e. examines versions of the SSL/TLS protocol, cyber suite (encryption algorithms, key lengths) and certificates, while the second focuses on monitoring and security. It offers JA3 fingerprints for possible identification of malware or infected stations and ALPN for identifying protocols in encrypted communication and examines SNI and many other parameters.

For reliable threat protection, companies eventually will need to incorporate security tools based on behavioral analysis, artificial intelligence and encrypted communication analysis. These tools promise to detect malware in real-time encrypted traffic without impacting network throughput or degrading application performance. It will also require changes to existing security strategies to stop man-in-the-middle threats or attempts to steal corporate data promptly.

New security technologies such as these will be indispensable for not just protective security, but also for auditing. The technologies will help detect communications that use outdated certificates in violation of company policy, control the encryption strength or reveal data encryption vulnerabilities. Most organizations today can only get to such detailed overviews at the cost of laborious and time-consuming methods.

In a way, we can apply the Socrates dictum about the unexamined life not worth living to network security. Unexamined traffic undercuts all of the other important security methodologies and makes them not worth having, providing a way for attackers and bad actors to gain access to resources right under the nose of security inside encrypted tunnels. These need careful examination and can be done largely without performance penalties and compliance exposure.

See original here:
Encrypted Traffic Analysis Will Be Mandatory Soon - Security Boulevard

from the encryption-is-letting-dead-men-get-away-with-crimes-they-already-committed dept

It looks like the FBI wants to relitigate the San Bernardino shooting. After that tragedy, the FBI tried (and failed) to obtain legal precedent forcing cellphone manufacturers to crack open seized phones at the drop of a warrant. Finally, a third party sold a solution to the FBI that opened the phone and allowed it to recover nothing useful whatsoever from the shooter's device.

The FBI was displeased that it didn't get this precedent. Internal communications showed FBI officials were doing everything they could to avoid using a third-party solution. The theoretical existence of evidence related to a tragic shooting was the only leverage the FBI had and a private company's cracking service took that leverage away. It could no longer claim approaching Apple directly was the only way to access the contents of the phone.

The FBI is trying again. It has more locked phones and another shooting to use as leverage.

The FBI is asking Apple Inc. to help unlock two iPhones that investigators think were owned by Mohammed Saeed Alshamrani, the man believed to have carried out the shooting attack that killed three people last month at Naval Air Station Pensacola, Florida.

In a letter sent late Monday to Apple's general counsel, the FBI said that although it has court permission to search the contents of the phones, both are password-protected. "Investigators are actively engaging in efforts to 'guess' the relevant passcodes but so far have been unsuccessful," it said.

Apple is helping the FBI but it's not doing the only thing the FBI really wants it to do. Apple's statement says it's already turned over "all the data in [Apple's] possession." But it's not going to break the devices' encryption.

And no matter what legal precedent the DOJ obtains -- should it decide to force the issue by seeking a court order compelling decryption -- it still may not find anything useful, or indeed anything at all, if it manages to unlock the devices. There's a twist in this case that sets it apart from the San Bernardino shooting.

A law enforcement official said there's an additional problem with one of the iPhones thought to belong to Alshamrani, who was killed by a deputy during the attack: He apparently fired a round into the phone, further complicating efforts to unlock it.

Shooting someone right in the evidence is a new logistical hurdle -- one that probably can't be cleared with a stack of legal paperwork and precedent. But this is the FBI's latest attempt to undermine device encryption. Attorney General Bill Barr has made it clear he feels encryption is only good for criminals. If the DOJ decides to take another run at this, it will be less likely to back down even if presented with a third-party solution.

The FBI and DOJ are always on the lookout for another tragedy to use as leverage for anti-encryption precedent. Unfortunately, this country produces more than its share of mass shootings, so the FBI and DOJ will always have plenty to work with.

Filed Under: doj, encryption, fbi, going dark, pensacolaCompanies: apple

Read the rest here:
San Bernardino 2.0: FBI Asking Apple To Crack Encryption On Phones Owned By Pensacola Naval Station Gunman - Techdirt

The data protection landscape is rapidly changing in scope, breadth and depth. With changes to data protection laws in recent years, organisations today must keep up with all that is happening in the world of data protection.

Data protection no longer solely applies to risk management such as business continuity and disaster recovery, but also governance and compliance.

The protection of electronically stored information in all its different expressions should be at the forefront of any business. The permanent physical loss of key information, such as customer account information or the loss of confidentiality of sensitive information, could have a severe negative impact on a business and bring with it huge penalties and legal costs.

The loss of confidentiality of information through a data breach can carry high security threats and put businesses of all sizes at risk.

As data and business processes evolve with technological advances, enterprises are actively examining how to improve the data protection function from the perspectives of people, processes and technology. The key to choosing the data protection technologies is to understand the overall data protection infrastructure portfolio into which individual data protection technologies should fit.

The strength is in the hardware

As a solution, data encryption has received strong endorsement from the enactment of state, federal and international data protection legislation. Over the years, the disadvantages of software-based encryption have become increasingly recognised in the industry.

After all, software encryption is only as secure as the rest of the computer or smartphone. In software encryption, there are more possible attacks vectors that can lead, among others, to the ability for a hacker to crack the password. Software encryption tools also share the processing of your computer, which can cause the whole machine to slow down as data is encrypted/decrypted.

Unfortunately, some users remain unaware of the potential to solve these problems with hardware-based encryption. Through an industry-wide, open specification for hardware-based Self Encrypting Drives (SEDs), e.g., Opal Family Specifications, developed by Trusted Computing Group (TCG), the issues caused by software-based encryption are being addressed and the reasons for using a SED continue to grow.

SEDs are storage media that perform on-board encryption/decryption, as well as pre-boot authentication, maintain hashed passwords and offer on-the-fly erasure. In a SED, the entire drive, including the Master Boot Record (MBR) is encrypted and write protected at rest. As a result, the master boot record cannot be corrupted.

Compared to software-based encryption, hardware-based encryption built into a drive offers simplified management, interoperability among drives from different vendors and most importantly no performance impact. In fact, using a SED is much more cost-effective than buying higher performance main laptop processors when software Full-Disk Encryption (FDE) is used. SEDs integrate to systems and image the same as non-encrypting drives, with no initial encryption necessary, nor re-encryption when drives are re-imaged.

SEDs and TPMs the perfect match for data protection

In order to ensure better security, strong user authentication is needed. With a SED, access to the platform is based on secure authorisation performed by the SED and not by the less-secure software that can be spoofed into allowing unauthorised access to data. Combining hardware-based encryption with Trusted Platform Modules (TPMs) can provide even stronger security benefits in personal computers and can be used in a multitude of ways.

The TPM is designed as a root of trust for the computing platform. It can measure components such as the Basic Input/Output System (BIOS) to determine if the system has been hacked or an unauthorised change has been made. The SED has areas of protected storage that can be used in conjunction with the TPM. One use of these protected storage areas would be to keep a copy of sensitive software such as the system BIOS or MBR. If the TPM detects that the BIOS or MBR has been hacked, a new, unaltered copy of the software can be loaded before the system boots, resulting in a self-healing system.

The combination of SEDs and TPMs can also assure strong authentication. In this instance, the SED would store an alternative operating system in a read-only area of the drive. When the locked SED is powered up, a shadow MBR is used to load this pre-boot Operating System (OS).

The purpose of the pre-boot OS is to allow the user to enter their authentication credentials such as passwords, fingerprints, smart cards, or other tokens which are used to unlock the SED so that the normal MBR and OS can be loaded. Even though the SED protects the pre-boot OS from being altered, the TPM can be used to provide another layer of security by measuring the pre-boot OS each time it is loaded to assure that it has not been altered in an unauthorised way.

Some enterprises want to assure that a SED can only be unlocked by authorised users and in an authorised platform. The TPM can be used to store authentication credentials which are required in order to unlock the SED. At power up time, not only must the user enter their authentication credentials, but the TPM must be used in conjunction with the user authentication credential in order to produce the authentication credential which can unlock the SED.

Through combining hardware-based technologies like SEDs with TPMs, enterprises add another layer of security to their systems, ensuring the possibility of any loss of data is drastically reduced.

Protection against future security threats

Hardware-based encryption like that found in SEDs bring a lot of advantages including compliance, stronger security, integrated authentication and low total cost of ownership with an additional benefit of rapid data destruction or crypto-erase. While these convincing reasons remain valid, additional security scenarios provide even more compelling justification for organisations.

Corporations are reinitiating their spending and investments in technology for the future, with information security proving to be a key area to benefit from increased spending. With new approaches such as SEDs, corporations can obtain improved data security without the shortcomings of software-based encryption. Once potential users correctly and completely understand the capabilities of SEDs and the misconceptions are corrected as well, the increasing availability of SED options will provide the solution to cope with data security threats both now and long into the future.

By TCG Storage Workgroup

PrivSec Conferenceswill bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.https://www.privacyculture.com/

Excerpt from:
#Privacy: Self-Encrypting Drives are the answer to data protection concerns now and in the future - Security Boulevard

A monorail train displaying Google signage moves past a billboard advertising Apple iPhone security during the 2019 Consumer Electronics Show (CES) in Las Vegas, Nevada, U.S., on Monday, Jan. 7, 2019.

Bloomberg | Bloomberg | Getty Images

At last year's CES tech trade show in Las Vegas, Apple attracted a lot of attention because of a large well-placed billboard ad that read, "What happens on your iPhone, stays on your iPhone."

This year, Apple made its first official appearance at the conference in years and was forced to defend that position. Jane Horvath, Apple's senior director, was on a panel on Tuesday alongside representatives from Facebook, Procter & Gamble and the Federal Trade Commission, and was asked about the company's use of encryption.

Apple has long taken a controversial position on encrypting its devices, arguing that it has limited ability to help law enforcement crack into devices during criminal investigations. On Monday, the FBI sent a letter to Apple requesting assistance extracting data from password-protected iPhones used by Mohammed Saeed Alshamrani, who is suspected of killing three people last month in a shooting at a Navy base in Pensacola, Florida.

Horvath reiterated Apple's view that to protect customer data, if a phone is stolen or gets left in a cab, and ensure consumer trust, the company has designed its devices so that it can't access highly personal information. Apple says that, for locked phones, in order to retrieve data that hasn't been uploaded to the company's servers, it would have to build special software.

The Pensacola Naval Air Station main gate following a shooting on December 06, 2019, in Pensacola, Florida.

Josh Brasted | Getty Images

"Our phones are relatively small and they get lost and stolen," Horvath said. "If we're going to be able to rely on our health data and finance data on our devices, we need to make sure that if you misplace that device, you're not losing your sensitive data."

Horvath said that Apple has a team working around the clock to respond to requests from law enforcement. But she said she doesn't support building so-called back doors into software that would allow law enforcement elevated access to private data to solve crimes like terrorism.

"Building back doors into encryption is not the way we are going to solve those issues," Horvath said.

Apple's most high profile showdown with law enforcement came in 2016, when the Justice Department sued the company in an effort to get it to help obtain data from the phone of Syed Farook, who was responsible for the mass shooting in San Bernadino, California, which left 14 people dead. The FBI eventually said that it was able to gain access to the phone using a private vendor.

An Apple spokesperson told CNBC on Tuesday, in response to an inquiry about the recent Alshamrani case, that the company is working with authorities.

"We have the greatest respect for law enforcement and have always worked cooperatively to help in their investigations," the spokesperson said in an email. "When the FBI requested information from us relating to this case a month ago we gave them all of the data in our possession and we will continue to support them with the data we have available."

Tuesday's panel also included Erin Egan, Facebook's vice president for public policy, P&G global privacy officer Susan Shook and FTC Commissioner Rebecca Slaughter. Facebook also faces government pressure to build back doors into its software.

WATCH: CES highlights tech meant to be controlled with your mind

Read more:
Apple privacy officer says that 'building back doors' to access iPhone data won't help solve crimes - CNBC

Eternity Insights, adds a comprehensive research of the Encryption Software market that mentions valuable insights pertaining to market share, profitability graph, market size, SWOT analysis, and regional proliferation of this industry. This study incorporates a disintegration of key drivers and challenges, industry participants, and application segments, devised by analyzing profuse information about this business space.

This research study on the Encryption Software market is an apt exhibit of this industry sphere. It includes a detailed analysis of this vertical as well as substantial information on this business space, with regards to pivotal aspects such as the current revenue, profits projections, the latest market tendencies, market size, market share, and various other deliverables, over the forecast period.

Request a sample Report of Encryption Software Market at: https://www.eternityinsights.com/request-a-sample/12436

A brief overview of the performance of the Encryption Software market during the forecast timeframe has been provided. Information about the driving factors affecting the Encryption Software market outlook has been delivered, in conjunction with the growth rate that this business space is expected to register over the expected duration. Also, the Encryption Software market study delivers a detailed notion of the numerous challenges prevailing in this business space. Also, an in-depth understanding of the growth opportunities existing in this vertical is delivered in the study.

Main pointers presented in the Encryption Software market report:

Unveiling the Encryption Software market with respect to the geographical terrain:

Encryption Software Market Segmentation: USA, Europe, Japan, China, India, South East Asia

Information given in the market report with regards to the major industry indicators:

A comprehensive gist of the Encryption Software market with regards to the product and application spectrums:

Product landscape:

Product types:

Key insights delivered in the report:

Application spectrum:

Application segmentation:

Specifics given in the report:

Ask for Discount on Encryption Software Market Report at: https://www.eternityinsights.com/ask-for-discount/12436

Other major pointers included in the report:

Some details about the competitive terrain of the Encryption Software market include:

Vendor base of the industry:

Competitive analysis pointers mentioned in the report include:

The Encryption Software market analysis also speaks on important details pertaining to parameters such as market concentration ratio.

Read more at: https://www.eternityinsights.com/report/global-encryption-software-market

Some of the Major Highlights of TOC covers:

Chapter 1: Methodology & Scope

Definition and forecast parameters

Methodology and forecast parameters

Data Sources

Chapter 2: Executive Summary

Business trends

Regional trends

Product trends

End-use trends

Chapter 3: Encryption Software Industry Insights

Industry segmentation

Industry landscape

Vendor matrix

Technological and innovation landscape

Chapter 4: Encryption Software Market, By Region

Chapter 5: Company Profile

Business Overview

Financial Data

Product Landscape

Strategic Outlook

SWOT Analysis

About us:

our reputed market research & consulting portal, eternity insights publishes industry/market reports, equity & financial data, and analytical research reports. We focus on almost all industries and deeply examine their segments & sub-segments. Our platform further probes the market revenues, ongoing trends, driving/preventive factors of the industries, key categories & sub-categories, competitive overview, etc.We have an expert team of research executives & data collectors that provide market intelligence services to facilitate better decisions. These decisions help clients with regards to more opportunities & penetration. eternity insights also exposes its customers to competitive strategies, impending events, survival plans, anticipated perils, and growth opportunities.

Read the original here:
Encryption Software Market Detailed Analysis, Competitive landscape Forecast to 2026 - Citi Blog News