IMPORTANT NOTICE

Sophos Free Encryption is an intuitive application that you can use to protect your sensitive data from unauthorized viewing. It can be handled by all types of users.

The interface of the program is based on a standard window with an intuitive layout, where you can add files into the secured environment using either the file browser, folder view or "drag and drop" method. You can add as many items as you want.

In order to encrypt data, you have to specify a target for the archive with the Sophos Free Encryption format (UTI), and assign a password to it. Alternatively, you can apply a key file as a dependency.

A few options are available for the encryption process. Therefore, you can create self-extracting executable files, securely delete the original items after encryption, compress data and save passwords in a history list.

Furthermore, you can use the default email client to send the encrypted archives via email after the process is done, as well as change the default file path to the passwords history list.

Sophos Free Encryption carries out a task rapidly and without errors, while using a low-to-moderate quantity of CPU and system memory, thus it does not affect the computer's overall performance. We haven't come across any difficulties in our tests, since the tool did not hang or crash.

Although it has not been updated for a pretty long time, Sophos Free Encryption offers users a simple alternative to secure their files, by turning them into encrypted archives.

File Encryption File Encrypter Encrypt Folder Encryption Encrypt Encrypter Decrypt

Read more here:
Download Sophos Free Encryption 2.40.1.11 - softpedia.com

Hi all, I recently upgraded from Windows 8.1 to Windows 10 Home, and read about device encryption. Apparently this was already available in Windows 8.1 but now that I discovered it, I would like to enable it. So I switched to logging in with a Microsoft account, and hoped that the setting would become available.

When I search for "device encryption" in the Start menu, it finds two options:

- Device Encryption (Control panel)

- Change device encryption settings (Settings)

But if I click them, I get: Search results:

- No results for device encryption

Does this mean something about my system is not compatible with, or configured correctly for device encryption? If I'm not mistaking, my system, a Mac Mini, is the 2013 model, and reading about it, it seems to have TPM. I am using BootCamp (using Mac OS X only as fallback and for playing).

Am I looking for this setting in the wrong places?

To show precisely what I am seeing, below are the screenshots:

Original post:
Device encryption settings not available (Windows 10 home ...

Have a question about how the new message protection capabilities in Office 365 work? Check for an answer here. Also, take a look at Frequently asked questions about data protection in Azure Information Protection for answers to questions about the data protection service, Azure Rights Management, in Azure Information Protection.

OME combines email encryption and rights management capabilities. Rights management capabilities are powered by Azure Information Protection.

You can use the new capabilities for OME under the following conditions:

If you have never set up OME or IRM for Exchange Online in Office 365.

If you have set up OME and IRM, you can use these steps if you are using the Azure Rights Management service from Azure Information Protection.

If you are using Exchange Online with Active Directory Rights Management service (AD RMS), you can't enable these new capabilities right away. Instead, you need to migrate AD RMS to Azure Information Protection first. When you've finished the migration, you can successfully set up OME.

If you choose to continue to use on-premises AD RMS with Exchange Online instead of migrating to Azure Information Protection, you will not be able to use these new capabilities.

To use the new OME capabilities, you need one of the following plans:

Office365 Message Encryption is offered as part of Office 365 E3 and E5, Microsoft E3 and E5, Office 365 A1, A3, and A5, and Office 365 G3 and G5. Customers do not need additional licenses to receive the new protection capabilities powered by Azure Information Protection.

You can also add Azure Information Protection Plan1tothe followingplans to receive the new Office 365 Message Encryption capabilities: Exchange Online Plan 1, Exchange Online Plan 2, Office 365 F1,Office 365 Business Essentials, Office 365 Business Premium, or Office 365 Enterprise E1.

Each user benefiting from Office 365 Message Encryption needs to be licensed to be covered by thefeature.

For the full list see the Exchange Online service descriptions for Office 365 Message Encryption.

Yes! Microsoft recommends that you complete the steps to set up BYOK before you set up OME.

For more information about BYOK, see Planning and implementing your Azure Information Protection tenant key.

No. OME and the option to provide and control your own encryption keys, called BYOK, from Azure Information Protection were not designed to respond to law enforcement subpoenas. OME, with BYOK for Azure Information Protection, was designed for compliance-focused customers. Microsoft takes third-party requests for customer data very seriously. As a cloud service provider, we always advocate for the privacy of customer data. In the event we get a subpoena, we always attempt to redirect the third party to the customer to obtain the information. (Please read Brad Smiths blog: Protecting customer data from government snooping). We periodically publish detailed information of the request we receive. For more information regarding third-party data requests, see Responding to government and law enforcement requests to access customer data on the Microsoft Trust Center. Also, see Disclosure of Customer Data in the Online Services Terms (OST).

The new capabilities for Office 365 Message Encryption are an evolution of the existing IRM and legacy OME solutions. The following table provides more details.

Capability

Previous versions of OME

IRM

New OME capabilities

Sending an encrypted email

Only through Exchange mail flow rules

End-user initiated from Outlook for PC, Outlook for Mac, or Outlook on the web; or through Exchange mail flow rules

End-user initiated from Outlook for PC, Outlook for Mac, or Outlook on the web; or through mail flow rules

Rights management

-

Do Not Forward option and custom templates

Do Not Forward option, encrypt-only option, default and custom templates

Supported recipient type

External recipients only

Internal recipients only

Internal and external recipients

Experience for recipient

External recipients received an HTML message which they downloaded and opened in browser or downloaded mobile app.

Internal recipients only received encrypted email in Outlook for PC, Outlook for mac, and Outlook on the web.

Internal and external recipients receive email in Outlook for PC, Outlook for Mac, Outlook on the web, Outlook for Android, and Outlook for iOS, or through a web portal regardless of whether or not they are in the same Office 365 organization or any Office 365 organization. The OME portal requires no separate download.

Bring Your Own Key support

Not available

Not available

BYOK supported

See Set up new Office 365 Message Encryption capabilities.

You can still use the previous version of OME, it will not be deprecated at this time. However, we highly encourage organizations to use the new and improved OME solution. Customers that have not already deployed OME cannot set up a new deployment of the previous version of OME.

No. If you are using Exchange Online with Active Directory Rights Management service (AD RMS), you can't enable these new capabilities right away. Instead,you need to migrate AD RMS to Azure Information Protection first.

Today, the sender needs to be in Exchange Online. We plan to support other topologies in the coming months.

You can create protected messages from Outlook 2016, and Outlook 2013 for PC and Mac, and from Outlook on the web.

You can read and respond from Outlook for PC and Mac (2013 and 2016), Outlook on the web, and Outlook mobile (Android and iOS) if you are an Office 365 user. You can also use the iOS native mail client if your organization allows it. If you are a non-Office 365 user, you can read and reply to encrypted messages on the web through your web browser.

You can attach any file type to a protected mail, however protection policies are applied only on the file formats mentioned here.

If a file format is supported, such as a Word, Excel, or PowerPoint file, the file is always protected, even after the attachment has been downloaded by the recipient. For example, if an attachment is protected by Do Not Forward, and the original recipient downloads and forwards the attachment to a new recipient, the new recipient will not be able to open the protected file.

If you attach a PDF file to a protected message, the message itself will be protected, but no additional protection will be applied to the PDF file after the recipient has received it. This means that the recipient can Save As, Forward, Copy, and Print the PDF file.

Not yet. OneDrive for Business attachments are not supported and end-users can't encrypt a mail that contains a cloud OneDrive for Business attachment.

Yes. Use mail flow rules in Exchange Online to automatically encrypt a message based on certain conditions. For example, you can create policies that are based on recipient ID, recipient domain, or on the content in the body or subject of the message. See Define mail flow rules to encrypt email messages in Office 365.

Currently you can only set up mail flow rules in Exchange Online. Encryption is currently not supported in DLP through the Security & Compliance Center.

Yes! For information on customizing email messages and the OME portal, see Add your organization's brand to your encrypted messages. See Add your organization's brand to your encrypted messages.

Not at this time but coming soon.

Yes. All encrypted email messages are discoverable by Office 365 compliance features.

Read more:
Office 365 Message Encryption FAQ - Office Support

There are instructions at encrypt.stanford.edu that will walk you through the steps necessary to fulfill University security requirements for each of your devices. Before you begin, however, being prepared ahead of time for the following steps may help you streamline the encryption process.

In case something goes wrong during the encryption process, you should back up your computer before running the SWDE installer.

The School of Medicine recommends using CrashPlan: it's asecure, monitored, convenient backup system and it's free for School of Medicine affiliates. Additionally, the SoM can assist you in restoring your information from CrashPlan, in the event of a hard drive crash or lost computer. While it is not currently required, it is strongly recommended.

For instructions and help with installation, visit the School of Medicine'sCrashPlan Guide.

For desktop and laptop computers, Stanford Whole Disk Encryption (SWDE) installer makes certain that your computer has all the necessary requirements, and then guides you through the activation of your computer's native encryption software (FileVault for Mac, and BitLocker for Windows).

(For mobile device encryption instructions, select your operating system:Apple/iOSorAndroid.)

Each time you access your system (on startup, after sleep/hibernation, etc), you use a "key" (password) to unlock your data. IF YOU CANNOT REMEMBER YOUR KEY, YOU WILL NOT BE ABLE TO ACCESS YOUR ENCRYPTED DATA.

In case of a forgotten key, it is likely that someone at ITS will be able to help you recover your data. However, we still recommend the following:

Once you have selected your login password and backup method, you are ready to move on to theencryption process.

View post:
Encryption- Computer & Information Security - Information ...

Encrypting USB flash drives protects the data stored on the volume. Any USB flash drive formatted with FAT, FAT32, or NTFS can be encrypted with BitLocker. The length of time it takes to encrypt a drive depends on the size of the drive, the processing power of the computer, and the level of activity on the computer.

Before you enable BitLocker, you should configure the appropriate Removable Data Drive policies and settings in Group Policy and then wait for Group Policy to be refreshed. If you dont do this and you enable BitLocker, you might need to turn BitLocker off and then turn BitLocker back on because certain state and management flags are set when you turn on BitLocker.

To be sure that you can recover an encrypted volume, you should allow data-recovery agents and store recovery information in Active Directory. If you use a flash drive with earlier versions of Windows, the Allow Access To BitLocker-Protected Removable Data Drives From Earlier Versions Of Windows policy can ensure that you have access to the USB flash drive on other operating systems and computers. Unlocked drives are read-only.

To enable BitLocker encryption on a USB flash drive, do the following: 1. Insert the USB flash drive, click Start, and then click Computer. 2. Right-click the USB flash drive, and then click Turn On BitLocker. BitLocker initializes the drive. 3. On the Choose How You Want To Unlock This Drive page, choose one or more for the following options, and then click Next:

4. On the How Do You Want To Store Your Recovery Key page, click Save The Recovery Key To A File. 5. In the Save BitLocker Recovery Key As dialog box, choose a save location, and then click Save. 6. You can now print the recovery key if you want to. When you have finished, click Next. 7. On the Are You Ready To Encrypt This Drive page, click Start Encrypting. Do not remove the USB flash drive until the encryption process is complete. How long the encryption process takes depends on the size of the drive and other factors.

The encryption process does the following: 1. Adds an Autorun.inf file, the BitLocker To Go reader, and a Read Me.txt file to the USB flash drive. 2. Creates a virtual volume with the full contents of the drive in the remaining drive space. 3. Encrypts the virtual volume to protect it.USB flash drive encryption takes approximately 6 to 10 minutes per gigabyte to complete. The encryption process can be paused and resumed provided that you dont remove the drive.

As a result, when AutoPlay is enabled and you insert the encrypted drive into a USB slot on a computer running Windows 7, Windows 7 runs the BitLocker To Go reader, which in turn displays a dialog box. When you are prompted, enter the password, smart card PIN, or both to unlock the drive. Optionally, select Automatically Unlock On This Computer From Now On to save the password in an encrypted file on the computers system volume. Finally, click Unlock to unlock the volume so that you can use it.

See original here:
Enable BitLocker on USB Flash Drives to Protect Data

Mchten Sie diesen Beitrag in Deutsch zu lesen? Lesen Sie die Deutsch-Version hier.

While security is an afterthought for many PC users, its a major priority for businesses of any size. It has to be when the Ponemon Institute tells us that security breaches are costing companies millions every year.

Even if you dont have millions to lose, protecting what you do have should be a high priority.

There are several forms of security technology available, but encryption is one that everyday computer users should know about.

Encryption is an interesting piece of technology that works by scrambling data so it is unreadable by unintended parties. Lets take a look at how it works with the email-friendly software PGP (or GPG for you open source people).

Say I want to send you a private message, so I encrypt it using either one of these programs. Heres the message:

wUwDPglyJu9LOnkBAf4vxSpQgQZltcz7LWwEquhdm5kSQIkQlZtfxtSTsmawq6gVH8SimlC3W6TDOhhL2FdgvdIC7sDv7G1Z7pCNzFLp0lgB9ACm8r5RZOBiN5ske9cBVjlVfgmQ9VpFzSwzLLODhCU7/2THg2iDrW3NGQZfz3SSWviwCe7GmNIvp5jEkGPCGcla4Fgdp/xuyewPk6NDlBewftLtHJVf=PAb3

Once encrypted, the message literally becomes a jumbled mess of random characters. But, equipped with the secret passcode I text you, you can decrypt it and find the original message.

Come on over for hot dogs and soda!

Whether its in transit like our hot dog party email or resting on your hard drive, encryption works to keep prying eyes out of your business even if they happen to somehow gain access to your network or system.If you want to learn more about how encryption helps protect business data,you can read our article on how encryption aids cloud security.

The technology comes in many forms, with key size and strength generally being the biggest differences in one variety from the next.

Triple DES was designed to replace the original Data Encryption Standard (DES) algorithm, which hackers eventually learned to defeat with relative ease. At one time, Triple DES was the recommended standard and the most widely used symmetric algorithm in the industry.

Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.

Despite slowly being phased out, Triple DES still manages to make a dependable hardware encryption solution for financial services and other industries.

RSA is a public-key encryption algorithm and the standard for encrypting data sent over the internet. It also happens to be one of the methods used in our PGP and GPG programs.

Unlike Triple DES, RSA is considered an asymmetric algorithm due to its use of a pair of keys. Youve got your public key, which is what we use to encrypt our message, and a private key to decrypt it. The result of RSA encryption is a huge batch of mumbo jumbo that takes attackers quite a bit of time and processing power to break.

Blowfish is yet another algorithm designed to replace DES. This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually.

Blowfish is known for both its tremendous speed and overall effectiveness as many claim that it has never been defeated. Meanwhile, vendors have taken full advantage of its free availability in the public domain.

Blowfish can be found in software categories ranging from e-commerce platforms for securing payments to password management tools, where it used to protect passwords. Its definitely one of the more flexible encryption methods available.

Computer security expert Bruce Schneier is the mastermind behind Blowfish and its successor Twofish. Keys used in this algorithm may be up to 256 bits in length and as a symmetric technique, only one key is needed.

Twofish is regarded as one of the fastest of its kind, and ideal for use in both hardware and software environments. Like Blowfish, Twofish is freely available to anyone who wants to use it. As a result, youll find it bundled in encryption programs such as PhotoEncrypt, GPG, and the popular open source software TrueCrypt.

The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. Government and numerous organizations.

Although it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy duty encryption purposes.

AES is largely considered impervious to all attacks, with the exception of brute force, which attempts to decipher messages using all possible combinations in the 128, 192, or 256-bit cipher. Still, security experts believe that AES will eventually be hailed the de facto standard for encrypting data in the private sector.

Cyber attacks are constantly evolving, so security specialists must stay busy in the lab concocting new schemes to keep them at bay. Expert observers are hopeful that a new method called Honey Encryption will deter hackers by serving up fake data for every incorrect guess of the key code. This unique approach not only slows attackers down, but potentially buries the correct key in a haystack of false hopes. Then there are emerging methods like quantum key distribution, which shares keys embedded in photons over fiber optic, that might have viability now and many years into the future as well.

Whether its protecting your email communications or stored data, some type of encryption should be included in your lineup of security tools. Successful attacks on victims like Target show that its not 100 percent bulletproof, but without it, youre offering up convenient access to your data. Find some tools that give you a piece of mind and stick with em!

Follow this link:
5 Common Encryption Algorithms and the Unbreakables of the ...

Updated: November 23, 2015

Transparent Data Encryption (TDE) encrypts SQL Server and Azure SQL Database data files, known as encrypting data at rest. You can take several precautions to help secure the database such as designing a secure system, encrypting confidential assets, and building a firewall around the database servers. However, in a scenario where the physical media (such as drives or backup tapes) are stolen, a malicious party can just restore or attach the database and browse the data. One solution is to encrypt the sensitive data in the database and protect the keys that are used to encrypt the data with a certificate. This prevents anyone without the keys from using the data, but this kind of protection must be planned in advance.

TDE performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data "at rest", meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.

Encryption of the database file is performed at the page level. The pages in an encrypted database are encrypted before they are written to disk and decrypted when read into memory. TDE does not increase the size of the encrypted database.

Information applicable to SQL Database

When using TDE with SQL Database V12 V12 (Preview in some regions) the server-level certificate stored in the master database is automatically created for you by SQL Database. To move a TDE database on SQL Database you must decrypt the database, move the database, and then re-enable TDE on the destination SQL Database. For step-by-step instructions for TDE on SQL Database, see Transparent Data Encryption with Azure SQL Database.

The preview of status of TDE applies even in the subset of geographic regions where version family V12 of SQL Database is announced as now being in general availability status. TDE for SQL Database is not intended for use in production databases until Microsoft announces that TDE is promoted from preview to GA. For more information about SQL Database V12, see What's new in Azure SQL Database.

Information applicable to SQL Server

After it is secured, the database can be restored by using the correct certificate. For more information about certificates, see SQL Server Certificates and Asymmetric Keys.

When enabling TDE, you should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database. The encrypting certificate should be retained even if TDE is no longer enabled on the database. Even though the database is not encrypted, parts of the transaction log may still remain protected, and the certificate may be needed for some operations until the full backup of the database is performed. A certificate that has exceeded its expiration date can still be used to encrypt and decrypt data with TDE.

Encryption Hierarchy

The following illustration shows the architecture of TDE encryption. Only the database level items (the database encryption key and ALTER DATABASE portions are user-configurable when using TDE on SQL Database.

To use TDE, follow these steps.

Create a master key

Create or obtain a certificate protected by the master key

Create a database encryption key and protect it by the certificate

Set the database to use encryption

The following example illustrates encrypting and decrypting the AdventureWorks2012 database using a certificate installed on the server named MyServerCert.

The encryption and decryption operations are scheduled on background threads by SQL Server. You can view the status of these operations using the catalog views and dynamic management views in the list that appears later in this topic.

Backup files of databases that have TDE enabled are also encrypted by using the database encryption key. As a result, when you restore these backups, the certificate protecting the database encryption key must be available. This means that in addition to backing up the database, you have to make sure that you maintain backups of the server certificates to prevent data loss. Data loss will result if the certificate is no longer available. For more information, see SQL Server Certificates and Asymmetric Keys.

The TDE certificates must be encrypted by the database master key to be accepted by the following statements. If they are encrypted by password only, the statements will reject them as encryptors.

Altering the certificates to be password-protected after they are used by TDE will cause the database to become inaccessible after a restart.

The following table provides links and explanations of TDE commands and functions.

The following table shows TDE catalog views and dynamic management views.

Each TDE feature and command has individual permission requirements, described in the tables shown earlier.

Viewing the metadata involved with TDE requires the VIEW DEFINITION permission on the certificate.

While a re-encryption scan for a database encryption operation is in progress, maintenance operations to the database are disabled. You can use the single user mode setting for the database to perform the maintenance operation. For more information, see Set a Database to Single-user Mode.

You can find the state of the database encryption using the sys.dm_database_encryption_keys dynamic management view. For more information, see the "Catalog Views and Dynamic Management Views"section earlier in this topic).

In TDE, all files and filegroups in the database are encrypted. If any filegroups in a database are marked READ ONLY, the database encryption operation will fail.

If a database is being used in database mirroring or log shipping, both databases will be encrypted. The log transactions will be encrypted when sent between them.

Any new full-text indexes will be encrypted when a database is set for encryption. Previously-created full-text indexes will be imported during upgrade and they will be in TDE after the data is loaded into SQL Server. Enabling a full-text index on a column can cause that column's data to be written in plain text onto the disk during a full-text indexing scan. We recommend that you do not create a full-text index on sensitive encrypted data.

Encrypted data compresses significantly less than equivalent unencrypted data. If TDE is used to encrypt a database, backup compression will not be able to significantly compress the backup storage. Therefore, using TDE and backup compression together is not recommended.

The following operations are not allowed during initial database encryption, key change, or database decryption:

Dropping a file from a filegroup in the database

Dropping the database

Taking the database offline

Detaching a database

Transitioning a database or filegroup into a READ ONLY state

The following operations are not allowed during the CREATE DATABASE ENCRYPTION KEY, ALTER DATABASE ENCRYPTION KEY, DROP DATABASE ENCRYPTION KEY, or ALTER DATABASE...SET ENCRYPTION statements.

Dropping a file from a filegroup in the database.

Dropping the database.

Taking the database offline.

Detaching a database.

Transitioning a database or filegroup into a READ ONLY state.

Using an ALTER DATABASE command.

Starting a database or database file backup.

Starting a database or database file restore.

Creating a snapshot.

The following operations or conditions will prevent the CREATE DATABASE ENCRYPTION KEY, ALTER DATABASE ENCRYPTION KEY, DROP DATABASE ENCRYPTION KEY, or ALTER DATABASE...SET ENCRYPTION statements.

The database is read-only or has any read-only file groups.

An ALTER DATABASE command is executing.

Any data backup is running.

The database is in an offline or restore condition.

A snapshot is in progress.

Database maintenance tasks.

When creating database files, instant file initialization is not available when TDE is enabled.

In order to encrypt the database encryption key with an asymmetric key, the asymmetric key must reside on an extensible key management provider.

Enabling a database to use TDE has the effect of "zeroing out" the remaining part of the virtual transaction log to force the next virtual transaction log. This guarantees that no clear text is left in the transaction logs after the database is set for encryption. You can find the status of the log file encryption by viewing the encryption_state column in the sys.dm_database_encryption_keys view, as in this example:

For more information about the SQL Server log file architecture, see The Transaction Log (SQL Server).

All data written to the transaction log before a change in the database encryption key will be encrypted by using the previous database encryption key.

After a database encryption key has been modified twice, a log backup must be performed before the database encryption key can be modified again.

The tempdb system database will be encrypted if any other database on the instance of SQL Server is encrypted by using TDE. This might have a performance effect for unencrypted databases on the same instance of SQL Server. For more information about the tempdb system database, see tempdb Database.

Replication does not automatically replicate data from a TDE-enabled database in an encrypted form. You must separately enable TDE if you want to protect the distribution and subscriber databases. Snapshot replication, as well as the initial distribution of data for transactional and merge replication, can store data in unencrypted intermediate files; for example, the bcp files. During transactional or merge replication, encryption can be enabled to protect the communication channel. For more information, see Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager).

FILESTREAM data is not encrypted even when TDE is enabled.

Files related to buffer pool extension (BPE) are not encrypted when database is encrypted using TDE. You must use file system level encryption tools like Bitlocker or EFS for BPE related files.

TDE can be enabled on a database that has In-Memory OLTP objects. In-Memory OLTP log records are encrypted if TDE is enabled. Data in a MEMORY_OPTIMIZED_DATA filegroup is not encrypted if TDE is enabled.

Move a TDE Protected Database to Another SQL ServerEnable TDE Using EKMTransparent Data Encryption with Azure SQL DatabaseSQL Server EncryptionSQL Server and Database Encryption Keys (Database Engine)Security Center for SQL Server Database Engine and Azure SQL DatabaseFILESTREAM (SQL Server)

Original post:
Transparent Data Encryption (TDE) - msdn.microsoft.com

Most sensitive web transactions are protected by public-key cryptography, a type of encryption that lets computers share information securely without first agreeing on a secret encryption key.

Public-key encryption protocols are complicated, and in computer networks, theyre executed by software. But that wont work in the internet of things, an envisioned network that would connect many different sensors embedded in vehicles, appliances, civil structures, manufacturing equipment, and even livestock tags to online servers. Embedded sensors that need to maximize battery life cant afford the energy and memory space that software execution of encryption protocols would require.

MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster. The researchers describe the chip in a paper theyre presenting this week at the International Solid-State Circuits Conference.

Like most modern public-key encryption systems, the researchers chip uses a technique called elliptic-curve encryption. As its name suggests, elliptic-curve encryption relies on a type of mathematical function called an elliptic curve. In the past, researchers including the same MIT group that developed the new chip have built chips hardwired to handle specific elliptic curves or families of curves. What sets the new chip apart is that it is designed to handle any elliptic curve.

Cryptographers are coming up with curves with different properties, and they use different primes, says Utsav Banerjee, an MIT graduate student in electrical engineering and computer science and first author on the paper. There is a lot of debate regarding which curve is secure and which curve to use, and there are multiple governments with different standards coming up that talk about different curves. With this chip, we can support all of them, and hopefully, when new curves come along in the future, we can support them as well.

Joining Banerjee on the paper are his thesis advisor, Anantha Chandrakasan, dean of MITs School of Engineering and the Vannevar Bush Professor of Electrical Engineering and Computer Science; Arvind, the Johnson Professor in Computer Science Engineering; and Andrew Wright and Chiraag Juvekar, both graduate students in electrical engineering and computer science.

Modular reasoning

To create their general-purpose elliptic-curve chip, the researchers decomposed the cryptographic computation into its constituent parts. Elliptic-curve cryptography relies on modular arithmetic, meaning that the values of the numbers that figure into the computation are assigned a limit. If the result of some calculation exceeds that limit, its divided by the limit, and only the remainder is preserved. The secrecy of the limit helps ensure cryptographic security.

One of the computations to which the MIT chip devotes a special-purpose circuit is thus modular multiplication. But because elliptic-curve cryptography deals with large numbers, the chips modular multiplier is massive. Typically, a modular multiplier might be able to handle numbers with 16 or maybe 32 binary digits, or bits. For larger computations, the results of discrete 16- or 32-bit multiplications would be integrated by additional logic circuits.

The MIT chips modular multiplier can handle 256-bit numbers, however. Eliminating the extra circuitry for integrating smaller computations both reduces the chips energy consumption and increases its speed.

Another key operation in elliptic-curve cryptography is called inversion. Inversion is the calculation of a number that, when multiplied by a given number, will yield a modular product of 1. In previous chips dedicated to elliptic-curve cryptography, inversions were performed by the same circuits that did the modular multiplications, saving chip space. But the MIT researchers instead equipped their chip with a special-purpose inverter circuit. This increases the chips surface area by 10 percent, but it cuts the power consumption in half.

The most common encryption protocol to use elliptic-curve cryptography is called the datagram transport layer security protocol, which governs not only the elliptic-curve computations themselves but also the formatting, transmission, and handling of the encrypted data. In fact, the entire protocol is hardwired into the MIT researchers chip, which dramatically reduces the amount of memory required for its execution.

The chip also features a general-purpose processor that can be used in conjunction with the dedicated circuitry to execute other elliptic-curve-based security protocols. But it can be powered down when not in use, so it doesnt compromise the chips energy efficiency.

They move a certain amount of functionality that used to be in software into hardware, says Xiaolin Lu, director of the internet of things (IOT) lab at Texas Instruments. That has advantages that include power and cost. But from an industrial IOT perspective, its also a more user-friendly implementation. For whoever writes the software, its much simpler.

View original post here:
Energy-efficient encryption for the internet of things | MIT News

The encryption software market size is expected to grow from USD 3.87 Billion in 2017 to USD 12.96 Billion by 2022, at a Compound Annual Growth Rate (CAGR) of 27.4%.

The demand for encryption software is likely to be driven by various factors, such as proliferation in the number of cyber-attacks and the stringent government regulations and compliances that mandate the adoption of encryption among various verticals.

The encryption software market has been segmented on the basis of components (solution and services), applications, deployment types, organization sizes, verticals, and regions. The services segment is expected to grow at the highest CAGR during the forecast period and the solution segment is estimated to have the largest market size in 2017 in the market.

Professional services have been widely adopted by organizations, as these services involve expert consulting, support and maintenance, and optimization and training for cybersecurity. However, the managed services segment is expected to grow at the highest CAGR during the forecast period, as managed security vendors provide extensive reporting capabilities for validating the regulatory compliance with internal security policies for the users.

The disk encryption application is estimated to hold the largest market share in 2017. The importance of encrypting a disk is that, if the encrypted disk is lost or stolen, the encrypted state of the drive remains unchanged, and only an authorized user will be able to access its contents. The cloud encryption application is expected to grow at the fastest rate during the forecast period.

Encryption solutions and services have been deployed across various verticals, including Banking, Financial Services, and Insurance (BFSI); aerospace and defense; government and public utilities; healthcare; telecom and IT; retail; and others (manufacturing, education, and media and entertainment). The telecom and IT vertical is expected to grow at the highest CAGR during the forecast period. However, the BFSI vertical is estimated to have the largest market size in 2017.

The global encryption software market has been segmented on the basis of regions into North America, Europe, Asia Pacific (APAC), Middle East and Africa (MEA), and Latin America, to provide a region-specific analysis in the report.

Key Topics Covered:

1. Introduction

2. Research Methodology

3. Executive Summary

4. Premium Insights 4.1 Attractive Opportunities In Encryption Software Market, 2017-2022 4.2 Encryption Software Market, Share Of Top 3 Applications And Regions, 2017 4.3 Encryption Software Market, By Service, 2017-2022 4.4 Encryption Software Market, By Professional Services, 2017 4.5 Encryption Software Market, By Deployment Type, 2017-2022 4.6 Encryption Software Market, By Organization Size, 2017-2022 4.7 Market Investment Scenario, 2017-2022

5. Market Overview 5.1 Introduction 5.2 Market Dynamics 5.2.1 Drivers 5.2.1.1 Growing Concern Over Critical Data Loss In On-Premises Environment 5.2.1.2 Exploitation Of Big Data Analytics Poses Risk To Cloud Environment 5.2.1.3 Regulations To Increase Adoption Of Encryption Solutions 5.2.2 Restraints 5.2.2.1 Lack Of Budget For Adopting Best-In-Class Encryption Solutions 5.2.2.2 Lack Of Awareness About Encryption And Performance Concerns Among Enterprises 5.2.3 Opportunities 5.2.3.1 Surge In Demand For Integrated, Cloud-Based Encryption Solutions Among Smes 5.2.3.2 Large-Scale Adoption Of Encryption Solutions In Bfsi Vertical 5.2.4 Challenges 5.2.4.1 Complexities In Management Of Encryption Keys 5.2.4.2 Lack Of Skilled Workforce Among Enterprises 5.3 Regulatory Implications 5.3.1 Payment Card Industry Data Security Standard 5.3.2 Health Insurance Portability And Accountability Act 5.3.3 Federal Information Security Management Act 5.3.4 Sarbanes-Oxley Act 5.3.5 Gramm-Leach-Bliley Act 5.3.6 Federal Information Processing Standards 5.3.7 General Data Protection Regulation 5.4 Innovation Spotlight 5.5 Use Cases 5.5.1 Large-Scale Adoption Of Email Encryption By Financial Organizations In The Uk 5.5.2 Adoption Of Encryption Solution By A Clinical Research Company 5.5.3 Reliance Of Small And Medium Financial Companies On Data Encryption 5.5.4 Large-Scale Adoption Of Encryption By It And Telecom Company 5.5.5 Need For Best-In-Class Encryption Solutions For Government Sector In Canada 5.5.6 Healthcare Vertical Relying On Cloud-Based Encryption Solutions 5.6 Type Of Encryption Algorithms 5.6.1 Data Encryption Standard 5.6.2 Advanced Encryption Standard 5.6.3 Triple-Des 5.6.4 Blowfish Algorithm 5.6.5 Homomorphic Encryption 5.6.6 Rsa 5.6.7 Diffie-Hellman Key Exchange 5.6.8 Quantum Cryptography 5.6.9 Post Quantum Cryptography

6. Encryption Software Market Analysis, By Component 6.1 Introduction 6.2 Solution 6.2.1 Types Of Data Encrypted 6.2.1.1 Data At Rest 6.2.1.2 Data In Transit 6.2.1.3 Data In Use 6.2.2 Types Of Encryption 6.2.2.1 Symmetric Encryption 6.2.2.2 Asymmetric Encryption 6.2.3 Key Management 6.3 Services 6.3.1 Professional Services 6.3.1.1 Support And Maintenance 6.3.1.2 Training And Education 6.3.1.3 Planning And Consulting 6.3.2 Managed Services

7. Encryption Software Market Analysis, By Application 7.1 Introduction 7.2 Disk Encryption 7.3 File/Folder Encryption 7.4 Database Encryption 7.4.1 Application-Level Encryption 7.4.2 Database-Level Encryption 7.5 Communication Encryption 7.5.1 Voice Encryption 7.5.2 Email Encryption 7.5.3 Instant Messaging Encryption 7.6 Cloud Encryption

8. Encryption Software Market Analysis, By Deployment Type 8.1 Introduction 8.2 On-Premises 8.3 Cloud

9. Encryption Software Market Analysis, By Organization Size 9.1 Introduction 9.2 Large Enterprises 9.3 Small And Medium-Sized Enterprises

10. Encryption Software Market Analysis, By Vertical 10.1 Introduction 10.2 Banking, Financial Services, And Insurance 10.3 Aerospace And Defense 10.4 Healthcare 10.5 Government And Public Utilities 10.6 Telecom And It 10.7 Retail 10.8 Others

11. Geographic Analysis

12. Competitive Landscape

13. Company Profiles

For more information about this report visit https://www.researchandmarkets.com/research/ggnh82/encryption?w=5

Media Contact:

Laura Wood, Senior Manager press@researchandmarkets.com

For E.S.T Office Hours Call +1-917-300-0470 For U.S./CAN Toll Free Call +1-800-526-8630 For GMT Office Hours Call +353-1-416-8900

U.S. Fax: 646-607-1907 Fax (outside U.S.): +353-1-481-1716

View original content:http://www.prnewswire.com/news-releases/encryption-software-market---global-forecast-to-2022-300618670.html

SOURCE Research and Markets

http://www.researchandmarkets.com

See more here:
Encryption Software Market - Global Forecast to 2022

Key Features to Look for When Buying Encryption Software?

PerformanceIf your encryption software is difficult to use, you may not use it at all. The programs we reviewed are simple and intuitive, particularly Folder Lock and Secure IT they both guide you through the encryption and decryption processes step by step. Secure IT integrates with Windows, so all you have to do is right-click on a file and choose to encrypt it in the menu.

We found that programs typically compress files as they encrypt them, though only to a small degree for example, from 128MB down to 124MB. It can make a difference when you encrypt large data files, so programs that protect and compress are preferable.SecurityEncryption software uses different types of ciphers to scramble your data, and each has its own benefits. Advanced Encryption Standard, or 256-bit key AES, is used by the U.S. government, including the National Security Agency (NSA), and is one of the strongest ciphers available. Blowfish and Twofish, the latter being a newer version of the former, are encryption algorithms that use block ciphers they scramble blocks of text or several bits of information at once, rather than one bit at a time.

The main differences between these algorithms are performance and speed, and the average user wont notice those disparities. Although any of these ciphers could be broken given enough time and computing power, they are considered practically unbreakable. AES has long been recognized as the superior algorithm, so we preferred programs that use it.Version CompatibilityIf your computer runs an older version of Windows, such as Vista or XP, make sure the encryption program supports your operating system. On the flip side, you need to make sure you choose software that has changed with the times and supports the latest versions of Windows, like 7, 8 and 10.

While all the programs we tested are compatible with every version of Windows, we feel that SensiGuard is a good choice for older computers because it only has the most essential tools and wont bog down your PC. Plus, it is easy to move to a new computer if you choose to upgrade. However, it takes a while to encrypt and decrypt files.

If you have a Mac computer, you need a program that is designed specifically for that operating system none of the programs we tested are compatible with both Windows and Mac machines. We believe Concealer is the best option for Macs, but Espionage 3 is also a good choice.

Mac encryption software doesnt have as many extra security features as Windows programs. They typically lack virtual keyboards, self-extracting file creators and password recovery tools. Mac programs also take a lot more time to secure files compared to Windows software.

Continued here:
The Best Encryption Software - TopTenReviews