It's hard -- for me at least -- to get too excited about hard drives. They get bigger, they get faster, and that's about it. But the iStorage diskAshur2 is a little different. This is a 1TB USB 3.1 external hard drive with a twist.

It offers hardware-level AES-XTS 256-bit encryption -- so no software is needed -- secured with PIN authentication. As you can see from the photo, there's a PIN pad built into the drive for easy locking and unlocking, and it's compatible with Windows, macOS and Linux ("it will work on any device with a USB port!"). We've already look at the diskAshur Pro 2, but this diskAshur2drive is nearly 20 percent cheaper.

The primary difference between the Pro drive and this one is the form of encryption that's used. While the diskAshur Pro 2 is "designed to be certified to" FIPS 140-2 Level 3, NCSC CPA, Common Criteria and NLNCSA, in the case of the diskAshur2, it's the lesser, older FIPS PUB 197 validation that's in place. In both instance, however, there's AES-XTS 256-bit hardware encryption protecting data which should be more than enough for most circumstances.

FIPS 140-2 Level 3 means that the diskAshur Pro 2's circuit board has a tamper-proof design, but there are still physical protection measures in place with the diskAshur2 for added peace of mind. The protection comes from the built in EDGE (Enhanced Dual Generating Encryption) Technology which protects from "external tamper, bypass laser attacks and fault injections and incorporates active-shield violation technology." There's also security against unauthorized firmware updates, and the onboard processor "reacts to all forms of automated hacking attempts by entering the deadlock frozen state where the device can only restart through a 'Power On' reset procedure."

In short, it's secure. But what's it like to use?

In a word, great. But you're probably looking for a little more detail than that...

The iStorage diskAshur2 is designed with travelling in mind. It's pretty light at 216g, measures a pocketable 124 x 84 x 19 mm and comes with a hand carry case (the 3TB, 4TB and 5TB models are slightly heavier and larger at 325g and 124 x 84 x 27mm). There's a (short) built in USB 3.1 cable so you don't have to remember to carry one around with you, and the drive is available in a choice of four colors -- Fiery Red, Phantom Black, Racing Green and Ocean Blue. It's IP56 rated for water and dust resistance.

What's great about the drive is the incredible ease of use. Encryption usually means having to fiddle around with software, but that's not the case here; everything is built into the drive. The drive is, by default, encrypted. Plug it in, and it remains inaccessible -- and invisible to the computer -- until you enter the necessary PIN and hit the unlock button. From this point, you can manually lock the drive at any time. You can also unplug the drive and it will be automatically locked, or auto-locking will kick in after a predetermined period of inactivity. The lack of software means that it's easy to take the drive from one computer to another, regardless of the operating system it is using.

This video from iStorage gives a good introduction to the device range:

Unlocking the drive is incredibly fast -- much faster than if computer-based software was involved. In terms of performance, this is a 5,400 RPM drive offering read speed of up to 148 MBps and write speeds of up to 140 MBps -- far from earth-shattering, but this is a drive that focuses on security, not performance.

As with the diskAshur Pro 2, brute force protection means that the drive will delete its encryption key (rendering data completely inaccessible) after fifteen consecutive incorrect PINs are entered. You can create a PIN of up to 15 digits, so it should be fairly easy to create a non-guessable PIN. For those who need it, there is also the option of using a Self-Destruct PIN to wipe out the encryption key so data cannot be accessed under any circumstances. For peace of mind, there is a two-year warranty covering the device.

For the vast majority of people, AES-XTS 256-bit hardware encryption and conforming to FIPS PUB 197 should be more than enough. If the relatively high price of the diskAshur Pro 2 was off-putting to you, the diskAshur2 gives you a way to get very much the same product at a pleasingly lower price.

You can find out more and buy a drive direct from iStorage. The 1TB model is priced at 219 (262).

Visit link:
iStorage diskAshur2 1TB PIN-protected encrypted external hard drive [Review] - BetaNews

LAS VEGAS Rep. Will Hurd (R-Texas) said Sunday that Europe can't pretend to be more idealistic on privacy issues than the U.S. while many of its nations try to enact laws limiting encryption.

Hurd is one of a sturdy number of legislators including a bipartisan House Judiciary working group on encryption that opposeslaws allowing law enforcement agencies to access all encrypted datain the United States. Proponents believe access would helppreventand solvecrime, including terrorist-related activities.

Europe likes to act like they take privacy more severely than we do. That is patently false, he toldThe Hill at the DEF CON cybersecurity conference in Las Vegas.This notion we dont take this seriously in the U.S. is wrong.

Current encryption methods make it impossible for law enforcement to access chat apps or files from criminals in a timely manner, even with a warrant. Various U.S. law enforcement agencies have waged periodic efforts to force manufacturers to provide some form of access.

European nations including Germany and the United Kingdom have either enacted or are poised to enact these types of rules.

The terrorism challenges in Europe are really kind of tough, and they may lead the way and carry some of our water on this, said Acting Assistant Attorney General for National Security Dana Boente at the Aspen Security Forum earlier this month.

But cybersecurity experts people who design secure communication systems and those who develop techniques to hack into those systems universally believe that adding "backdoors" into encryption is a substantial national security threat. Adding new entry points into encryption makes its design far more perilous and far more likely for the system to be cracked by hackers or for the keys to be stolen.

We should be making encryption more secure, not less, Hurdsaid.

European Union courts struck down exemptions allowing the U.S. to store European citizens' data on stateside servers based on privacy concerns. But, claimed Hurd, the threats to privacy caused by an encryption rule demonstrated the EU'strue colors when it came to privacy.

Hurd has experience in security issues both as a former CIA agent and as a former security consultant, including a stint at a cybersecurity consultancy.

He said his trip to DEF CON was, in part, to keep his knowledge of cybersecurity from becoming stale.

DEF CON is the pointy end of the spear. These are the folks that are thinking about the real problems, he said.

DEF CON is the last of three cybersecurity conferences held back-to-back to back in Las Vegas each summer. While the other conferencesare targeted tocorporate cybersecurity providers or a more general security audience, DEF CON appeals to iconoclastic, individual researchers often on the bleeding edge of the field.

Being out here gives me perspective on where policy needs to go, Hurdsaid.

Hurd and fellow congressman Rep. Jim Langevin (D-R.I.) gave one presentation on Saturday and will give a second on Sunday. Those are two of the five panels being given by current government officials.

I want the people here to know that there are people in government that care about this stuff, Hurdsaid.

He said he had visited a number of DEF CON sub-conferences, known as villages, including ones focusing on hacking voting machines and automobiles, both of which he praised.

Hurd has focused on other cybersecurity issues while in office including IT modernization and workforce shortages. He said he was excited to see children as young as nine at the conference learning to hack and hopefully preparing to fill a widening skills gap of cybersecurity talent.

Read more:
House Republican: US just as focused on data security as Europe - The Hill

Sixty-five percent believe they shouldnt be forced to hand over encrypted private data to government

SALT LAKE CITY Venafi,the leading provider of machine identity protection,today announced the findings of a study that evaluated attitudes and opinions of 3,000 adult consumers from the United States, the United Kingdom and Germany on initiatives that would grant governments more access to private, encrypted data.

According to the study, half of consumers (51 percent) do not believe their government can protect their personal data, and nearly two-thirds of respondents (65 percent) suspect their government already abuses its powers to access the data of citizens. Additionally, 68 percent of respondents believe governments should not force private companies to hand over encrypted personal data without consumer consent.

The study also found that consumers are concerned about the impact encryption backdoors would have on their personal privacy. Sixty fire percent of respondents state that governments should not be able to force citizens to turn over personal data, such as the contents of mobile phones, social media, email and online activity, without consent.

The results of this research indicate that security and privacy are probably going to get a lot worse before they get better, said Jeff Hudson, CEO of Venafi. Its very clear that consumers are confused about what access to encrypted data will mean to their privacy, and its equally clear that governments dont understand how encryption backdoors will be used to undermine our global digital economy. The negative impact encryption backdoors will have on every aspect of security and privacy is tremendous.

Despite concerns regarding government abuse, many consumers remain conflicted over how encryption backdoors would impact both their privacy and national security:

Hudson continued: Giving governments access to encryption will not make us safer from terrorism in fact, the opposite is true. Most people dont trust the government to protect data and they dont believe the government is effective at fighting cybercrime. Its ironic that we believe we would be safer if governments were given more power to access private encrypted data because this will undermine the security of our entire digital economy.

Encryption backdoors create vulnerabilities that can be exploited by a wide range of malicious actors, including hostile or abusive government agencies. Billions of people worldwide rely on encryption to protect a wide range of critical infrastructure, including global financial systems, electrical grid and transportation systems, from cybercriminals who steal data for financial gain or espionage.

The study was conducted by One Poll and completed in July 2017. It analyzed responses from three thousand adult consumers from the United States, United Kingdom and Germany.

About Venafi

Continued here:
Venafi Study: Consumers Conflicted About Encryption Backdoors - ISBuzz News

"One of the core issues facing organizations today is the onslaught of cybersecurity products and capabilities in the marketplace and the inability to objectively understand which are needed and which are best. Powerful encryption has been proven to be the best protector of sensitive data-at-rest and data-in-transit. With powerful encryption comes the need for a policy-based advanced encryption key management ecosystem that operates with groundbreaking precision and speed. Together, Cyphre and Fornetix provide that holistic encryption solution," said Chuck White, CTO of Fornetix.

Fornetix Key Orchestration is an advanced key management ecosystem that takes traditionally long, manual encryption processes and transforms them into automated, easy-to-use solutions. Benefits include reduced costs, process consistency, enhanced use of encryption, and enterprise modifiability. Fornetix's Key Orchestration appliance integrates with Cyphre's BlackTIE-powered offerings to deliver high-performance security solutions that protect the integrity of your encrypted data from continuously evolving threats. The integrated solutions are available immediately.

Cyphre's BlackTIE technology augments vulnerable single encryption keys with hardware-encrypted Black Keys to render hijacked keys useless, thus neutralizing the threat. Chip-resident Black Keys are completely isolated from hacker exposure, even hidden from Cyphre itself. For heightened security, BlackTIE uses a key-per-file protection approach to encrypt all data-at-rest and data-in-transit.

"As businesses continue to demand data protection beyond a classic software based encryption, the integration of Cyphre's BlackTIE technology and Fornetix's Key Orchestration appliance, provide RigNet an opportunity to meet our customer demands for best-in-class cybersecurity solutions," said Steve Pickett, President and CEO of RigNet, Inc. "By fully integrating heightened data protection and key management with other security elements within a multilayered posture, organizations can further narrow gaps between their security layers, while implementing strong cryptographic protections for their most sensitive, and vulnerable, data."

About FornetixFornetix is helping organizations unleash the full potential of encryption by conquering the key management bottleneck. Our Key Orchestration ecosystem automates the key lifecycle across the entire enterprise with groundbreaking precision and speed. Policy-driven automation of the key rotation lifecycle reduces human error and empowers your organization to remain secure and avoid costly data breaches. As global use of encryption rapidly expands, you can be prepared for the future with unparalleled scalability. Please call 1-844-KEY-ORCH or visit http://www.fornetix.com for more information.

About Cyphre Security Solutions LLCCyphre, a wholly owned subsidiary of RigNet, Inc. (NASDAQ: RNET), is a cybersecurity company deploying disruptive data protection innovations by enhancing industry standard encryption protocols with our patent pending BlackTIE technology. Product offerings include Encrypted Cloud Storage and Enterprise Collaboration services, Secure Integration with IoT devices and applications, and the Enterprise Cloud Encryption Gateway. For more information, visit http://www.cyphre.com and follow us on Twitter: @getcyphre.

View original content with multimedia:http://www.prnewswire.com/news-releases/fornetix-and-cyphre-security-solutions-llc-a-rignet-company-join-forces-to-deliver-advanced-key-protection-management-and-encryption-solutions-300495894.html

SOURCE Fornetix

Home

Go here to see the original:
Fornetix and Cyphre Security Solutions LLC, a RigNet Company, Join Forces to Deliver Advanced Key Protection ... - PR Newswire (press release)

The UK Secretary of State for Defence has struggled to explain what his government wants tech companies to do to support national security operations, but was adamant that they have to do more.

Sir Michael Fallon, speaking to ABC's 7.30 program last night, said the UK had not fully used new laws which compel operators to decrypt messages sent via services such as WhatsApp and Telegram.

We want them to do more and we are continuing to discuss with them how they can help our security services to do more, he told 7.30.

UK Home Secretary Amber Rudd was in discussion with a number of companies, Fallon said, to make them do more, to acknowledge their responsibility, to work with us in identifying potential terrorist threats to our country.They have to do more.

Despite passing its Investigatory Powers Act last year, the UKgovernment has struggled to maintain a consistent message on end-to-end encryption, and has not said what it expects providers to do to remove electronic protection.

The act nicknamed the Snoopers Charter compels companies to remove electronic protection applied by or on behalf of that operator to any communications or data. They must also provide information in an "intelligible form"when requested.

Rudd said in March said that it was completely unacceptable that law enforcement agencies were unable to read messages hidden by end-to-end encryption, before coming out in support of encryption later the same day.

Australia's government is now seeking to create similar laws, and has cited the Investigatory Powers Act as an inspiration.

Prime Minister Malcolm Turnbull and Attorney-General George Brandis have been similarly vague on the details of how tech companies are expected to cooperate, but made it clear that they should.

Fallon added that security services should be given all the powers they need to thwart terrorist plots.

That's vital and we're continuing to work with those [tech] companies to make sure they cooperate better, he said.

On Wednesday, the UK and Australia cemented its long-standing relationship in tackling cyber threats which can risk international stability, a joint statement said.

Error: Please check your email address.

Tags United Kingdomcyber warfareterrorisminternational affairslawencryptionlegislationgovernmenthomelanddecryptionUKcybermotherland

More about Attorney-GeneralAustraliaHome

See original here:
Encryption: UK Defence Sec says tech companies 'have to do more', gives no detail - Computerworld Australia

German police are set to make use of new laws to hack the devices of criminal suspects in order to monitor communications, bypassing the need to force tech companies to provide encryption backdoors.

Local media reports referencing Interior Ministry documents claimed that law enforcers will be able to make use of new Remote Communication Interception Software (RCIS) to target Android, iOS and BlackBerry mobiles.

The idea is to hack into suspects devices in order to read communications at source. This would seem to be a neat way of monitoring targets without the need to engage with providers of services like WhatsApp, iMessage and Telegram.

Tech companies including Facebook and Apple have been steadfast in refusing to engineer backdoors for law enforcers arguing that it would undermine security for millions of innocent users and businesses. As most are based in the US, its unlikely that the German government alone could do anything about it.

The German parliament recently passed a new law expanding the power of the police to hack devices belonging to all criminal suspects and not just terror suspects.

This is in stark contrast to the situation in the UK, where the new Investigatory Powers Act grants police the power to hack devices irrespective of suspicion of criminal activity.

However, activists in Germany are still worried about the move, especially as the authorities have been revealed to have bought surveillance software from infamous provider FinFisher, as a back-up in case their own RICS 2.0 tools are leaked or get compromised.

By using third party provider tools, governments could skirt legal restrictions on what they can and cant do, according to Deutsche Welle.

The European Commission claimed back in March that it was planning to give tech communications providers three or four options forcing them to make the communications of suspects available to police, ranging from voluntary measures to legislation.

In related news, rights groups have this month signed a joint open letter to EU member states urging more to be done to reform EU rules governing the export of surveillance equipment.

It claimed over 330 export license applications for such technology have been made to 17 EU authorities since 2014; with 317 granted and only 14 rejected.

See more here:
German Police to Bypass Encryption by Hacking Devices - Infosecurity Magazine

There's lots of talk of mandating a backdoor to encrypted services so that law enforcement can use them under warrants. The need is real and there are some reasonable compromises that can keep all our data safe and still help catch bad guys.

But a backdoor for the good guys is potentially a backdoor for the bad guys too. Here are five reasons a backdoor in encryption is a bad idea:

1. Strong encryption protects dissidents and democracy advocates in repressive regimes as well. Putting in backdoors limits their options and weakens their protections.

2. The backdoor goes beyond the phone. IoT devices are becoming more and more frequent, meaning any device with a connection could have a backdoor. If someone gets the keys or figures out how the backdoor works, they could get inside lights, door locks and more.

3. Dual key systems are inherently less secure. Having one key that you the user are the only with access to is the only way to make sure that you are the only weak point. Having dual keys stored in a government agency gives attackers more targets for social engineering and other attacks.

SEE: Ethical Password Hacking and Security (TechRepublic Academy)

4. Criminals can choose not to use the services with backdoors. Open source encryption tools are available that nobody controls, and large enough organizations can create their own. So you're weakening security for law abiding citizens more than criminals.

5. You can't make math illegal. The solution to our last point is to make any encryption without a backdoor against the law. Except that encryption is generally just multiplying two prime numbers. It would be hard to make that against the law.

Now there is more tech companies could do to assist law enforcement. Creative solutions being proposed include pushing updates that do things like say, surreptitiously turn on logging in an app like WhatsApp for a suspect who is the target of a court approved warrant.

That may or may not be the right answer of course but that's where productive discussion can be had. The kind of things that lessen a criminal's security without breaking encryption for everyone.

Also see:

Read this article:
Top 5: Risks of encryption backdoors - TechRepublic

Cybersecurity

A Qubitekk prototype will incorporate ORNL's single-photon source approach, thereby bringing the device closer to generating pairs of quantum light particles in a controlled, deterministic manner that is useful for quantum encryption. (Photo by Qubitekk)

Oak Ridge National Laboratory has licensed a method its researchers developed to keep encrypted machine-to-machine data from being intercepted.

San Diego-based quantum technology company Qubitekk has signed a non-exclusive license for the labs method of "down-conversion" of photons, which produces random, unpredictable pairs of the particles to confound the interception of data, the lab said in a July 25 statement.

"Current encryption techniques rely on complex mathematical algorithms to code information that is decipherable only to the recipient who knows the encryption key," according to the statement. "Scientists, including a team at the Department of Energys ORNL, are leveraging the quantum properties of photons to enable novel cryptographic technologies that can better protect critical network infrastructures."

According to lab officials, the technique harnesses quantum physics to expose, in real-time, the presence of bad actors who might be trying to intercept secret keys to encryption algorithms used by the energy sector.

Qubitekk President and CTO Duncan Earl said in the ORNL statement that his company plans to enhance its existing single-photon quantum information prototype by integrating the labs design. Earl is a former ORNL researcher who worked with the lab's Cyber Warfare group and Quantum Information Sciences team.

The company's work could lead to a tenfold increase in quantum encryption rates and the ability to maintain high data transmission speeds over longer distances, he added.

Earl said the firm plans to conduct field trials with its customers, which include California utility companies.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.

Here is the original post:
Oak Ridge licenses its quantum encryption method - FCW.com

IN 2015, Ledger Assets co-founders Nuno Martins (left), John Bulich and Gov van Ek said they had created the first Australian blockchain

If we could give Malcolm Turnbull one piece of economic advice right now one piece of advice about how to protect the economy against a challenging and uncertain future it would be this:don't mess with encryption.

Earlier this month the government announced that it was going to "impose an obligation" on device manufacturers and service providers to provide law enforcement authorities access to encrypted information on the presentation of a warrant.

At the moment it's unclear what exactly this means. Attorney-General George Brandis and Malcolm Turnbull have repeatedly denied they want a legislated "backdoor" into encrypted devices, but the loose way they've used that language suggests some sort of backdoor requirement is still a real possibility.

Hopefully we'll discover more when the legislation is introduced in the August sitting weeks. Turnbull did say at the press conference "I'm not suggesting this is not without some difficulty". The government may not have made any final decisions yet.

But before any legislation is introduced, the government needs to understand what the stakes are in as they strive against encryption.

Anything the government does to undermine the reliability of encryption could have deleterious consequences for what we believe will be the engine of economic growth in decades to come: the blockchain protocol.

The blockchain is the distributed and decentralised ledger that powers the Bitcoin cryptocurrency. Blockchain constitutes a suite of five technologies:cryptography, a database that can be added to but not altered, peer-to-peer networking, an application of game theory, and an algorithm for ensuring a consensus about what information is held on the ledger.

Taken separately, these are long established technologies and techniques even mundane ones. But taken together, they constitute an entirely new tool for creating political, economic, and social relationships.

The possibilities far exceed digital currencies. Already banks and other financial institutions are trying to integrate blockchains into their business structures: blockchains drastically reduce the costs of tracking, recording, and verifying transactions. Almost any business or government organisation that is done with a database now can be done more efficiently, more reliably, and cheaper with a blockchain property registers, intellectual property, security and logistics, healthcare records, you name it.

But these much publicised blockchain applications are just a small taste of the technology's possibility. "Smart" self-executing contracts and massively distributed organisational structures enabled by the blockchain will allow the creation of new forms of business structures and new ways to work together in every sector and every industry.

In fact, we think that the blockchain is so significant that it should be treated as its own category of human organisation. There are firms, there are markets, there are governments, and now there are blockchains.

But the blockchain revolution is not inevitable.

If there is one key technology in the blockchain, it is cryptography. There are lots of Silicon Valley entrepreneurs playing around with lots of different adaptations of the blockchain protocol, but this one is a constant: the blockchain's nested levels of encryption are built to ensure that once something is placed on the blockchain it is permanent, immutable, and only accessible to those who own it.

Blockchains only work because their users have absolute confidence that the system is secure.

Any legal restrictions, constraints or hurdles placed on encryption will be a barrier to the introduction of this remarkable new economic technology. In fact, any suggestion of future regulatory challenges to encryption will pull the handbrake on blockchain in Australia. In the wake of the banking, mining and carbon taxes, Australia already has a serious regime uncertainty problem.

Melbourne in particular is starting to see the growth of a small but prospective financial technology industry of which blockchain is a central part. The Australian Financial Review reported earlier this week about the opening of a new fintech hub Stone & Chalk in the establishment heart of Collins St. What's happening in Melbourne is exactly the sort of innovation-led economic growth that the Coalition government was talking about in the 2016 election.

But the government won't be able to cash in on those innovation dividends if they threaten encryption: the simple and essential technology at the heart of the blockchain.

Chris Berg, Sinclair Davidson and Jason Potts are with the School of Economics, Finance and Marketing at RMIT University.

Read more here:
Government must leave encryption alone, or it will endanger blockchain - The Australian Financial Review

Communications just got tighter between Alice and Bob, leaving Eve out in the cold. These aren't real people, but rather the names commonly used in scenarios describing quantum cryptography, a type of technology surpassing traditional encryption in terms of keeping communications networks safe from hackers.

It's a technology that China is now announcing has been incorporated into an "unhackable" system it's about to launch, the BBC reports. About 200 military, government, finance, and electricity users will have access to the system in Jinan, which the South China Morning Post reports is expected to be operational by next month, per local media.

China Daily notes the system, which cost about $17.8 million, can encrypt over 4,000 pieces of data per second. In regular encryption, a message can only be opened with a "key"usually a complex math problemthat only the sender and receiver have access to.

But as computers become more powerful, they're increasingly able to crack these codes, making encryption not as secure. In quantum cryptography, the key is sent ahead of the message, "embedded in particles of light," per the BBC; if a hacker tries to grab those particles, they're destroyed, and the sender and receiver will realize someone's trying to access their infomeaning they won't send the message.

With this type of system, the BBC notes, China will be among the first to make this quantum leap, even as the West lags behind. It's not the first quantum-based communications network for China: The country has tested the technology in a satellite and via a link between Beijing and Shanghai.

(Here's how ransomware exploits encryption.)

This article originally appeared on Newser: China Announces Quantum Leap in Encryption

Read this article:
China announces quantum leap in encryption - Fox News