Category Archives: Encryption

Amazon Elastic Transcoder adds AES-128 encryption for HLS content

Posted on by

Amazon Web Services

Amazon Web Services boosted encryption on its media transcoding in the cloud service with AES-128 encryption to protect the transcoded files, while adopting generic content delivery mechanisms. AWS confirmed that the feature is currently available and there will be no additional charge for the use of AES-128 encryption. Users must pay only for the content transcoded.

When enabling this feature on Amazon Elastic Transcoder, each media segment is encrypted using AES-128 and a single encryption key. A URL (uniform resource locator) to the decryption key is written to each playlist (HLS supports multiple encodings known as variants; each one supports an alternate rendering of the same content). When the content is viewed, the player will download the key and decrypt the media segments during the playback process.

In order to make use of this new feature, users need to associate an Elastic Transcoder pipeline with a KMS master key. They will have two choices when it comes to keys either creating own keys or have Elastic Transcoder generate them.

Amazon Elastic Transcoder is built using the scalability and flexibility of other Amazon Web Services. It runs transcoding jobs using the Amazon Elastic Compute Cloud (Amazon EC2) to complete large transcoding jobs. Amazon Elastic Transcoder is built to work with content stored in Amazon Simple Storage Service (Amazon S3), to offer durable and cost effective storage for huge libraries, or small ones. Users can get notified about the status of transcoding jobs through the Amazon Simple Notification Service (Amazon SNS).

Each variant playlist will contain a URL that the media player will use to fetch the content protection key using a standard HTTP request. In order to protect access to the key, the content provider must authenticate and authorize the media player. The authentication should result in a session cookie that identifies the media player. The content provider should mandate that the cookie is present and acceptable before returning the key. This mechanism will prevent unauthorized playback and decryption of the content.

If the user decides to use a Content Distribution Network (CDN) such as Amazon CloudFront to distribute content, they need to ensure that the encrypted media files are accessible from CloudFront distribution. However, they must be careful not to store keys in a publicly accessible location.

Last December AWS added the ability to attach up to ten key-value pairs to each Elastic Transcoder jobs. The metadata is included in job notifications and can be used to map jobs back to the content in the internal Content Management System (CMS).

In November, AWS announced AWS Key Management Service (KMS) support for Elastic Transcoder to ensure the confidentiality of media assets (mezzanine files, thumbnails, captions, and watermarks) as they move between application and the Elastic Transcoder service. This launch gave users the control as to who could decrypt content and also allowed to use AWS CloudTrail to create an audit report of all encryption and decryption operations.

View post:
Amazon Elastic Transcoder adds AES-128 encryption for HLS content

Certificate Authorities Offer Value Additions with SSL Certificates to Stay Competitive in a Mature Market

Posted on by

-- CAs leverage encryption-based technology expertise to widen application scope, finds Frost & Sullivan

MOUNTAIN VIEW, California, Jan. 20, 2015 /PRNewswire/ -- Secure socket layer (SSL) certificates are an encryption technology used to secure communications between end users and websites. Despite its maturity, the SSL certificate market is expected to grow due to the expanding ubiquity of the Internet. Acknowledging the need to be distinct in a competitive marketplace, certificate authorities (CAs) are offering value additions such as SSL certificate inventory and management tools to website hosts.

A recent analysis from Frost & Sullivan, Analysis of the Global SSL Certification Market, finds that in 2013, 2.55 million SSL certificates were shipped. The market earned revenue of $795.5 million in 2013 and estimates this to reach $1.66 billion by 2018. The study covers domain validated (DV), organization validation (OV) and extended validation (EV) certificates across various markets and verticals.

For complimentary access to more information on this research, please visit: http://bit.ly/1zrBz2m

CAs thrive on their reputation as providers of solid encryption codes and trustworthy validation of business entities. A case in point is the bankruptcy of the Dutch CA DigiNotar merely months after it was breached. Following this high-profile incident, the CA/Browser Forum established baseline requirements for the issuance of SSL certificates.

"Even if there are creative differences among vendors within the CA/Browser Forum, the highly codified nature of SSL certificate standards make competitive differentiation difficult," explained Frost & Sullivan Network Security Industry Analyst Christopher Kissel. "Nevertheless, CAs could stand out by offering elliptic curve cryptography or securing hash algorithm SHA-3, as more than 98 percent of all certificates employ SHA-1 or SHA-2 cryptography."

CAs can also attempt to enlarge their addressable market by improving the transactional time of the public key infrastructure (PKI) handshake. The encryption-based technologies used to initiate an SSL certificate handshake can be used in other digital certificate technologies. For instance, variations of the PKI used in the SSL certificate exchange are used in encrypted email, e-identity (eID), e-passports and smartcard log-in.

"Additionally, encryption is used for code-signing, document verification, and other digital certificates," noted Kissel. "The technologies that CAs use to secure point-to-point communications over the Internet can be leveraged to secure communications for healthcare exchanges, formal communications with government agencies, and as a part of e-transactions."

Owing to these value additions and multiple applications, SSL certificates are expected to remain the preferred transportation layer security method over the Internet for the foreseeable future.

Analysis of the Global SSL Certification Market is part of the Network Security Technologies (http://www.networksecurity.frost.com) Growth Partnership Service program. Frost & Sullivan's related studies include: Asia-Pacific Secure Content Management Market 2013, Endpoint Security Market, North America and EMEA Managed Security Services Market and Emerging Trends in the Network Security Market in India, CY 2013. All studies included in subscriptions provide detailed market opportunities and industry trends evaluated following extensive interviews with market participants.

Link:
Certificate Authorities Offer Value Additions with SSL Certificates to Stay Competitive in a Mature Market

The precarious cybersecurity balancing act

Posted on by

When British Prime Minister David Cameron publicly called on the worlds biggest technology firms to assist law enforcement agencies in breaking digital encryption, he became the latest politician to assert that it is possible to balance Internet security and surveillance.

Whether that balance actually exists, however, is the subject of intense debate.

Prime Minister Cameron travelled to Washington late last week to meet with U.S. President Barack Obama. One of the major topics of conversation between the two leaders is digital security a group of 12 U.K.-based cybersecurity firms is also travelling with the Prime Minister.

The U.K. is already leading the way in cybersecurity and this government is committed to ensuring it continues to be a leader in this multibillion dollar industry, the Prime Minister said in a statement on the eve of his U.S. trip.

But what was originally planned as a discussion about British plans to strengthen digital security has suddenly become, in many security experts view, a discussion about doing the exact opposite. In the immediate aftermath of the Paris shootings one of the worst acts of terrorism in postwar French history Mr. Cameron has publicly called for technology companies to co-operate with efforts to allow British law enforcement agencies to crack encryption, the fundamental building block of digital privacy.

Its really odd in one breath to talk about improving cybersecurity and then in another breath call on companies to weaken security by weakening encryption, said Christopher Soghoian, principal technologist with the American Civil Liberties Union.

There is no way to design the system to keep the Chinese and North Koreans out but let the North Americans and British in.

Encryption is, at its most basic level, a means of keeping information secret using very large numbers. Just as a 15-digit PIN is harder to guess than a four-digit PIN, high-grade encryption algorithms that manipulate larger numbers are usually harder to break. As such, all things being equal, encryption is not only a fairly effective means of keeping data private, its effectiveness can also be mathematically measured.

But ever since the Edward Snowden leaks revealed widespread claims of authorized and unauthorized government surveillance of many of the worlds most popular digital services and social networks, the technology giants responsible for those services have taken great pains to improve their encryption standards.

(The motivation for doing so is, primarily, financial companies such as Google, Microsoft and Apple stand to lose billions if enterprise customers such as banks and other large corporations no longer trust their systems to keep sensitive information private.)

Read more:
The precarious cybersecurity balancing act

Obama sides with UK PM, calls for law enforcement-crackable encryption

Posted on by

President Obama has, for the first time, publicly acknowledged that encryption is a problem for law enforcement. With UK Prime Minister David Cameron alongside, demanded that there must be both ways to keep citizens' information private, but that there has to be a way to allow law enforcement to surveil both in real-time, as well as decrypt after-the-fact forensically, when a court deems it necessary. "Because this is a whole new world, as David [Cameron] says, the laws that might've been designed for the traditional wiretap have to be updated. How we do that needs to be debated both here in the United States and in the UK" said the President.

"If we find evidence of a terrorist plot... and despite having a phone number, despite having a social media address or email address, we can't penetrate that, that's a problem," said the President. Obama is referring to software by Apple and Google that both companies claim can't be decrypted, even with a court order in place.

Apple and other tech companies have "opted out" of playing a role in law enforcement by changing some messaging systems, such as email and chat, to use private encryption that the companies cannot break. Omitted by most governmental officials discussing the matter is the fact that law enforcement, if suitably inspired to do so, can generally can break most encryption systems, given time and tools already in their possession. End-to-end encryption makes it more difficult, and more laborious, for law enforcement or intelligence agencies.

Earlier in the week, Cameron said that he would seek a ban on end-to-end encrypted messaging, calling it a tool that terrorists use to effectively, and securely communicate. Cameron claimed that "I have a very simple principle to apply here," explained Cameron in his speech, "which should be at the heart of the legislature that will be necessary. The simple principle is this, 'In our country, do we want to allow a means of communication between people, which even in extremis, with a signed warrant from the Home Secretary personally, that we cannot read?'" He has since said that the remarks were misconstrued, but the intention of the Prime Minister's words seems clear enough.

Without going into specifics of when a court order would be issued for surveillance, Obama also said that "when we have the ability to track that in a way that is legal, conforms with due process, rule of law and presents oversight, then that's a capability that we have to preserve."

By Electronista Staff

Continued here:
Obama sides with UK PM, calls for law enforcement-crackable encryption

David Cameron is "technologically illiterate" on encryption ban

Posted on by

The Prime Minister's plans to ban encryption technology are "technologically illiterate", Liberal Democrat MP Julian Huppert has said today (Friday 16 January).

Strong encryption technology is used by a number of major websites but under Cameron's plans websites would be required to store data and hand that over to the intelligence agencies.

Responding to David Cameron's proposals to allowBritish intelligence agencies to have the power to break the encryption technology Julian said:

Camerons plan to ban encryption technology means he is either cynically trying to sound tough on terror, or he simply doesnt have a clue what hes talking about. I wonder if the Prime Minister realises his ludicrous proposal is technologically illiterate?

We all know online shopping, online banking and private messaging all use encryption, so it is crazy to suggest we should ditch it. It would open ourselves to attack from anyone with 10 minutes hacking experience.

What is even more bizarre is Cameron has chosen to make this big announcement in the same week he has hotfooted it to Washington to call for greater cyber security. He is completely contradicting himself.

By trying to ban encryption the Tories risk serious damage to our economy, freedom, and security. It is vitally important that we tackle terrorism effectively - but robbing us all of our online security is no way to do it.

Read more from the original source:
David Cameron is "technologically illiterate" on encryption ban