Category Archives: Encryption

Cisco open-sources experimental small message encryption for cloud, IoT

Posted on by

Networking giant Cisco is open-sourcing an experimental cipher that could help preserve privacy in the cloud and the Internet of Things.

Cisco software engineer Sashank Dara describes the cipher as FNR (Flexible Naor and Reingold) and says that its a variant on the work of Naor and Reingold from a paper published in the Journal of Cryptology. That permits the encryption of small messages without a great amount of bloat.

Common ciphers used in todays encryption tend to generate fixed width messages. For example, AES has a fixed block lengthfrom 128, 192, or 256 bitsand any length of data smaller than that automatically gets padded to fit the full width.

For most situations where encryption is usedsuch as person-to-person communications or the exchange of large amounts of datathis isnt that big of a problem since these examples send a lot of data with a low number of messages. However, in a cloud or Internet of Things situation a lot of small messages might be exchanged rapidly in order to keep real-time data flowing.

Dara adds that the system would be useful for exchanging small chunks of data such as IPv4 addresses, MAC addresses, arbitrary strings, etc. while preserving their input lengths. This way FNR could also be extremely useful for adapting encryption to legacy databases that require a set column length to store data.

As for Daras example for the cloud: Usethe FNR cipher in whats called ECB (electronic codebook) mode, which does not give strong security to the underlying data but does deliver a level of anonymity to ingested messages. He suggests that such an application would be good for cloud-based monitoring of a system that also needs to preserve the data anonymity of the monitored subject. Its not always necessary to know what a system is doing to gauge its overall health and, given that a logging service could also be hacked, anonymizing data would resist further intrusion.

The code has been open-sourced under the LPGLv2 license and is available at github. Alongside the code Cisco provides a demonstration application that encrypts IPv4 addresses as an example. The specifications also caution that this code is experimental and is not ready for production systems.

This sort of cipher could have implications for any system that needs to exchange lots of messages over thin bandwidth that have a high chance of being intercepted. Dara suggests that cloud is a potential use, but another space that could use such a cipher is Internet of Things applications.

Low-power wireless sensors, common to IoT solutions, need to make the best of their power and bandwidth when sending information back to receivers and at the same time open up clients to potential privacy breaches. Being able to encrypt smaller bursts of data would open up new avenues for developing private messaging for a large number of industries.

The USPS recently started seeking solutions from IoT vendors and one of the primary concerns about any solution included keeping customer data private. To maintain privacy for customers of any IoT endeavor would need to include everything from databases and cloud (the datacenter where a lot of encryption is already used) as well as from parcels and trucks (the IoT side that would benefit from FNR.)

More here:
Cisco open-sources experimental small message encryption for cloud, IoT

House Adopts Amendment to Bar NSA From Meddling With Encryption Standards

Posted on by

69 Twitter Facebook Email

The measure was inserted into a defense appropriations bill and approved on a voice vote.

The measure was inserted into a defense appropriations bill and approved on a voice vote.

by Justin Elliott ProPublica, June 20, 2014, 12:17 p.m.

ProPublica investigates the threats to privacy in an era of cellphones, data mining and cyberwar.

Enable Social Reading

An amendment designed to bar the National Security Agency from undermining encryption standards was approved by the House last night.

The move follows reporting last year by ProPublica, the Guardian, and the New York Times on the NSA's efforts to weaken encryption, including by influencing the development of standards by the National Institute of Standards and Technology. The stories were based on documents provided by Edward Snowden.

The amendment, sponsored by Rep. Alan Grayson (D-Fla.) and similar to one he advanced last month, bars the NSA from using appropriation funds to consult with NIST in a way that undermines security standards.

It still has a way to go before becoming law: While the House is expected today to approve the full appropriations bill that the amendment is a part of, the Senate would have to pass the same text, and ultimately President Obama would have to approve.

Excerpt from:
House Adopts Amendment to Bar NSA From Meddling With Encryption Standards

Granular or Cell Level Encryption in SQL Server

Posted on by

Introduction

Encryption brings data into a state that cannot be interpreted by anyone who does not have access to the decryption key, password, or certificates. Though encryption does not restrict the access to the data, it ensures in case of data loss, then that data is useless for the person that does not have access to the decryption keypasswordcertificates. When you use encryption, there should be a maintenance strategy for passwords, keys, and certificates.

To meet the demands of regulatory compliance and corporate data security standards, SQL Server allows you to enable encryption at the columncell level or on the entire database level. You can even use file level encryption, provided by Windows for database files.

In my last article, Transparent Data Encryption (TDE) in SQL Server I talked about enabling encryption at the entire database level and in this article I am going to further discuss and demonstrate a more granular level or each individual cell level encryption in detail and how it differs from Transparent Data Encryption (TDE).

Transparent Data Encryption is applicable at the entire database level unlike granular or cell level encryption, which applies to a specific column of a table.

Transparent Data Encryption encrypts data in pages before it is written to the disk and decrypts when reading from disk at the I/O level. This means, data in the buffer pool remains there in clear text format whereas in the case of granular or cell level encryption you have more granular control data is encrypted when you use the EncryptByKey inbuilt function while writing and decrypts the data only when you use the DecryptByKey inbuilt function so that even if a page is loaded into memory, sensitive data is not in clear text. This means unlike Transparent Data Encryption in which the data in the buffer pool remains in clear text format, with cell level encryption even in the buffer pool data remains encrypted.

Transparent Data Encryption, as its name implies, is completely transparent to your application. This means literally no application code changes (only an administrative change to enable it for a database) are required and hence there is no impact on the application codefunctionalities when enabling TDE on a database being referenced by that application whereas in the case of Granular or Cell level encryption a code change is required. In the case of Granular or Cell level encryption, first you need to change the data type to VARBINARY data type from their original data type (re-cast it back to the appropriate data type when read) and then you need to manually use inbuilt functions to encrypt or decrypt the data.

Transparent Data Encryption performs the encryption in bulk at the entire database level whereas in the case of Granular or Cell-level encryption the performance impact will vary based on the number of columns you are encrypting or the amount of datarows each column contains, i.e. the more columns you encrypt the more overhead and performance penalties you will have.

Granular level encryption has higher performance penalties and administration costs as the encryption is always salted so the same data will have a different value after encryption. As a result, foreign key constraints and primary key constraints do not provide any benefit on these encrypted columns. Query optimization also gets impacted as indexes on these encrypted columns offer no benefits and as a result range and equality searches turn into full table scans whereas with TDE your query can fully utilize indexes and avoid table scans.

Transparent Data Encryption was introduced in SQL Server 2008 and available in later versions for bulk encryption at the database file level whereas Granular or cell-level encryption was introduced in Microsoft SQL Server 2005 and available in later versions for encrypted data at column level.

Read more from the original source:
Granular or Cell Level Encryption in SQL Server

Amazon AWS continues to use TrueCrypt despite project’s demise

Posted on by

TrueCrypt remains the only option for securely importing and exporting data to and from the Amazon Simple Storage Service (S3) two weeks after the popular encryption software was abruptly discontinued by its creators, supposedly for security reasons.

According to Amazon Web Services (AWS) online documentation, TrueCrypt is the only device encryption supported by AWS Import/Export. On a separate page about AWS security, Amazon says that: AWS only ships devices out of AWS facilities if the device is completely erased or the device only contains data encrypted by AWS. For import jobs, we erase devices after job completion. For export jobs, we will always encrypt the data being exported onto the device. We use TrueCrypt software for encryption.

The authors of TrueCrypt, whose identities remain unknown, ended the project on May 28 with a sudden message warning users that using TrueCrypt is not secure as it may contain unfixed security issues. The projects homepage advised users to switch to encryption technologies integrated directly into modern operating systems like BitLocker Drive Encryption in recent versions of Windows or FileVault in Mac OS X.

TrueCrypt version 7.2, which can only be used to decrypt data, was released at the same time as the announcement about the end of the project, and all previous versions that included encryption functionality were removed from the projects repository.

The authenticity of the announcement has been questioned by some users and several possibilities were advanced, including that it was fake and posted by hackers or that the authors were identified by a government and forced to shut the project down.

The Open Crypto Audit Project (OCAP), a community initiative that was in the process of analyzing the security of TrueCrypt when its development was discontinued, set up a repository this week with verified builds and source code for TrueCrypt 7.1a, the last version of the software to include encryption.

OCAP plans to complete its TrueCrypt audit, which is now in phase two and involves analyzing the softwares cryptographic functions. The first phase, which involved searching for vulnerabilities in the programs critical components like its Windows kernel code, the bootloader and the filesystem driver was completed in April with no critical issues being identified.

Amazon.com did not immediately respond to an inquiry seeking information on whether it plans to support other data encryption technologies for the AWS import/export feature aside from TrueCrypt in the future.

Lucian Constantin writes about information security, privacy and data protection. More by Lucian Constantin

More here:
Amazon AWS continues to use TrueCrypt despite project's demise

Kenya: Al Qaeda Using New Encryption Software to Defy U.S. Intelligence Tracking

Posted on by

A new report shows that Al Qaeda and associate firms are using new encryption software in a bid to defy US intelligence tracking.

The report from an intelligence firm called Recorded Future states that since 2007, Al-Qaeda's use of encryption technology has been based on the Mujahideen Secrets platform which has developed to include support for mobile, instant messaging, and Macs.

Following the June 2013 Edward Snowden leaks about the National Security Agency's intelligence programme, the study also reveals an increased pace of innovation, specifically on new competing jihadist platforms and three major new encryption tools from three different organizations - GIMF, Al-Fajr Technical Committee, and ISIS - within a three to five-month time frame of the leaks.

Al-Qaeda (AQ) has been using encryption technology in various forms for a long time. The original Mujahideen Secrets is the most common one, but recently there have been multiple new encryption products as well as adaptations to new platforms like mobile, instant messaging, and Mac.

"The nature of these new crypto products indicates strategy to overlay stronger and broader encryption on Western (mainly US) consumer communication services. We do not find evidence of abandonment of US-based consumer communication services. Likely risks are still greater to hide outside the consumer crowd, and non-US-based services may be exposed to even stronger lawful intercept," stated the study

The Recorded Future timeline also laid out key developments from 2007 to date and according to them, the original Mujahideen Secrets (Asrar al-Mujahideen) encryption software launched in 2007 was primarily for use with email. Asrar has had multiple releases over time and is distributed by the Global Islamic Media Front (GIMF).

The second crypto Development was Asrar al-Dardashah, released by GIMF in February 2013, which is an encryption plugin for instant messaging based on the Pidgin platform - which connects to major US-based platforms. Later on, GIMF released Tashfeer al-Jawwal in September 2013 based on Symbian and Android and is a mobile encryption program.

Asrar al-Ghurabaa is yet another alternative encryption program, however importantly, released in November 2013 by Islamic State Of Iraq And Al-Sham (ISIS), which coincides with ISIS breaking off from main AQ after a power struggle and Amn al-Mujahid is an alternative encryption program released in December 2013. In this case from Al-Fajr Technical Committee (FTC) which is also a mainstream AQ outfit.

Visit link:
Kenya: Al Qaeda Using New Encryption Software to Defy U.S. Intelligence Tracking

Data Protecto: Ground-breaking Data Protection Software

Posted on by

(PRWEB) June 20, 2014

In light of grave threats confronting data security in the information age, a revolutionary data encryption tool has been released which is constantly changing the face of data protection. As a response to ongoing bugs and malware, including Heartbleed bug, Gameover Zeus and Cryptolocker, Data Protecto has developed this purpose built encryption software. Sara James, a software developer at Data Protecto said this novel encryption software is built keeping in mind the dynamic and evolving threats which IT users confront. As such, it has a reactive as well as preventive robust systems integrated into its code, which recognizes any threats as they emerge and prevent data compromise accordingly.

A spokesperson of Data Protecto, Elizabeth Kelly explained Data Protecto will be equipped with certain grounds breaking features which makes it best encryption software. She claimed that Data Protecto will be equipped with 9 features including:

She further explained that with comprehensive data protection and encryption technologies Protecto is expected to revolutionize the previously ineffective and futile data protection industry. It is a step towards consolidated protection against evolving and dynamic threats which we continually experience.

With such expectations against adverse prospects overlooking the data protection industry, Data Protecto may be our final hope against the endemic of data insecurity.

Go here to see the original:
Data Protecto: Ground-breaking Data Protection Software