As organizations leverage multi-factor authentication (MFA/2FA) to secure their employees, many consider using hardware security keys. Found to be the one of the most secure types of MFA, hardware keys, aka universal second factor (U2F) keys, rely on WebAuthn in order to be applied to web-based services. But what is WebAuthn anyways?

The Web Authentication API, colloquially known as WebAuthn, was created by the World Wide Web Consortium (W3C) and the FIDO (Fast IDentity Online) Alliance in collaboration with Microsoft, Google, Yubikey, Mozilla, et al. The protocol leverages public key cryptography to specifically authenticate access to web-based resources like applications and some Platform-as-a-Service and Infrastructure-as-a-Service (PaaS & IaaS) solutions.

When used for authentication, public key cryptography requires that a user present a pair of keys to gain access to a service: a public key and a private key. The public key is shared usually within the services the user accesses and is stored in relation to its respective user. When the user offers the private key upon login, the service combines it with the public key and checks the result against a stored value to authenticate the user.

Some forms of public key cryptography, like SSH keys, use complex digital keys that need to be managed. In contrast, WebAuthn can leverage physical hardware such as a USB drive that securely stores the private key until the user needs it. Regardless of how its implemented, public key cryptography is generally regarded as a more secure alternative to the username and password combination required at most logins.

Despite the fact that public key cryptography is more secure, the password prevails as the core authentication method for most services. With WebAuthn, IT admins can safeguard their users by adding an additional factor to their authentication process, often U2F keys.

Using WebAuthn to apply U2F keys to web resource access provides three core benefits to an organization. Lets go over each below.

While evaluating several forms of 2FA and (Read more...)

View post:
What is WebAuthn? - Security Boulevard

When you go to a bar and give your ID to the bartender, do you ever think about how much youre giving away?

Lets say you use your driving license as your ID; youre letting the bartender know that youre not underage, but youre also giving them access to your date of birth, your full name, and your home address. Imagine if there was a way to only share the data you had to, rather than surrendering every piece of information.

From the UKs data protection acts, to the Cambridge Analytica scandal, its clear that the threat to user data is still front of mind for both citizens and regulators alike. Now more than ever, information capitalism means that data, whether rightly or wrongly, is a commodity. For instance, it emerged in 2019 that Facebook was sitting on a database of millions of user phone numbers, and in the same year the company admitted to listening to users conversations through messenger. Even biological information isnt safe after the DNA testing company FamilyTreeDNA admitted to sharing customers genetic data with the FBI in secret. In response, people are reconsidering how much they share online, and are looking for ways to ensure the privacy and security of their information.

Now more than ever, information capitalism means that data, whether rightly or wrongly, is a commodityClick to Tweet

With vast amounts of information moving around the world every second, ensuring its security is essential.

Being able to selectively provide data such as in the bar example, then, would be a huge step for data privacy. This is where cryptography comes in. Privacy is one of the core beliefs of the crypto space; its central in everything we do.

Cryptography is a key tool for keeping institutional powers in check and making sure that data is controlled by the people it belongs to. At my firm, we undertake research to investigate the technologies that could be used to improve privacy, inclusive accountability, and personal agency.

One area of research that weve been involved in is zero-knowledge proofs, specifically zk-SNARKs (a particular type of zero-knowledge proof) and smart contracts which could be applied to a blockchain setting. Zero-knowledge proofs can allow for greater privacy of information and data, which makes them especially interesting in todays climate.

Zero-knowledge proofs (ZKPS) are a technique in cryptography that makes blockchains scalable and ultra-private, allowing information to be verified without revealing it to anyone but the recipient; for instance, you could prove your age at a bar without having to reveal everything else that comes with an ID card, like address or date of birth.

Zero-knowledge proofs are a technique in cryptography that makes blockchains scalable and ultra-private, allowing information to be verified without revealing it to anyone but the recipientClick to Tweet

ZKPs use encryption to secure user data and ensure confidentiality when interacting with apps and financial processes. Its a zero-knowledge proof of knowledge you prove the information without giving any more than necessary away. This concept is powerful in itself, but especially in the age of information capitalism. People will still give up data in return for a service, as has been the case in previous years, but this will be much more selective. These ZKPS can be used to protect personal data, and are an exciting prospect not only for the crypto and blockchain space, but for any industry.

ZKPs also help to securely integrate smart contracts into the blockchain. Smart contracts, programmes which automatically execute the terms of an agreement, eliminate the need for third parties, are important for privacy and security. However, they require a large amount of computing power to maintain, and as blockchains grow in capability, more and more information must be recorded, which requires huge amounts of storage space. In some cases, this can limit the number of people who can access the technology. For companies like us, who want our platform to be accessible on cell phones for those in rural areas in countries like Uganda and Ethiopia, a solution needs to be found.

ZKPs are the answer. They allow transactions on the blockchain to be truncated, or shortened. This means that despite growth of the blockchain, for instance as it comes to include identity and compatibility with many different types of asset, participants dont have to worry about storing information that would take up lots of space. As a result, the blockchains growth isnt compromised by a lack of storage space, and can scale as it needs to. By bringing together both scalability and privacy, zero-knowledge proofs can increase universal inclusion in blockchain.

ZKPs arent just for cryptocurrency. They are applicable to a range of global issues that could benefit from the use of blockchain.

ZKPs arent just for cryptocurrency. They are applicable to a range of global issues that could benefit from the use of blockchainClick to Tweet

Other than personal identification in a bar, for instance, ZKPs have the potential to be used in supply chains, healthcare, finance, and a range of other industries where the security of private information is essential.

Concerns around the misuse of private data in particular by the tech giants, or FAANGS are legitimate, and growing. As a result, its vital to investigate technologies to give people greater control over their own data. Personal sovereignty has long been an essential feature of blockchain, and this continues to be the case with zero-knowledge proofs.

Through ZKPs, privacy is always the priority, and the individual knows their information is safe without compromising their access to services that require identification or data. ZKPs scalability potential means that blockchains can continue to grow, giving people even more freedom and control of their information. As we move towards a more secure future, data privacy will be at the forefront of peoples minds; zero-knowledge proofs, then, will have an important role to play.

Charles Hoskinson is CEO at IOHK. Hoskinson is a Colorado-based technology entrepreneur and mathematician. He attended Metropolitan State University of Denver and University of Colorado Boulder to study analytic number theory before moving into cryptography through industry exposure. His professional experience includes founding three cryptocurrency-related start-ups Invictus Innovations, Ethereum and IOHK and he has held a variety of posts in both the public and private sectors. He was the founding chairman of the Bitcoin Foundations education committee and established the Cryptocurrency Research Group in 2013. His current projects focus on educating people about cryptocurrency, being an evangelist for decentralization and making cryptographic tools easier to use for the mainstream. This includes leading the research, design, and development of Cardano, a third-generation cryptocurrency that launched in September 2017.

The rest is here:
Controlling What You Reveal: How Zero Knowledge Proofs are Changing How We Spend the Currency We Now Call Data - Crowdfund Insider

NEWPORT BEACH, Calif., June 1, 2020 /PRNewswire/ --Crown Sterling today announced that the company has completed three new test validations for its cryptography solutions.

Three new tests were performed on CrownRing, the company's Cryptographically Secure Random Number Generator and all received a pass validation. The tests were performed by John D. Cook Ph.D., an independent expert based in Texas specializing in testing for encryption and data privacy solutions.

Crown Sterling's CrownRing passed in the three commonly used Random Number Generator test suites including:

Crown Sterling's CrownRing is a software which generates random numbers suitable for secured applications as recommended by the National Institute of Standards and Technology (NIST). Applications include "overlay" technology which can relatively easily upgrade outdated technologies.

This news comes on the heels of Crown Sterling recently receiving FIPS-140-2Encryption Validation and is now NIST Certified. NIST issued Certificate number 3635 to Crown Sterling for completing rigorous FIPS 140-2 testing processes.

"This battery of independent and successful testing of our Random Irrational Number Generator technology marks yet another important milestone and validation for the Company," said Robert Grant, CEO, Crown Sterling.

Based in Newport Beach, California, Crown Sterling delivers next generation software-based, AI-driven cryptography in the form of random number generators and encryption products. From irrational numbers that supercharge existing cryptography, to cutting-edge encryption products and developer tools, Crown Sterling aims to change the face of digital security with its proprietary, non-factor-based algorithms that leverage time, AI, and mathematical irrational numbers. For more information about Crown Sterling, please visit http://www.crownsterling.io.

For more information on John D. Cook Consulting, please visit http://www.johndcook.com.

View original content to download multimedia:http://www.prnewswire.com/news-releases/crown-sterling-completes-another-round-of-third-party-validations-for-cryptopgraphy-solutions-301068367.html

SOURCE Crown Sterling

Read more:
Crown Sterling Completes Another Round Of Third-Party Validations For Cryptopgraphy Solutions - Stockhouse

ORMOND BEACH, Fla.and RESTON,Va., June 01, 2020 (GLOBE NEWSWIRE) In a release issued today byHealth Information Sharing and Analysis Center and SAFE Identity under the headline Health Information and Sharing Center (H-ISAC) partners with SAFE Identity to help health sector members safeguard their healthcare identities and data, please note the references to H-ISAC as Health Information and Sharing Center andHealth Information Security and Analysis Center were incorrect. The corrected release follows:

Health Information Sharing and Analysis Center (H-ISAC) partners with SAFE Identity to help health sector members safeguard their healthcare identities and data

Health Information Sharing and Analysis Center (H-ISAC), a global non-profit organizationthat providesthe health sectora trusted community for combating cyber and physical threats, today announced that the organization has agreed to partner with SAFE Identity, formerly known as SAFE-BioPharma, an industry consortium and certification body supporting identity and cryptography in healthcare. As part of this agreement, H-ISAC members are able to take advantage of SAFE Identity programs at a reduced rate.

Identity is the leading cause of breaches today but many health care organizations dont understand why securing identity is so important, or where to get started, said Denise Anderson, President and CEO of H-ISAC. Last fall, H-ISAC launched an initiative to educate the health care community on this topic and equip CISOs with tools to better approach the challenges of Identity and Access Management (IAM). H-ISACs partnership with SAFE is one element of this broader identity initiative.

Defining common requirements for identity providers that align with Digital Identity Guidelines (SP 800-63-3) and certifying identity providers against these requirements is how SAFE is supporting a strong interoperable identity in healthcare. The re-envisioning of SAFE-BioPharma and the new SAFE Identity services are further explored in the recent SAFE Identity press release.

With the renewed SAFE Identity partnership, H-ISAC members can join the SAFE Policy Management Authority (PMA), the governing body of the SAFE Identity Trust Framework, to vote on identity policies, join working groups aimed at helping healthcare organizations implement strong identity solutions, and address identity challenges faced across healthcare. As part of the partnership, H-ISAC members can federate their existing compatible identity credentials with SAFE to achieve cross-organizational trust or join the PMA as relying parties, both at discounted rates.

H-ISAC offers a portfolio of products and services that have been identified and developed specifically for health sector members. Strategic in nature, these low cost or no-cost solutions help member organizations to develop and maintain an effective, long-term defense. SAFE furthers these goals by brokering identity services to healthcare organizations including the ability to rely on the SAFE Identity infrastructure and to consult the SAFE Qualified Products List (QPL), a list of certified products that have been lab-tested at SAFE for compliance against industry and member-driven requirements, both at no cost.

We are eager to start putting the re-envisioned SAFE ecosystem into practice, said Kyle Neuman, the new managing director of SAFE Identity. Existing members can continue to utilize the ecosystem for the use cases and principles on which SAFE-BioPharma was founded while also taking advantage of the new capabilities SAFE is bringing to the table. As we examine the future, we look forward to advising H-ISAC on the principles necessary to leverage a federated infrastructure and start tackling the most pressing identity challenges in healthcare including TEFCA and health information exchange, identification of medical devices, blockchain technology, and achieving a true portable patient ID that can be used across healthcare.

About Health Information Sharing and Analysis Center (H-ISAC)Created in 2010, HealthInformationSharing and Analysis Center is recognized as the official ISAC for the healthsector. H-ISAC is a member-driven organizationthat offersthe sectora trusted community and forum for coordinating, collaborating, and sharing vital threat intelligence and best practices.Members are able to use this knowledgetostrengthen their defenses andminimize the effect of threat actorsaround the world.

About SAFE IdentitySAFE Identity provides an ecosystem for identity assurance in the health sector to enable trust, security, and user convenience. SAFE assures identities and data in virtual clinical trials, telehealth, medical devices, and trusted data exchanges in supply chains through free and membership-driven services. These services operationalize the use of SAFE Identity-certified credentials and applications tailored to healthcare organizations, partners, and patients.

SOURCE: Health Information Sharing and Analysis Center and SAFE Identity

Related Linkshttps://www.h-isac.orghttps://makeidentitysafe.com

ContactDana KringelMontner Tech PR203-226-9290dkringel@montner.com

Read more:
CORRECTION -- Health Information Sharing and Analysis Center and SAFE Identity - Financialbuzz.com

A sea of private information is only accessible through an unbreakable lock that can only be opened by two fingerprints. Credit: 2019 Andrea Fratalocchi

Chaos could help put cyberhackers out of business with a patterned silicon chip that will be uncrackable even in the future.

Confidential dataincluding credit card transactions and sensitive material in governmental institutions and military agenciescan be better protected during information exchanges through public channels.

A team, led by Andrea Fratalocchi and Ph.D. student Valerio Mazzone with collaborating researchers in Scotland and a U.S. company, devised irreversibly modifiable silicon chips that emit chaotic light waves. The chips can make data encryption impossible to crack.

Typical security protocols combine short public and private keys to encode messages. These protocols are fast but easy to crack because, while private keys are only known by senders and/or recipients, public keys are accessible to everyone. Quantum mechanics-based schemes offer a more secure and reliable alternative to these protocols, but require more expensive and slower installations that are not scalable.

Withthe advent of faster andquantum computers allclassical schemes will be quickly broken, exposing the privacy ofour present and, more importantly, pastcommunications, explains Ph.D. student Valerio Mazzone. An attacker can juststore an encrypted message sent today and wait for the right technology to become available to decipher the communication.

The one-time pad has proven absolutely unbreakable. Its secrecy rests on a random, single-use private key that must be shared ahead of time between users. However, this key, which needs to be at least as long as the original message, remains difficult to produce randomly and to send securely.

Fratalocchis team has developed an approach to implement this encryption technique in existing classical optical networks using patterned silicon chips. The researchers patterned the chips with fingerprints to obtain fully chaotic scatterers that cause mixed light waves to travel in a random fashion through these networks. Any modification, even infinitesimal, of the chips generates a scattering structure that is completely uncorrelated to and different from any previous one. Therefore, each user can permanently change these structures after each communication, preventing an attacker from replicating the chips and accessing the exchanged information.

Moreover, these scatterers are in thermodynamic equilibrium with their environment. Consequently, an ideal attacker with an unlimited technological power and abilities to control the communication channel and access the system before or after the communication cannot copy any part of the system without reproducing the surroundings of the chips at the time of the communication.

Our new scheme is completely unbreakable regardless of the time or the resources available, today or tomorrow, Mazzone says.

The researchers are currently working on developing commercial applications of this discovery. Our team is looking for potential industrial partners and looking forward to implementing this system at the global scale. When this system is commercially released, all cyberhackerswill haveto lookfor another job. Fratalocchi concludes.

Reference: Perfect secrecy cryptography via mixing of chaotic waves in irreversible time-varying silicon chips by A. Di Falco, V. Mazzone, A. Cruz and A. Fratalocchi, 20 December 2019, Nature Communications.DOI: 10.1038/s41467-019-13740-y

Link:
Patterned Optical Chips That Emit Chaotic Light Waves Keep Secrets Perfectly Safe - SciTechDaily