Encryption is a type of security that converts data, programs, images or other information into unreadable cipher. This is done by using a collection of complex algorithms to the original content meant for encryption.

Symmetric forms of encryption systems make use of a single password to serve as both decryptor and encryptor. Symmetric types use algorithms that are very safe. One of such type was adopted by the US Government as Advanced Encryption Standard (AES) to store classified information. However, one drawback is that since a single key is shared, it can be leaked or stolen. As part of key management, it is very important to change the key often to enhance security.

Public asymmetric encryption systems make use of highly secure algorithms as well, but using a different strategy for encryption and decryption. The asymmetric encryption method uses two keys, referred to as a key pair. One is a public key, and the other one is a private key. The public key can be freely shared among various users as it is only meant for encryption. The private key is not shared, and is used to decrypt anything that was encrypted by the public key.

The algorithms used in the encryption process depends on the key pair. In order to reverse the encryption process, only the private key of that particular key pair can be used. The message or mail is then delivered to the public key owner. When the mail is received, the private key requests a passphrase before the decryption process. In order to maintain optimal security, this passphrase must be delivered manually; however, the software lets a user locally store the passphrase so that messages may be automatically decrypted.

Since the key that causes decryption is not shared, asymmetric encryption is believed to be more reliable when compared with symmetric encryption.

Read the original:
What is an Encryption Key? - Definition from Techopedia

Quantum computing offers processing power so vast it may soon make todays supercomputers look as crude as 1980s PCs. Theres a downsidethe technology might also render the most secure encryption systems obsolete, cracking codes in a matter of minutes rather than months or years. Gregoire Ribordy says he has a solution. And its selling fast in China.

For the past 15 years, the former University of Geneva physics professor has been developing something called quantum key distributiona system that uses the technology to encrypt data so securely that Ribordy says it cant be deciphered even by an advanced quantum computer. The cybersecurity community must recognize the risks of quantum computing, says Ribordy, a former researcher with Nikon Corp. in Tokyo. Our challenge is to help governments and businesses be ready.

For its first decade or so, his company, ID Quantique SA, bumped along slowly, selling its equipment primarily to academics researching the technology. Then in December, ID Quantique signed a joint-venture agreement with China Quantum Technologies, based in Hangzhou. Sales of its quantum key equipment have surged as Chinese banks, government agencies, and state-owned giants such as China Railway Corp. embrace the technology. Ribordy, who says hes sold fewer than 100 servers to U.S. customers, predicts the growing activity in China will spur interest elsewhere. If Chinas doing it, he says, maybe its a good idea to look at why.

While conventional computers interpret data in ones and zeros, a quantum machine can store information in multiple statesas one, zero, both, or something in between. That allows a quantum system to multitask in ways todays binary equipment cannot. A normal computer looking for a name in a phone book cataloged by numbers, for instance, would search one number at a time. A quantum computer could scan all of them simultaneously; where an old machine might sip data through a straw, a quantum system takes in the flow of the Mississippi. And quantum key distribution automatically detects anyone intruding on a transmission, scrambling the key to keep the information safe.

Although the U.S. has long been the leader in quantum key distribution, China has pulled ahead in some areas, says John Costello, a senior analyst at business intelligence company Flashpoint. Chinese researchers in May claimed theyd developed a quantum computer that eclipses those from U.S.-backed ventures; in June another Chinese group said it had successfully used a quantum-enabled satellite to securely transmit data. The level of investment China is putting into quantum has created a massive market, says Costello, whos testified before the U.S. Congress on the topic. He describes ID Quantique as a significant player in China.

Ribordys partner, known as QTEC, says it has built the worlds first commercial network secured by quantum technology, between Shanghai and Hangzhou. The company says its invested about 1 billion yuan ($148 million) in quantum computing, it employs roughly 300 researchers, and its applied for almost 30 patents. In addition to the venture with ID Quantique, QTEC has a joint research lab with Beijings Tsinghua University, a top school with close ties to the Chinese leadership.

As a Swiss company, ID Quantique doesnt have to adhere to U.S. export controls designed to keep rival powers from obtaining sensitive technology. Ribordy says it took less than a month to get an export permit from Switzerland. Revenue last year was under 100 million Swiss francs ($104 million), he says. But in China, the companys fastest-growing market, sales are on track to triple in 2017 and 2018. Every country has to improve its defense against attacks, Ribordy says. China is doing it, and I think other countries should be doing it, too.

The most important business stories of the day.

Get Bloomberg's daily newsletter.

Quantum key distribution has its drawbacks. A pair of ID Quantiques servers sells for about $100,000, and theres a limit to how far the machines can be from one another: Quantum computers communicate by firing photons over fiber-optic lines, which become unreliable at distances beyond a few hundred miles. All those factors led the U.K.s National Cyber Security Centre last November to urge caution against transitioning too soon to quantum key cryptography.

Nonetheless, the agency predicts the cost of quantum key distribution will drop rapidly, and many researchers say its almost inevitable that quantum computing itself will spur sales of more secure encryption technologies. The imminent arrival of far more powerful computers means companies will have to be ready with similar protective firepower, says Richard Murray, who leads the quantum technologies team at Innovate U.K., a government agency that helps foster new technologies. The reason there is a market for this now, he says, is to prepare for the threat of a quantum hack in the future. With Edwin Chan

BOTTOM LINE - Quantum computing could render todays encryption obsolete. A Swiss company, ID Quantique, says its technology can keep data safe, and China is a top customer.

Read the rest here:
Quantum Computing Would Make Today's Encryption Obsolete - Bloomberg

By Mikey Campbell Wednesday, July 19, 2017, 10:29 pm PT (01:29 am ET)

Citing unnamed sources, The Sydney Morning Herald reports Apple met with Australian Attorney-General George Brandis and members of Prime Minister Malcolm Turnbull's government on Tuesday to talk over the cybersecurity measures.

At least one of the engagements was announced on Monday, when Brandis said he planned to meet with Apple executives in hopes of persuading the company to share encrypted data with the country's spy and law enforcement agencies.

According to sources familiar with the talks, Apple maintained its strong stance in favor of consumer privacy, saying it does not want to see laws updated to block companies from using encryption technology, the report said. Further, Apple is opposed to furnishing government agencies with cryptographic keys that would allow access to secure messages.

Apple in its meetings with Australian officials looked to cut down on additional regulation and legal obligations that could potentially result from the new laws, sources said.

Turnbull last week proposed a set of updated cybersecurity laws that would force tech companies like Apple, Facebook and Google to provide access end-to-end encrypted communications if obliged to do so by court order. The regulations, which the Turnbull administration is looking to get on the books by year's end, are modeled after the UK's Investigatory Powers Act.

"We've got a real problem in that the law enforcement agencies are increasingly unable to find out what terrorists and drug traffickers and pedophile rings are up to because of the very high levels of encryption," Turnbull said. "Where we can compel it, we will, but we will need the cooperation from the tech companies."

Exactly how the government intends to enforce the proposed rules remains unclear.

End-to-end encryption systems rely on cryptographic keys to encrypt plain text messages as they travel through servers between devices. Importantly, service providers do not have access to private keys and are therefore unable to access conversations.

Members of Turnbull's administration who met with Apple said the government does not want to create backdoors to messaging services, nor does it want to weaken encryption, sources said. Apple's recent meetings were in part meant help the government decide how best to overcome these substantial technical hurdles, the report said.

Continued here:
Apple sends top executives to lobby Australian government over ... - AppleInsider (press release) (blog)

There are only two types of companies, it is commonly said: those that have been hacked, and those that just don't know it yet.

IBM Corp. wants to get rid of both. The Armonk, N.Y., computing giant said Monday that it has achieved a breakthrough in security technology that will enable all businesses to encrypt their customer data on a massive scale turning most if not all of their digital information into gibberish that is illegible to thieves with its new mainframe.

"The last generation of mainframes did encryption very well and very fast, but not in bulk," Ross Mauri, general manager of IBM's mainframe business, said in an interview. Mauri estimates that only 4% of data stolen since 2013 was ever encrypted.

As the number of data breaches affecting U.S. entities steadily grows resulting in the leakage every year of millions of people's personal information IBM argues that universal encryption could be the answer to the epidemic of hacking.

The key, according to IBM officials, is an update to the computer chips driving the powerful mainframe servers that house corporate or institutional information and process millions of transactions a day worldwide, such as ATM withdrawals and credit card payments and flight reservations.

Cryptography, the science of turning legible information into coded gobbledygook, is already commonly used among certain email providers and storage services. But because of the enormous computational power needed to quickly encrypt and decrypt information as it passes from one entity to another, many businesses use encryption only selectively if at all. A December report by the security firm Sophos found that while three out of four organizations routinely encrypt customer data or billing information, far more do not encrypt their intellectual property or HR records. Sixty percent of organizations also leave work files created by employees unencrypted, the study found.

All of these represent opportunities for digital criminals, said Austin Carson, executive director of the technology think tank TechFreedom.

"Way too much information is stored in clear text," he said. But universal or pervasive encryption, he added, could help ensure that even if hackers broke into a company's network, any information they found would be impossible to decode. "That would be a huge step forward just in terms of protecting a much larger body of information," Carson said.

But the same technology could frustrate law enforcement, which in recent years has waged a furious battle with Silicon Valley over encryption technology and how extensively it should be used.

In a high-profile dispute last year with Apple Inc., the Justice Department argued that the company should help officials break into an encrypted iPhone used by one of the shooters in the San Bernardino terror attack. Apple refused, saying that developing tools to break encryption would undermine its customers' security, particularly if the tools were to fall into the wrong hands.

Apple's concern is not theoretical: This year's WannaCry ransomware attack, which held thousands of PCs hostage, has been linked to a Windows vulnerability that was secretly discovered and exploited by the National Security Agency long before it leaked into the wild.

In its push to expand universal encryption, IBM is taking Apple's side in the debate.

Lauren Raab and Ben Muessig

Can youtell whether these arereal techniques suggested for hacking theiPhone at the heart of the Apple-FBI fight or ways a James Bond movie character has tried to kill007?

Can youtell whether these arereal techniques suggested for hacking theiPhone at the heart of the Apple-FBI fight or ways a James Bond movie character has tried to kill007? (Lauren Raab and Ben Muessig)

"IBM fully supports the need for governments to protect their citizens from evolving threats," the company said in a statement on the issue. "Weakening encryption technology, however, is not the answer. Encryption is simply too prevalent and necessary in modern society."

For IBM, encryption is also a massive business opportunity. Businesses spend more than $1 trillion a year making sure that their security meets government standards, according to company officials. One aspect of IBM's new approach to mainframes is the concept of automating that compliance work, using artificial intelligence to check that what's being protected passes regulatory muster in various industries.

In doing so, IBM expects to turn a chunk of that annual compliance spending into revenue for itself. And that's on top of the roughly $500,000 it expects to charge new customers for using its newest mainframe technology. Most businesses, Mauri said, will be upgrading from an existing setup, so the cost for those clients could be less.

For some small businesses, that may still be too expensive. Still, the history of technology suggests that with time, those prices may fall.

"This is the turning point. The idea here is that you can start to encrypt all data," Mauri said. But even as IBM makes encrypting everything a priority, security experts like Mauri already have their eyes set on the next holy grail: The ability to securely edit and manipulate encrypted files without ever having to decrypt them in the first place.

Fung writes for the Washington Post.

ALSO

Girl Scouts offers merit badges for making friends, painting and horseback riding. Up next: cybersecurity

Verizon customer data including phone numbers and PINs exposed by vendor

Their code was used to hack Sony and create 'WannaCry.' Meet the 'Lazarus Group,' the armed robbers of the Internet

Read the original here:
To battle hackers, IBM wants to encrypt the world - Los Angeles Times

Portland Business Journal

How a Portland startup is making encryption easier Portland Business Journal ... it easy for developers. Enlarge. Portland startup Tozny's latest product, InnoVault, is designed to make it easy for more. Tozny. Tozny's new product wants to help developers even those who don't want to become security experts encrypt ... and more »

Continue reading here:
How a Portland startup is making encryption easier - Portland Business Journal

Firstly, a quick apology from Australia: were sorry. Look, our Prime Minister and Attorney General didnt try to launch us onto the World Encryption Comedy Stage but unfortunately, here we are.

This all stems from our government (like so many others), deciding that nasty people hide nasty discussions via encrypted chat and that it would be enormously useful for law enforcement to be able to see those discussions. No arguments there from a protect the people perspective, the problem, as always, is how you do that without simultaneously jeopardising the people. When it was put to our PM that the laws of mathematics dont really provide for good guys to intercept communications whilst still protecting our messages from bad guys out, he took a rather unique stance:

Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only laws that applies in Australia is the law of Australia.

Im sorry. On behalf of all of down here, we really didnt want our elected representative to put us on the world stage this way. But it didnt stop there either

Not to be left off the World Encryption Comedy Stage, our Attorney General decided to get in on the act with a zinger of his own. Now, before I relay his message, if youre not already familiar with George Brandis its worth a quick watch of his previous hit, Heres What Metadata Is. (Ive already apologised on behalf of Australia, right?) Anyway, when questioned about the feasibility of reading messages sent by platforms implementing end to end encryption such as WhatsApp and Signal, George had an answer ready:

Last Wednesday I met with the chief cryptographer at GCHQ ... And he assured me that this was feasible.

Now I wasnt in that chat, but Ill take a stab at it and say that this was (almost certainly) not what was said by anyone with a title that includes the word cryptography. Its entirely possible the bloke said something more along the lines of we have other techniques to gain access to messages on devices which would be just fine, but thats obviously not the way our AG heard it nor is it what were now seeing in headlines around the world. (Incidentally, in the same week the former head of the GCHQ made it very clear that encryption is overwhelming a good thing and that you cant uninvent it nor legislate it away.)

Look, weve got to do a better job of monitoring the communications of nasty people because lets face it, theyve never had it so good when it comes to hiding evil conversations. But please, for the love of god, can we stop the politicians from jumping up and making comments like this about something that is complex beyond their comprehension?

Here is the original post:
Security Sense: Can We Please Stop Politicians from Talking About ... - Windows IT Pro