According to one of the directors at Interpol we are facing a tsunami of criminality online, says Mary Aiken, forensic cyber psychologist and advisor to the European Cyber Crime Centre (EC3) at Europol.

Find out what are the most appropriate threat intelligence systems and services for your organisation

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

We are going to have to think about governance in this space even though this makes some people uncomfortable, she told Infosecurity Europe 2017 in London.

But if we do not have some form of governance in the cyber context, that will negatively affect real-world social order, she said.

Aikens comments coincide with fresh calls by the European Commission (EC) to give law enforcement new powers to obtain information from online service providers such as Facebook and Google as part of new measures to fight terrorism.

The EC has proposed multiple ways to make it easier for police to retrieve data stored in the cloud directly from technology companies in response to complaints about delays in investigations, reports the Telegraph.

The proposals include allowing security forces in one member state to ask a tech firm directly for data without consulting the authorities in that state, introducing an obligation on tech firms to hand over data to any force from a member state when a legal request is made, and giving police forces direct access to servers so they can copy the data they need.

This third option is kind of an emergency possibility which will require some additional safeguards protecting the privacy of people, Vera Jourova, European Union (EU) justice commissioner, told Reuters. These safeguards would include requiring that law enforcement requests are necessary and proportionate, she added.

EU justice ministers are aiming to put forward a proposal for future legislation in this regard by the end of the year or early 2018.

According to Aiken, there are three aims in apparent conflict, which are privacy, collective security and the aim of the vitality of the tech industry.

To achieve a balance in cyber space, none of those aims can have primacy over the other, she said, adding that she is very concerned from a policing and governance point of view that there are encrypted domains that are effectively beyond the law or cannot be accessed easily when necessary.

It will be almost impossible real-time to deliver on collective security when this information in obfuscated, she said, suggesting there needs to be a conversation about how best to resolve these tensions.

We need to stop thinking about things like cyber security and child development in silos and start joining the dots, said Aiken.

It is all connected. We cant look at any one problem in isolation. Hackers dont wake up at 15 and decide to become a hacker. Theres a developmental pathway to hacking, and if we can understand that and address that early on, then we can start tackling that problem over time.

The UK has shown incredible leadership in this regard, said Aiken, in terms of access to online pornography, which is very damaging for young people and looking at online age verification, which is critical in terms of child protection.

This is an issue that everyone in society should be concerned about, she said, because in time these children will begin to shape society. When we are all sitting in a nursing home, they are the ones who are going to be running the country, and they may not have the level of empathy that is conducive to looking after everybody else.

Asked about concerns from the information security community about giving advantages to criminals by making data more accessible to law enforcement, Aiken said this is the crux of the debate, but without being prescriptive about what should be done, there have to be checks and balances in place.

Effectively, if we see increasing amounts of negative behaviour associated with wide use of encryption across social media platforms, for example, and that has a negative impact, then we are going to have to think about it again and have a conversation about where robust encryption is appropriate and where it is not, she said.

See more here:
Infosec17: Society needs to address encryption dilemma - ComputerWeekly.com

VMware vSAN 6.6 is the first software-defined storage offering of its kind to include native hyper-converged infrastructure...

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

encryption within the hypervisor. VSAN 6.6 builds data-at-rest encryption into the vSAN kernel, enables it at the cluster level and encrypts all objects in the vSAN data store. This new feature is called vSAN Encryption.

Cybersecurity is a top priority for most companies, so vSAN Encryption is a welcome addition to vSAN. IT administrators have long been reluctant to deploy encryption at the OS level or allow applications owners to encrypt their apps and data. VSAN Encryption eliminates this issue by encrypting the entire vSAN data store.

VSAN Encryption is hardware-agnostic, which means admins can deploy the storage hardware device of their choice without the need for expensive self-encrypting drives.

VSAN Encryption is available for both hybrid and all-flash configurations and requires a key management server (KMS) compliant with Key Management Interoperability Protocol 1.1 in order to associate with vCenter Server. VSAN Encryption performs encryption with a xor-encrypt-xor-based tweaked-codebook mode withciphertext stealing (XTS) Advanced Encryption Standard (AES) 256 cipher at both the cache and capacity tier -- anywhere data is at rest. VSAN Encryption is also compatible with vSAN all-flash efficiency features, such as deduplication, compression and erasure coding; this means it delivers highly efficient and secure storage. Data is encrypted as it enters the cache tier and, as it destages, is decrypted. Finally, the data is deduplicated and compressed as it enters the capacity tier, where it is encrypted again.

VSAN Encryption is compatible with vSAN all-flash efficiency features, such as deduplication, compression and erasure coding; this means it delivers highly efficient and secure storage.

VSAN Encryption's cryptographic mechanics are similar to those of vSphere 6.5 VM Encryption. Both use the same encryption library, provided you have a supported KMS. In fact, you can use the same KMS for both vSAN Encryption and VM Encryption. However, that's where the similarities end. VM Encryption occurs on a per-VM basis via vSphere API for I/O filtering, whereas vSAN Encryption encrypts the entire data store.

The other major difference is that vSAN Encryption is a two-level encryption method: It uses a key encryption key (KEK) to encrypt a data encryption key (DEK). The DEK is a randomly generated key that encrypts data on each disk. Each vSAN host stores the encrypted DEKs but does not store the KEK on disk. If the host requires the KEK, it requests it from the KMS.

VSAN Encryption occurs when vCenter Server requests an AES-256 KEK from the KMS. VCenter Server only stores the KEK's ID, not the key itself. The ESXi host then encrypts disk data with the industry standard AES-256 XTS mode. Each disk has a different randomly generated DEK. Each ESXi host then uses the KEK to encrypt its DEKs and stores the encrypted DEKs on disk. As mentioned before, the host does not store the KEK on disk. If a host reboots, it requests the KEK with the corresponding ID from the KMS. The host can then decrypt its DEKs as needed.

The host uses a host key to encrypt core dumps, not data. All hosts in the same cluster use the same host key. VSAN Encryption generates a random key to re-encrypt the core dumps when it collects support bundles. Use a password when you encrypt the random key.

When an encrypted vSAN host reboots, it does not mount its disk groups until it receives the KEK, which means this process can take several minutes or more to complete. Also, encryption can be CPU-intensive. Intel AES New Instructions (AES-NI) significantly improves encryption performance, so enable AES-NI in your system's Basic Input/Output System.

To encrypt data with vSAN Encryption, first add a KMS to your vCenter Server and establish a trusted connection with it. Do not deploy your KMS on the data store you intend to encrypt because, if a failure should occur, hosts in the vSAN cluster must communicate with the KMS.

Select the vCenter Server to which you wish to deploy the KMS and, under the Configure tab, select Key Management Servers and add your KMS details.

Figure 1 shows options for establishing a trusted connection between vCenter, ESXi hosts and KMS. Once you choose one of these options, you can enable encryption in your vSAN cluster.

It's incredibly easy to turn on vSAN Encryption. Simply select the vSAN cluster and navigate to the Configure tab. Under Settings, select General. Click the Edit button and tick the boxes next to "Turn ON vSAN" and "Encryption." Be sure to select the appropriate KMS cluster.

In this window, you'll also see options to "Erase disks before use" and "Allow Reduced Redundancy." "Erase disks before use" wipes existing data from storage devices as they are encrypted. Be aware that this increases the disk reformatting time.

If your vSAN cluster already has a significant number of VMs deployed to it and you're concerned that there isn't sufficient available capacity to evacuate the disk group prior to encryption, the "Allow Reduced Redundancy" option reduces the VM's protection level to free up space to carry out the encryption. This method doesn't evacuate data to other hosts in the cluster; it just removes each disk group, upgrades the on-disk format and adds the disk group back. All objects remain available but with reduced redundancy.

Once you click OK, vSAN will reformat all of the disks in the group. This is a rolling format in which vSAN removes one disk group at a time, evacuates the data from those disk groups, formats each disk to on-disk version 5.0, re-creates the disk group and moves on to the next. This can take a considerable amount of time, especially if vSAN needs to migrate large amounts of data on the disks during reformatting.

Be aware that if, at any point, you choose to disable vSAN Encryption, vSAN will perform a similar reformatting process to remove encryption from the disks.

If you need to regenerate the encryption keys, you can do so within the vSAN configuration user interface. There are two methods for regenerating a key. The first is a high-level re-key where a new KEK encrypts the existing DEK. The other is a complete re-encryption of all data with KEKs and DEKs. This option takes significant time to complete, as all data must be re-encrypted with the new key.

To generate new encryption keys, click the Configure tab. Under vSAN, select General and then click Generate New Encryption Key. This opens a window in which you can generate new encryption keys, as well as re-encrypt all data in the vSAN cluster. To generate a new KEK, click OK. The DEKs will be re-encrypted with the new KEK.

VMware cashes in on HCI trend in vSAN 6.5 and 6.6

Why data-at-rest security is on the rise

Best of the best enterprise encryption tools in 2016

See the original post here:
VSAN Encryption: What it is, what it does and how to use it - TechTarget

It was night when three British sailors and a 16-year-old canteen assistant boarded a sinking U-boat off the coast of Egypt. A spotlight shone on them from the HMS Petard, the Royal Navy destroyer that had hunted down the German submarine and now slowly circled the vessel. The U-boats commander lay dead below the hatch as water poured in from a crack in the hull.

The four men began searching the ship, but not for survivors. They were looking for codebooks.

These red-covered guides were vital to breaking a diabolical code that made Nazi radio messages unintelligible. The Germans had been using a typewriter-like machine toencrypttheir communications. They called it Enigma and were sure the code was unbreakable.

The British were determined to prove them wrong.

Wading past bodies through slowly rising water, First Lieutenant Anthony Fasson, Able SeamenColin GrazierandKenneth Lacroix, andyoung Tommy Brownfound the captains quarters and began searching drawers and breaking into cabinets. They found two codebooks written in red, water-soluble ink: the Short Weather Cipher, used to condense weather reports into a seven-letter message, and theShort Signal Book, used to report convoy sightings, along with other documents.

While Grazier and Fasson continued to search below, Brown carried the books up the ladder of the subs conning tower to awaiting boat. They were racing against time as seawater poured into the submarine.

On his third trip up the ladder, Brown called for his shipmates to come up, too but it was too late. U-559 sank before Fasson and Grazier could escape that night in October 1942. As Hugh Sebag-Montefiore recounts in Enigma: The Battle for the Code, their bravery helped changed the course of World War II.

Play Video

SciTech

A rare manuscript written by British mathematician and code-breaker Alan Turing has gone up for auction along with several other pieces of comput

The U-boat codes created by Enigma were especially hard to break, and the Allies found themselves locked out for weeks or months at a time. But several months after they recovered the codebooks from U-559 on March 19, 1943 cryptographers stationed in BritainsBletchley Parkbroke through into U-boats Enigma-coded messages and were never fully locked out again.

From then on, their efforts only improved. By September of that year, the Allies were reading encrypted U-boat messages within 24 hours of intercepting them. The breakthrough allowed the Allies to decrypt detailed field messages on German defenses in Normandy, the site of the impending D-Day invasion.And the machines themselves advanced the worlds technology pushing forward ideas about computer programming and memory.

Id call it the key to computing, says Ralph Simpson, a retired computer expert and amateur Enigma historian.

The years since have given us a cat-and-mouse game between codebreakers and cryptographers, with each side trying to outwit the other. Those battles are still raging. But theyre no longer confined to blackboards and spinning rotors on crude computers. They move at the speed of electrons flowing through your computers processor.

Todays computer-enabled encryption technology that scrambles what unauthorized viewers see is so complex that computers cant break it unless its been used incorrectly. Its so powerful that the US government and others have tried to legally require tech companies to unlock their own encryption, as was the case withAppleand the government last year over a terrorists lockediPhone.

And todays encryption is so useful that dissidents, spies and terrorists rely on it to protect their conversations.

The innovation wont stop. Future advances in quantum computing might be able to crack even perfectly implemented encryption. Thats led mathematicians to pre-emptively try to make encryption even stronger.

Its a cycle without end in sight.

Before the internet wove its way into our lives, encryption was pretty much something businesses and governments used to protect sensitive data, like financial documents and Social Security records.

Mostly it was banks, diplomatic services and the military who used cryptography throughout history, says Bill Burr, a retired cryptographer from the US National Institute of Standards and Technology.

The internet increased the use of encryption, as business and governments sent information over networks that hackers and spies could easily intercept. But few regular people went out of their way to use encryption as part of daily life. Maybe your paranoid friend would encrypt his email, forcing you to use extra software to read it.

Play Video

Evolving Technologies

Modern technology has transformed the playing field for spies and hackers all over the world. Lindsey Boerma reports.

That changed after disclosures by former NSA contractorEdward Snowden, who in the summer of 2013 revealed the existence of government mass surveillance programs designed to collect reams of information from everything our emails, calls and texts. Though we were told the programs werent designed to target Americans, the disclosures forced us to ask how much information we want to put on the internet and potentially expose.

Thetech industryhas tried to address the problem by offering us another option: encrypting as much of our lives as we can.

Whats made this possible was the Engima, and the men, women, mathematicians, computer scientists and linguists who ultimately beat it.

This is their story.

The Enigma has a surprisingly understated design for being such a deadly tool. It could easily be mistaken for a typewriter with a few extra parts, housed in a plain wooden box.

Lifting the lid of an Enigma, a German operator saw what might on first glance seem like two typewriters squished together. One set of keys, closest to the operator, was the actual keyboard to be typed on.

Above it was a second set of keys, laid out just like the keyboard. But when you type on the real keyboard, these letters light up. Type an a on the normal keyboard, for example, and x lights up above.

So if you start typing a word, each letter lights up in code.

This was Enigmas genius. The German operators didnt need to understand the complex math or electronics that scrambled what they typed on the keyboard. All they knew was that typing H-E-L-L-O would light up as X-T-Y-A-E, for example. And thats the message they sent around.

This jumbling of letters changed each day at midnight, when Nazi commanders would send new settings that Enigma operators would use to turn dials and change the plugs on a board below the keys, all designed to match the days code. Without the code, the message couldnt be unscrambled.

Enigma was so sophisticated it amounted to whats now called a 76-bit encryption key. One example of how complex it was: typing the same letters together, like H-H (for Heil Hitler) could result in two different letters, like L-N.

That type of complexity made the machines impossible to break by hand, Simpson says.

How impossible? If you gave 100,000 operators each their own Enigma machine, and they spent 24 hours a day, 7 days a week testing a new setting every second, it would take twice the age of the universe to break the code, Simpson says.

Obviously, codebreaking by hand wasnt going to cut it.

Because we now have machine encryption for the first time, it took a machine to break it, Simpson says.

Equally fascinating is that Nazi military leaders knew, in theory, that someone could develop a machine-assisted way to speed up their code cracking. But they didnt believe their enemies would put in the time and resources needed.

They were wrong.

Of course, the UK was very motivated to break the Enigma. German U-boats were sinking hundreds of British ships, costing thousands of lives and choking the country off from vital supplies being shipped from the United States and Canada. Whats more, the country was desperate for any advantage in the early days of the war, filled with German bombing campaigns and fears of a land invasion.

So resources, manpower and the lives of sailors like Fasson and Glazier were poured into cracking the Enigma codes. The first result of these efforts was the Bombe.

Play Video

Sunday Morning

Anthony Mason visits with actor Benedict Cumberbatch to talk about his role as mathematician Alan Turing in The Imitation Game, a new film reco

Custom-designed by British mathematicians likeAlan Turing, Bombes were about the size of three vending machines stacked side by side, with a series of spinning rotators connected in the back by a 26-way cable. They were based on the Polish Bomba codebreaking machine, which the Poles were forced to abandon in 1939, after their country was invaded by Germany.

Housed at a secretive intelligence program on the grounds of manor houseBletchley Park, less than 50 miles outside of London, and other nearby installations, the Bombes were run by teams of Navy women.

Each of the Bombes rotators had letters on it and, as they spun, the machine tested possible solutions to a given Enigma code much faster than a human could.

Researchers like Turing and his team were able to make the Bombes more efficient by using pinched codebooks from U-boats and other clues, eliminating thousands of possible solutions.

If we understand the book, we then know what the submarines are likely to say, says David Kenyon, a research historian at the Bletchley Park Trust.

Breaking into the U-boats Shark code in 1943 set in motion a series of dominoes that ultimately led to the Nazi defeat. Intercepted U-boat messages made the Allies better at sinking the vessels, which contributed to the German Navys decision to pull its U-boats out of the Atlantic later that year, Kenyon says. That respite allowed the Allies to prepare for D-Day in 1944 and to end the war in 1945.

While codebreaking alone didnt win World War II, it was one of the most powerful weapons invented for that purpose.

There was no point in the Second World War where the outcome was a foregone conclusion, Kenyon says. Theres no telling what might have happened if you took away any of the factors that were working in the Allies favor.

The work done on the Bombes and other codebreaking machines didnt just aid in the fight against the Nazis. They proved theories about computer programming and data storage, the lifeblood of todays modern computers.

One of these breakthroughs came when the Joseph Desch of the US Navy found a way to speed up the Bombe. The machines could only run so fast, because operators read the results of the codebreaking analysis right off of the wheels themselves. Go any faster and the wheels would spin right past the correct answer.

Deschs solution was a primitive form of digital memory. When the Bombe came upon the correct answer, electrical relays would detect and record it. That let the US Bombes spin more than 17 times faster than the British Bombes.

Then there was Colossus. This machine designed not to break Enigma, but rather the more sophisticated Lorenz codes used by the German High Command advanced vacuum tube tech that later came to power the worlds first true computers, like the ENIAC and Mark-1, and then the first generation of IBM mainframes.

To create a codebreaking machine powerful enough to crack Lorenz, British engineer Tommy Flowers found a way to run more than 2,000 vacuum tubes at once. While it had been theorized this approach could power a programmable computer, Flowers was the first to make it happen.

Flowers himself didnt get a chance to push this technology to its next logical conclusion. But Turing and other Bletchley alums worked at the University of Manchester after the war, creating theFerranti Mark 1 a programmable computer run with vacuum tubes.

That the work at Bletchley showed up later in the first general-purpose computers doesnt surprise Burr. The codebreakers were able to fully understand the workings of Enigma and the Lorenz code create machines to break them at a time when the principles of computing only existed in theory.

Its hard for me to imagine people smart enough to do that, says Burr, whos an expert in cryptography.

In terms of global politics, encryption was pretty straightforward during World War II. One nation tapped its linguists and mathematicians and relied on the heroism of men who boarded sinking U-boats to crack the encryption tech of an enemy force.

The worlds gotten a lot more complicated since then.

Just as in World War II, law enforcement and spy agencies today try to read the communications of criminals, terrorists and spies. But now that almost everyone uses encryption, a governments ability to break it doesnt just worry our countrys enemies it concerns us, too.

And despite the advances in computing and encryption since Bletchley Park, we havent come close to agreeing on when its okay to break encryption.

Case in point: the 2016 conflict betweenApple and the US Federal Bureau of Investigation. The FBI wanted Apples help breaking into the iPhone of a suspected terrorist, but Apple argued that this could put everyone who uses an iPhone at risk.

Burr, who saw the inside of public controversies over the government breaking encryption during his time at the National Institute of Standards and Technology, says theres no clear path forward.

Theres just a big dilemma there, he says. Creating ways to break encryption will weaken the actual strength of your security against bad guys of ability. And you have to count among those the state actors and pretty sophisticated and organized criminals.

In their laser-focused effort to crack Nazi encryption, codebreakers like Turing and soldiers like Fasson and Grazier were unlikely to have imagined a world like this. But here it is: the catch-22 of computerized encryption. And its not going away anytime soon.

This article originally appeared on CNET.

2017 CBS Interactive Inc.

Go here to read the rest:
Enigma: Why the fight to break Nazi encryption still matters - News ... - WDEF News 12