IEEE Projects 2014 | A Lightweight Encryption Scheme for Network-Coded
Including Packages ======================= * Base Paper * Complete Source Code * Complete Documentation * Complete Presentation Slides * Flow Diagram * Datab...

By: myproject bazaar

Go here to see the original:
IEEE Projects 2014 | A Lightweight Encryption Scheme for Network-Coded - Video

Encryption is a key element of a complete security strategy. The 2013 Global Encryption Trends Study shows a steady increase in the use of encryption solutions over the past nine years. Thirty-five percent of organizations now have an encryption strategy applied consistently across the entire enterprise, up from 29 percent in 2012. The study showed that, for the first time, the main goal for most organizations in deploying encryption is mitigating the effects of data breaches. There is good reason for this shift: the latest Ponemon Institute research reveals that the cost of a data breach is $3.5 million, up 15 percent from last year.

On the surface, the 35 percent figure seems like good news, until one realizes that 65 percent of organizations do not have an enterprise-wide encryption strategy. In addition, even a consistently applied strategy can lack visibility, management controls or remediation processes. This gives hackers the green light to attack as soon as they spot a vulnerability.

While organizations are moving in the right direction when it comes to encryption, much more needs to be done - and quickly. Encryption has come to be viewed as a commodity: organizations deploy it and assume they've taken the steps they need to maintain security. If breaches occur, it's rarely the fault of the software or the encryption protocol. The fault lies rather in the fact that encryption management is left in the domain of IT system administrators and has never been properly managed with access controls, monitoring or proactive data loss prevention.

Too Many Keys Spoil the Security While recent high-profile vulnerabilities have exposed the need to manage encrypted networks better, it's important to understand that administrators can cause vulnerabilities as well. In the Secure Shell (SSH) data-in-transit protocol, key-based authentication is one of the more common methods used to gain access to critical information. Keys are easy to create, and, at the most basic level, are simple text files that can be easily uploaded to the appropriate system. Associated with each key is an identity: either a person or machine that grants access to information assets and performs specific tasks, such as transferring a file or dropping a database, depending on the assigned authorizations. In the case of Secure Shell keys, those basic text files provide access to some of the most critical information within an organization.

A quick calculation will reveal that the number of keys assigned over the past decade to employees, contractors and applications can run up to a million or more for a single enterprise. In one example, a major bank with around 15,000 hosts had over 1.5 million keys circulating within its network environment. Around 10 percent of those keys - or 150,000 - provided high-level administrator access. This represents an astonishing number of open doors that no one was monitoring.

It may seem impossible that such a security lapse could happen, but consider that encryption is often perceived merely as a tool. Because nothing appeared on the surface to be out of place, no processes were shut down and the problem was undetected.

Safety Hazards Forgetting to keep track of keys is one problem; failing to remove them is another. System administrators and application developers will often deploy keys in order to readily gain access to systems they are working on. These keys grant a fairly high level of privilege and are often used across multiple systems, creating a one-to-many relationship. In many cases, employees or contractors who are terminated - or even simply reassigned to other tasks that no longer require the same access - continue to carry access via Secure Shell keys; the assumption is that terminating the account is enough. Unfortunately, this is not the case when Secure Shell keys are involved; the keys must also be removed or the access remains in place.

SSH keys pose another threat as well: subverting privileged access management systems (PAMs). Many PAMs use a gateway or jump host that administrators log into to gain access to network assets. PAM solutions connect with user directories to assign privileges, monitor user actions and record which actions have taken place. While this appears like an airtight way to monitor administrators, it is incredibly easy for an administrator to log into the gateway, deploy a key and then log in using key authentication, thereby circumventing any PAM safeguards in place.

Too Clever for Their Own Good Poorly monitored access is just one security hazard in encrypted environments. Conventional PAM solutions, which use gateways and focus on interactive users only, are designed to monitor administrator activities. Unfortunately, as mentioned earlier, they end up being fairly easy to work around. Additionally, encryption blinds attackers the same way it blinds security operations and forensics teams. For this reason, encrypted traffic is rarely monitored and is allowed to flow freely in and out of the network environment. This creates obvious risks and negates security intelligence capabilities to a large degree.

Follow this link:
Protecting the Network with Proactive Encryption Monitoring

The move by large US cloud providers to upgrade their encryption levels speaks to the relevance of data encryption in the cloud for securing sensitive data and complying with data privacy regulations worldwide.

Encryption isn't a yes or no, cut and dry matter. Once you've committed to encrypting your data, you must then figure out how, to what extent and which data you must encrypt. Keep these guidelines in mind as you develop your cloud encryption strategy.

Not all your data will require encryption in the cloud, nor should it. That would be an expensive and ultimately counter-productive undertaking. Nor should all your data be encrypted in the same way.

What works for names may not work as well for social security numbers; for functionality's sake, credit card numbers may need their formats preserved in ways that mailing address information does not.

Because of these conditions, your cloud encryption solution should provide a variety of options, including:

But when it comes to data stored by a third-party cloud service provider (CSP), how can you truly know the life cycle of your data?

Uncertainties surrounding archive, backup and the timely deletion of data, either on your schedule or upon your request, make determining the life cycle of information stored in the cloud a difficult affair. To get around this issue, you need to make sure that no matter how long your data lives in the cloud, your organisation is the only one that holds the keys to it and therefore is the only one that can access it.

That way, when you've decided that the time has come to destroy your data, all you need to destroy is your key. Deleting that key will "digitally shred" your data, rendering it useless to prying eyes no matter how long it exists in the cloud.

As researchers discussed in the International Journal of Engineering and Advanced Technology, storing data in the cloud results in security risks since "the cloud data can be accessed by everyone."

It then notes that "a prevention measure is needed to secure the data from unauthenticated users or intruders." Encryption in the cloud alone may not fully mitigate these risks, either, since any CSP insider with the encryption key can access the data.

Originally posted here:
Industry voice: Why you need to encrypt data in the cloud

Russia's government has issued a 4 million rubles (about $112,000) bounty to anyone who cracks the Tor anonymity network's encryption protocols.

Tor, which began as a secret project from the US Naval Research Laboratory, works by piling up layers of encryption over data, nested like the layers of an onion, which gave the network its original name, The Onion Router (TOR).

Tor encrypts data, including the destination IP address, multiple times and sends it through a virtual circuit made up of successive, randomly selected relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit.

The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address.

The American National Security Agency (NSA) has made considerable efforts in the past to crack the encryption protocols behind Tor, but to limited success. Instead, they've just banked on tracking everyone who uses it, or even searches about it on Google.

Under President Vladimir Putin, Russia has been cracking down on various Internet freedoms, and reducing the scope for anti-government protesters to operate online.

In fact, Tor has encountered problems in Russia before. The country's principal security agency, the FSB, lobbied the Duma last year to ban Tor, but while deputies expressed support for the initiative, it never got out of committee.

However, the government's issues with Tor could also have to do with legitimate police concerns. Tor is a favored haven of drug users, terrorists, smugglers and distributors of child pornography.

The $112,000 (a relatively small amount of money by global industry standards) is being offered not by the FSB but the Interior Ministry, which is more interested in fighting child pornography than anti-Putin dissidents. However, breaking the encryption protocol would certainly endanger those who use the network for political protest.

Here is the original post:
Russia offers a $112,000 bounty to anyone who can crack Tor