Category Archives: Encryption

What is data encryption?

DescriptionClassroom Ideas

Encryption is used to scramble information so that it can be sent safely without anyone else being able to read it. The information is encrypted with a password or key that is needed to read the information again. If you visit a website on the internet that starts with 'https://' then this means that all of the information you are looking at or sending is being securely encrypted. One of the oldest methods of encryption is the caesar cipher. This works by shifting each letter of the message forward a specific number of paces in the alphabet. To read the message you need to know how many places each letter was moved (this is called the key).

Can be used as an introduction to data encryption. A task could be set where students attempt to encrypt and send messages to each other. Other students attempt to break that encryption by working out the encryption key and pattern - have the letters been shifted or substituted?

See more here:
What is data encryption?

USB Enforced Encryption – Endpoint Protector

With accessibility and portability being an important part of our daily work, securing confidential data and transfers has shifted from a nice to have to a must have. Data stored on computers, on cloud storage or on USB devices can get into the wrong hands and therefore needs to be protected. An easy to use, cross-platform encryption solution is the best way to ensure confidential data will not fall into the wrong hands due to unauthorized access, lost or stolen devices.

EasyLock USB EnforcedEncryption combinedwith Endpoint Protector allows IT Administrators to extend their Device Control policy and make sure all confidential data transferred to USB storage devices is automatically encrypted. As a cross-platform solution, EasyLock can be used on both macOS and Windows computers. Via a secured password, users can safely transfer confidential data and access it on any computers or only on authorized ones. Moreover, some additional useful features are available for IT Administrators like remotely sending messages to the users, requesting a password change or wiping the confidential data in case the device is lost or stolen.

In addition to EasyLock Enforced Encryption for USB devices, Endpoint Protector allows IT Administrators to take advantage of FileVault and enforce encryption on enrolled macOS computers.

More:
USB Enforced Encryption - Endpoint Protector

Tinder’s Lack of Encryption Lets Strangers Spy on Your …

In 2018, you'd be forgiven for assuming that any sensitive app encrypts its connection from your phone to the cloud, so that the stranger two tables away at the coffee shop can't pull your secrets off the local Wi-Fi. That goes double for apps as personal as online dating services. But if you assumed that basic privacy protection for the world's most popular dating app, you'd be mistaken: As one application security company has found, Tinder's mobile apps still lack the standard encryption necessary to keep your photos, swipes, and matches hidden from snoops.

On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder's apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.

"We can simulate exactly what the user sees on his or her screen," says Erez Yalon, Checkmarx's manager of application security research. "You know everything: What theyre doing, what their sexual preferences are, a lot of information."

To demonstrate Tinder's vulnerabilities, Checkmarx built a piece of proof-of-concept software they call TinderDrift. Run it on a laptop connected to any Wi-Fi network where other connected users are tindering, and it automatically reconstructs their entire session.

[#video: https://www.youtube.com/embed/ZBTL1bmJ9o8

The central vulnerability TinderDrift exploits is Tinder's surprising lack of HTTPS encryption. The app instead transmits pictures to and from the phone over unprotected HTTP, making it relatively easy to intercept by anyone on the network. But the researchers used a few additional tricks to pull information out of the data Tinder does encrypt.

They found that different events in the app produced different patterns of bytes that were still recognizable, even in their encrypted form. Tinder represents a swipe left to reject a potential date, for instance, in 278 bytes. A swipe right is represented as 374 bytes, and a match rings up at 581. Combining that trick with its intercepted photos, TinderDrift can even label photos as approved, rejected, or matched in real time. "It's the combination of two simple vulnerabilities that create a major privacy issue," Yalon says. (Fortunately, the researchers say their technique doesn't expose messages Tinder users send to each other after they've matched.)

Checkmarx says it notified Tinder about its findings in November, but the company has yet to fix the problems.

'You know everything: What theyre doing, what their sexual preferences are, a lot of information.'

Erez Yalon, Checkmarx

In a statement to WIRED, a Tinder spokesperson wrote that "like every other technology company, we are constantly improving our defenses in the battle against malicious hackers," and pointed out that Tinder profile photos are public to begin with. (Though user interactions with those photos, like swipes and matches, are not.) The spokesperson added that the web-based version of Tinder is in fact HTTPS-encrypted, with plans to offer those protections more broadly. "We are working towards encrypting images on our app experience as well," the spokesperson said. "However, we do not go into any further detail on the specific security tools we use, or enhancements we may implement to avoid tipping off would be hackers."

For years, HTTPS has been a standard protection for just about any app or website that cares about your privacy. The dangers of skipping HTTPS protections were illustrated as early as 2010, when a proof-of-concept Firefox add-on called Firesheep, which allowed anyone to siphon unencrypted traffic off their local network, circulated online. Practically every major tech firm has since implemented HTTPSexcept, apparently, Tinder. While encryption can in some cases add to performance costs, modern servers and phones can easily handle that overhead, the Checkmarx researchers argue. "There's really no excuse for using HTTP these days," says Yalon.

Follow this link:
Tinder's Lack of Encryption Lets Strangers Spy on Your ...

Authenticated encryption – Crypto++ Wiki

Authenticated Encryption provides both data confidentiality and data integrity assurances to the information being protected. The concept of data authentication appeared in the 1970s in the banking industry. The problem was studied in detail by the ANSI X9 committee. Banks did not want to transmit data and allow an attacker to flip a bit undetected. In this situation, the attacker would not decrypt the message, instead he or she would only flip a bit so that the encrypted message "Post $100" would be changed to "Post $800".

Many developers make the mistake of only encrypting data. For those who include integrity assurances, it can be difficult to incorporate correctly. The apparent reason for not including authentication data is that most sample code presented in technical sources only offers an example of the encryption (and perhaps decryption) function, void of any context. For those who are including authenticity assurances, the details and interaction can be tricky to implement correctly.

In 2001, Hugo Krawczyk published The Order of Encryption and Authentication for Protecting Communications. In the paper, Krawczyk examined three commonly used methods of combining confidentiality and authenticity. Each method was used in a well known protocol. Note that the list below does not include simple encryption.

The results of the paper showed that Encrypt then Authenticate (IPSec) was secure, as was Authenticate then Encrypt (SSL) under certain constructions as was Authenticate then Encrypt (SSL) when used with a stream cipher. Update: in 2014, Krawczyk revisited his results, and found that SSL with a block cipher in CBC mode was insecure due to a misunderstanding in the way the plaintext was encoded and padded. The paper also showed that Encrypt and Authenticate (SSH) was insecure.

The two provably safe Authenticate then Encrypt constructions are:

Note well: even though SSL uses a block cipher in CBC mode, it is not secure because of the way it applies padding to a message. Sapienti sat: POODLE and friends.

The operations performed by the protocols are listed below. Enc(x) is encryption, Hash(x) is a customary hash, and Auth(x) is a message authenticity code (also known as a MAC or keyed hash).

Handbook of Applied Cryptography, Section 9.6In 2014, Krawczyk revistied TLS CBC mode encryption and determined it was not secure due to the way the padding and MAC was applied. See Re: [TLS] Last Call: (Encrypt-then-MAC for TLS and DTLS) to Proposed Standard

In 2000, Bellare and Rogaway introduced a fourth way of achieving confidentiality and authenticity: Encode-then-Encipher (EtE). Historically EtE has been less popular than the other schemes, but that changed with the advent of the CAESAR Competition. There paper is available at Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography.

In 1996, David Wagner and Bruce Schneier published Analysis of the SSL 3.0 Protocol. In the paper, Wagner and Schneier introduced the Horton Principal which is the notion of semantic authentication. Semantic authentication simply means to authenticate what was meant, and not what was said.

For example, suppose there is plain text which is to be protected. The plain text is padded to the size of the block cipher and then encrypted. The operation of padding begs the question, What should be authenticated? The plain text or plain text + padding? According to Wagner and Schneier, both the plain text and padding would be authenticated (what was meant), and not just the plain text (what was said).

NIST, through SP 800-38C and SP800-38D, specifies two block cipher modes of operation (CCM and GCM) which offer both confidentiality and authenticity. Additionally Crypto++ offers EAX which was a NIST candidate during the selection process. Finally the library offers both ChaCha20Poly1305 and XChaCha20Poly1305 from the RFCs.

Algorithms providing confidentiality and authenticity can be divided into two categories: authenticated encryption (AE) and authenticated encryption with additional data (AEAD). The two NIST modes, CCM and GCM, and the proposed mode, EAX are AEAD algorithms. Each encrypts and authenticates plain text data (in addition to authenticated-only data), which produces cipher text with an authentication code. If an attacker were to flip a bit, the decryption and verification routine would detect the modification using the authentication code.

The three modes offer to authenticate separate data, known as additional authenticated data or AAD. The additional authenticated data is not encrypted - it is only authenticated. The AAD can be persisted in clear text, or communicated unencrypted (for example, an IP Address and Port in a network data packet). Because the data will be authenticated, an attacker can flip a bit and the verification process will detect the modification.

Revisiting the original example, the improved version is as follows. The sample program performs authenticated encryption (not authentication over additional authenticated data). As with before, it is presumed that buffers will not be an issue. Note, however, that exception handling has been omitted for clarity.

After executing the sample code above, ciphertext is a concatenation of the encrypted data and the authenticator. Because the message is protected using AES and GCM, it will be safe for a very long time. To decrypt the data, the following would be performed.

The two samples demonstrate all that is required to ensure both data confidentiality and data authenticity. The implementation is orders of magnitude stronger than encryption alone. Full details of using Crypto++ objects such as EAX, CCM, GCM, AuthenticatedEncryptionFilter, AuthenticatedDecryptionFilter, and StringSink can be found through out the wiki.

The following demonstrates combining confidentiality and authenticity using a block cipher in CBC mode and an HMAC. Its the same Encrypt-then-Authenticate used by IPSec. The data is first encrypted, and then its authenticated. The authentication tag is placed at the end of the message. Its available for download at cryptopp-authenc.zip.

The program produces results similar to:

If you use the code in the authenticated encryption example, be sure each message gets a unique IV. The DeriveKeyAndIV produces predictable IVs for demonstration purposes, but it violates semantic security because two messages under the same key will produce the same ciphertext.

If you choose to generate a random IV and append it to the message, be sure to authenticate the {IV,Ciphertext} pair.

CCMTest.zip - Authenticated encryption and decryption using AES operated in CCM mode

GCMTest.zip - Authenticated encryption and decryption using AES operated in GCM mode

Blowfish-EAX-Filter.zip - Authenticated encryption and decryption using Blowfish in EAX mode with filters

Twofish-EAX-Filter.zip - Authenticated encryption and decryption using Twofish in EAX mode with filters

IDEA-EAX-Filter.zip - Authenticated encryption and decryption using IDEA in EAX mode with filters

Serpent-EAX-Filter.zip - Authenticated encryption and decryption using Serpent in EAX mode with filters

Camellia-EAX-Filter.zip - Authenticated encryption and decryption using Camellia in EAX mode with filters

Twofish-GCM-Filter.zip - Authenticated encryption and decryption using Twofish in GCM mode with filters

Serpent-GCM-Filter.zip - Authenticated encryption and decryption using Serpent in GCM mode with filters

Camellia-GCM-Filter.zip - Authenticated encryption and decryption using Camellia in GCM mode with filters

AES-GCM-Filter.zip - Authenticated encryption and decryption using AES in GCM mode with filters

cryptopp-authenc.zip - Authenticated encryption and decryption using a block cipher in CBC mode and a HMAC.

The rest is here:
Authenticated encryption - Crypto++ Wiki

‘Without Encryption, We Will Lose All Privacy’: Snowden …

In an op-ed published Tuesday by The Guardian, American whistleblower Edward Snowden expressed alarm over global governments' efforts to undermine encryption, highlighting a recent attempt by the United States, United Kingdom, and Australia to pressure Facebook to create a "backdoor" into its encrypted messaging applications.

"The true explanation for why the U.S., U.K., and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power."Edward Snowden, whistleblower

"For more than half a decade, the vulnerability of our computers and computer networks has been ranked the number one risk in the U.S. Intelligence Community's Worldwide Threat Assessmentthat's higher than terrorism, higher than war," wrote Snowden.

"And yet, in the midst of the greatest computer security crisis in history, the U.S. government, along with the governments of the U.K. and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world's information: encryption," he continued. "Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe."

As Snowden noted, "in the simplest terms, encryption is a method of protecting information, the primary way to keep digital communications safe." Messaging apps often use end-to-end encryption (E2EE)which, as the Electronic Frontier Foundation (EFF) explains, "ensures that a message is turned into a secret message by its original sender, and decoded only by its final recipient."

For six years straight, the vulnerability of our computer networks has been the top risk on the US Intelligence Communitys Worldwide Threat Assessment ranked higher than terrorism; higher than war.

This surveillance scheme will make it worse.https://t.co/MFZdRnCvTR

Edward Snowden (@Snowden) October 15, 2019

Facebook-owned WhatsApp already uses E2EE. The New York Times reported in January that Facebook CEO Mark Zuckerberg has ordered its implementation across all company messaging platforms, including Facebook Messenger and Instagram Direct. Acknowledging that encrypted apps could be used for "truly terrible things like child exploitation, terrorism, and extortion," Zuckerberg wrote in blog post on March 6 that "we've started working on these safety systems building on the work we've done in WhatsApp, and we'll discuss them with experts through 2019 and beyond before fully implementing end-to-end encryption."

SCROLL TO CONTINUE WITH CONTENT

On Oct. 4, four top officials from various countriesU.S. Attorney General William Barr, then-acting U.S. Homeland Security Secretary Kevin McAleenan, U.K. Home Secretary Priti Patel, and Australian Minister for Home Affairs Peter Duttonsent an open letter (pdf) to Zuckerberg requesting that "Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens."

Facebook responded by reiterating the company's commitment to its E2EE plans and opposition to backdoors. "We believe people have the right to have a private conversation online, wherever they are in the world," the company said in a statement. "End-to-end encryption already protects the messages of over a billion people every day... We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere."

Encryption is a human right in the digital society. Full stop. We should have it by design and default in the technology we use. I agree with @Snowden "Without encryption, we will lose all privacy. This is our new battleground" https://t.co/9YhAh0UsWn

Francesca Bria (@francesca_bria) October 15, 2019

Although Facebook has thus far resisted government pressure, Snowden warned Tuesday that "if Barr's campaign is successful, the communications of billions will remain frozen in a state of permanent insecurity: users will be vulnerable by design. And those communications will be vulnerable not only to investigators in the U.S., U.K., and Australia, but also to the intelligence agencies of China, Russia, and Saudi Arabianot to mention hackers around the world."

Snowden, who worked for CIA and NSA, is now president of the board of directors of the nonprofit Freedom of the Press Foundation. Last month, the whistleblower published a memoir entitled Permanent Record about his experience leaking classified U.S. government documents to the press in 2013, which sparked global discussions about privacy rights and mass surveillance, and led Snowden to seek asylum in Russia.

"When I came forward in 2013, the U.S. government wasn't just passively surveilling internet traffic as it crossed the network, but had also found ways to co-opt and, at times, infiltrate the internal networks of major American tech companies. At the time, only a small fraction of web traffic was encrypted: six years later, Facebook, Google, and Apple have made encryption-by-default a central part of their products, with the result that today close to 80 percent of web traffic is encrypted," Snowden wrote. "Barr, who authorized one of the earliest mass surveillance programs without reviewing whether it was legal, is now signalling an intention to haltor even roll backthe progress of the last six years."

While Barr and his co-signers "invoked the spectre of the web's darkest forces" to justify their opposition to E2EE, Snowden argued that "the true explanation for why the U.S., U.K., and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power: E2EE gives control to individuals and the devices they use to send, receive, and encrypt communications, not to the companies and carriers that route them. This, then, would require government surveillance to become more targeted and methodical, rather than indiscriminate and universal."

Read the original here:
'Without Encryption, We Will Lose All Privacy': Snowden ...

Security pros reiterate warning against encryption backdoors

Government-mandated encryption backdoors make countries, and more specifically their election systems, vulnerable to cyber attack, 74% of information security professionals warn.

At the same time, 72% believe laws that allow governments to access encrypted personal data will not make citizens safer from terrorists, according to a poll by security firm Venafi of 384 attendees of the Black Hat USA 2019 security conference earlier in August in Las Vegas.

The findings echo a similar poll of attendees of RSA Conference 2019 in San Francisco in March, which showed 73% of respondents were opposed to government-mandated backdoors.

Governments and law enforcement officials around the world, particularly in the Five Eyesintelligence alliance, continue to push for encryption backdoors, which they claim are necessary in the interests of national safety and security as criminals and terrorists increasingly communicated via encrypted online services.

According to the Five Eyes governments, the increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is a pressing international concern that requires urgent, sustained attention and informed discussion.

Last month, the US Senate Intelligence Committee reported that election systems in all 50 states were targeted by Russia during the 2016 election, said Kevin Bocek, vice-president of security strategy and threat intelligence at Venafi.

We know that encryption backdoors dramatically increase security risks for every kind of sensitive data, and that includes all types of data that affects our national security. The IT security community overwhelmingly agrees that encryption backdoors would have a disastrous impact on the integrity of our elections and on our digital economy as a whole.

Opponents of encryption backdoors have said repeatedly that government-mandated weaknesses in encryption systems put the privacy and security of everyone at risk the same backdoors can be exploited by hackers.

The survey also shows that 70% of the Black Hat USA respondents believe countries with government-mandated encryption backdoors are at an economic disadvantage in the global marketplace, while 84% would never knowingly use a device or program from a company that agreed to install a backdoor.

Bocek added: On a consumer level, people want technology that prioritises the security and privacy of their personal data. This kind of trust is priceless. Encryption backdoors would not only make us much less safe at a national level, they also clearly have the potential to inflict significant economic and political damage.

In July 2019, US attorney general William Barr said consumers should accept the risks that encryption backdoors pose to their personal security to ensure law enforcement can access encrypted communications. But more recently, Canadas public safety minister Ralph Goodale called for his government to work with internet companies to find a balance between internet privacy and the needs of law enforcement.

In December 2018,the parliament of another Five Eyes member, Australia, passed controversial legislation requiring tech businesses to create encryption backdoorswithin their products, prompting criticism from security and privacy advocacy groups, including theElectronic Frontier Foundation(EFF).

The Australian legislation is based on the UKs equally controversialInvestigatory Powers Act, but the Australian law goes a step further by including the power to compel individual network administrators, sysadmins, and open source developers to comply with secret demands, including potentially to force them to keep their cooperation secret from their managers, lawyers and executive leadership.

The US, Canada, Australia and the UK are all members of theFive Eyesintelligence alliance, which in September 2018called on tech firms to include backdoors in their encrypted productsto give access to law enforcement authorities or face various measures.

The group said it encouraged information and communications technology service providers to voluntarily establish lawful access solutions to their products and services, but warned in astatementthat should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.

Excerpt from:
Security pros reiterate warning against encryption backdoors

Encryption – servicepro.wiki

Documents (or other items) attached to objects, such as Service Requests, in ServicePRO can be encrypted. Encrypting attachments ensures that only those authorized to review the information in the attachment, can do so. Encryption Settings for your Help Desk are managed here.

From the Configuration tab, click on the Encryption option.

The following window appears:

Encryption Settings

Trustees

A trustee is a privileged user who can decrypt any file in ServicePRO with the aid of another trustee.

Enforce Encryption

By checking the boxes beside objects here, users who attach items to these objects will be required to encrypt them.

Select the objects, if any, that your help desk requires encryption.

Passphrase Indicate the minimum number of characters required for encryption passphrases. Obviously, the longer the passphrase, the more secure your encrypted files will be. Users will be required to enter this passphrase for each encrypted file they are authorized to open.Setting an Encryption Passphrase Before you can encrypt a file or be selected as a trustee, a passphrase must be set. To increase security, the passphrase is in addition to the password required to log in to ServicePRO.

User Options - Setting an Encryption Passphrase

Encrypting Attached Files When encryption setup has been completed, file attachment encryption can take place.

Encrypting Attached Files

Decrypting Attached Files

Trustee Decryption On occasion, it might be necessary to decrypt a file when none of the selected users for whom the file was encrypted are available for example, when an employee leaves the company.

Decrypting files in this situation is called Trustee Decryption and requires a minimum of two trustees.

NOTE:If you have specified that a minimum of 3 trustees are required to decrypt the file, then your form will feature with three frames, requiring 3 trustees to enter their information.

Forgotten Passphrases If you forget your passphrase, you can create a new one with the assistance of two trustees.

Changing Trustees To change a trustee, you must have the assistance of another trustee.

Tips and Best Practices Ensure that you have at least three trustees who will not lose or forget their passwords. If an attachment is encrypted, the file will not be recoverable if you do not have the appropriate number of trustees to decrypt the file.

More here:
Encryption - servicepro.wiki

Mozy Encryption

In simple terms, encryption is a secret pass phrase that is applied to the contents of your files to ensure that they are completely unreadable without the means to do so along with that encryption key. Mozy encrypts your files on your computer before they are sent over the Internet to the Mozy cloud. Your files remain encrypted when stored in the Mozy cloud and can only be read if you have both the encryption key and the means to read the encrypted file.

When you install Mozy software, you might be able to select the type of encryption key you want to use for your backups. Whether you can choose and exactly which types of encryption keys are available depends on the type of account you have. MozyHome accounts can choose either the Mozy default encryption key or a personal encryption key. If you use MozyPro or MozyEnterprise, your administrator can determine the encryption key types that you can choose from or whether you can choose at all. That encryption is permanently associated with all files sent to the Mozy cloud from that computer.

You can change the encryption key type after you install the Mozy software. Doing this requires deleting the computer from the account and re-activating the software. If users are permitted to activate the software, a user can re-launch the setup wizard through the software and reactivate. Otherwise, you must uninstall the software, then reinstall and reactivate. The Mozy software then uploads all the files again to ensure that the stored files match the current encryption key.

The type of encryption key that is used determines whether some tasks are seamless and simple or whether extra steps are required. The Mozy default encryption key yields the least complicated experiences. A personal or corporate encryption key requires an extra set of steps for certain tasks. For example, if a personal encryption key is used, that key must be supplied to access files from the Mozy cloud when you use the Mozy mobile app. If a personal or corporate key is used, when you download files from the Mozy cloud using a web browser that you must then also use the Mozy decryption utility to supply that key. If a KMS key is used, you must use the backup software or Restore Manager to download and decrypt files.

With a few exceptions, most features of Mozy are available regardless of which type of encryption key is used.

If you use MozyPro or MozyEnterprise, some features might have been disabled by your administrator. For example, some organizations choose not to permit their users to access their files online.

Mozy separately stores the key. This option lets Mozy automatically decrypt your files when you download or restore them. This is the least complicated, most seamless experience for users, imposing no restrictions on any Mozy features.

To ensure you can download and restore your files, you must either remember your key indefinitely, or you can save it and store it separately. If you choose to save it, a plain text file is saved to the location you choose. The file contains only the characters you entered when creating your key. To ensure you can always provide your key, it is best not to save it only on your computer, which could fail, or only anywhere else which you could easily lose or damage, such as a USB stick.

When you download and restore files, you must supply this key to decrypt those files. Mozy does not have access to your personal encryption key and cannot decrypt files for you. This means that if you lose your key, Mozy cannot help you decrypt your files. Even under force of law, Mozy cannot decrypt your files if you choose to use a personal encryption key. When you reinstall the Mozy software or install it on a replacement computer, you must supply this same key to ensure continued access to files you have previously backed up.

If you choose to use a personal encryption key and you also use the Mozy mobile app, you must provide your personal key to view and download files from the Mozy mobile app. For more information, see Provide Personal Encryption Key in the Mozy Mobile App.

If you choose to use a personal encryption key with Mozy Sync, each instance of the sync software you install must use exactly that same key.

If you use a personal encryption key, several Mozy features are affected.

If you use a corporate encryption key, several Mozy features are affected.

If you use KMS encryption keys, several Mozy features are affected.

If you have a MozyHome account, you can use the same type of encryption key, or the exact same personal encryption key, when you install each instance of the backup software. Or, you can choose to install each instance of the backup software with a different type of encryption key, or a different personal encryption key. You can install Mozy Sync with the same encryption key as the backup software or a different one; however, all your instances of Mozy Sync must use the exact same encryption key. In making these choices during installation, you can choose to create the simplest experience possible when downloading or restoring files. Or, you can choose to be responsible for managing the most secure experience, which can also be the most complex.

If you have a MozyPro or MozyEnterprise account, you might not be able to choose which type of encryption to use. Or, your administrator specifies which types you can choose from. If you can choose, the same considerations that are described for a MozyHome account apply to you as well. As always, if you use Mozy Sync, each installed instance must use not only the same type of encryption, but the exact same key.

With this scheme, you never need to remember or supply an encryption key to use any Mozy features.

With this scheme, you must always be able to provide each key as necessary to use certain Mozy features, particularly when restoring or downloading files, or when installing any Mozy software when you replace any computer.

Visit link:
Mozy Encryption

Optical Encryption Market Size, Share, Trends and Forecast …

Optical encryption market is expected to grow at a moderate rate during the forecast period 2019-2025. Optical encryption is a medium to secure in-flight data in the network transport layer. It is carried over optical waves across fiber-optic cables. With an increasing number of data leaks and high-profile breaches, cybersecurity is a major concern. For instance, according to the Executive Officer of the President of the US, the US economy has incurred the loss due to malicious cyber activity costing between $57 billion to $109 billion in 2016. Three Ukrainian energy distribution companies were targeted for cyber-attacks in December 2015. This resulted in electricity outages for nearly 225,000 customers across Western Ukraines Ivano-Frankivsk region. The attackers achieved unauthorized access into the corporate network of a regional electricity distribution company. About twenty-three 35kV and seven 110 kV substations were disconnected for three hours. This became possible due to the theft of credentials from corporate networks. The attackers were trying to theft credentials from 6 months before and finally succeed. Such kinds of cybersecurity threats are expected to encourage the demand for optical encryption technologies. Optical encryption provides benefits such as providing no information about underlying services and adding no latency. This enables to provide an exceptionally secure connection to the infrastructure by protecting data from theft. Other crucial factors that are contributing to the growth of the market include rising investment in smart city projects and advances in optical encryption techniques.

The global optical encryption market is segmented on the basis of the encryption layer and vertical. Based on the encryption layer, the market is further classified into layer 1, layer 2 and layer 3. Additionally, on the basis of vertical, the market is further classified into military and defense, government, BFSI (Banking, financial services, and insurance), healthcare, retail, transportation, telecom & IT, and others. There has been a significant demand for optical encryption in BFSI to protect information of their customers. BFSI industry is susceptible to a breach of data. Hence, it requires upgrading transaction and processing technologies. In addition, the industry requires end-to-end security solutions for optimizing operations against external and internal threats. Due to services, including mobile banking, smart banking, and internet banking, the payment security transmitted over the network is a prime object for BFSI organizations. This, in turn, increases the demand for optical encryption solutions to control and secure sensitive data of customers by encrypting data, files, and emails, as well as offers financial security.

Geographically, the global optical encryption market is segmented into four major regions, such as North America, Europe, Asia-Pacific, and rest of the world (RoW). The factors that are encouraging the demand for optical encryption market in North America include well-developed IT infrastructure and significant cyber-attacks in the region. However, Asia-Pacific is anticipated to witness considerable growth in the market due to the increasing number of smart city projects and rising adoption of cloud-based services. The major players in the market include Cisco Systems, Inc., Infinera Corp., Ciena Corp., ECI Telecom Ltd., and Huawei Technologies Co., Ltd. The crucial strategies adopted by these companies include merger and acquisitions, product launches and collaborations to expand market share globally. As an instance, in October 2018, Infinera Corp. acquired Coriant, Inc., a global supplier of open network solutions. It offers solutions for major global network operators. The acquisition will enable Infinera Corp. to position as one of the major providers of vertically integrated optical network equipment across the globe. This will enable the company to deliver a strong portfolio of end-to-end and advanced packet optical network solutions for internet content providers and communication service providers.

Research Methodology:

The market study of the optical encryption market is incorporated by extensive primary and secondary research conducted by the research team at OMR. Secondary research has been conducted to refine the available data to breakdown the market in various segments, derive total market size, market forecast, and growth rate. Different approaches have been worked on to derive the market value and market growth rate. Our team collects facts and data related to the market from different geography to provide a better regional outlook. In the report, the country-level analysis is provided by analyzing various regional players, regional tax laws and policies, consumer behavior and macro-economic factors. Numbers extracted from Secondary research have been authenticated by conducting proper primary research. It includes tracking down key people from the industry and interviewing them to validate the data. This enables our analyst to derive the closest possible figures without any major deviations in the actual number. Our analysts try to contact as many executives, managers, key opinion leaders, and industry experts. Primary research brings authenticity in our reports.

Secondary Sources Include

The report is intended for government and private companies for overall market analysis and competitive analysis. The report provides in-depth analysis on market size, intended quality of the service preferred by consumers. The report will serve as a source for 360-degree analysis of the market thoroughly integrating different models.

Market Segmentation

The Report Covers

Read the original here:
Optical Encryption Market Size, Share, Trends and Forecast ...

MySQL Enterprise Transparent Data Encryption (TDE)

Only available in select Commercial Editions

MySQL Enterprise Transparent Data Encryption (TDE) protects your critical data byenabling data-at-rest encryption in the database. It protects the privacy of your information,prevents data breaches and helps meet regulatory requirements including:

MySQL Enterprise Transparent Data Encryption (TDE)

MySQL Enterprise TDE enables data-at-rest encryption by encrypting the physicalfiles of the database. Data is encrypted automatically, in real time, prior to writingto storage and decrypted when read from storage. As a result, hackers and malicious usersare unable to read sensitive data from tablespace files, database backups or disks. MySQLEnterprise TDE uses industry standard AES algorithms.

MySQL Enterprise TDE uses a two-tier encryption key architecture, consisting of a masterencryption key and tablespace keys providing easy key management and rotation. Tablespace keysare managed automatically over secure protocols while the master encryption key is stored ina centralized key management solution such as:

Oasis KMIP protocol implementations:

MySQL Enterprise TDE also supports HTTPS based APIs for Key Management such as:

MySQL enforces clear separation of keys from encrypted data using these centralized keymanagement solutions automate key rotation and storing historical keys.

Database table encryption and decryption occurs without any additional coding, data type or schema modifications. Also, users and applications continue to access data transparently, without changes. MySQL Enterprise TDE gives developers and DBAs the flexibility to encrypt/decrypt existing MySQL tables that have not already been encrypted.

MySQL Enterprise TDE leverages database caching to achieve high performance and requires zero downtime to implement.

Read the original here:
MySQL Enterprise Transparent Data Encryption (TDE)