Andy Patrizio is a freelance technology writer based in Orange County, California. He's written for a variety of publications, ranging from Tom's Guide to Wired to Dr. Dobbs Journal.

Your message has been sent.

There was an error emailing this page.

While everyone is talking about the impressive performance potential and scale of AMDs new Epyc server chips, overlooked in all the hoopla are the security features of the chip that may prove just as appealing.

To start off, there is the tag team of Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV). Secure Memory Encryption allows for full encryption of data stored in DRAM, and SEV allows individual virtual machines to be assigned a unique cryptographic key, thus isolating them from each other as well as the OS hypervisor and administrator layer. These functions are based on a hardware security processor attached to the memory controller with a 128-bit AES encryption engine.

That means you can have full memory encryption on virtualized machines, something that will be greatly appreciated by cloud services providers. It will let them assure customers that the memory and the virtual machines that live on their clouds are completely secured in a multi-tenant environment.

Where SME is designed for memory, SEV is specifically aimed at VMs and is designed to keep them from cross-contamination, since each VM has its own encryption key. It also allows unencrypted VMs to run alongside encrypted ones, which is a new option. Up to now, its been either/or, all-or-nothing. The keys are transparent to the VMs and managed by the protected hypervisor.

SVE doesnt just work for static VMs; it also supports migrating VMs from one server to another while maintaining encryption throughout the process.

Then there is the Platform Security Processor (PSP), an ARM Cortex-A5 core on the Epyc die that controls the boot process and system security, and basically operates similar to Intels Management Engine in the Xeon. It provides secure boot and has full TPM functionality.

The one question unanswered is how much of a performance hit this will incur. Encryption is never a fast process regardless of processor, and now you are talking about encrypting the contents of memory, which are going to be constantly changing. AMD does give the option of turning SEV and SME on or off, and you can do it while the server is running without a restart.

Of course, this hardware isnt terribly useful until Microsoft, VMware, Citrix, Red Hat and other Linux distros support it. Once the software enters the market, then that encryption will be truly useful. For now, though, AMD has a security story that Intel cant quite match.

Andy Patrizio is a freelance journalist based in southern California who has covered the computer industry for 20 years and has built every x86 PC hes ever owned, laptops not included.

Sponsored Links

Read more:
Epyc win for AMD in the server security battle - Network World

Australia's favourite Attorney-General, Senator George Brandis QC, has been in Ottawa discussing how we and our Five Eyes intelligence partners can 'thwart' terrorists' encrypted communications. What has he achieved?

Brandis told ABC Radio on Wednesday morning that defeating encryption was a "very important part of the proceedings" at the meetings between the US, UK, Canada, New Zealand, and Australia, because encryption is "impeding lawful access to the content of communications".

"So what we decided to do in particular was to engage with ISPs and device makers to secure from them the greatest possible level of cooperation. I also discussed with my American counterpart, Attorney-General Sessions, the development of cross-border access without having to go through the rather prolonged procedure of mutual legal assistance," Brandis said.

Leaving aside the question of whether lawful access rules should be re-examined, improving the pace at which law enforcement agencies can respond is a sensible goal. But what of the technical aspects?

As ABC Radio asked: "What are you actually asking them to do? Because tech companies say you can only break into these messages if you've planted a flaw or a bug into the software before it's sold. Is that what you want the device makers to do?"

Not specifically, said Brandis, and it's not as simple as that. And indeed, he's previously said he's not interested in backdoors.

"What we need is to develop, and what we'll be asking the device makers and the ISPs to agree to, is a series of protocols as to the circumstances in which they will be able to provide voluntary assistance to law enforcement," Brandis said.

"There is also of course the capacity which exists now in the UK and in New Zealand, under their legislation, for coercive powers, but we don't want to resort to that," he added. Brandis wants a set of "voluntary solutions".

When pressured about what that might mean, Brandis said that is a discussion that is yet to happen, and he didn't want to get ahead of himself, or narrow or confine its scope.

"First of all, I've made it clear that we're not going to ask the tech companies to backdoor their systems. Secondly [for example] section 253 of the British Investigative Powers Act does impose an obligation, subject to reasonableness and proportionality, upon providers to do whatever they reasonably can be expected to do to enable law enforcement to inspect messages that are the subject of encryption, or inspect devices," Brandis said.

And as for the idea of banning end-to-end encrypted messaging apps like Signal and WhatsApp entirely, Brandis said "it was not discussed, and wasn't thought of, and it would be infeasible."

So here's where we're up to.

Brandis says end-to-end encryption is a problem for law enforcement, which it is. He's not going for a backdoor, and says that's not feasible, which it isn't. So has he started a war on mathematics? Has he foolishly tried to tackle maths with the law?

After all, Brandis isn't known for his technical acumen, particularly after that Walkley Award-winning interview where he struggled to explain metadata.

No. Forget the maths. Join some different dots.

First, Brandis plans to talk to device manufacturers. Even now, telco switches must have a lawful interception (LI) capability, so that conversations can be intercepted -- or wiretapped, as Americans say. I'm guessing he simply means extending that requirement to endpoint devices, where messages could be intercepted before they're encrypted.

Second, Brandis wants to talk to ISPs. That's probably not to decrypt messages as they pass through, because that's kinda hard. It's probably to help the telcos identify the device in use, so that its lawful interception capability can be turned on.

That's all technically possible, achievable with legal pressure, and fits nicely within the national and international legal frameworks already in place.

But it's not a win, at least not for us citizens.

Current LI capabilities work through telco switches, so in theory they can only be turned on from within the telcos themselves. Yeah, shoosh you.

But mobile devices can be anywhere on the planet. The Brandis Plan, if it's what I think it is, would mean devices could potentially have their LI capability turned on from any telco on the planet and routed ... somewhere.

Why?

Because research as recently as late 2016 has shown that international mobile data networks are a security nightmare.

The only protections from LI capabilities going rogue would be mobile network switching security, and the processes within device makers' supply chains, and telcos, to prevent information leaking to bad people. There's no attack surface in there at all, right?

Sigh.

The Brandis Plan may well be able to achieve his goals, but at what cost?

Original post:
Australia's encryption thwart thought is fraught - ZDNet

Kenneth Roth is executive director of Human Rights Watch

It is a rare law enforcement officer or intelligence agent who doesnt want access to more information. Yet total information awareness, to use a term from the George W. Bush administration era, has never been possible. Some people whisper to avoid prying ears. Others draw the blinds to prevent looking in.

More fundamentally, the right to privacy the personal preserve where governments should not be allowed to snoop is an impediment to official surveillance. That privacy is necessary to safeguard such sensitive matters as our banking information, our medical history, our personal relationships, or our ability to explore unpopular or potentially embarrassing points of view.

Today the battle between law enforcement and privacy is being fought over encryption. One response to Edward Snowdens revelations about the extent of U.S. government surveillance has been growing popular insistence on encryption such as the end-to-end encrypted communications used in iPhones or WhatsApp to which no phone or Internet company holds an access key. Meeting this week in Ottawa, the Five Eyes intelligence sharing partnership Australia, Canada, New Zealand, the United Kingdom and the United States is considering an Australian proposal to mandate such a key, or back door, to encryption. Officials in the U.S. and U.K. have made similar proposals.

The rationale is that many terrorists and other criminals are using end-to-end encryption to hide their activities. Even if law enforcement officers or intelligence agents obtain a judicial warrant to monitor their communications, the lack of a back door key means there is no way that phone or Internet companies can let these officers in.

Yet a mandated back door essentially a built-in vulnerability is dangerous because there is no way to ensure that only the good guys will exploit it. Todays hackers, both criminal and governmental, are increasingly sophisticated. They have hacked Internet companies, sensitive infrastructure, even the National Security Agency itself. Technology companies are in a feverish race to enhance privacy and security protections. The last thing they need is to introduce a deliberate vulnerability. Few would want to return to an era when encryption was not the norm.

And to what end? A mandated back door to encryption might enable governments to catch some criminals. But criminals with any degree of sophistication would simply download encryption services that are widely available on the Internet without going through one of the brand-name companies that might be mandated to introduce a back door. Meanwhile, ordinary members of the public would be stuck with vulnerable communications.

Moreover, Western Internet and phone companies would be competitively crippled. Even if Five Eyes and other Western governments mandated a back door for devices made in their country, other countries might not follow suit. Anyone concerned with their privacy and security would flock to and try to sneak in devices produced in non-back-door countries.

The crimes that might be stopped through a back-door mandate must be weighed against the crimes that would be created. The vulnerability in our software and digital devices would mean more theft, blackmail and extortion as hackers enjoy a field day. Street crime would also be affected. The rise of strong default smartphone encryption has contributed to a plummeting in once-rampant cellphone theft. Theres no point in stealing a phone (often violently) if you cant penetrate its encryption. A mandated back door, once its vulnerability has been hacked, would once again expand the market for stolen phones.

Proponents of a back door also tend to assume that law-enforcement or intelligence access to it would require a judicial warrant or some lawful process, but it is easy to imagine circumstances in which these processes would be circumvented or subverted. In many countries where these devices are used, unscrupulous governments or officials in possession of this information would be more likely to persecute dissidents for their private criticisms.

For these reasons, a pantheon of senior security officials think a mandated back door is a bad and dangerous idea. In the United States, these include the past heads of the CIA, the NSA, and the Department of Homeland Security, as well as former president Barack Obamas Presidential Review Group on Intelligence and Communications Technologies. Europol has also warned that solutions that intentionally weaken technical-protection mechanisms to support law enforcement will intrinsically weaken the protection against criminals as well. Security officials would be better off adapting to a world of encryption than to weaken the security of our communications.

Even where end-to-end encryption is used, many types of communication already are subject to judicially-ordered surveillance. Metadata such as the data that guides a communication to the proper destination cannot do its job if it is encrypted. It remains available to government monitoring by appropriate judicial order, although care should be taken to ensure that this data, which can reveal a great deal about our personal life, is not collected excessively. Other metadata can pinpoint where a phone (and presumptively its user) has gone. Much information stored in the cloud is unencrypted.

The plethora of such unencrypted information has led some to say that today is the golden age of surveillance. Rather than press for encryption back doors, governments would be better off teaching investigators how to access important unencrypted sources of information.

Its time to abandon the quest for total information awareness. Yes, some criminals will benefit from encryption. But just as we dont outlaw whispering or drawing the shades, so we should accept that encryption is the only way to safeguard our communications in an era of increasingly sophisticated cybercrime and unauthorized surveillance.

Follow us on Twitter: @GlobeDebate

Excerpt from:
The battle over encryption and what it means for our privacy - The Globe and Mail

In a statement that brings to mind the valour of Don Quixote, Australian Prime Minister Malcolm Turnbull has flagged "a crackdown on ungoverned spaces online".

According to another report from The Age similar to some of the others that one has quoted in the past Australia plans to pressure "social media companies pressure social media companies to do more to co-operate with governments to combat would-be terrorists who are organising online".

If this were not fanciful enough, Turnbull wants the rule of law to apply online as it does in what The Age calls the "analogue, offline world".

Remember, this comes from a man who claims to be digitally aware, one who has used the words "innovation" and "agile" more times in the last year than any other politician, and one who has repeatedly let slip little hints like his use of an encrypted app for messaging to give the impression that he knows his ones and zeroes.

As usual, there are no specifics. Last time I looked, Facebook, Twitter, and their ilk were all based in the US, a country which is highly unlikely to do anything to disturb them. So what Turnbull has in mind is mystifying.

That Turnbull continues to make such statements, putting himself very much on part with some of the pronouncements that have emanated from Attorney-General George Brandis, is surprising, considering that he has an educated adviser in the shape of Alistair MacGibbon to brief him on the basics of encryption.

But if all that Turnbull is seeking is to pass the time of day by making pronouncements as nonsensical as those uttered by his British counterpart, Theresa May, then he is going about things the right way.

Encryption has taken centrestage ever since the world became aware in 2013 that the NSA was conducting surveillance of man+dog. Since then, companies have been trying to guarantee clients that their data will be safe in order to attract more sales.

Microsoft has even gone to the extent of offering its American clients cloud storage in Germany, a country where data security is taken a little more seriously given its past.

The genie is well and truly out of the bottle and politicians who promise security measures which do not take reality into account are doing just one thing: telling porkies to score political points.

The only point at which this mess will be resolved is when politicians are willing to admit that terrorism is a political problem and requires a political solution. It is not a law and order issue.

Read more:
Encryption: Turnbull tilts at windmills again - iTWire

(Washington, DC) The governments that constitute the intelligence partnership known as The Five Eyes, will meet on June 26-27, 2017, in Ottawa to discuss how to bypass encryption. The governments may pursue a dangerous strategy that will subvert the rights and cybersecurity of all internet users.

People sit at computersinside GCHQ, Britain's intelligence agency,in Cheltenham, UK, November 17, 2015.

Encryption protects billions of ordinary people worldwide from criminals and authoritarian regimes, said Cynthia Wong, senior internet researcher at Human Rights Watch. Agencies charged with protecting national security shouldnt be trying to undermine a cornerstone of security in the digital age.

The Five Eyes is an intelligence sharing partnership between Australia, Canada, New Zealand, the United Kingdom, and the United States. Law enforcement and intelligence agency representatives from each state will gather in Ottawa to discuss shared national security concerns. The meeting is expected to address the increasing use of end-to-end encrypted communications as a challenge to surveillance and seek a coordinated approach.

In recent years, law enforcement officials in some Five Eyes countries have contended that they are losing some of their ability to investigate crime or prevent terrorism because advances in consumer encryption have led some channels of information that were previously accessible to go dark. Companies like Apple and WhatsApp have begun to integrate end-to-end encryption into their products by default, which makes it impossible for even the companies to retrieve unscrambled user data at the request of the government because the firms do not hold the decryption keys. Some officials have gone further and sought legislation to ensure that their governments can access all encrypted data, even if this would force companies to build back doors or other vulnerabilities into phones and applications to bypass encryption.

Australian Attorney General George Brandis plans to raise the need for new restrictions on the encryption built into popular messaging applications with Five Eyes counterparts, stating that existing laws dont go far enough.

In March, in the immediate aftermath of the Westminster attack, UK Home Secretary Amber Rudd called end-to-end encryption on apps such as WhatsApp completely unacceptable and stated that there should be no place for terrorists to hide. On June 13, UK Prime Minister Theresa May and French President Emmanuel Macron announced a counter-terrorism joint action plan that calls for greater access to encrypted communications.

The UKs Investigatory Powers Act allows authorities to compel companies to take undefined reasonable and practicable measures to facilitate interception, including of unencrypted data. Authorities are still determining the exact scope of what companies will be required to do under the law with respect to encryption.

Law enforcement officials in the US have also repeatedly called for companies to build back doors into encryption. In 2016, media reports released draft legislation that would have required technology companies to provide access to encrypted information in an intelligible format upon court order. The bill did not specify how companies would have to unscramble encrypted information, but it would have effectively forced companies to bypass encryption and other security features. The bill faced widespread criticism from security experts and privacy groups as unworkable and harmful to cybersecurity and was never formally introduced.

In February 2016, US authorities also sought a court order to force Apple to build a back door into an iPhone that was used by one of the attackers in the 2015 San Bernardino attack. Apple challenged the order, and authorities eventually withdrew it because they were able to access the phones data without Apples help.

In 2016, Canada held a consultation on its national security framework, which expressed concern over security agencies diminished ability to investigate crimes due to the use of encryption. It also stated that Canada had no legal procedure to require decryption.

Many officials from Five Eyes countries claim they do not seek back doors. But they dont explain how companies that dont hold encryption keys could provide exceptional access for law enforcement to unencrypted data without a back door. To implement such a requirement, companies would be forced to redesign their products without security features like end-to-end encryption.

Back doors create weaknesses that can be exploited by malicious hackers or other abusive government agencies. Billions of people worldwide rely on encryption to protect them from threats to critical infrastructure like the electrical grid and from cybercriminals who steal data for financial gain or espionage. The vast majority of users who rely on encryption have no connection to wrongdoing.

Encryption built into phones and messaging apps can also help safeguard human rights defenders and journalists from abusive surveillance and reprisals, including threats of physical violence. In 2015, the UN special rapporteur on freedom of expression, David Kaye, recognized that encryption enables the exercise of freedom of expression, privacy, and a range of other rights in the digital age.

Governments have an obligation to investigate and prosecute crime and protect the public from threats of violence. But proposals to weaken encryption in popular products will not prevent determined criminals or terrorists from using strong encryption to shield their communications. A recent survey shows that determined, malicious actors would still be able to access such tools made by companies outside the Five Eyes countries, which would not be subject to their laws.

Ordinary users will be more vulnerable to harm, online and offline, if technology firms are forced to weaken the security of their products, Human Rights Watch said. Instead of weakening encryption, governments should better train law enforcement officials to use investigative tools already at their disposal, including access to the vast pool of metadata from digital communications or location data that is not encrypted, consistent with human rights requirements.

If the Five Eyes countries force tech companies to build encryption back doors, it would set a troubling global precedent that will be followed by authoritarian regimes seeking the same, Wong said. These governments should promote strong encryption instead of trying to punch holes in it, which would lead to a race to the bottom for global cybersecurity and privacy.

Here is the original post:
Perils of Back Door Encryption Mandates - Human Rights Watch