Category Archives: Encryption
VSAN Encryption: What it is, what it does and how to use it – TechTarget
VMware vSAN 6.6 is the first software-defined storage offering of its kind to include native hyper-converged infrastructure...
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
encryption within the hypervisor. VSAN 6.6 builds data-at-rest encryption into the vSAN kernel, enables it at the cluster level and encrypts all objects in the vSAN data store. This new feature is called vSAN Encryption.
Cybersecurity is a top priority for most companies, so vSAN Encryption is a welcome addition to vSAN. IT administrators have long been reluctant to deploy encryption at the OS level or allow applications owners to encrypt their apps and data. VSAN Encryption eliminates this issue by encrypting the entire vSAN data store.
VSAN Encryption is hardware-agnostic, which means admins can deploy the storage hardware device of their choice without the need for expensive self-encrypting drives.
VSAN Encryption is available for both hybrid and all-flash configurations and requires a key management server (KMS) compliant with Key Management Interoperability Protocol 1.1 in order to associate with vCenter Server. VSAN Encryption performs encryption with a xor-encrypt-xor-based tweaked-codebook mode withciphertext stealing (XTS) Advanced Encryption Standard (AES) 256 cipher at both the cache and capacity tier -- anywhere data is at rest. VSAN Encryption is also compatible with vSAN all-flash efficiency features, such as deduplication, compression and erasure coding; this means it delivers highly efficient and secure storage. Data is encrypted as it enters the cache tier and, as it destages, is decrypted. Finally, the data is deduplicated and compressed as it enters the capacity tier, where it is encrypted again.
VSAN Encryption is compatible with vSAN all-flash efficiency features, such as deduplication, compression and erasure coding; this means it delivers highly efficient and secure storage.
VSAN Encryption's cryptographic mechanics are similar to those of vSphere 6.5 VM Encryption. Both use the same encryption library, provided you have a supported KMS. In fact, you can use the same KMS for both vSAN Encryption and VM Encryption. However, that's where the similarities end. VM Encryption occurs on a per-VM basis via vSphere API for I/O filtering, whereas vSAN Encryption encrypts the entire data store.
The other major difference is that vSAN Encryption is a two-level encryption method: It uses a key encryption key (KEK) to encrypt a data encryption key (DEK). The DEK is a randomly generated key that encrypts data on each disk. Each vSAN host stores the encrypted DEKs but does not store the KEK on disk. If the host requires the KEK, it requests it from the KMS.
VSAN Encryption occurs when vCenter Server requests an AES-256 KEK from the KMS. VCenter Server only stores the KEK's ID, not the key itself. The ESXi host then encrypts disk data with the industry standard AES-256 XTS mode. Each disk has a different randomly generated DEK. Each ESXi host then uses the KEK to encrypt its DEKs and stores the encrypted DEKs on disk. As mentioned before, the host does not store the KEK on disk. If a host reboots, it requests the KEK with the corresponding ID from the KMS. The host can then decrypt its DEKs as needed.
The host uses a host key to encrypt core dumps, not data. All hosts in the same cluster use the same host key. VSAN Encryption generates a random key to re-encrypt the core dumps when it collects support bundles. Use a password when you encrypt the random key.
When an encrypted vSAN host reboots, it does not mount its disk groups until it receives the KEK, which means this process can take several minutes or more to complete. Also, encryption can be CPU-intensive. Intel AES New Instructions (AES-NI) significantly improves encryption performance, so enable AES-NI in your system's Basic Input/Output System.
To encrypt data with vSAN Encryption, first add a KMS to your vCenter Server and establish a trusted connection with it. Do not deploy your KMS on the data store you intend to encrypt because, if a failure should occur, hosts in the vSAN cluster must communicate with the KMS.
Select the vCenter Server to which you wish to deploy the KMS and, under the Configure tab, select Key Management Servers and add your KMS details.
Figure 1 shows options for establishing a trusted connection between vCenter, ESXi hosts and KMS. Once you choose one of these options, you can enable encryption in your vSAN cluster.
It's incredibly easy to turn on vSAN Encryption. Simply select the vSAN cluster and navigate to the Configure tab. Under Settings, select General. Click the Edit button and tick the boxes next to "Turn ON vSAN" and "Encryption." Be sure to select the appropriate KMS cluster.
In this window, you'll also see options to "Erase disks before use" and "Allow Reduced Redundancy." "Erase disks before use" wipes existing data from storage devices as they are encrypted. Be aware that this increases the disk reformatting time.
If your vSAN cluster already has a significant number of VMs deployed to it and you're concerned that there isn't sufficient available capacity to evacuate the disk group prior to encryption, the "Allow Reduced Redundancy" option reduces the VM's protection level to free up space to carry out the encryption. This method doesn't evacuate data to other hosts in the cluster; it just removes each disk group, upgrades the on-disk format and adds the disk group back. All objects remain available but with reduced redundancy.
Once you click OK, vSAN will reformat all of the disks in the group. This is a rolling format in which vSAN removes one disk group at a time, evacuates the data from those disk groups, formats each disk to on-disk version 5.0, re-creates the disk group and moves on to the next. This can take a considerable amount of time, especially if vSAN needs to migrate large amounts of data on the disks during reformatting.
Be aware that if, at any point, you choose to disable vSAN Encryption, vSAN will perform a similar reformatting process to remove encryption from the disks.
If you need to regenerate the encryption keys, you can do so within the vSAN configuration user interface. There are two methods for regenerating a key. The first is a high-level re-key where a new KEK encrypts the existing DEK. The other is a complete re-encryption of all data with KEKs and DEKs. This option takes significant time to complete, as all data must be re-encrypted with the new key.
To generate new encryption keys, click the Configure tab. Under vSAN, select General and then click Generate New Encryption Key. This opens a window in which you can generate new encryption keys, as well as re-encrypt all data in the vSAN cluster. To generate a new KEK, click OK. The DEKs will be re-encrypted with the new KEK.
VMware cashes in on HCI trend in vSAN 6.5 and 6.6
Why data-at-rest security is on the rise
Best of the best enterprise encryption tools in 2016
See the original post here:
VSAN Encryption: What it is, what it does and how to use it - TechTarget
ConCourt rules against e.tv in digital encryption case – Eyewitness News
e.tv had challenged the government, saying an unencrypted system would hurt its ability to compete as encryption would allow government to offer better services to the public.
The Constitutional Court. Picture: Gia Nicolaides/EWN.
JOHANNESBURG The Constitutional Court has ruled that government did not behave unconstitutionally when it decided that it would implement a policy of unencrypted digital terrestrial television.
e.tv had challenged the decision, saying that an unencrypted system would hurt its ability to compete and that encryption would allow government to offer better services to the public.government to offer better services to the public.
The court ruled by five judges to four that government can continue to use an unencrypted system for digital terrestrial television and that e.tv's legal bid to stop the system must fail.
But judges have also criticised former communications minister Faith Muthambi for her conduct in refusing to name who she spoke to when she changed her mind from using an encrypted system to using an unencrypted system.
e.tv had said that using the unencrypted system would make it impossible for it to compete against other players over the longer term.
Writing for the majority, Chief Justice Mogoeng Mogoeng opened his ruling with the statement: Ours is a constitutional democracy - not a judiciocracy.
He then said this means that government - as the executive - must have the power to make policy, before saying that government did, in fact, conduct a proper process of consultation before deciding to use the unencrypted system.
But Mogoeng says this is not because of then Communications Minister Faith Muthambi, but because of the actions of the previous Minister Yunus Carrim.
He said that while Muthambi did not properly consult with e.tv when making her decision to use the unencrypted system, previous communications minister Carrim had fulfilled the legal obligations of the department when he had consulted with e.tv in a previous process.
Both Mogoeng's judgment and the dissenting judgement agreed that Muthambi was wrong to not explain who she spoke to when she changed her mind on this issue.
Mogoeng also castigated e.tv, saying it first argued strongly for an unencrypted system and then argued against it.
Mogoeng also said the effect of Muthambi's decision was to virtually maintain the status quo in terms of the relationships and obligations the various broadcasters have.
In their judgment, four other judges said they would have come to a different decision and that Muthambi had not explained why her conduct did not open the door to secret lobbying and influenced peddling.
(Edited by Zinhle Nkosi)
Visit link:
ConCourt rules against e.tv in digital encryption case - Eyewitness News
Islamic State supporters shun Tails and Tor encryption for Telegram – ComputerWeekly.com
Supporters of the terrorist group Islamic State (Isis) are shunning sophisticated security and encryption software, including the Tails operating system and the Tor network, which could be used to cover their tracks when viewingterrorist propaganda online, communications between jihadi sympathisers have revealed.
The 10 most important things you need to know about GDPR, and a jargon-buster explanation for some of the key terminology.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
The disclosures come as the UK government prepares to introduce new restrictions on encryption following the terrorist attacks that killed more than 20 people, including children, at a concert in Manchester, and killed eight andinjured 47 at London Bridge.
Isis has claimed responsibility for the Manchester and London attacks and has also been linked to atrocities in Paris, Germany and Brussels.
Confidential messages show that Isis supporters had little interest in encryption techniques to hide their web browsing activities, or to createa secureversion of propaganda websites that would be difficult for law enforcement to censor or take down.
The messages between supporters recovered by police and the FBI investigating an internet terrorist reveal that Isis supporters preferred method of communication is mobile phone apps Telegram Threema, ChatSecure and Signal, which are designed for people with little or no technical knowledge.
Internet terrorist Samata Ullah communicated with Isis supporters on a Telegram discussion group known as the Khayr group. Police also retrieved a guide to ChatSecure, another mobile phone chat app, from Ullahs computer.
Ullah, who was jailed for eight years in May 2017 after posting encryption training videos on an Islamist blogsite, sent messages to an unidentified Isis supporter raising concerns that the terror groups supporters were not using more secure communications tools.
I dont know Akhi [brother], he wrote. It seems they have some bad info. They refuse to use Wikr [a mobile phone messaging system] and tails. They say threema is the best, then signal, and in extreme case chat secure [sic].
Ullahs Isis contact replied: And they say telegram with virtual sim or open vpn is enough protection.
Another message reads: Dawla [Isis] security groups seem to be very stubborn and not very flexible.
It was only when one of Ullahscontacts inKenya was arrested on 29 April 2016 that attempts were made to persuade fellow Isis supporters to adopt stronger forms of encryption.
The Kenyan said in a letter smuggled out of prison: Tell all KN [Khalifa News] and CCA [Cyber Caliphate Army] teams to be very careful online. It is very much advisable that phones be avoided & instead use PCs with TOR and TAILS.
Many Isis supporters, who often refer to themselves as fanboys, have little technical knowledge and it is difficult to convince them to use encryption software, one counter-terrorism organisation told Computer Weekly.
They have experimented a couple of times with ZeroNet and Onion [Tor] sites on occasions, but those sites are usually very short-lived, a spokesman said, speaking on condition of anonymity. While there are some tech savvy supporters, the majority of their fan base is not very tech savvy and trying to get a newbie to not only understand ZeroNet and Tor but to actually use them consistently is a challenge.
Isiss policy is to saturate the internet with ideas and jihadi content, through social media platforms such as Twitter, according to a report by counter-terrorism think-tank Quilliam.
The terror group distributes daily videos and photographs, which are circulated as widely as possible through self-appointed distributors, often with no official connection to the organisation.
Islamic State has revolutionised jihadist messaging by jettisoning operational security in the pursuit of dynamism, Quilliam reports in a study, The Virtual Caliphate: Understanding Islamic States Propaganda Strategy.
Ullah proposed using ZeroNet which uses BitTorrent peer-to-peer networking and integrates with the Tor secure internet network to create a secure version of a pro-Islamic blogsite, Ansar al Khilafah (Supporters of the Caliphate).
The WordPress propaganda blogsite had attracted interest from the UKs media arm of Isis, according to messages recovered by investigators.
The head of English Islamic State media wants to have the right to proofread all content before it is published on the wordpress in future, one Isis supporter told Ullah. If you would agree to it, they would promote the wordpress.
Ullah replied: Sure. thats good.
But in a series of exchanges, it becomes clear that Isis had no interest in using ZeroNet to create a version of the blog that would be difficult for law enforcement to censor or take down.
An Isis supporter told Ullah: First thing is, the brother almost completely dismissed the idea of zero net. So you will either have to give up the idea or try and convince them.
David Wells, a former GCHQ intelligence officer, told Computer Weekly that mobile phone apps offered a more practical alternative to ZeroNet, Tails and Tor for Isis supporters that may not have technical expertise.
More secure technologies are rarely easy to use, and pragmatically any terrorist group would rather their networks were using something pretty secure than not communicating [at all] when needed or doing something stupid like [sending an] SMS, he said.
A forensic report revealed that Ullahs ZeroNet version of the Answar al Khilafah blog did not work in practice.
ZeroNet would have been cumbersome to use for Isis supporters who were used to exchanging news on social media. It required each user to download the blogs contents, including the Isis magazine Dabiq, onto their own computer, putting them at risk of possession of terrorist materials.
Correspondence recovered from Ullahs computer equipment revealed that he had struggled to find a way to update the ZeroNet version of the site without writing code for each update, and to find ways of displaying videos and other feature-rich content.
Isis favours the mobile app Telegram as a platform for sharing propaganda and for group discussions because it has the ability to create public channels that unlimited numbers of people can view, according to the counter-terrorism specialist.
Isis members begin by creating a private distribution channel on Telegram which is restricted to a few people. These members are responsible forcopying messages from the private channels to publicly advertised open channels, where teams of people then share them through disposable Twitter and social media accounts.
The public channels usually have multiple backups to keep the data flowing if one of them gets suspended by Telegram administrators, said the specialist. Since the private channels have no links to join, they are considered private by Telegram and therefore wont be shut down.
Telegram is said to take down an average of 100 to 200 public Isis channels a day, but Isis creates multiple back-ups of each channel to keep data flowing.
However, the messaging service does not take down private discussion groups between Isis supporters because they are not publicly accessible, said the counter-terrorism specialist.
Encrypted communications is pretty much all they [Isis] do. Id say if theyre not using a walkie-talkie or a cell phone, theyre on one of the encrypted [mobile] apps.
If Isis had taken up ZeroNet, it may have drawn the intelligence services attention to its activities, Wells told Computer Weekly.
If a terrorist group chooses a bespoke or unusual communications provider or service, then this has huge challenges for the intelligence services but it also allows them to focus their efforts, he said.
Experimenting with unproven systems is likely be a low priority for Isis commanders in Syria, who have to deal with the day-to-day realities of civil war with the Assad regime and US drone strikes, said Ross Anderson, professor of computer security at Cambridge University.
If I was running Daeshs technology and some foot soldier says why dont we use ZeroNet, I would say get lost, I have far more interesting and important things to do, said Anderson. Why should I spend weeks investigating this stuff and seeing if it works?
Isis may be avoiding Tor and Tails for similar reasons. The US National Security Agency (NSA) and the UKs GCHQ could narrow down the search for Isis supporters if the terror group started using specialist applications such as Tails and Tor.
Anderson said: They could just harvest all the Tails users in the observable universe and de-dupe them against lists of known users, look for all the new ones and go searching for those.
Isis has used a variety of techniques to avoid detection. During the attack on the Bataclan theatre in Paris in November 2015, terrorist teams used multiple pre-paid burner phones, which they instantly discarded.
Investigators found a crates worth of disposable phones, an investigation by the New York Times has revealed. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims, it said.
Although investigators concluded that the attackers were likely to have used encryption software, no evidence of it was found.
Read more:
Islamic State supporters shun Tails and Tor encryption for Telegram - ComputerWeekly.com
Encryption And Its Role In National Security – ISBuzz News
The recent terrorist activity in the UK has reignited the debate about the use of encryption online. With news that the British Prime Minister, Theresa May, is calling for new regulation of the Internet, effectively demanding the abolition of encryption, David Emm, Principal Security Researcher at Kaspersky Lab commented below.
Download Free
David Emm, Principal Security Researcher at Kaspersky Lab:
Recent terrorist activity in the UK has reignited the debate about the use of encryption online. Some politicians have appealed to Internet companies to provide a way for government to inspect the communications of those suspected of criminal activity, for example terrorists. Others have even called for a blanket ban on end-to-end-encryption altogether.
The requirement for application vendors who use encryption to provide a way for government or law enforcement agencies to see through encryption, poses some real dangers. Creating a backdoor to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside. Your intention is for it to be used only by those you have told about it. But if someone else discovers it, youd be in trouble. Similarly, if a government backdoor were to fall into the wrong hands, cybercriminals, foreign governments or anyone else might also be able to inspect encrypted traffic thereby undermining not only personal privacy, but corporate or national security. It would effectively create a zero-day (i.e. unpatched) vulnerability in the application.
This places application vendors in an invidious position. In response to growing privacy concerns in recent years, more vendors have implemented encryption to secure their customers communications. Theyre unlikely to be happy about switching to a snoopable form of encryption as illustrated by the stand-off between Apple and the FBI last year.
A blanket ban on encryption would be just as dangerous. Law-abiding citizens and organisations would seek to comply with such legislation compromising their privacy. But cybercriminals would either make use of encryption capabilities developed in another country (i.e. beyond the reach of the UK government), or implement encryption for themselves.
Theres an inherent tension between privacy and security. This isnt going to disappear, although the emphasis may shift depending on the geo-political situation and security context at any given time. Theresa May must surely be conscious of the fact that theres no way to restrict the use of encryption to honest, law-abiding citizens. However, at the same time, the government has made it clear that it wants organisations in the UK to protect themselves from cybercriminals and other would-be intruders. There are steps organisations can take to do this such as running fully updated software, performing regular security audits on their website code and penetration testing their infrastructure. However, since no company can guarantee 100 per cent that its systems will not be breached, encryption is essential to ensure that such a breach doesnt result in the loss of sensitive information. The best way for organisations to combat cyber-attacks is by putting in place an effective cyber-security strategy before the company becomes a target.
Continue reading here:
Encryption And Its Role In National Security - ISBuzz News
TechNet to Hill: Query FBI Nominee on Encryption – Broadcasting & Cable
TechNet wants Congress to grill President Donald Trump's new FBI director nominee on issues like privacy and encryption.
President Trump signaled Wednesdaythat he plans to nominate Christopher Wray, a partner at international law firm King & Spalding, as new FBI director.
That announcement came only a day before his fired FBI director, James Comey, is scheduled to testify before the Senate Intelligence Committee, which some Democrats were seeing as an attempt to distract attention from the run-up to Comey's testimony.
Reacting to the news, TechNet, representing tech CEOs and top execs, signaled because of the increasing interaction of the FBI and their industry, Congress needed to get his input on those issues.
Comey and the tech industry crossed paths, and to some degree swords, over the issue of government access to encrypted information, notably in the case of an Apple phone the FBI wanted to access in its investigation of the San Bernardino shooting.
With the nomination of Christopher Wray as Director of the FBI, the responsibility now falls on the United States Senate to ensure the nominee will do everything in his power to protect the American people and uphold the rule of law, said TechNet president Linda Moore. Because of the FBI's increasing engagement with the technology industry, this confirmation process must explore Mr. Wrays views on digital privacy rights, encryption technologies, and needed reforms to the Electronic Communications Privacy Act that account for modern advances in cloud computing"
TechNet executive council members include Microsoft President Brad Smith and Apple general Counsel Bruce Sewell.
Here is the original post:
TechNet to Hill: Query FBI Nominee on Encryption - Broadcasting & Cable
Encryption leaves authorities ‘not in a good place’: Former US intelligence chief – ZDNet
James Clapper at a Senate intelligence committee hearing in February. (Image: file photo)
James Clapper, Barack Obama's former director of National Intelligence, has said the issue of criminals and terrorists going dark by using end-to-end encrypted systems is causing issues in the United States.
"The so-called going dark phenomenon -- a situation that was dramatically accelerated by the Snowden revelations -- in our country, I don't think we're in a good place here," Clapper said at the National Press Club on Wednesday.
"I think there needs to be a very serious dialogue about giving criminals, terrorists, rapists, murderers, etcetera, a pass."
Clapper said he hopes technology giants will use the creativity and innovation that made the iPhone and turn it to a form of encryption that simultaneously protects privacy while allowing authorities to access its content, but he had no answers to offer himself.
"One of the approaches that might have promise, I don't know, would be circle back on a system of key escrow where not one party necessarily would have the keys to the kingdom from an encryption standpoint," he said.
"Where there might be three independent, separate, autonomous elements that would have to prove the provision of encryption in order to solve a crime or detect a terrorist attack, for example.
"We had some discussions about that in the waning days of the Obama Administration. I'm not a techie, but that appears to me to have some promise."
The former director of National Intelligence also said there is no single correct answer to the issues of whether intelligence agencies should disclose vulnerabilities in software to vendors, or use them to collect information.
In recent days, political leaders in the United Kingdom and Australia have called on social media companies and tech giants -- labelled by Australian opposition leader Bill Shorten as Big Internet -- to help provide access to encryption. It is an idea that Clapper is backing, particularly after a meeting with executives from Silicon Valley at the White House approximately 18 months ago.
"I was struck by the interest that the companies have in helping," he said. "I do think there is a role to play here in some screening and filtering of what appears in social media.
"I know this is a very sensitive, controversial issue, but in the same way that these companies very adroitly capitalise on the information that we make available to them and exploit it, it seems that that same ingenuity could be applied in a sensitive way to filtering out or at least identifying some of the more egregious material that appears on social media.
"I do think that as part of their social or municipal responsibility that they need to cooperate and if that means under some safeguarded way that they would have confidence in ... that law enforcement particularly, would be allowed access to encryption.
"I hear the argument about if you share once with one person and it's forever compromised -- I'm not sure I really buy into that."
Talking to ABC radio on Wednesday morning, Special Adviser to the Prime Minister on Cybersecurity Alastair MacGibbon stepped away from some of the rhetoric used by Australian politicians this week.
"The Australian government -- in fact, all governments with an interest in the safety of the public -- like encryption. End-to-end encryption helps reduce criminality against individuals, against governments and against business," MacGibbon said.
"But there's no absolutes. Clearly, encryption causes problems if you're investigating criminals or terrorists."
MacGibbon dismissed the issue of intelligence agencies using encryption backdoors to access communication content, and instead said investigations might be interested in a user's metadata and working with industry to solve crimes.
"No one is talking about back doors here," he said. "But as a police officer you'd execute search warrants. From time to time we do expect our privacy to be breached, but most of us don't ever have that privacy breached."
"And we need to take that same logic into the online space. That means, from time to time, you'd expect a law enforcement agency to break in to a private communication or to something that happens online."
MacGibbon said that regardless of whether it is a bus or an internet service, the public expects that service providers do not allow criminals or terrorists to abuse the service.
"There's nothing extreme about that. That's just what we expect offline and we should have that same philosophy online."
See the original post here:
Encryption leaves authorities 'not in a good place': Former US intelligence chief - ZDNet
OP-ED: Diluting encryption is more trouble than its worth – CitiBlog (blog)
In the early 1990s, the USs National Security Agency developed the so-dubbed Clipper Chip. This was intended as a backdoor bypassing encryption to allow the United States government to intercept messages.
The concept intended to use an outlet called key escrow, where specialist government encryption chips unique to each device could intercept data as and when the government requested it. Very quickly, however, the concept ran aground.
In a simple explanation, the project was defunct within a few years of the US government trumpeting its development and despite both the George H.W. Bush and Bill Clinton administrations touting its potential. Noted computer security researcher Matt Blaze discovered a serious flaw in the chips security features, while many US citizens raised concerns about privacy and the chips vulnerability eventually lead to the concept being shelved altogether.
Twenty-something years may have seen technologys advances become ever-more sophisticated and several political shifts occur in the interim, but a lot of the arguments in the debate over encryption remain the same. It has also played out in debates in the West on whether or not the more open Internet can be reconciled with security, and whether or not encryption can ever be breached just for one individuals communications.
Last year, the debate on encryption was a big story in the United States. Apple and the FBI were involved in a long-running argument in data on an iPhone 5C recovered from the site of a mass shooting in California at the end of 2015.
That case eventually went away after months of debate, with the Washington Post alleging that the FBI ultimately recruited some professional hackers to break into the phone on their behalf. But it lead to an interesting debate along the way on the ubiquity of encryption, and the impracticality of whether or not it simply can be breached for one phone.
In the last few decades, the incorporation of encryption in communication can be seen everywhere online. Internet communications all use it on some level, and strong encryption allows things we take for granted, like online shopping, banking, e-mail, accessing health records or credit scorers, and the majority of all messaging apps, with some of the big examples being WhatsApp, Telegram and Facebook Messenger.
Apples argument in the case last year, which is backed by the majority of technology companies and people in the computing industry, is that it is not technically possible to breach one device using its operating system without creating a vulnerability that affects every phone using a set Apple operating system. It is not inconceivable that if such a vulnerability was created, it may well end up in the hands of hackers, and furthermore, that after being asked to just use it once, there would be repeated requests for more use.
The encryption debate has had a curious recent demonstration when a coded hack of the older Windows XP by the NSA ended up in the hands of hackers, who duly ended up unleashing it worldwide on unprotected XP systems used by such diverse people as Britains NHS, the German rail network, Spanish phone giant Telefonica, FedEx, the Russian Interior Ministry, and several locations in Asia.
It may well be that the majority of computers turned out to be more secure than billed in the initial hack, and that Microsofts decision to stop supporting XP in 2014/15 did not help, but its highly unlikely even risking incidents like this happening with their newer technology would be a sell for technology companies to their users or shareholders.
Nevertheless, the encryption argument is still being made. Its presence has been heardahead of this weeks UK election, which is coming in the wake of repeated terrorist atrocities in Europe, including Saturdays awful events in London Bridge and adjacent Borough Market.
Arguments over encryption have long been bought up by the Conservative Party in arguing that strong encryption enables terrorists to hide their secrets, but the arguments have been more focused of late. In this year, they were bought up by Home Secretary Amber Rudd in March in the wake of the Westminster Bridge attacks, and calls to lower encryption surfaced again after Manchester & London Bridge.
The problem with the encryption debate as far as the Tory Party argues it is the question of motivation. Namely, how much of what is motivating them to make the argument over ending encryption is to keep British citizens safe from terror, and how much of their motivation is because they wanted to weaken encryption anyway.
In their manifesto, which was released before the two most recent attacks, the Conservatives pledged to toughen up internet regulation in such a way that technology journalists and experts compared their proposals to the so-dubbed Great Firewall of China in effect, the method where China seals its internet users in a self-contained corner of cyberspace.
The talk directed towards the likes of Facebook was either comply or be banned, which wouldnt be a great advert for the UKs attempts to position itself at the forefront of technical innovation, and given the ready availability of proxy or VPN networks, may not succeed anyway. In all truth, what would also happen for the counter-terror squad is that they would have to sift through thousands and thousands of messages to find the ones theyre looking for, and those looking to keep their messages encrypted will most likely find new apps to use anyway when the ones they were using have backdoors added.
In the governments defence, the argument on encryption is not a black and white issue, and technology companies can do more to help the fight against the spread of extremist ideology online. It is also true the likes of Facebook and Google do hold severe unchecked power over the world power that has grown massively in the last 10-20 years, and which seems to continue without stopping.
But the idea that encryption is to be the fall guy when everyday consumers rely on these tools to keep their personal data safe and to use the internet in confidence, and that the internet can be replaced by a state-regulated version, is not really a strategy thats ultimately going to work.
It is true the counter-terror plans need new options to reduce and eventually end the threat posed by groups like ISIS. But broadly speaking, weakening encryption is an easy idea to pitch, but too hard a one to really make work for the goals intended for it.
Read more from Charles Crook
Read this article:
OP-ED: Diluting encryption is more trouble than its worth - CitiBlog (blog)
Krypt.co scores a $1.2M seed round to simplify developer encryption … – TechCrunch
TechCrunch | Krypt.co scores a $1.2M seed round to simplify developer encryption ... TechCrunch Krypt.co, a new security startup founded by two former MIT students and one of their professors, is launching today with a free product called Kryptonite,.. |
Read the original:
Krypt.co scores a $1.2M seed round to simplify developer encryption ... - TechCrunch
We want to limit use of e2e encryption, confirms UK minister – TechCrunch
TechCrunch | We want to limit use of e2e encryption, confirms UK minister TechCrunch The UK government has once again amped up its attacks on tech platforms' use of end-to-end encryption, and called for International co-operation to regulate the Internet so that it cannot be used as a safe space for extremists to communicate and ... Theresa May's repeated calls to ban encryption still won't work Government again takes aim at encryption after terrorists shake London Theresa May wants social media companies to create controversial 'backdoors' for police |
See the rest here:
We want to limit use of e2e encryption, confirms UK minister - TechCrunch
Hungary’s CryptTalk boosted by encryption controversy – Financial Times
In his modest office in one of Budapests innovation parks, Szabolcs Kun reels off an eclectic list of clients: law firms, commodity traders, television celebrities and dealers in gemstones and precious metals.
Oh, and we recently got an inquiry from a top European football club, he adds.
All want the same thing: completely secure telephone calls.
Football club managers are like commodity traders: both deal in very expensive goods and have to negotiate [by phone], says Mr Kun, a 34-year-old IT entrepreneur, whose start-up CryptTalk is one of the products making a name for itself in Hungarys growing technology sector.
It was energy traders in Hungary who, in 2010, first alerted Mr Kun to the increasing threat of phone tapping. They found prices would mysteriously move against them after agreeing a deal on the phone, he says.
Mr Kun and Attila Megyeri, his business partner, were experienced telecommunications engineers. As more clients found evidence of eavesdropping, they turned their attention to security when communicating by telephone.
They wanted to provide a software solution, so that customers would not need to buy a second phone or additional gadget to increase security.
Even more importantly they wanted to make sure the software did not have a so-called back door that would allow governments or hackers to circumvent security measures. Traditional telecom providers typically offer secure telephony and call encryption through a central server, which generates and stores encryption keys.
This is legally mandated so the secret services can monitor calls [when justified], says Mr Kun. But it is also a back door into your system. Even if [it exists] for good control purposes, that door can be opened by the bad guys, for industrial espionage.
To circumvent this risk, the pair used so-called peer-to-peer encryption, whereby calls and messages are scrambled from handset to handset using software based on a complex algorithm. This generates an encryption code shared only between caller and receiver.
The Achilles heel of such systems is the delay in calls typically of two seconds duration that is caused by the encryption-decryption process and can frustrate users. With their specialist knowledge of telephony and many hours of hard work, Mr Kun and his partner eliminated this lag.
The two founders have won backing from a clutch of private investors to finance their vehicle, Arenim Technologies. Angel investors are still the most common way for Hungarian start-ups to raise funding, with 37 per cent of start-ups using this route for finance, according to the European Startup Monitor, a study conducted by start-up associations around Europe.
Arenim was registered in Stockholm while the development team remained in Budapest.
After a long review, we chose Sweden. It has the best privacy laws...Its where the rights to free speech and such stuff are important, Mr Kun says.
Sweden also has more liberal export regulations than Hungary, where licences are needed to sell security software outside the EU.
Designed to work with Apples iPhone, they quietly launched their CryptTalk app in 2014.
This is a solution with no back door, without any special hardware and, very importantly, even we, the vendors, cannot decrypt calls made using CryptTalk, Mr Kun says. If my engineer goes crazy, or gets a big offer from a bad guy heres $1m, but help me [eavesdrop] even in that situation, CryptTalk cannot be hacked.
Two audits undertaken by NCC Group, a UK-based cyber security and risk mitigation company, in 2015 and 2017, support this claim.
CryptTalk was found to be secured to a very good standard and no practically exploitable vulnerabilities were found, NCC wrote.
Commercial progress, though, has been modest: CryptTalk has attracted 15,000 users, half from within Hungary, with revenues last year totalling 0.4m. Prices start from 19.99 per month for a subscription.
Gyuri Karady, Arenims business development director, says that a slow start is typical for a new product like this. He argues that businesses, while spending huge sums on computer security, typically fail to show the same concern over their phone calls.
Most corporates dont seem to have caught on that they are at risk, he says.
Arenim Technologies 25 staff are now focused on launching an Android-based version of CryptTalk later this year, followed by a drive for international sales.
CryptTalk was at the centre of controversy in March last year when, as part of Hungarys war on terror, a government official threatened to ban secure communications providers, including CryptTalk, for thwarting eavesdropping operations.
In an ironic twist, the very same week the Hungarian Innovation Association a state-supported body championed by the government awarded the annual prize for start-up innovation to Arenim Technologies in recognition of CryptTalk.
The hubbub died down after the government decided not to enact the ban.
Mr Kun says he is willing to co-operate on legitimate security concerns with any state including, if necessary, closing a users account. But, he says: So far, [we have had] zero official request from authorities or governments of any kind to co-operate with them or provide them data.
Publicity surrounding the governments threat to CryptTalk last year had a positive effect on sales. Extensive media coverage in the region and globally, led to a surge in users, which jumped 20 per cent from 8,000 to 9,600 in one month.
It shows the Hungarian government does support start-ups, says Mr Kun. We couldnt have paid for this [kind of] marketing.
See the original post:
Hungary's CryptTalk boosted by encryption controversy - Financial Times