Category Archives: Encryption
How have ARM TrustZone flaws affected Android encryption? – TechTarget
Google received a lot of praise for the security improvements in Android N, but some security experts have taken...
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Google to task over what they claim are shortcomings with Android N encryption. What are the issues with Android N's encryption scheme?
Encryption is the cornerstone of information security, yet it is notoriously difficult to implement well, particularly on desktops and mobile devices used by non-tech-savvy users. Ease of use, speed and data recovery all need to be balanced against robust encryption.
The two main technologies for meeting these requirements are full disk encryption (FDE) and file-based encryption (FBE). FBE only encrypts selected folders or files, which remain encrypted until the user chooses to access them by providing the correct credentials. FDE encrypts the entire contents of a device's hard drive, so if the device is lost or stolen, or the drive is placed into another device, all the data remains protected. However, once a user unlocks their device, none of the data is protected, as the entire contents of the drive will have been decrypted. While desktop computers are regularly turned off, most mobile devices are left on indefinitely, leaving sensitive data decrypted and potentially accessible to unauthorized users.
Since Android version 5.0, Android devices have had FDE enabled by default. This is based on the Linux kernel subsystem dm-crypt, a widely used and robust encryption scheme. But, like every encryption scheme, it is only as strong as the key used to encrypt the data.
An independent researcher, Gal Beniamini, posted an exploit code that breaks Android's FDE on devices running on Qualcomm chips by leveraging weaknesses in the chips' design.
ARM TrustZone is a system-on-a-chip and CPU system-wide approach to security that supports a Trusted Execution Environment, backed by hardware-based access control, which cannot be interfered with by less trusted applications or the operating system.
Android's Keystore Keymaster module is intended to assure the protection of cryptographic keys generated by applications, and it runs in the ARM TrustZone. It contains the device encryption key (DEK) used for FDE, which is further protected through encryption with a key derived from the user's unlock credentials. This key is bound to the device's hardware through the intermediate Keymaster signature. This means all cryptographic operations have to be performed directly on the device itself by the Keymaster module, thus preventing off-device brute force attacks.
However, as the key derivation process is not truly hardware-bound, the Keymaster signature is stored in software instead of hardware, and is directly available to the TrustZone. This makes Android's FDE only as robust as the ARM TrustZone kernel or Keymaster module.
Beniamini's previous blog posts have shown that applications that run in the TrustZone in Android devices using Qualcomm chips can be reverse-engineered. By reverse-engineering the Keymaster module and leveraging two ARM TrustZone kernel vulnerabilities he discovered, Beniamini developed an off-device exploit to decrypt the DEK. No longer restricted to a limited number of password attempts, the user's credentials can be brute forced by passing them through the key derivation function until the resulting key decrypts the stored DEK. Once the DEK is decrypted, it can be used to decrypt the entire drive, breaking Android's FDE scheme. The attacker can also downgrade a patched device to a vulnerable version to extract the key.
This flaw makes Android's FDE implementation far weaker than Apple's, which has encryption keys that are properly bound to the device's hardware, and which are never divulged to software or firmware. This means an attacker must brute force an iOS user's password on the device. This requires overcoming the on-device protections, like delays between decryption attempts and wiping user data after so many failed attempts. Android devices, on the other hand, perform encryption using keys which are directly available to the ARM TrustZone software.
Poor implementation is usually the weak point in any encryption technology. While the two ARM TrustZone vulnerabilities used by Beniamini, CVE-2015-6639 and CVE-2016-2431, have been patched, many devices remain susceptible to the attack because they have yet to receive the patches. This is a constant problem that plagues Android devices due to restrictions and delays created by manufacturers or carriers that prevent end users from receiving or installing the updates they release.
Read about the new memory protection features in the Linux kernel on Android OS
Learn about the security features in the Samsung Knox platform
Find out the differences between symmetric and asymmetric encryption types
See the rest here:
How have ARM TrustZone flaws affected Android encryption? - TechTarget
Keeping the enterprise secure in the age of mass encryption – Information Age
By automatically discovering every key and certificate generated by your organisation as they are created, and integrating this data into security tools, you can finally shine a light on encrypted tunnels
Organisations have always been told that strong encryption is their friend. When applied to internet traffic, encryption secures the connection between user and website, locking the bad guys out and foiling the hijackers attempting to spoof legitimate sites or eavesdrop on communications.
So when Mozilla recently revealed that the majority of web pages loaded by Firefox used the secure HTTPS protocol, it seemed like a good news day for information security. Naturally, the story is far more complex than that.
The truth is that the hackers are getting increasingly adept at hiding in these encrypted tunnels which disguises their attacks from even the best defences. For example, roughly 90% of CIOs have already been attacked, or expect to be, by hackers hiding in encrypted traffic.
>See also:Enterprises using IoT arent securing sensitive data Thales
Businessesurgently need to improve their management of encrypted tunnels, or they risk compromising the effectiveness of our cyber security defences. But for that to happen, organisations must first gain visibility and control over their expansive estates of digital keys and certificates.
These keys and certificates are the cryptographic assets that form the foundation of encryption, allowing machines to identify each other in the same way usernames and passwords work for human users.
CISOs do not accept having limited visibility over identity and access management for all their users the same rigorous oversight needs to be extended to keys and certificates.
The growth of HTTPS is both a positive and negative thing. Encryption is the primary tool used to keep internet transactions out of the reach of prying eyes, and weve seen increased adoption over the past few years, partly driven by revelations of mass state surveillance exposed by NSA whistleblower Edward Snowden.
HTTPS protects the sensitive data of hundreds of millions of users around the world, offering protection against man-in-the-middle attacks and attackers looking to spoof trusted sites.
Encrypted traffic is beginning to become the norm, rather than the exception, and a survey from this years RSA Conference showed that this trend will continue: two-thirds (66%) of attendees said that their organisation is planning to increase encryption usage.
>See also:Who owns your companys encryption keys?
But what happens when a hacker manages to get into encrypted traffic? This is not a hypothetical problem a third (32%) of security professionals at RSA said that they are either not confident or have only 50% confidence in their organisations ability to protect and secure encrypted communications.
And once a hacker does get into encrypted traffic it will offer the same protections, but this time against the organisations security tools. Intrusion detection and prevention systems, firewalls and similar tools are rendered useless, unable to inspect the traffic going in and out of the organisation.
A hacker could hide malware or web exploits from these tools to launch an attack and then use the encrypted tunnel to ferry stolen data out again.
The problem ultimately boils down to the digital keys and certificates that form the Internets base of cyber security and trust. Today, this system is used to secure everything from online banking to mobile apps and the Internet of Things (IoT). Theres just one problem: our foundation is built on sand.
The volume of keys and certificates has exploded over recent years, thanks to virtualisation and the growth in mobile devices, cloud servers and now the IoT. Everything with an IP address depends on a key and certificate to create a secure connection.
>See also:Network security doesnt just begin and end with encryption
But organisations simply cant keep track of this explosive growth, often leaving them unsecured and managed manually. This has allowed cyber criminals to sneak in and use unprotected keys and certificates for their own ends.
The problem will only get worse as the number of IoT devices grows. Gartner recently claimed 8.4 billion connected devices will be in use globally by the end of 2017, up 31% from 2016, and reach a staggering 20.4 billion by 2020.
Additionally, half of the organisations Venafi polled last year said they saw key and certificate usage grow by over 25%. And one in five claimed it had increased by more than 50%.
As keys and certificates grow, so do the opportunities for the hackers. But there is hope. If were able to provide our security tools with the all-important keys, then they can open up and inspect encrypted traffic to ensure it doesnt contain anything malicious.
This is easier said than done; especially given the hundreds of thousands of keys and certificates a typical organisation must manage. New keys and certificates are retired and created every day.
What organisations need is centralised intelligence and automation system. This will ensure that all security tools are provided with a continuously updated list of all the relevant keys and certificates they need in order to inspect encrypted traffic.
>See also:Keys to the castle: Encryption in the cloud
By automatically discovering every key and certificate generated by your organisation as they are created, and integrating this data into security tools, you can finally shine a light on encrypted tunnels.
The result? IT leaders will not only benefit from improved resilience from cyber attacks, data breaches and the like, but also finally gain full value from their technology investments.
With encrypted traffic growing all the time and 85% of CIOs expecting criminal misuse of keys and certificates to get worse, businessescant afford to hang around.
Sourced byKevin Bocek, chief cyber-security strategist atVenafi
Nominations are now open for theTech Leaders Awards 2017, the UKs flagship celebration of the business, IT and digital leaders driving disruptive innovation and demonstrating value from the application of technology in businesses and organisations. Nominating is free and simply: just click here to enter. Good luck!
More here:
Keeping the enterprise secure in the age of mass encryption - Information Age
Encryption FAQs
1. What is an encryption registration? How long does it take to receive a response from BIS for my encryption registration?
2. Who is required to submit an Encryption Registration, classification request or self-classification report?
3. What are my responsibilities for exporting or re-exporting encryption products where I am not the producer?
4. What should I do if I cannot obtain the encryption registration Number (ERN) or the Export Control Classification Number (ECCN) for the item from the producer or manufacturer?
5. Can a third-party applicant submit an encryption registration and self-classification report on my behalf?
6. How do I report exports and reexports of items with encryption?
7. Can I export encryption technology under License Exception ENC?
8. What is non-standard cryptography?
9. How do I complete Supplement No. 5 if I am a law firm or consultant filing on behalf of a producer of encryption items?
10. What if you are not the producer of the item or filing directly on behalf of the producer (e.g., law firm/consultant)?
11. What do I need to submit with an encryption commodity classification request in SNAP-R?
12. Is Supplement No. 6 to Part 742 required for obtaining paragraph 740.17(b)(1) authorization?
13. How do I submit a Supplement No. 8 Self-Classification Report for Encryption Items?
14. When do I file Supplement No. 8 Self-Classification Report for Encryption Items?
15. What is Note 4?
16. I have an item that was reviewed and classified by BIS and made eligible for export under paragraph (b)(3) of License Exception ENC in 2009. The encryption functionality of the item has not changed. This item is now eligible for self-classification under paragraph (b)(1) of License Exception ENC. What are my responsibilities under the new rule?
17. When do I need a deemed export license for encryption technology and source code?
18. Does the EAR definition of "OAM" include using encryption in performing network security monitoring functions?
1. What is an Encryption Registration? How long does it take to receive a response from BIS for my Encryption Registration?
Encryption registration is a prescribed set of information about a manufacturer and/or exporter of certain encryption items that must be submitted to the Bureau of Industry and Security as a condition of the authorization to export such items under License Exception ENC or as mass market items.
Advance encryption registration is required for exports and reexports of items described in paragraphs 740.17(b)(1), (b)(2), and (b)(3) and paragraphs 742.15(b)(1), and (b)(3) of the Export Administration Regulations (EAR). Registration is made through SNAP-R by submitting the questionnaire set forth in Supplement No. 5 to part 742 of the EAR (point of contact/company overview/types of products/ etc.). Registration of a manufacturer authorizes the manufacturer as well as other parties to export and reexport the manufacturers encryption products that the manufacturer has either self-classified or has had the items classified by BIS, pursuant to the provisions referenced above. A condition of the authorization is that the manufacturer must submit an annual self-classification report for relevant encryption items.
How long does it take to receive a response from BIS for my encryption registration?
Once you have properly registered with BIS, the SNAP-R system will automatically issue an Encryption Registration Number (ERN), e.g., R123456, upon submission of a request. BIS estimates that the entire registration procedure should take no more than 30 minutes.
2. Who is required to submit an encryption registration, classification request or self-classification report?
Any party who exports certain U.S.-origin encryption products may be required to submit an encryption registration, classification request and/or self-classification report; however, if a manufacturer has registered and has self-classified relevant items and/or had items classified by BIS, and has made the classifications available to other parties such as resellers and other exporters/reexporters, such other parties are not required to register, to submit a classification request, or to submit an annual self-classification report.
3. What are my responsibilities for exporting or re-exporting encryption products where I am not the product manufacturer?
Exporters or reexporters that are not producers of the encryption item can rely on the Encryption Registration Number (ERN), self-classification report or CCATS that is published by the producer when exporting or reexporting the registered and/or classified encryption item. Separate encryption registration, commodity classification request or self-classification report to BIS is NOT required.
Please continue to the next question if the information is not available from the producer or manufacturer.
4. What should I do if I cannot obtain the Encryption Registration Number (ERN) or the Export Control Classification Number (ECCN) for the item from the producer or manufacturer?
If you are not the producer and are unable to obtain the producers information or if the producer has not submitted an encryption registration, self-classification report or commodity classification for his/her products to BIS, then you must register with BIS. The registration process will require you to submit a properly completed Supplement No. 5 to part 742 and subsequent Supplement No. 8 Self Classification Report for the products. You will receive an ERN for the registered products or CCATSs as appropriate. BIS recognizes that non-producers who need to submit for encryption registration may not have all of the information necessary to complete Supplement No. 5 to part 742. Therefore, special instructions have been included in Supplement No. 5 to account for this situation.
For items described in Part 740.17(b)(2) and (b)(3) or Part 742.15(b)(3) that require the classification by BIS, the non-producer is required to submit as much of the technical information required in Supplement No. 6 to part 742 - Technical Questionnaire for Encryption Items as possible.
5. Can a third-party applicant submit an encryption registration and self-classification report on my behalf?
Yes, special instructions for this purpose are provided in paragraph (r) of Supplement No. 2 to part 748 of the EAR for this purpose. The information in block 14 (applicant) of the encryption registration screen and the information in Supplement No. 5 to part 742 must pertain to the company that seeks authorization to export and reexport encryption items that are within the scope of this rule. An agent for the exporter, such as a law firm, should not list his/her name in block 14. The agent however may submit the encryption registration and list himself/herself in block 15 (other party authorized to receive license) of the encryption registration screen in SNAP-R.
6. How do I report exports and reexports of items with encryption?
All reports (i.e., the semi-annual sales report and the annual self-classification report) must be submitted to both BIS and the ENC Encryption Request Coordinator.
An annual self-classification report is required for producers of encryption items described by paragraphs 740.17(b)(1) and 742.15(b)(1) of the EAR. The information required and instruction for this report is provided in Supplement No. 8 to Part 742-Self-Classification Report for Encryption Items. Reports are submitted to BIS and the Encryption Request Coordinator in February of each year for items exported or reexported during the previous calendar year (i.e., January 1 through December 31) pursuant to the encryption registration and applicable sections740.17(b)(1) or 742.15(b)(1) of the EAR. Annual self-classification reports are to be submitted to This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it..
Semi-annual sales reporting is required for exports to all destinations other than Canada, and for reexports from Canada for items described under paragraphs (b)(2) and (b)(3)(iii) of section 740.17. Paragraph 740.17(e)(1(iii) contains certain exclusions from this reporting requirement. Paragraphs 740.17(e)(1)(i) and (e)(1)(ii) contains the information required and instructions for submitted the semi-annual sales reports. The first report is due no later than August 1 for sales occurring between January 1 and June 30 of the year, and the second report is due no later than February of the following year for sales occurring between July 1 and December 31 of the year. Semi-annual sales reports continue to be submitted to: This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it..
7. Can I export encryption technology under License Exception ENC?
Yes, License Exception ENC is available for transfer of encryption technology. Specifically, paragraph 740.17(b)(2)(iv) has been amended to permit exports and reexports of encryption technology as follows:
(A) Technology for "non-standard cryptography". Encryption technology classified under ECCN 5E002 for "non-standard cryptography", to any end-user located or headquartered in a country listed in Supplement No. 3 to this part;
(B) Other technology. Encryption technology classified under ECCN 5E002 except technology for "cryptanalytic items", "non-standard cryptography" or any "open cryptographic interface," to any non-"government end-user" located in a country not listed in Country Group D:1 or E:1 of Supplement No. 1 to part 740 of the EAR.
8. What is non-standard cryptography?
Non-standard cryptography, defined in Part 772 Definition of Terms, means any implementation of cryptography involving the incorporation or use of proprietary or unpublished cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body (e.g., IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, and GSMA) and have not otherwise been published.
9. How do I complete Supplement No. 5 if I am a law firm or consultant filing on behalf of a producer or exporter of encryption items?
The information in Supplement No. 5 to Part 742must pertain to the registered company, not to the submitter. Specifically, the point of contact information must be for the registered company, not a law firm or consultant filing on behalf of the registered company.
10. What if you are not the producer of the item or filing directly on behalf of the producer (e.g., law firm/consultant)?
You may answer questions 4 and 7 in Supplement No. 5 to part 742as not applicable if your company is not the producer of the encryption item. An answer must be give for all other questions. An explanation is required when you are unsure.
11. What do I need to submit with an encryption commodity classification request in SNAP-R?
Encryption commodity classification determinations should be submitted through SNAP-R. Before entering SNAP-R, you should prepare the following supporting documents:
After accessing SNAP-R, fill-in a commodity classification determination request and upload the supporting documents into SNAP-R.
12. Is Supplement No. 6 to part 742 required for paragraph 740.17(b)(1) authorization?
If you are requesting a classification of an item is described in paragraph 740.17(b)(1) (in other words, the item is not described in either Section 740.17(b)(2) or (b)(3)), a Supplement No. 6questionnaire is not required as a supporting document. Provide sufficient information about the item (e.g., technical data sheet and/or other explanation in a separate letter of explanation) for BIS to determine that the item is described in paragraph 740.17(b)(1). If you are not sure that your product is authorized as 740.17(b)(1) and you want BIS to confirm that it is authorized under 740.17(b)(1), providing answers to the questions set forth in Supplement No. 6 to part 742 with your request should provide BIS with sufficient information to make this determination.
13. How do I submit a Supplement No. 8 Self Classification Report for Encryption Items?
The annual self-classification report must be submitted as an attachment to an e-mail to BIS and the ENC Encryption Request Coordinator. Reports to BIS must be submitted to a newly created e-mail address for these reports (This email address is being protected from spambots. You need JavaScript enabled to view it.). Reports to the ENC Encryption Request Coordinator must be submitted to its existing e-mail address (This email address is being protected from spambots. You need JavaScript enabled to view it.). The information in the report must be provided in tabular or spreadsheet form, as an electronic file in comma separated values format (CSV), only. In lieu of email, submissions of disks and CDs may be mailed to BIS and the ENC Encryption Request Coordinator.
14. When do I file Supplement No. 8 Self-Classification Report for Encryption Items?
An annual self-classification report for applicable encryption commodities, software and components exported or reexported during a calendar year (January 1 through December 31) must be received by BIS and the ENC Encryption Request Coordinator no later than February 1 the following year. If no information has changed since the previous report, an email must be sent stating that nothing has changed since the previous report or a copy of the previously submitted report must be submitted.
15. What is Note 4?
Note 4 to Category 5, Part 2 in the Commerce Control List (Supplement No. 1 to part 774) excludes an item that incorporates or uses cryptography from Category 5, Part 2 controls if the items primary function or set of functions is not information security, computing, communications, storing information, or networking, andif the cryptographic functionality is limited to supporting such primary function or set of functions. The primary function is the obvious, or main, purpose of the item. It is the function which is not there to support other functions. The communications and information storage primary function does not include items that support entertainment, mass commercial broadcasts, digital rights management or medical records management.
Examples of items that are excluded from Category 5, Part 2 by Note 4 include, but are not limited to, the following:
16. I have an item that was reviewed and classified by BIS and made eligible for export under paragraph (b)(3) of License Exception ENC in 2009. The encryption functionality of the item has not changed. This item is now eligible for self-classification under paragraph (b)(1) of License Exception ENC. What are my responsibilities under the new rule?
Your item meets the grandfathering provisions set forth in section 740.17(f)(1) of the EAR. You do not need to submit an encryption registration (Supplement No. 5), an annual self-classification report (Supplement No. 8), or semi-annual sales reports for the item.
17. When do I need a deemed export license for encryption technology and source code?
A license may be required in certain circumstances for both deemed exports and deemed reexports. For encryption items, the deemed export rules apply only to deemed exports of technology and to deemed reexports of technology and source code. There are no deemed export rules for transfers of encryption source code to foreign nationals in the United States. This is because of the way that section 734.2 defines exports and reexports for encryption items.
For transfers of encryption technology within the United States, section 740.17(a)(2) of license exception ENC authorizes the export and reexport of encryption technology by a U.S. company and its subsidiaries to foreign nationals who are employees, contractors, or interns of a U.S. company . . . There is no definition of U.S. company in the EAR, however, BIS has interpreted this to apply to any company operating in the United States. This means that deemed export licenses are generally not required for the transfer of encryption technology by a company in the U.S. to its foreign national employees. A deemed export license may be required if, for example, a company operating in the U.S. were to transfer encryption technology to a foreign national who is not an employee, contractor, or intern of a company in the United States. License exception ENC does not authorize deemed exports or reexports to any national of a country listed in Country Group E:1.
For deemed reexports, the end-user would have to be an employee, contractor, or intern of a U.S. Subsidiary for 740.17(a)(2) to apply, or a private sector end-user headquartered in a Supplement 3 country for 740.17(a)(1) to apply. The term contractor in this context means a contract employee (i.e., a human person). License exception ENC does not authorize deemed exports or reexports to any national of a country listed in Country Group E:1.
Also note that as of June 25, 2010, encryption technology (except technology for cryptanalytic items, Open Cryptographic Interface items, and non-standard cryptography) that has been reviewed is eligible for license exception ENC to any non-government end user located outside of Country Group D:1. Also, encryption source code that has been reviewed by BIS and made eligible for license exception ENC under 740.17(b)(2) is eligible for export and reexport to any non-government end-user. Thus encryption technology and source code that have been reviewed are eligible for export and reexport to a broader range of end-users than 740.17(a) allows. Again, section 740.17 does not authorize deemed exports or reexports to any national of a country listed in Country Group E:1.
18. Does the EAR definition of "OAM" include using encryption in performing network security monitoring functions?
No. The definition of "OAM" includes "monitoring or managing the operating condition or performance of an item." BIS does not consider network security monitoring or network forensics functions to be part of monitoring or managing operating condition or performance.
The phrase "monitoring or managing the operating condition or performance of an item" is meant to include all the activities associated with keeping a computer or network-capable device in proper operating condition, including: configuring the item; checking or updating its software; monitoring device error or fault indicators; testing, diagnosing or troubleshooting the item; measuring bandwidth, speed, available storage (e.g. free disk space) and processor / memory / power utilization; logging uptime / downtime; and capturing or measuring quality of service (QoS) indicators and Service Level Agreement-related data.
However, the "OAM" definition does not apply to cryptographic functions performed on the forwarding or data plane, such as: decrypting network traffic to reveal or analyze content (e.g., packet inspection and IP proxy services); encrypting cybersecurity-relevant data (e.g., activity signatures, indicators or event data extracted from monitored network traffic) over the forwarding plane; or securing the re-transmission of captured network activity.
Thus, products that use encryption for such network security monitoring or forensics operations, or to provision these cryptographic services, would not be released by the OAM decontrol notes (l) or (m), or the Note to 5D002.c.
Similarly, the "OAM" decontrol does not apply to security operations directed against data traversing the network, such as capturing, profiling, tracking or mapping potentially malicious network activity, or "hacking back" against such activity.
Back to top
Go here to read the rest:
Encryption FAQs
Apple iOS 10.3 will introduce encryption which makes it MORE difficult for cops and spooks to crack into ISIS nuts … – The Sun
Tech giant risks angering security services by toughening up the system which protects information stored on its smartphones
APPLE has launched new software which could make it even more difficult for spies or cops to access data stored on terrorists iPhones.
The tech giant has just announced the release of iOS 10.3, the latest operating system for iPad and iPhone.
Getty Images
It comes fitted with a new file system which will protect the information stored on smartphones using a super tough form of encryptioncalledApple File System (APFS).
This is excellent news for anyone worried about hackers accessing their bank details or other private and potentially compromising information.
But its bad news for investigators who want to get access to the messages stored on suspects gadgets.
Apple famously refused to unlock an iPhone used by the San Bernardino terrorists,who killed 14 people at a Christmas party on December 2 2015.
Encryption is a controversial issue right now, because policeare furious that software like WhatsApp lets terrorists communicate in total secrecy using strong encryption.
The problem lies in the fact that companies like Apple or Facebook, owners of WhatsApp, do not hold master keys which let them crack encryption.
Cops want to get a "backdoor" into suspects' devices and the apps they use to communicate.
However, this could prove disastrous because hackers would potentially be able to exploit the vulnerability.
Apple's new operating system will also introduce new and faster animations designed to make the phone feel snappier to use.
The new file system should also give a speed boost to the phone, as it will allow data to be accessed more quickly.
If you have an iPhone, Apple will automatically ask you to download the software.
You can visit the Apple homepage for more information.
We pay for your stories! Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368
Go here to see the original:
Apple iOS 10.3 will introduce encryption which makes it MORE difficult for cops and spooks to crack into ISIS nuts ... - The Sun
How to Analyze An Encryption Access Proposal – Freedom to Tinker
It looks like the idea of requiring law enforcement access to encrypted data is back in the news, with the UK government apparently pushing for access in the wake of the recent London attack. With that in mind, lets talk about how one can go about analyzing a proposed access mandate.
The first thing to recognize is that although law enforcement is often clear about what result they wantgetting access to encrypted datathey are often far from clear about how they propose to get that result. There is no magic wand that can give encrypted data to law enforcement and nobody else, while leaving everything else about the world unchanged. If a mandate wereto be imposed, this would happen viaregulation of companies products or behavior.
The operation of a mandate would necessarily be a three stage process: the government imposes specificmandate language,which induceschanges in product design and behavior by companies and users, thereby leading toconsequencesthat affect the public good.
Expanding this a bit, we can lay out some questions that a mandate proposal should be prepared to answer:
These questions are important because they expose the kinds of tradeoffs that would have to be made in imposing a mandate. As an example, covering a broad range of devices might allow recovery of more encrypted data (with a warrant), but it might be difficult to write requirements that make sense across a broad spectrum of different device types. As another example,all of the company types that you might regulate come with challenges: some are mostly located outside your national borders, others lack technical sophistication, otherstouchonly a subset of the devices of interest, and so on. Difficult choices aboundand if you havent thought about how you would make those choices, then you arent in a position to assert that the benefits of a mandate areworth the downsides.
To date, the FBI has not put forward any specific approach. Nor has the UK government, to my knowledge. All they have offered in their public statements are vague assertions that a good approach must exist.
If our law enforcement agencies want to have a grown-up conversation about encryption mandates, they can start by offering a specific proposal, at least for purposes of discussion. Then the serious policy discussion can begin.
Go here to see the original:
How to Analyze An Encryption Access Proposal - Freedom to Tinker
Questions for the FBI on Encryption Mandates – Freedom to Tinker
I wrote on Monday about how to analyze a proposal to mandate access to encrypted data. FBI Director James Comey, at the University of Texas last week, talked about encryption policy and his hope that some kind of exceptional access for law enforcement will become available. (Heres a video.) Lets look at what Director Comey said about how a mandate might work.
Here is an extended quote from Director Comeys answer to an audience question (starting at 51:02 in the video, emphasis added):
The technical thing, look, I really do think we havent given this the shot it deserves. President Obama commissioned some work at the end of his Administration because hed heard a lot from people on device encryption, [that] its too hard. [No], its not too hard. Its not too hard. It requires a change in business model but it is, according to experts inside the U.S. government and a lot of people who will meet with us privately in the private sector, no one actually wants to be seen with us but we meet them out behind the 7/11, they tell us, look, its a business model decision.
Take the FBIs business model. We equip our agents with mobile devices that I think are great mobile devices and weve worked hard to make them secure. We have designed it so that we have the ability to access the content. And so I dont think we have a fatally flawed mobile system in the FBI, and I think nearly every enterprise that is represented here probably has the same. You retain the ability to access the content. So look, one of the worlds I could imagine, I dont know whether this makes sense, one of the worlds I could imagine is a requirement that if youre going to sell a device or market a device in the United States, you must be able to comply with judicial process. You figure out how to do it.
And maybe that doesnt make sense, absent an international component to it, but I just dont think we, and look, I get it, the makers of devices and the makers of fabulous apps that are riding on top of our devices, on top of our networks, really dont have an incentive to deal with, to internalize the public safety harm. And I get that. My job is to worry about public safety. Their job is to worry about innovating and selling more units, I totally get that. Somehow we have to bring together, and see if we cant optimize those two things. And really, given my role, I should not be the one to say, heres what the technology should look like, nor should they say, no I dont really care about that public safety aspect.
And what I dont want to have happen, and I know you agree with me no matter what you think about this, now I think youre going to agree with what Im about to say, is we cant have this conversation after something really bad happens. And look, I dont want to be a pessimist, but bad things are going to happen. And even I, the Director of the FBI, do not believe that we can have thoughtful conversations about optimizing things we care about in the wake of a serious, serious attack of any kind.
The bolded text is the closest Director Comeycame to describing how he imagines a mandate working.He doesnt suggest that its anything like a complete proposaland anyway that would be too much to ask from an off-the-cuff answer to an audience question. But lets look at what would be required to turn it into a proposal that can be analyzed. In other words, lets extrapolate from Director Comeys answerand try to figure out how he and his team might try to build out a specific proposal based onwhat he suggested.
The notional mandate would apply at least to retailers (if youre going to sell or market a device) who sell smartphones to the public in the United States. That would include Apple (for sales in Apple Stores), big box retailers like Best Buy, mobile phone carriers shops, online retailers like Amazon, and the smaller convenience stores and kiosks that sell cheap smartphones.
Retailers would be required comply with judicial process. At a minimum, that would presumably mean that if presented with a smartphone that they had sold, they could extract from it any data encrypted by the user. Whichdata, and under what circumstances? That would have to be specified, but its worth noting that there is a limited amount the retailer can do to control how auserencrypts data on the device. So unless we require retailers to prevent the installation of new software onto the device (and thereby put app stores, and most app sellers, out of business), there would need to be major carve-outs to limit the mandates reachto include only cases where the retailer had some control. For example, the mandate might apply only to data encrypted by the software present on the device at the time of sale. That could create an easy loophole for users who wanted to prevent extraction of their encrypted data (by installing encryption software post-sale), but at least it would avoid imposing an impossible requirement on the retailer. (Veterans of the 1990s crypto wars will remember how U.S. software products oftenshipped without strong crypto, to comply with export controls, but post-sale plug-ins adding crypto were widely available.)
Other classes of devices, such as laptops, tablets, smart devices, and server computers, would either have to be covered, with careful consideration of how they are sold and configured, or they would be excluded, limiting the coverage of the rule. There would need to be rules about devices brought into the United States by their user-owners, or if those devices were not covered, then some law enforcement value would be lost. And the treatment of used devices would have to be specified, including both devices made before the mandate took effect (which would probably need to be exempted, creating another loophole) and post-mandate devices re-sold by a user of merchant: would the original seller or the re-seller be responsible, and what if the reseller is an individual?
Notice that we had to make all of these decisions, and face the attendant unpleasant tradeoffs, before we even reached the question of how to design the technical mechanism to implement key escrow, and how that would affect the security and privacy interests of law-abiding users. The crypto policy discussion often gets hung up on this one issuethe security implications of key escrowbut it is far from the only challenge that needs to be addressed, and the security implications of a key escrow mechanism are far from the only potential drawbacks to be considered.
Director Comey didnt go to Austin to present an encryption mandate proposal. But if he or others do decideto push seriouslyfor a mandate, they ought to be ableto lay outthe details of how they would do it.
Here is the original post:
Questions for the FBI on Encryption Mandates - Freedom to Tinker
Justice Department anti-terror chief keeps pressing on encryption – Politico (blog)
Acting Assistant Attorney General for National Security Mary McCord said Tuesday that metadata is of limited use in terror probes. | AP Photo
The head of the Justice Departments counterterrorism branch is keeping the pressure on for action to allow investigators to obtain access to encrypted communications.
Acting Assistant Attorney General for National Security Mary McCord said Tuesday that metadata is of limited use in terror probes and the problem the FBI refers to as going dark remains a real problem for law enforcement.
All the metadata in the world cannot replace content when it comes to the short lead time that we have between inception of an attack and committing an attack, McCord told a George Washington University conference on online extremism.
When its that fast, metadata is just not going to answer that.These are the times where encrypted communications and the inability of law enforcement to get into those communications.is so important to find a solution.
McCord praised social media platforms for removing content that seems to fuel radicalization and violates sites terms of service, but she also called on tech companies to explore automated solutions that can prevent such content from appearing even for a brief time on websites.
A daily briefing on politics and cybersecurity weekday mornings, in your inbox.
By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.
I encourage them to put even more effort into automation, machine learning to see if there arent ways to prevent certain contentthe most violent, the most inciteful to terrorism to keep that from ever posting, she said.
The veteran prosecutor said one challenge with takedown systems that require human intervention is that disturbing content can go viral in certain circles very quickly. Once that information spreads on the internet, taking down from one or two sites may be ineffective, she said.
A senior law enforcement official who spoke at the same conference Monday, FBI General Counsel James Baker, said the bureau isnt pushing specific legislation on encryption at the moment but is trying fuel continued public discussion about the costs of encryption.
The Obama administration punted on the contentious encryption issue during its final year in office. The Trump administration has yet to stake out a clear position on the question.
Josh Gerstein is a senior reporter for POLITICO.
Go here to read the rest:
Justice Department anti-terror chief keeps pressing on encryption - Politico (blog)
UK government can force encryption removal, but fears losing, experts say – The Guardian
On Sunday Home Secretary Amber Rudd on Sunday called on organisations like WhatsApp to make sure that they dont provide a secret place for terrorists to communicate with each other. Photograph: Yui Mok/PA
The government already has the power to force technology firms to act as it wants over end-to-end encryption, but is avoiding using existing legislation as it would force it into a battle it would eventually lose, security experts have said.
The Investigatory Powers Act, made law in late 2016, allows the government to compel communications providers to remove electronic protection applied to any communications or data.
On Sunday the Home Secretary Amber Rudd called on organisations like WhatsApp, which is owned by Facebook, to make sure that they dont provide a secret place for terrorists to communicate with each other. Rudd hinted at new legislation if they did not cooperate, despite the existing legislation already allowing the government to force such cooperation.
Alec Muffett, who is a technical advisor and board member for the Open Rights Group, said that using the existing legislation would lead the government into an argument it will lose though they may buy some time forcing people to pay lip-service to it.
Eventually they will lose the battle because they will never (for instance) coerce the global open-source community to comply, Muffett said. Government time and money would be better spent elsewhere pursuing criminals through human means and by building upon metadata than in attempting to combat secure communication across the internet as an abstract entity.
Muffett, who previously worked at Facebook and was the lead engineer for adding end-to-end Encryption to Facebook Messenger, added that actually attempting to enforce the law as it stands would require a massively illiberal and misconceived business case to be thrust upon Facebook/WhatsApp in order to force it to undermine its own security technologies.
It would be an ugly battle, and (win or lose) it would be self-defeating, Muffett said. People would flee a less secure, less competitive Facebook and move to other platforms ones with less cordial government relationships, or with no corporate presence at all.
Antony Walker, the deputy CEO of techUK, added that the existing law already gives the UK a strong range of powers that enable the security services to do their job. He said: This legislation was put in place following an extensive and rigorous process of parliamentary scrutiny focused on ensuring the checks necessary to keep a democratic society secure.
End-to-end encryption is the best defence we have available to keep the data and services we all rely on safe from misuse. From storing data on the cloud to online banking to identity verification, end-to-end encryption is essential for preventing data being accessed illegally in ways that can harm consumers, business and our national security.
Tony Anscombe, senior security evangelist at information security firm Avast, said that any attempt to actually use the powers would be bound to introduce major security vulnerabilities. Banning encryption in order to get to the communications of a select few opens the door to the communications of many, and renders us all less secure and our lives less private, he said.
If you build a backdoor, its there for everybody to access. And if you store that data you collect, even in encrypted form, how secure is it? All these data breaches we hear about show our privacy is regularly being breached by hackers, so the action suggested by the home secretary would only open us all up to further invasions of privacy.
In the initial draft of the investigatory powers bill, the only limits to the governments power to force the removal of electronic protection is a requirement that it consults with an advisory board beforehand, and that any specific obligation must be reasonable and practicable. The technical capability notice can even be issued to people outside the UK, and require them to do, or not to do, things outside the UK.
After technology firms warned that the law could end electronic privacy in Britain, the government made a small concession, promising that no company would be compelled to remove encryption of their own services if it was not technically feasible. It did not, however, provide a definition of technological feasibility.
See more here:
UK government can force encryption removal, but fears losing, experts say - The Guardian
UK targets WhatsApp encryption after London attack – Yahoo News
London (AFP) - The British government said Sunday that its security services must have access to encrypted messaging applications such as WhatsApp, as it revealed that the service was used by the man behind the parliament attack.
Khalid Masood, the 52-year-old Briton who killed four people in a rampage in Westminster on Wednesday before being shot dead, reportedly used the Facebook-owned service moments before the assault.
Home Secretary Amber Rudd told Sky News it was "completely unacceptable" that police and security services had not been able to crack the heavily encrypted service.
For more news videos visit Yahoo View, available now on iOS and Android.
"You can't have a situation where you have terrorists talking to each other -- where this terrorist sent a WhatsApp message -- and it can't be accessed," she said.
Police said Saturday that they still did not know why Masood, a Muslim convert with a violent criminal past, carried out the attack and that he probably acted alone, despite a claim of responsibility by the Islamic State group.
"There should be no place for terrorists to hide," Rudd said in a separate interview with the BBC.
"We need to make sure that organisations like WhatsApp -- and there are plenty of others like that -- don't provide a secret place for terrorists to communicate with each other."
She said end-to-end encryption was vital to cyber security, to ensure that business, banking and other transactions were safe -- but said it must also be accessible.
"It's not incompatible. You can have a system whereby they can build it so that we can have access to it when it is absolutely necessary," she told Sky News.
Rudd said she did not yet intend to force the industry's hand with new legislation, but would meet key players on Thursday to discuss this issue, as well as the "constant battle" against extremist videos posted online.
"The best people -- who understand the technology, who understand the necessary hashtags -- to stop this stuff even being put up, not just taking it down, are going to be them," she told the BBC.
- WhatsApp 'horrified' by attack -
WhatsApp said it was working with British authorities investigating the Westminster attack, but did not specify whether it would change its policy on encrypted messaging.
"We are horrified at the attack carried out in London earlier this week and are cooperating with law enforcement as they continue their investigations," a company spokeswoman told AFP.
US authorities last year fought a legal battle with tech giant Apple to get it to unlock a smartphone used by one of the shooters in a terror attack last year in San Bernardino, California.
The FBI's own experts ended up breaking into the device.
Social media giants are also coming under pressure over extremist content being posted on their sites.
Germany this month proposed imposing fines on social networks such as Facebook if they fail to remove illegal hate speech from their sites.
Google, meanwhile, has faced a boycott by companies whose adverts appeared alongside extremist content on its internet platforms, particularly its video-sharing site YouTube.
See the rest here:
UK targets WhatsApp encryption after London attack - Yahoo News
Critical flaw alert! Stop using JSON encryption | InfoWorld – InfoWorld
A vulnerability in a JSON-based web encryption protocol could allow attackers to retrieve private keys. Cryptography experts have advised against developers using JSON Web Encryption (JWE) in their applications in the past, and this vulnerability illustrates those very dangers.
Software libraries implementing the JWE, or RFC 7516, specification suffer from a classic Invalid Curve Attack, wrote Antonio Sanso, a senior software engineer at Adobe Research Switzerland and part of the Adobe Experience Manager security team. The JSON Web Token (JWT) is a JSON-based open standard defined in the OAuth specification family used for creating access tokens, and JWE is a set of signing and encryption methods for JWT. Developers using JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) are affected.
A quick primer in elliptic curve cryptography is in order to understand the Invalid Curve Attack. ECC is a way to calculate public-private key pairs based on the algebraic structure of elliptic curves over a finite data set. The order of the elliptic curve is big enough that it becomes difficult for an attacker to try to guess the private key. ECDH-E is a key exchange mechanism based on elliptic curves, and it's used by websites to provide perfect forward secrecy in SSL.
The Invalid Curve Attack lets attackers take advantage of a mathematical mistake in the curve's formula to find a smaller curve. Because the order of the smaller elliptic curve is more manageable, attackers can build malicious JWEs to extract the value of the secret key and perform the operation multiple times to collect more information about the key.
The Invalid Curve Attack was first published 17 years ago, and it was described in a 2014 talk on elliptic curve cryptography at Chaos Communication Congress in Hamburg by Tanja Lange, a professor of cryptology at the Netherlands' Eindhoven University of Technology and Daniel J Bernstein, a mathematician and research professor at the University of Illinois at Chicago. The problems have been in the open for a long time, but Sanso found that several well-known libraries using RFC 7516 were vulnerable to the attack.
Developers who rely on libraries go-jose, node-jose, jose2go, Nimbus JOSE+JWT, or jose4 with ECDH-ES should update their existing applications to work with the latest version and make sure they are using the latest version for all new code. The updated version numbers are the following: node-jose v0.9.3, jose2go v1.3, jose4 v0.5.5 and later, Nimbus JOSE+JWT v4.34.2, and go-jose.
"At the end of the day the issue here is that the specification and consequently all the libraries I checked missed validating that the received public key (contained in the JWE Protected Header) is on the curve," Sanso wrote.
The exposed vulnerability was due to a gap in the RFC 7516 specification, and as most implementers would follow the specification directly, they unintentionally introduced the vulnerability into their libraries, said Matias Woloski, CTO and Co-Founder of Auth0, a universal identity platform.
"It's a rare case where the flaw was in the specifications design and not the implementation," Woloski said.
The default Java SUN JCA provider, which comes with Java prior to version 1.8.0_51, is also affected, but later Java versions and the BouncyCastle JCA provider are not. It appears that the latest version of Node.js is immune to this attack, but Sanso warned it was still possible to be vulnerable when using browsers without support for web cryptography.
As part of his research, Sanso set up an attacker application on Heroku. When users clicks on the "recovery key" button on the app, they'll be able to see how the attacker recovers the secret key from the server. The code for demonstration and proof-of-concept are available on GitHub.
Luckily, the impact may be limited, as JWE with ECDH-ES is not widely used.
Developers who decide to go with JWT are trying to avoid having to use server-side storage for sessions, but they wind up turning to wacky workarounds instead of careful engineering, said Sven Slootweg Cryto Coding Collective. With JWE, developers are forced to make decisions on which key encryption and message encryption options to adopt -- a decision that shouldn't be left up to noncryptographers.
"Don't use JWT for sessions," said Slootweg. "The JWE standard is a minefield that noncryptographers shouldn't be forced to navigate."
Instead, developers should stick with sessions, using cookies delivered securely over HTTPS. The library libsodium also offers developers a tried and tested method of using signatures via crypto_sign()andcrypto_sign_open(), or encryption via thecrypto_secretbox()andcrypto_box()APIs.
Library developers and engineers working with security-focused libraries need to make sure they stay up to date with the latest developments, so they can be ready to patch the issues. "The specification designers (often from industry) should be more proactive in engaging the research community to evaluate the security of specifications in a proactive (pre-standardization) instead of reactive way," Woloski said.
More cryptographers need to review software libraries that developers use to make sure the algorithms are implemented correctly. All too often, the people working on the specifications have little to no contact with researchers.
The issue was reported to the JavaScript Object Signing and Encryption working group's mailing list. This advisory also highlights why specifications should never be considered a static document: They must be revisited and updated periodically to reflect any detail that was initially overlooked or changed based on available new information.
"We all seem to agree that an errata [on the specification] where the problem is listed is at least welcomed," Sanso wrote.
See the rest here:
Critical flaw alert! Stop using JSON encryption | InfoWorld - InfoWorld