Encryption

  • CybersecurityFBI wants Congress to mandate backdoors in tech devices to facilitate surveillance

    In response to announcements by Appleand Googlethat they would make the data customers store on their smartphones and computers more secure and safer from hacking by law enforcement, spies, and identity thieves, FBI director James Comey is asking Congress to order tech companies to build their devices with “backdoors,” making them more accessible to law enforcement agencies.Privacy advocates predict that few in Congress will support Comey’s quest for greater surveillance powers.

  • PrivacySocial media firms pledging to keep users anonymous still collect users’ information

    Social media firm Whisperprides itself on offering anonymity in a market where the biggest players are often considered too transparent. Its co-founder, Michael Heyward, a tech entrepreneur, describes the company as “the first completely anonymous social network,” an alternative to Facebookand Twitter. It now emerges that Whisper’s back-end systems that retain digital libraries of texts and photographs sent by users, and in some cases the location information of users.

  • CybersecurityFederally funded cybersecurity center launched

    The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence(NCCoE) initiative has awarded the first federally funded research and development center (FFRDC) contract for cybersecurity to MITRE Corp., a nonprofit established to operate FFRDCs. Cybersecurity professionals will work with stakeholders in government, the private sector, and academia to develop low cost and scalable cybersecurity solutions.

  • CybersecurityU.S. Cyber Command plans to recruit 6,000 cyber professionals, as U.S. mulls offensive cyber strategy

    Last Wednesday, House Intelligence Committee Chairman Mike Rogers (R- Michigan) told reporters that he would like to see the United States adopt a more offensive strategy in cyberspace, but added that the Pentagon, intelligence agencies, and law enforcement must first develop protocols for offensive cyber measures.The following day, U.S. Cyber Command (USCYBERCOM) announced plans to recruit 6,000 cyber professionals and create 133 teams across the country to support the Pentagon in defending the nation’s cyber infrastructure.

  • CybersecurityNew cyber initiative to put Israel’s Beer-Sheva region on the world’s cyber map

    Ben-Gurion University of the Negev is a central component of the new CyberSpark initiative, an ecosystem with all the components which will allow it to attain a position of global leadership in the cyber field. The CyberSpark initiative is the only complex of its type in the world – a government-academic-industry partnership which includes Fortune 500 companies and cyber-incubators, academic researchers and educational facilities, as well as national government and security agencies. The CyberSpark Industry Initiative will serve as a coordinating body for joint cyber industry activities with government agencies, the Israel Defense Force (IDF), and academia.

  • CybersecurityMoving cybersecurity technologies from the lab to the real world more expeditiously

    Through the Department of Homeland Security’s Transition to Practice (TTP) program, cybersecurity technologies developed at Sandia National Laboratories — and at other federal labs — now stand a better chance of finding their way into the real world. The TTP program, spearheaded by DHS Science and Technology Directorate (S&T), helps move federally funded cybersecurity technologies into broader use. Getting research discoveries and new technologies over the so-called “valley of death” — the gap between early, promising research on one side and technology that’s in use on the other — is a pressing need in the national lab community.

  • EncryptionDay of commercially available quantum encryption nears

    If implemented on a wide scale, quantum key distribution technology could ensure truly secure commerce, banking, communications, and data transfer. Los Alamos National Laboratory signs the largest information technology agreement in the lab’s history which aims to bring quantum encryption to the marketplace after nearly twenty years of development at the national-security science laboratory.

  • CybersecurityVirginia welcomes cybersecurity start-ups to a state-backed business accelerator

    Earlier this week, MACH37, a business accelerator for cybersecurity start-ups in Virginia, welcomed a new group of companies one year after it was launched to help establish the state as a hub for cybersecurity firms. The three-month program, funded with state money, offers a $50,000 investment and access to a network of mentors to companies that can turn their ideas into viable businesses.

  • CybersecuritySWAMP: Improving software assurance activities

    The Software Assurance Market Place, or SWAMP, is an online, open-source, collaborative research environment that allows software developers and researchers to test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques.

  • PasswordsSquiggly lines may be the future of password security

    As more people use smart phones or tablets to pay bills, make purchases, store personal information, and even control access to their houses, the need for robust password security has become more critical than ever. A new study shows that free-form gestures — sweeping fingers in shapes across the screen of a smart phone or tablet — can be used to unlock phones and grant access to apps. These gestures are less likely than traditional typed passwords or newer “connect-the-dots” grid exercises to be observed and reproduced by “shoulder surfers” who spy on users to gain unauthorized access.

  • PasswordsLogging in securely without passwords

    Passwords are a common security measure to protect personal information, but they do not always prevent hackers from finding a way into devices. Researchers are working to perfect an easy-to-use, secure login protection that eliminates the need to use a password — known as zero-interaction authentication.

  • PrivacySnowden revelations spur a surge in encrypted e-mail services

    The Edward Snowden revelations about National Security Agency(N.S.A) surveillance programs have fueled a surge of new e-mail encryption services. “A lot of people were upset with those revelations, and that coalesced into this effort,” said the co-developer of a new encrypted e-mail service which launched last Friday. The company notes that its servers are based in Switzerland, making it more difficult for U.S. law enforcement to reach them.

  • EncryptionResearchers crack supposedly impregnable encryption algorithm in two hours

    Without cryptography, no one would dare to type their credit card number on the Internet. Security systems developed to protect the communication privacy between the seller and the buyer are the prime targets for hackers of all kinds, hence making it necessary for encryption algorithms to be regularly strengthened. A protocol based on “discrete logarithms,” deemed as one of the candidates for the Internet’s future security systems, was decrypted by École polytechnique fédérale de Lausann (EPFL) researchers. Allegedly tamper-proof, it could only stand up to the school machines’ decryption attempts for two hours.

  • EncryptionNew algorithm revolutionizes cryptography

    Researchers have solved one aspect of the discrete logarithm problem. This is considered to be one of the “holy grails” of algorithmic number theory, on which the security of many cryptographic systems used today is based. They have devised a new algorithm which calls into question the security of one variant of this problem, which has been closely studied since 1976.

  • EncryptionNIST removes cryptography algorithm from random number generator recommendations

    Following a public comment period and review, the National Institute of Standards and Technology (NIST) has removed a cryptographic algorithm from its draft guidance on random number generators. Before implementing the change, NIST is requesting final public comments on the revised document, Recommendation for Random Number Generation Using Deterministic Random Bit Generators. The revised document retains three of the four previously available options for generating pseudorandom bits needed to create secure cryptographic keys for encrypting data. It omits an algorithm known as Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator.