cryptography
Latest
Researchers build the fastest laser-based random number generator
A new random number generator that uses a micro laser developed by researchers at NTU Singapore is a hundred times faster than computer-based systems.
China passes law regulating data encryption
China isn't known for respecting privacy, but it's readying legislation that will address it all the same. The country has passed a law that will regulate cryptography in the country for both government and private uses when it takes effect on January 1st, 2020. Officials didn't go into great detail about the law in the announcement, but they raise concerns that permissions could vary significantly depending on whether or not you're working for the ruling party.
Cloudflare wants to protect the internet from quantum computing
Quantum computing has the potential to revolutionize health care, AI, financial modeling, weather simulation and more. It's also going to shake up encryption as we know it. Without advances in post-quantum cryptography, quantum computing could make it easy for hackers to access sensitive data, like credit card info. To prevent that, internet infrastructure company Cloudflare is testing post-quantum cryptography technology, and it's sharing its open-source software package, CIRCL, or Cloudflare Interoperable Reusable Cryptographic Library, on GitHub.
MIT crypto system shares police data without wrecking investigations
Law enforcement routinely secures orders requiring that tech companies hand over data, but the targets of those requests don't always know if they've been under the microscope -- especially if there were never charges in the first place. MIT's CSAIL may have a way to hold officers more accountable for those decisions. Its researchers are developing a cryptography-based system that could help track these requests while still protecting investigations and police. AUDIT (Accountability of Unreleased Data for Improved Transparency) would require that law enforcers submit requests to a public ledger sometime after the fact using a "cryptographic commitment." The approach would ensure that police and courts send all the right documents in a way the public can see, but would keep the agencies' actions confidential.
China is launching an 'unhackable' quantum messaging service
China has been active in the field of quantum cryptography lately, and now it's gearing up to use the technology in an "unhackable" government messaging service. While existing internet and telephone cables can easily be tapped, quantum networks send messages embedded in particles of light. If a third party tries to hack the network, the quantum nature of the particles will distort the communication, causing it to be lost.
UK's Bletchley Park to host cybersecurity boarding school
Bletchley Park will once again serve as a cryptographic hub in the UK. Plans are afoot to create a new "National College of Cyber Security" in G-Block, a building which is currently in a state of disrepair. It's scheduled to open in 2018 and will serve as a specialised six-form college, teaching teenagers the fundamentals of encryption and computer science. As the Guardian reports, the center will take up to 500 students at any one time and offer free tuition, funding its efforts through venture capital, corporate sponsorship and possibly state funding instead. It's envisioned as a boarding school, however a day tuition option will also be available.
Google tinkers with Chrome cryptosecurity to fight quantum hacks
Today's encryption is an arms race as digital security experts try to hold off hackers' attempts to break open user data. But there's a new tech on the horizon that even the NSA recognizes as crucial to protect against: quantum computing, which is expected to dramatically speed up attempts to crack some commonly-used cryptographic schemes. To get ahead of the game, Google is testing new digital security setups on single-digit populations of Chrome users.
Researchers hide messages in a sea of spam
Researchers are trying quantum cryptography and other exotic ways to keep your missives safe, but here's a new one: junk mail. A team of computer scientists from MIT's CSAIL have devised a system called "Vuvuzela" that adds noise to messages, making them virtually untraceable to the recipient or sender. While it uses nodes like the Tor "dark internet" router, it only requires a few servers and relies more on numerous fake messages to confuse hackers. If scaled up, the technique could give you nearly mathematical certainty that your messages and even metadata are secure.
NSA wants encryption that fends off quantum computing hacks
The National Security Agency isn't just yearning for quantum computers that can break tough encryption -- it wants encryption that can protect against quantum computers, too. Officials have begun planning a transition to "quantum resistant" encryption that can't be cracked as quickly as conventional algorithms. As the NSA explains, even a seemingly exotic technique like elliptic curve cryptography "is not the long term solution" people thought it was. Quantum computing is advancing quickly enough that the NSA and other organizations could find themselves extremely vulnerable if they're not completely ready when the technology becomes a practical reality.
Tougher encryption guidelines close a back door for NSA spies
The US' National Institute of Standards and Technology is more than a little worried that its encryption guideilnes have been creating back doors for spies, and it's changing its tune in order to plug those security holes. The agency is no longer recommending an NSA-backed number randomization technique that made it relatively easy to crack and monitor encrypted data. In theory, software developers who heed the new advice won't have to worry that they're laying down a welcome mat for government surveillance agents. NIST's revision won't do much to help privacy-conscious companies (they've already moved on to tougher safeguards), and it certainly isn't an iron-clad defense against hacks. However, it could still make a big difference if it prevents less-informed organizations from repeating some big mistakes. [Image credit: Sam Dal Monte, Flickr]
BlackBerry wants to lock down security for the Internet of Things
Say what you will about BlackBerry's current state of affairs, but in its heyday it was a workplace no-brainer because of its then-unparalleled security systems. Well, the Canadian company has plans to make that work in its favor with an encryption certificate based on subsidiary Certicom's elliptic-curved cryptography. As Reuters reports, this could secure numerous devices ranging from connected car systems to smart meters -- ease of security and authentication are the name of the game here. In fact, the outfit's already netted some support from across the pond with a contract that'll cover some 104 million household energy management gizmos and smart meters in Britain. BlackBerry also wants to beef up its research and development that could improve on computer data security. So in case you were wondering what the company formerly known as Research in Motion's been up to, now you know. [Image credit: Getty Images]
Entangled photons on a chip could lead to super-fast computers
Photon entanglement is one of the odder properties of quantum physics, but it promises a lot for computing -- if one photon can instantly affect another no matter how far away it is, you could make super-speedy computers and communications that aren't easily limited by physical distances. It hasn't been easy to get entanglement tech down to a manageable size, however, and that's where Italy's Università degli Studi di Pavia might just come to the rescue. Its researchers have developed a tiny emitter that could pump out entangled photons as part of an otherwise ordinary silicon chip. The device, which uses a ring shape to both rope in and emit light, measures just 20 microns across. That's hundreds of times smaller than existing devices, which are comparatively gigantic at a few millimeters wide.
GCHQ is using an app to teach kids how to become codebreakers
The next time you need a new Android app to keep the little ones entertained, you should consider turning to the UK's GCHQ intelligence agency. No, really. Infamous for its surveillance capabilities exposed by whistleblower Edward Snowden, the (once) super-secret organisation has now released a kid-friendly tablet app focused on cryptography. Originally developed by GCHQ placement students, the Cryptoy app teaches children about traditional encryption methods such as shift, substitution, Vigenère and Enigma. Youngsters can then apply these techniques to create their own encoded messages and send them on to friends for decryption. Cryptography has come a long way since these classic ciphers were invented, but GCHQ says the basic principles are still relevant for modern code breakers. It's also planning an iOS version for next year, so if your kids are using an iPad they shouldn't be left out for too long. Passing notes around in class will never be the same again.
MiniLock browser plugin promises easy encryption with drag-and-drop security
A coder/activist is trying to walk a fine line with his encryption program called MiniLock, according to Wired. On the one hand, Nadim Kobeissi has developed a simple drag-and-drop interface for the browser plugin to make it accessible to all. But its public-key encryption backbone also needs to satisfy the vocal cryptographic community by being robust enough to handle any attack, even from experienced hackers (like the NSA). Judging by skeptical comments on Reddit, the latter aim will be daunting, particularly since his last effort (Cryptocat) wasn't well regarded. Nevertheless, Kobeissi will introduce an experimental beta of the new program at the HOPE X hacker conference later this month in order to have it poked and prodded by that community. As for the interface, he told Wired that "it's super simple, approachable, and it's almost impossible to be confused by it." If he manages to run the gauntlet at HOPE, MiniLock will eventually be released as a free browser plugin so that even your dear old gran can protect the family brownie recipe.
TrueCrypt development stopped amid a cloud of mystery
Last Wednesday the SourceForge page for popular open-source disk encryption software TrueCrypt started recommending the use of BitLocker on Windows instead. Visitors were told that the application was "not secure" anymore. Of course, social networks exploded with speculation, with people claiming the page was hacked or that the government, using a National Security Letter, might be requesting "changes" on the software. The truth is much more mundane: a developer of TrueCrypt confirmed to Reuters that it had been shut down out of boredom. Security researcher Steve Gibson said that after 10 years of work, the developers simply got tired of the project.
UK pardons computing pioneer Alan Turing
Campaigners have spent years demanding that the UK exonerate computing legend Alan Turing, and they're finally getting their wish. Queen Elizabeth II has just used her royal prerogative to pardon Turing, 61 years after an indecency conviction that many now see as unjust. The criminal charge shouldn't overshadow Turing's vital cryptoanalysis work during World War II, Justice Secretary Chris Grayling said when explaining the move. The pardon is a purely symbolic gesture, but an important one all the same -- it acknowledges that the conviction cut short the career of a man who defended his country, broke ground in artificial intelligence and formalized computing concepts like algorithms.
Computers share their secrets if you listen
Be afraid, friends, for science has given us a new way in which to circumvent some of the strongest encryption algorithms used to protect our data -- and no, it's not some super secret government method, either. Researchers from Tel Aviv University and the Weizmann Institute of Science discovered that they could steal even the largest, most secure RSA 4,096-bit encryption keys simply by listening to a laptop as it decrypts data. To accomplish the trick, the researchers used a microphone to record the noises made by the computer, then ran that audio through filters to isolate the vibrations made by the electronic internals during the decryption process. With that accomplished, some cryptanalysis revealed the encryption key in around an hour. Because the vibrations in question are so small, however, you need to have a high-powered mic or be recording them from close proximity. The researchers found that by using a highly sensitive parabolic microphone, they could record what they needed from around 13 feet away, but could also get the required audio by placing a regular smartphone within a foot of the laptop. Additionally, it turns out they could get the same information from certain computers by recording their electrical ground potential as it fluctuates during the decryption process. Of course, the researchers only cracked one kind of RSA encryption, but they said that there's no reason why the same method wouldn't work on others -- they'd just have to start all over to identify the specific sounds produced by each new encryption software. Guess this just goes to prove that while digital security is great, but it can be rendered useless without its physical counterpart. So, should you be among the tin-foil hat crowd convinced that everyone around you is a potential spy, waiting to steal your data, you're welcome for this newest bit of food for your paranoid thoughts.
Quantum data lock promises leak-proof security
Quantum cryptography is secure against intruders, since you can't intercept data in mid-flight without ruining it. The technology won't always stop leaks, however, which is why the University of Cambridge has developed a new protocol that keeps participants honest. The method combines the theories of both quantum physics and special relativity to preserve data in a locked state that isn't readable unless the sender provides a key; the laws of physics prevent anyone from decrypting the info beforehand. While we won't see any practical application of this quantum lock for a while, it could prove vital to financial traders and others who can't always trust their contacts.
Toshiba's quantum access networking promises spy-proof encryption for groups
Quantum cryptography is crack-proof by its nature -- you can't inspect data without changing it -- but the available technology is currently limited to one-on-one connections. Toshiba has developed a quantum access networking system that could bring this airtight security to groups as large as 64 people. The approach gives each client a (relatively) basic quantum transmitter, and routes encrypted data through a central, high-speed photon detector that returns decryption keys. Such a network would not only secure entire workgroups, but lower the cost of encrypting each user. Quantum access networks won't be useful across internet-scale distances until researchers improve the signal integrity, but there may be a time when surveillance agencies will run out of potential targets.
Los Alamos National Lab has had quantum-encrypted internet for over two years
Nothing locks down data better than a laser-based quantum-encrypted network, where the mere act of looking at your data causes it to irrevocably change. Although such systems already exist, they're limited to point-to-point data transfers since a router would kill the message it's trying to pass along just by reading it. However, Los Alamos National Labs has been testing an in-house quantum network, complete with a hub and spoke system that gets around the problem thanks to a type of quantum router at each node. Messages are converted at those junctures to conventional bits, then reconverted into a new encrypted message, which can be securely sent to the next node, and so on. The researchers say it's been running in the lab for the last two and a half years with few issues, though there's still a security hole -- it lacks quantum integrity at the central hub where the data's reconverted, unlike a pure quantum network. However, the hardware would be relatively simple to integrate into any fiber-connected device, like a TV set-top box, and is still more secure than any current system -- and infinitely better than the 8-character WiFi code you're using now.
