Category Archives: Encryption

Transparent Data Encryption (TDE) –

Updated: November 23, 2015

Transparent Data Encryption (TDE) encrypts SQL Server and Azure SQL Database data files, known as encrypting data at rest. You can take several precautions to help secure the database such as designing a secure system, encrypting confidential assets, and building a firewall around the database servers. However, in a scenario where the physical media (such as drives or backup tapes) are stolen, a malicious party can just restore or attach the database and browse the data. One solution is to encrypt the sensitive data in the database and protect the keys that are used to encrypt the data with a certificate. This prevents anyone without the keys from using the data, but this kind of protection must be planned in advance.

TDE performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data “at rest”, meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.

Encryption of the database file is performed at the page level. The pages in an encrypted database are encrypted before they are written to disk and decrypted when read into memory. TDE does not increase the size of the encrypted database.

Information applicable to SQL Database

When using TDE with SQL Database V12 V12 (Preview in some regions) the server-level certificate stored in the master database is automatically created for you by SQL Database. To move a TDE database on SQL Database you must decrypt the database, move the database, and then re-enable TDE on the destination SQL Database. For step-by-step instructions for TDE on SQL Database, see Transparent Data Encryption with Azure SQL Database.

The preview of status of TDE applies even in the subset of geographic regions where version family V12 of SQL Database is announced as now being in general availability status. TDE for SQL Database is not intended for use in production databases until Microsoft announces that TDE is promoted from preview to GA. For more information about SQL Database V12, see What’s new in Azure SQL Database.

Information applicable to SQL Server

After it is secured, the database can be restored by using the correct certificate. For more information about certificates, see SQL Server Certificates and Asymmetric Keys.

When enabling TDE, you should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database. The encrypting certificate should be retained even if TDE is no longer enabled on the database. Even though the database is not encrypted, parts of the transaction log may still remain protected, and the certificate may be needed for some operations until the full backup of the database is performed. A certificate that has exceeded its expiration date can still be used to encrypt and decrypt data with TDE.

Encryption Hierarchy

The following illustration shows the architecture of TDE encryption. Only the database level items (the database encryption key and ALTER DATABASE portions are user-configurable when using TDE on SQL Database.

To use TDE, follow these steps.

Create a master key

Create or obtain a certificate protected by the master key

Create a database encryption key and protect it by the certificate

Set the database to use encryption

The following example illustrates encrypting and decrypting the AdventureWorks2012 database using a certificate installed on the server named MyServerCert.

The encryption and decryption operations are scheduled on background threads by SQL Server. You can view the status of these operations using the catalog views and dynamic management views in the list that appears later in this topic.

Backup files of databases that have TDE enabled are also encrypted by using the database encryption key. As a result, when you restore these backups, the certificate protecting the database encryption key must be available. This means that in addition to backing up the database, you have to make sure that you maintain backups of the server certificates to prevent data loss. Data loss will result if the certificate is no longer available. For more information, see SQL Server Certificates and Asymmetric Keys.

The TDE certificates must be encrypted by the database master key to be accepted by the following statements. If they are encrypted by password only, the statements will reject them as encryptors.

Altering the certificates to be password-protected after they are used by TDE will cause the database to become inaccessible after a restart.

The following table provides links and explanations of TDE commands and functions.

The following table shows TDE catalog views and dynamic management views.

Each TDE feature and command has individual permission requirements, described in the tables shown earlier.

Viewing the metadata involved with TDE requires the VIEW DEFINITION permission on the certificate.

While a re-encryption scan for a database encryption operation is in progress, maintenance operations to the database are disabled. You can use the single user mode setting for the database to perform the maintenance operation. For more information, see Set a Database to Single-user Mode.

You can find the state of the database encryption using the sys.dm_database_encryption_keys dynamic management view. For more information, see the “Catalog Views and Dynamic Management Views”section earlier in this topic).

In TDE, all files and filegroups in the database are encrypted. If any filegroups in a database are marked READ ONLY, the database encryption operation will fail.

If a database is being used in database mirroring or log shipping, both databases will be encrypted. The log transactions will be encrypted when sent between them.

Any new full-text indexes will be encrypted when a database is set for encryption. Previously-created full-text indexes will be imported during upgrade and they will be in TDE after the data is loaded into SQL Server. Enabling a full-text index on a column can cause that column’s data to be written in plain text onto the disk during a full-text indexing scan. We recommend that you do not create a full-text index on sensitive encrypted data.

Encrypted data compresses significantly less than equivalent unencrypted data. If TDE is used to encrypt a database, backup compression will not be able to significantly compress the backup storage. Therefore, using TDE and backup compression together is not recommended.

The following operations are not allowed during initial database encryption, key change, or database decryption:

Dropping a file from a filegroup in the database

Dropping the database

Taking the database offline

Detaching a database

Transitioning a database or filegroup into a READ ONLY state


Dropping a file from a filegroup in the database.

Dropping the database.

Taking the database offline.

Detaching a database.

Transitioning a database or filegroup into a READ ONLY state.

Using an ALTER DATABASE command.

Starting a database or database file backup.

Starting a database or database file restore.

Creating a snapshot.


The database is read-only or has any read-only file groups.

An ALTER DATABASE command is executing.

Any data backup is running.

The database is in an offline or restore condition.

A snapshot is in progress.

Database maintenance tasks.

When creating database files, instant file initialization is not available when TDE is enabled.

In order to encrypt the database encryption key with an asymmetric key, the asymmetric key must reside on an extensible key management provider.

Enabling a database to use TDE has the effect of “zeroing out” the remaining part of the virtual transaction log to force the next virtual transaction log. This guarantees that no clear text is left in the transaction logs after the database is set for encryption. You can find the status of the log file encryption by viewing the encryption_state column in the sys.dm_database_encryption_keys view, as in this example:

For more information about the SQL Server log file architecture, see The Transaction Log (SQL Server).

All data written to the transaction log before a change in the database encryption key will be encrypted by using the previous database encryption key.

After a database encryption key has been modified twice, a log backup must be performed before the database encryption key can be modified again.

The tempdb system database will be encrypted if any other database on the instance of SQL Server is encrypted by using TDE. This might have a performance effect for unencrypted databases on the same instance of SQL Server. For more information about the tempdb system database, see tempdb Database.

Replication does not automatically replicate data from a TDE-enabled database in an encrypted form. You must separately enable TDE if you want to protect the distribution and subscriber databases. Snapshot replication, as well as the initial distribution of data for transactional and merge replication, can store data in unencrypted intermediate files; for example, the bcp files. During transactional or merge replication, encryption can be enabled to protect the communication channel. For more information, see Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager).

FILESTREAM data is not encrypted even when TDE is enabled.

Files related to buffer pool extension (BPE) are not encrypted when database is encrypted using TDE. You must use file system level encryption tools like Bitlocker or EFS for BPE related files.

TDE can be enabled on a database that has In-Memory OLTP objects. In-Memory OLTP log records are encrypted if TDE is enabled. Data in a MEMORY_OPTIMIZED_DATA filegroup is not encrypted if TDE is enabled.

Move a TDE Protected Database to Another SQL ServerEnable TDE Using EKMTransparent Data Encryption with Azure SQL DatabaseSQL Server EncryptionSQL Server and Database Encryption Keys (Database Engine)Security Center for SQL Server Database Engine and Azure SQL DatabaseFILESTREAM (SQL Server)

Visit link:
Transparent Data Encryption (TDE) –

Encryption Software Market – Global Forecast to 2022

The encryption software market size is expected to grow from USD 3.87 Billion in 2017 to USD 12.96 Billion by 2022, at a Compound Annual Growth Rate (CAGR) of 27.4%.

The demand for encryption software is likely to be driven by various factors, such as proliferation in the number of cyber-attacks and the stringent government regulations and compliances that mandate the adoption of encryption among various verticals.

The encryption software market has been segmented on the basis of components (solution and services), applications, deployment types, organization sizes, verticals, and regions. The services segment is expected to grow at the highest CAGR during the forecast period and the solution segment is estimated to have the largest market size in 2017 in the market.

Professional services have been widely adopted by organizations, as these services involve expert consulting, support and maintenance, and optimization and training for cybersecurity. However, the managed services segment is expected to grow at the highest CAGR during the forecast period, as managed security vendors provide extensive reporting capabilities for validating the regulatory compliance with internal security policies for the users.

The disk encryption application is estimated to hold the largest market share in 2017. The importance of encrypting a disk is that, if the encrypted disk is lost or stolen, the encrypted state of the drive remains unchanged, and only an authorized user will be able to access its contents. The cloud encryption application is expected to grow at the fastest rate during the forecast period.

Encryption solutions and services have been deployed across various verticals, including Banking, Financial Services, and Insurance (BFSI); aerospace and defense; government and public utilities; healthcare; telecom and IT; retail; and others (manufacturing, education, and media and entertainment). The telecom and IT vertical is expected to grow at the highest CAGR during the forecast period. However, the BFSI vertical is estimated to have the largest market size in 2017.

The global encryption software market has been segmented on the basis of regions into North America, Europe, Asia Pacific (APAC), Middle East and Africa (MEA), and Latin America, to provide a region-specific analysis in the report.

Key Topics Covered:

1. Introduction

2. Research Methodology

3. Executive Summary

4. Premium Insights 4.1 Attractive Opportunities In Encryption Software Market, 2017-2022 4.2 Encryption Software Market, Share Of Top 3 Applications And Regions, 2017 4.3 Encryption Software Market, By Service, 2017-2022 4.4 Encryption Software Market, By Professional Services, 2017 4.5 Encryption Software Market, By Deployment Type, 2017-2022 4.6 Encryption Software Market, By Organization Size, 2017-2022 4.7 Market Investment Scenario, 2017-2022

5. Market Overview 5.1 Introduction 5.2 Market Dynamics 5.2.1 Drivers Growing Concern Over Critical Data Loss In On-Premises Environment Exploitation Of Big Data Analytics Poses Risk To Cloud Environment Regulations To Increase Adoption Of Encryption Solutions 5.2.2 Restraints Lack Of Budget For Adopting Best-In-Class Encryption Solutions Lack Of Awareness About Encryption And Performance Concerns Among Enterprises 5.2.3 Opportunities Surge In Demand For Integrated, Cloud-Based Encryption Solutions Among Smes Large-Scale Adoption Of Encryption Solutions In Bfsi Vertical 5.2.4 Challenges Complexities In Management Of Encryption Keys Lack Of Skilled Workforce Among Enterprises 5.3 Regulatory Implications 5.3.1 Payment Card Industry Data Security Standard 5.3.2 Health Insurance Portability And Accountability Act 5.3.3 Federal Information Security Management Act 5.3.4 Sarbanes-Oxley Act 5.3.5 Gramm-Leach-Bliley Act 5.3.6 Federal Information Processing Standards 5.3.7 General Data Protection Regulation 5.4 Innovation Spotlight 5.5 Use Cases 5.5.1 Large-Scale Adoption Of Email Encryption By Financial Organizations In The Uk 5.5.2 Adoption Of Encryption Solution By A Clinical Research Company 5.5.3 Reliance Of Small And Medium Financial Companies On Data Encryption 5.5.4 Large-Scale Adoption Of Encryption By It And Telecom Company 5.5.5 Need For Best-In-Class Encryption Solutions For Government Sector In Canada 5.5.6 Healthcare Vertical Relying On Cloud-Based Encryption Solutions 5.6 Type Of Encryption Algorithms 5.6.1 Data Encryption Standard 5.6.2 Advanced Encryption Standard 5.6.3 Triple-Des 5.6.4 Blowfish Algorithm 5.6.5 Homomorphic Encryption 5.6.6 Rsa 5.6.7 Diffie-Hellman Key Exchange 5.6.8 Quantum Cryptography 5.6.9 Post Quantum Cryptography

6. Encryption Software Market Analysis, By Component 6.1 Introduction 6.2 Solution 6.2.1 Types Of Data Encrypted Data At Rest Data In Transit Data In Use 6.2.2 Types Of Encryption Symmetric Encryption Asymmetric Encryption 6.2.3 Key Management 6.3 Services 6.3.1 Professional Services Support And Maintenance Training And Education Planning And Consulting 6.3.2 Managed Services

7. Encryption Software Market Analysis, By Application 7.1 Introduction 7.2 Disk Encryption 7.3 File/Folder Encryption 7.4 Database Encryption 7.4.1 Application-Level Encryption 7.4.2 Database-Level Encryption 7.5 Communication Encryption 7.5.1 Voice Encryption 7.5.2 Email Encryption 7.5.3 Instant Messaging Encryption 7.6 Cloud Encryption

8. Encryption Software Market Analysis, By Deployment Type 8.1 Introduction 8.2 On-Premises 8.3 Cloud

9. Encryption Software Market Analysis, By Organization Size 9.1 Introduction 9.2 Large Enterprises 9.3 Small And Medium-Sized Enterprises

10. Encryption Software Market Analysis, By Vertical 10.1 Introduction 10.2 Banking, Financial Services, And Insurance 10.3 Aerospace And Defense 10.4 Healthcare 10.5 Government And Public Utilities 10.6 Telecom And It 10.7 Retail 10.8 Others

11. Geographic Analysis

12. Competitive Landscape

13. Company Profiles

For more information about this report visit

Media Contact:

Laura Wood, Senior Manager

For E.S.T Office Hours Call +1-917-300-0470 For U.S./CAN Toll Free Call +1-800-526-8630 For GMT Office Hours Call +353-1-416-8900

U.S. Fax: 646-607-1907 Fax (outside U.S.): +353-1-481-1716

View original content:—global-forecast-to-2022-300618670.html

SOURCE Research and Markets

See more here:
Encryption Software Market – Global Forecast to 2022

What AES Encryption Is And How It’s Used To Secure File Transfers


First adopted by the US government to protect classified information, AES has long gained global acceptance and is used for securing sensitive data in various industries – most likely including yours. In this post, you’ll learn about AES encryption and understand its vital role in securing sensitive files you send over the Internet.

AES or Advanced Encryption Standard is acipher, i.e., a method for encrypting and decrypting information. Whenever you transmit files over secure file transfer protocols like HTTPS, FTPS, SFTP, WebDAVS, OFTP, or AS2, there’s a good chance your data will be encrypted by some flavor of AES – either AES 256, 192, or 128. We’ll discuss more about these three shortly.

Differentsecure file transfer softwaremay be equipped with varying selections of encryption algorithms. Some ciphers may be included in certain selections but absent in others. Not AES. AES will almost certainly be present in all but a few. Why is this so? It all started when the US government began looking for a new encryption algorithm that would be used to protect sensitive data.

For about two decades since 1977, the US government used a cipher called DES (Data Encryption Standard) to protect sensitive, unclassified information. Unfortunately, that cipher was later on proven to be insecure, prompting the government to look for a replacement.

This led to a standardization process that attracted 15 competing encryption designs, which included – among others – MARS from IBM, RC6 from RSA Security, Serpent, Twofish, and Rijndeal. It was Rijndael, designed by two Belgian cryptographers (Joan Daemen and Vincent Rijmen), that eventually became the standard and henceforth acquired the title Advanced Encryption Standard or AES.

The selection process was very stringent, taking 5 years to complete. During that span, many experts from the cryptographic community carried out detailed tests and painstaking discussions to find vulnerabilities and weaknesses. The participation of different sectors, which showed the openness of the selection process, speaks volumes of how credible the process was.

Although the cipher’s strength against various attacks was a major consideration in choosing the standard, other factors like speed, versatility, and computational requirements were likewise given importance. The government wanted an encryption standard that wasn’t just strong, but also fast, reliable and easily implemented in both software and hardware – even those with limited CPU and memory.

Although the other encryption algorithms were also very good (Some of those ciphers are also widely used today but understandably don’t enjoy the same level of acceptance as AES) the Rijndael cipher was ultimately selected and declared a Federal Information Processing Standards or FIPS standard by the NIST (National Institute of Standards and Technology) in 2001. It was approved by the Secretary of Commerce and then recognized as a federal government standard the following year.

Note: The official AES standard is specified in FIPS PUB 197.

The rise of AES didn’t end there. In 2003, the government deemed it suitable for protecting classified information. In fact, up to this day, the NSA (National Security Agency) is using AES to encrypt even Top Secret Information.

That should explain why AES has gained the confidence of various industries. If it’s good enough for the NSA, then it must be good enough for businesses.

AES belongs to a family of ciphers known as block ciphers. A block cipher is an algorithm that encrypts data on a per-block basis. The size of each block is usually measured in bits. AES, for example, is 128 bits long. Meaning, AES will operate on 128 bits of plaintext to produce 128 bits of ciphertext.

Like almost all modern encryption algorithms, AES requires the use of keys during the encryption and decryption processes. AES supports three keys with different lengths: 128-bit, 192-bit, and 256-bit keys. The longer the key, the stronger the encryption. So, AES 128 encryption is the least strong, while AES 256 encryption is the strongest.

In terms of performance though, shorter keys result in faster encryption times compared to longer keys. So 128 bit AES encryption is faster than AES 256 bit encryption.

The keys used in AES encryption are the same keys used in AES decryption. When the same keys are used during both encryption and decryption, the algorithm is said to be symmetric. Read the article Symmetric vs Asymmetric Encryption if you want to know the difference between the two.

As mentioned earlier, AES is implemented in secure file transfer protocols likeFTPS, HTTPS, SFTP, AS2, WebDAVS, and OFTP. But what exactly is its role?

Because symmetric and asymmetric encryption algorithms each have their own strengths, modernsecure file transfer protocols normally use a combination of the two. Asymmetric key ciphers a.k.a. public key encryption algorithms are great for key distribution and hence are used to encrypt the session key used for symmetric encryption.

Symmetric key ciphers like AES, on the other hand, are more suitable for encrypting the actual data (and commands) because they require less resources and are also much faster than asymmetric ciphers.The articleSymmetric vs Asymmetric Encryptionhas a more thorough discussion regarding these two groups of ciphers.

Here’s a simplified diagram illustrating the encryption process during a typical secure file transfer secured by SSL/TLS (e.g. HTTPS, FTPS, WebDAVS) or SSH (e.g. SFTP). AES encryption operates in step 3.

That’s it. I hope you learned something useful today.

If you like reading posts like this, subscribe to this blog or connect with us.

Looking for a secure file transfer server that supports AES? Try JSCAPE MFT Server. It uses AES encryption on its FTPS, SFTP, HTTPS, WebDAVS, AS2, and OFTP services. Download a free, fully-functional evaluation edition now.

Continued here:
What AES Encryption Is And How It’s Used To Secure File Transfers

Encryption vs. Cryptography – What is the Difference?

written by: J. Forlandaedited by: Lamar Stonecypherupdated: 5/26/2015

Many people use the terms encryption or cryptography interchangeably. However, they are different. Cryptography is the science of secret communication, while encryption refers to one component of that science. Get the basic definitions here.

In simple terms, cryptography is the science concerned with the study of secret communication.

If you look at the origin of the root words of cryptography (crypto and graphy), you will see that “crypto” stands for “hidden, secret”, and “graphy” denotes “a process or form of drawing, writing, representing, recording, describing, etc., or an art or science concerned with such a process.” So you can see that cryptography is indeed the science concerned with secret communication.

If you check Google to see what the term “cryptography” means (i.e. “define: cryptography”), you will see a long list. And if you check you will at least see three variation of its definition:

With the advent of digital technology, the need for secure communication has greatly expanded. This makes cryptography even more importnat than ever before.

If you breakdown the the base word–“encrypt”–into its root, you will see “en” and “crypt”. The “en” part means “to make”, and the “crypt” part (a variation of “crypto”) means hidden or secret. Since “encrypt” is a verb, the base term then means “to make hidden or secret”.

Thus “encryption” basically is some process or algorithm (known as a cipher) to make information hidden or secret. And to make that process useful, you need some code (or key) to make information accessible.

About Ciphers

There are many types of ciphers developed over time.

In the days of written communication, most common ciphers involved some form or substitution or transposition of alphabetical letters. Substitution means to substitute one character for another while transposition is some form of repositioning characters within the message (which literally scrambles the information).

In the digital age, ciphers changed and are generally based on two types of algorithms–one using the same key to encrypt and decrypt, and one using different keys to encrypt and decrypt (also known as symmetric and asymmetric key algorithms, respectively). The one that uses symmetric keys falls under private-key cryptography, while asymmetric key algorithms falls under public-key cryptography. DES (Data Encryption Standard) and AES (Advanced Encryption Standard) are two well known ciphers based on symmetric key algorithms, while RSA (Rivest, Shamir and Adleman) is a well known cipher based on asymmetric key algorithms.

Clearly and simply the term cryptography is the study or science of secret communication, while encryption is simply a component of that science. Encryption is the process of hiding information, through the use of ciphers, from everybody except for the one who has the key. Encryption is a direct applicaton of cryptography, and is something that websites use every day to protect information.

In today’s digital world, there are two major types of ciphers–one based on symmetric and one based on asymmetric key algorithms.

Read the original:
Encryption vs. Cryptography – What is the Difference?

The Best Encryption Software – TopTenReviews

Key Features to Look for When Buying Encryption Software?

PerformanceIf your encryption software is difficult to use, you may not use it at all. The programs we reviewed are simple and intuitive, particularly Folder Lock and Secure IT they both guide you through the encryption and decryption processes step by step. Secure IT integrates with Windows, so all you have to do is right-click on a file and choose to encrypt it in the menu.

We found that programs typically compress files as they encrypt them, though only to a small degree for example, from 128MB down to 124MB. It can make a difference when you encrypt large data files, so programs that protect and compress are preferable.SecurityEncryption software uses different types of ciphers to scramble your data, and each has its own benefits. Advanced Encryption Standard, or 256-bit key AES, is used by the U.S. government, including the National Security Agency (NSA), and is one of the strongest ciphers available. Blowfish and Twofish, the latter being a newer version of the former, are encryption algorithms that use block ciphers they scramble blocks of text or several bits of information at once, rather than one bit at a time.

The main differences between these algorithms are performance and speed, and the average user wont notice those disparities. Although any of these ciphers could be broken given enough time and computing power, they are considered practically unbreakable. AES has long been recognized as the superior algorithm, so we preferred programs that use it.Version CompatibilityIf your computer runs an older version of Windows, such as Vista or XP, make sure the encryption program supports your operating system. On the flip side, you need to make sure you choose software that has changed with the times and supports the latest versions of Windows, like 7, 8 and 10.

While all the programs we tested are compatible with every version of Windows, we feel that SensiGuard is a good choice for older computers because it only has the most essential tools and wont bog down your PC. Plus, it is easy to move to a new computer if you choose to upgrade. However, it takes a while to encrypt and decrypt files.

If you have a Mac computer, you need a program that is designed specifically for that operating system none of the programs we tested are compatible with both Windows and Mac machines. We believe Concealer is the best option for Macs, but Espionage 3 is also a good choice.

Mac encryption software doesnt have as many extra security features as Windows programs. They typically lack virtual keyboards, self-extracting file creators and password recovery tools. Mac programs also take a lot more time to secure files compared to Windows software.

Read the rest here:
The Best Encryption Software – TopTenReviews

Energy-efficient encryption for the internet of things | MIT News

Most sensitive web transactions are protected by public-key cryptography, a type of encryption that lets computers share information securely without first agreeing on a secret encryption key.

Public-key encryption protocols are complicated, and in computer networks, theyre executed by software. But that wont work in the internet of things, an envisioned network that would connect many different sensors embedded in vehicles, appliances, civil structures, manufacturing equipment, and even livestock tags to online servers. Embedded sensors that need to maximize battery life cant afford the energy and memory space that software execution of encryption protocols would require.

MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster. The researchers describe the chip in a paper theyre presenting this week at the International Solid-State Circuits Conference.

Like most modern public-key encryption systems, the researchers chip uses a technique called elliptic-curve encryption. As its name suggests, elliptic-curve encryption relies on a type of mathematical function called an elliptic curve. In the past, researchers including the same MIT group that developed the new chip have built chips hardwired to handle specific elliptic curves or families of curves. What sets the new chip apart is that it is designed to handle any elliptic curve.

Cryptographers are coming up with curves with different properties, and they use different primes, says Utsav Banerjee, an MIT graduate student in electrical engineering and computer science and first author on the paper. There is a lot of debate regarding which curve is secure and which curve to use, and there are multiple governments with different standards coming up that talk about different curves. With this chip, we can support all of them, and hopefully, when new curves come along in the future, we can support them as well.

Joining Banerjee on the paper are his thesis advisor, Anantha Chandrakasan, dean of MITs School of Engineering and the Vannevar Bush Professor of Electrical Engineering and Computer Science; Arvind, the Johnson Professor in Computer Science Engineering; and Andrew Wright and Chiraag Juvekar, both graduate students in electrical engineering and computer science.

Modular reasoning

To create their general-purpose elliptic-curve chip, the researchers decomposed the cryptographic computation into its constituent parts. Elliptic-curve cryptography relies on modular arithmetic, meaning that the values of the numbers that figure into the computation are assigned a limit. If the result of some calculation exceeds that limit, its divided by the limit, and only the remainder is preserved. The secrecy of the limit helps ensure cryptographic security.

One of the computations to which the MIT chip devotes a special-purpose circuit is thus modular multiplication. But because elliptic-curve cryptography deals with large numbers, the chips modular multiplier is massive. Typically, a modular multiplier might be able to handle numbers with 16 or maybe 32 binary digits, or bits. For larger computations, the results of discrete 16- or 32-bit multiplications would be integrated by additional logic circuits.

The MIT chips modular multiplier can handle 256-bit numbers, however. Eliminating the extra circuitry for integrating smaller computations both reduces the chips energy consumption and increases its speed.

Another key operation in elliptic-curve cryptography is called inversion. Inversion is the calculation of a number that, when multiplied by a given number, will yield a modular product of 1. In previous chips dedicated to elliptic-curve cryptography, inversions were performed by the same circuits that did the modular multiplications, saving chip space. But the MIT researchers instead equipped their chip with a special-purpose inverter circuit. This increases the chips surface area by 10 percent, but it cuts the power consumption in half.

The most common encryption protocol to use elliptic-curve cryptography is called the datagram transport layer security protocol, which governs not only the elliptic-curve computations themselves but also the formatting, transmission, and handling of the encrypted data. In fact, the entire protocol is hardwired into the MIT researchers chip, which dramatically reduces the amount of memory required for its execution.

The chip also features a general-purpose processor that can be used in conjunction with the dedicated circuitry to execute other elliptic-curve-based security protocols. But it can be powered down when not in use, so it doesnt compromise the chips energy efficiency.

They move a certain amount of functionality that used to be in software into hardware, says Xiaolin Lu, director of the internet of things (IOT) lab at Texas Instruments. That has advantages that include power and cost. But from an industrial IOT perspective, its also a more user-friendly implementation. For whoever writes the software, its much simpler.

Original post:
Energy-efficient encryption for the internet of things | MIT News

File-Based Encryption | Android Open Source Project

Android 7.0 and later supports file-based encryption (FBE). File-basedencryption allows different files to be encrypted with different keys that canbe unlocked independently.

This article describes how to enable file-based encryption on new devicesand how system applications can be updated to take full advantage of the newDirect Boot APIs and offer users the best, most secure experience possible.

Warning: File-based encryption cannotcurrently be used together with adoptable storage. On devices usingfile-based encryption, new storage media (such as an SD card) must be used astraditional storage.

File-based encryption enables a new feature introduced in Android 7.0 called DirectBoot. Direct Boot allows encrypted devices to boot straight to the lockscreen. Previously, on encrypted devices using full-diskencryption (FDE), users needed to provide credentials before any data couldbe accessed, preventing the phone from performing all but the most basic ofoperations. For example, alarms could not operate, accessibility services wereunavailable, and phones could not receive calls but were limited to only basicemergency dialer operations.

With the introduction of file-based encryption (FBE) and new APIs to makeapplications aware of encryption, it is possible for these apps to operatewithin a limited context. This can happen before users have provided theircredentials while still protecting private user information.

On an FBE-enabled device, each user of the device has two storage locationsavailable to applications:

This separation makes work profiles more secure because it allows more than oneuser to be protected at a time as the encryption is no longer based solely on aboot time password.

The Direct Boot API allows encryption-aware applications to access each of theseareas. There are changes to the application lifecycle to accommodate the need tonotify applications when a users CE storage is unlocked in response tofirst entering credentials at the lock screen, or in the case of work profileproviding aworkchallenge. Devices running Android 7.0 must support these new APIs andlifecycles regardless of whether or not they implement FBE. Although, withoutFBE, DE and CE storage will always be in the unlocked state.

A complete implementation of file-based encryption on an Ext4 file system isprovided in the Android Open Source Project (AOSP) and needs only be enabled ondevices that meet the requirements. Manufacturers electing to use FBE may wishto explore ways of optimizing the feature based on the system on chip (SoC)used.

All the necessary packages in AOSP have been updated to be direct-boot aware.However, where device manufacturers use customized versions of these apps, theywill want to ensure at a minimum there are direct-boot aware packages providingthe following services:

Android provides a reference implementation of file-based encryption, in whichvold (system/vold)provides the functionality for managing storage devices andvolumes on Android. The addition of FBE provides vold with several new commandsto support key management for the CE and DE keys of multiple users. In additionto the core changes to use the ext4 Encryptioncapabilities in kernel many system packages including the lockscreen and theSystemUI have been modified to support the FBE and Direct Boot features. Theseinclude:

* System applications that use the defaultToDeviceProtectedStoragemanifest attribute

More examples of applications and services that are encryption aware can befound by running the command mangrep directBootAware in theframeworks or packages directory of the AOSPsource tree.

To use the AOSP implementation of FBE securely, a device needs to meet thefollowing dependencies:

Note: Storage policies are applied to a folder and all of itssubfolders. Manufacturers should limit the contents that go unencrypted to theOTA folder and the folder that holds the key that decrypts the system. Mostcontents should reside in credential-encrypted storage rather thandevice-encrypted storage.

First and foremost, apps such as alarm clocks, phone, accessibility featuresshould be made android:directBootAware according to DirectBoot developer documentation.

The AOSP implementation of file-based encryption uses the ext4 encryptionfeatures in the Linux 4.4 kernel. The recommended solution is to use a kernelbased on 4.4 or later. Ext4 encryption has also been backported to a 3.10 kernelin the Android common repositories and for the supported Nexus kernels.

The android-3.10.y branch in the AOSP kernel/common git repository mayprovide a good starting point for device manufacturers that want to import thiscapability into their own device kernels. However, it is necessary to applythe most recent patches from the latest stable Linux kernel (currently linux-4.6)of the ext4 and jbd2 projects. The Nexus device kernels already include many ofthese patches.

Note that each of these kernels uses a backport to 3.10. The ext4and jbd2 drivers from linux 3.18 were transplanted into existing kernels basedon 3.10. Due to interdependencies between parts of the kernel, this backportbreaks support for a number of features that are not used by Nexus devices.These include:

In addition to functional support for ext4 encryption, device manufacturers mayalso consider implementing cryptographic acceleration to speed up file-basedencryption and improve the user experience.

FBE is enabled by adding the flagfileencryption=contents_encryption_mode[:filenames_encryption_mode]to the fstab line in the final column for the userdatapartition. contents_encryption_mode parameter defines whichcryptographic algorithm is used for the encryption of file contents andfilenames_encryption_mode for the encryption of filenames.contents_encryption_mode can be only aes-256-xts.filenames_encryption_mode has two possible values: aes-256-ctsand aes-256-heh. If filenames_encryption_mode is not specifiedthen aes-256-cts value is used.

Whilst testing the FBE implementation on a device, it is possible to specify thefollowing flag:forcefdeorfbe=”

This sets the device up with FDE but allows conversion to FBE for developers. Bydefault, this behaves like forceencrypt, putting the device intoFDE mode. However, it will expose a debug option allowing a device to be putinto FBE mode as is the case in the developer preview. It is also possible toenable FBE from fastboot using this command:

This is intended solely for development purposes as a platform for demonstratingthe feature before actual FBE devices are released. This flag may be deprecatedin the future.

The generation of keys and management of the kernel keyring is handled byvold. The AOSP implementation of FBE requires that the devicesupport Keymaster HAL version 1.0 or later. There is no support for earlierversions of the Keymaster HAL.

On first boot, user 0s keys are generated and installed early in the bootprocess. By the time the on-post-fs phase of initcompletes, the Keymaster must be ready to handle requests. On Nexus devices,this is handled by having a script block:

Note: All encryption is based on AES-256 inXTS mode. Due to the way XTS is defined, it needs two 256-bit keys; so ineffect, both CE and DE keys are 512-bit keys.

Ext4 encryption applies the encryption policy at the directory level. When adevices userdata partition is first created, the basic structuresand policies are applied by the init scripts. These scripts willtrigger the creation of the first users (user 0s) CE and DE keys as well asdefine which directories are to be encrypted with these keys. When additionalusers and profiles are created, the necessary additional keys are generated andstored in the keystore; their credential and devices storage locations arecreated and the encryption policy links these keys to those directories.

In the current AOSP implementation, the encryption policy is hardcoded into thislocation:

It is possible to add exceptions in this file to prevent certain directoriesfrom being encrypted at all, by adding to the directories_to_excludelist. If modifications of this sort are made then the devicemanufacturer should include SELinux policies that only grant access to theapplications that need to use the unencrypted directory. This should exclude alluntrusted applications.

The only known acceptable use case for this is in support of legacy OTAcapabilities.

To facilitate rapid migration of system apps, there are two new attributes thatcan be set at the application level. ThedefaultToDeviceProtectedStorage attribute is available only tosystem apps. The directBootAware attribute is available to all.

The directBootAware attribute at the application level is shorthand for markingall components in the app as being encryption aware.

The defaultToDeviceProtectedStorage attribute redirects the defaultapp storage location to point at DE storage instead of pointing at CE storage.System apps using this flag must carefully audit all data stored in the defaultlocation, and change the paths of sensitive data to use CE storage. Devicemanufactures using this option should carefully inspect the data that they arestoring to ensure that it contains no personal information.

When running in this mode, the following System APIs areavailable to explicitly manage a Context backed by CE storage when needed, whichare equivalent to their Device Protected counterparts.

Each user in a multi-user environment gets a separate encryption key. Every usergets two keys: a DE and a CE key. User 0 must log into the device first as it isa special user. This is pertinent for DeviceAdministration uses.

Crypto-aware applications interact across users in this manner:INTERACT_ACROSS_USERS and INTERACT_ACROSS_USERS_FULLallow an application to act across all the users on the device. However, thoseapps will be able to access only CE-encrypted directories for users that arealready unlocked.

An application may be able to interact freely across the DE areas, but one userunlocked does not mean that all the users on the device are unlocked. Theapplication should check this status before trying to access these areas.

Each work profile user ID also gets two keys: DE and CE. When the work challengeis met, the profile user is unlocked and the Keymaster (in TEE) can provide theprofiles TEE key.

The recovery partition is unable to access the DE-protected storage on theuserdata partition. Devices implementing FBE are strongly recommended to supportOTA using A/B system updates. Asthe OTA can be applied during normal operation there is no need for recovery toaccess data on the encrypted drive.

When using a legacy OTA solution, which requires recovery to access the OTA fileon the userdata partition:

To ensure the implemented version of the feature works as intended, employ themany CTS encryption tests.

Once the kernel builds for your board, also build for x86 and run under QEMU inorder to test with xfstest by using:

In addition, device manufacturers may perform these manual tests. On a devicewith FBE enabled:

Additionally, testers can boot a userdebug instance with a lockscreen set on theprimary user. Then adb shell into the device and usesu to become root. Make sure /data/data containsencrypted filenames; if it does not, something is wrong.

This section provides details on the AOSP implementation and describes howfile-based encryption works. It should not be necessary for device manufacturersto make any changes here to use FBE and Direct Boot on their devices.

The AOSP implementation uses ext4 encryption in kernel and is configured to:

Disk encryption keys, which are 512-bit AES-XTS keys, are stored encryptedby another key (a 256-bit AES-GCM key) held in the TEE. To use this TEE key,three requirements must be met:

The auth token is a cryptographically authenticated token generated byGatekeeperwhen a user successfully logs in. The TEE will refuse to use the key unless thecorrect auth token is supplied. If the user has no credential, then no authtoken is used nor needed.

The stretched credential is the user credential after salting andstretching with the scrypt algorithm. The credential is actuallyhashed once in the lock settings service before being passed tovold for passing to scrypt. This is cryptographicallybound to the key in the TEE with all the guarantees that apply toKM_TAG_APPLICATION_ID. If the user has no credential, then nostretched credential is used nor needed.

The secdiscardable hash is a 512-bit hash of a random 16 KB filestored alongside other information used to reconstruct the key, such as theseed. This file is securely deleted when the key is deleted, or it is encryptedin a new way; this added protection ensures an attacker must recover every bitof this securely deleted file to recover the key. This is cryptographicallybound to the key in the TEE with all the guarantees that apply toKM_TAG_APPLICATION_ID. See the KeystoreImplementer’s Reference.

Read more:
File-Based Encryption | Android Open Source Project

Beyond Encryption | Secure Enterprise email using existing …

Secure recorded delivery and response

Mailock employs a unique process allowing you to authenticate the identity of your intended recipient before granting them access; only when they have proven their identity to you is access permitted to any of the message content.

We call this ‘Identity Assured Communication’.

But being able to read your secure emails is only half of the story; with Mailock, your customers are also able to reply securely, thus ensuring that conversations containing sensitive details remain protected, secure and private.

We know that it is important to reach your audience so Mailock has been designed to allow just that. Whether your customer reads your secure email in a web browser, on a mobile device or from within their existing desktop email system, we have all the bases covered.

Using a unique light touch registration and challenge process, Mailock allows your customers to authenticate their identity and read your secure email within seconds of receiving it.

Mobile Apps for iPhone and Android and plug-ins for email programs such as Microsoft Outlook and Apple Mail are all freely available for download from the App Stores and our website to create a truly easy to use and integrated user experience.

The storage location and control of confidential customer data is crucial to organisations seeking to meet regulatory requirements. With Mailock, your encrypted email data may be held in data stores owned and managed by you and our unique challenge process allows you to control when this data is released and to whom.

The Mailock system is free to all recipients and consumers of the service are encouraged to link their Mailock identity to both business and personal email addresses. Through return data, this provides a ground-breaking opportunity to assist in the maintenance of your important contact data meaning that you need never lose the ability to stay in touch with your customers again.

At Mailock, we know that regulatory compliance is of paramount importance to your business and its customers and we have designed the system so that it may be readily integrated with your incumbent systems.

Contact us for further details of how this may be achieved with your existing tools and processes.

We all have a duty to reduce our carbon footprint and Mailock offers an unprecedented opportunity to cut cost whilst improving operating efficiencies and reducing emissions.

Every secure Mailock message delivered provides you, the business user, with a targeted marketing message opportunity. Contact us for further details of how Mailock can spread the word for your business and enhance your promotional activities.

Read the original here:
Beyond Encryption | Secure Enterprise email using existing …

Azure Search enterprise security: Data encryption and user …

Enterprise security requires a comprehensive approach for defense in depth. Effective immediately, Azure Search now supports encryption at rest for all incoming data indexed on or after January 24, 2018, in all regions and SKUs including shared (free) services. With this announcement, encryption now extends throughout the entire indexing pipeline from connection, through transmission, and down to indexed data stored in Azure Search.

At query time, you can implement user-identity access controls that trim search results of documents that the requestor is not authorized to see. Enhancements to filters enable integration with third-party authentication providers, as well as integration with Azure Active Directory.

All indexing includes encryption on the backend automatically with no measurable impact on indexing workloads or size. This applies to newly indexed documents only. For existing content, you have to re-index to gain encryption. Encryption status of any given index is not visible in the portal, nor available through the API. However, if you indexed after January 24, 2018, data is already encrypted.

In the context of Azure Search, all aspects of encryption, decryption, and key management are internal. You cannot turn it on or off, manage or substitute your own keys, or view encryption settings in the portal or programmatically. Internally, encryption is based on Azure Storage Service Encryption, using 256-bit AES encryption, one of the strongest block ciphers available.

Read the original:
Azure Search enterprise security: Data encryption and user …

FBI chief says phone encryption is a ‘major public safety issue’

Wray urged the private sector to work with the government in finding “a way forward quickly,” insisting that the FBI isn’t interested in peeking into ordinary citizens’ devices. The bureau just wants access to the ones owned by suspects. That pretty much echoes Comey’s position during his time — if you’ll recall the FBI asked tech titans to create a backdoor into their software and phones in order to give authorities a way to open them during investigations. Apple chief Tim Cook said the request had “chilling” and “dangerous” implications, warning that companies wouldn’t be able to control how that backdoor is used.

Wray told the audience at the event that authorities face an increasing number of cases that rely on electronic evidence. He doesn’t buy companies claims that it’s impossible to find a way for encryption to be more law enforcement-friendly, so to speak. Not that the FBI can’t do anything if it absolutely has to: when Apple refused to cooperate with authorities to unlock the San Bernardino shooter’s iPhone, the agency paid a third party almost a million to get the job done.

See original here:
FBI chief says phone encryption is a ‘major public safety issue’