Page 20«..10..19202122..3040..»

Managed Dedicated, Cloud and Hosting Services

“Codero has been providing Shiekh Shoes with reliable hosting services for over 10 years. Codero support goes above and beyond, be it a routine change request or a critical issue. I would recommend Codero services to any business without hesitation.”

– Denis Ivanov, Shiekh Shoes

“After ‘kissing’ a lot of frogs, Codero has been nothing short of a revelation.”

– Jae Barclay, ejaeDesign LLC

“Coderos highly skilled and experienced staff, world class data center facilities, and reliable services have helped us grow for years. Custom solutions, flexible contracts, and highest level of PERSONAL customer service highlight our relationship.”

– Kyle Heyward, ResultsPositive

“The support level of Cordero’s team is exceptional; we really have peace of mind to focus on our core business and keep our customers satisfied.”

– Carlos Barbaran, Nisira Systems S.A.C.

“When we wanted to install new custom software on our server, thanks to the Codero Rewards Program, it didnt cost a penny! Were here to stay.”

– Jeff Carter, Rockbrook

Here is the original post:
Managed Dedicated, Cloud and Hosting Services

Read More..

Energy-efficient encryption for the internet of things | MIT News

Most sensitive web transactions are protected by public-key cryptography, a type of encryption that lets computers share information securely without first agreeing on a secret encryption key.

Public-key encryption protocols are complicated, and in computer networks, theyre executed by software. But that wont work in the internet of things, an envisioned network that would connect many different sensors embedded in vehicles, appliances, civil structures, manufacturing equipment, and even livestock tags to online servers. Embedded sensors that need to maximize battery life cant afford the energy and memory space that software execution of encryption protocols would require.

MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster. The researchers describe the chip in a paper theyre presenting this week at the International Solid-State Circuits Conference.

Like most modern public-key encryption systems, the researchers chip uses a technique called elliptic-curve encryption. As its name suggests, elliptic-curve encryption relies on a type of mathematical function called an elliptic curve. In the past, researchers including the same MIT group that developed the new chip have built chips hardwired to handle specific elliptic curves or families of curves. What sets the new chip apart is that it is designed to handle any elliptic curve.

Cryptographers are coming up with curves with different properties, and they use different primes, says Utsav Banerjee, an MIT graduate student in electrical engineering and computer science and first author on the paper. There is a lot of debate regarding which curve is secure and which curve to use, and there are multiple governments with different standards coming up that talk about different curves. With this chip, we can support all of them, and hopefully, when new curves come along in the future, we can support them as well.

Joining Banerjee on the paper are his thesis advisor, Anantha Chandrakasan, dean of MITs School of Engineering and the Vannevar Bush Professor of Electrical Engineering and Computer Science; Arvind, the Johnson Professor in Computer Science Engineering; and Andrew Wright and Chiraag Juvekar, both graduate students in electrical engineering and computer science.

Modular reasoning

To create their general-purpose elliptic-curve chip, the researchers decomposed the cryptographic computation into its constituent parts. Elliptic-curve cryptography relies on modular arithmetic, meaning that the values of the numbers that figure into the computation are assigned a limit. If the result of some calculation exceeds that limit, its divided by the limit, and only the remainder is preserved. The secrecy of the limit helps ensure cryptographic security.

One of the computations to which the MIT chip devotes a special-purpose circuit is thus modular multiplication. But because elliptic-curve cryptography deals with large numbers, the chips modular multiplier is massive. Typically, a modular multiplier might be able to handle numbers with 16 or maybe 32 binary digits, or bits. For larger computations, the results of discrete 16- or 32-bit multiplications would be integrated by additional logic circuits.

The MIT chips modular multiplier can handle 256-bit numbers, however. Eliminating the extra circuitry for integrating smaller computations both reduces the chips energy consumption and increases its speed.

Another key operation in elliptic-curve cryptography is called inversion. Inversion is the calculation of a number that, when multiplied by a given number, will yield a modular product of 1. In previous chips dedicated to elliptic-curve cryptography, inversions were performed by the same circuits that did the modular multiplications, saving chip space. But the MIT researchers instead equipped their chip with a special-purpose inverter circuit. This increases the chips surface area by 10 percent, but it cuts the power consumption in half.

The most common encryption protocol to use elliptic-curve cryptography is called the datagram transport layer security protocol, which governs not only the elliptic-curve computations themselves but also the formatting, transmission, and handling of the encrypted data. In fact, the entire protocol is hardwired into the MIT researchers chip, which dramatically reduces the amount of memory required for its execution.

The chip also features a general-purpose processor that can be used in conjunction with the dedicated circuitry to execute other elliptic-curve-based security protocols. But it can be powered down when not in use, so it doesnt compromise the chips energy efficiency.

They move a certain amount of functionality that used to be in software into hardware, says Xiaolin Lu, director of the internet of things (IOT) lab at Texas Instruments. That has advantages that include power and cost. But from an industrial IOT perspective, its also a more user-friendly implementation. For whoever writes the software, its much simpler.

Original post:
Energy-efficient encryption for the internet of things | MIT News

Read More..

The Best Encryption Software – TopTenReviews

Key Features to Look for When Buying Encryption Software?

PerformanceIf your encryption software is difficult to use, you may not use it at all. The programs we reviewed are simple and intuitive, particularly Folder Lock and Secure IT they both guide you through the encryption and decryption processes step by step. Secure IT integrates with Windows, so all you have to do is right-click on a file and choose to encrypt it in the menu.

We found that programs typically compress files as they encrypt them, though only to a small degree for example, from 128MB down to 124MB. It can make a difference when you encrypt large data files, so programs that protect and compress are preferable.SecurityEncryption software uses different types of ciphers to scramble your data, and each has its own benefits. Advanced Encryption Standard, or 256-bit key AES, is used by the U.S. government, including the National Security Agency (NSA), and is one of the strongest ciphers available. Blowfish and Twofish, the latter being a newer version of the former, are encryption algorithms that use block ciphers they scramble blocks of text or several bits of information at once, rather than one bit at a time.

The main differences between these algorithms are performance and speed, and the average user wont notice those disparities. Although any of these ciphers could be broken given enough time and computing power, they are considered practically unbreakable. AES has long been recognized as the superior algorithm, so we preferred programs that use it.Version CompatibilityIf your computer runs an older version of Windows, such as Vista or XP, make sure the encryption program supports your operating system. On the flip side, you need to make sure you choose software that has changed with the times and supports the latest versions of Windows, like 7, 8 and 10.

While all the programs we tested are compatible with every version of Windows, we feel that SensiGuard is a good choice for older computers because it only has the most essential tools and wont bog down your PC. Plus, it is easy to move to a new computer if you choose to upgrade. However, it takes a while to encrypt and decrypt files.

If you have a Mac computer, you need a program that is designed specifically for that operating system none of the programs we tested are compatible with both Windows and Mac machines. We believe Concealer is the best option for Macs, but Espionage 3 is also a good choice.

Mac encryption software doesnt have as many extra security features as Windows programs. They typically lack virtual keyboards, self-extracting file creators and password recovery tools. Mac programs also take a lot more time to secure files compared to Windows software.

Read the rest here:
The Best Encryption Software – TopTenReviews

Read More..

What is Cloud Hosting? | Web Hosting Sun

Last updated: February 11, 2018

Cloud hosting is in many ways a new offering in the web hosting industry. While cloud computing technology has been around for a number of years now, only recently has the technology developed to the point where it is affordable, easy to setup and deploy, and popular enoughto make those companies that dont offer it less competitive than those that do.

So just what, exactly, is cloud hosting?Before we can answer that question, we first need to know what cloud computing in general is.

At its most basic, cloud computing is a serviceprovided over the internet for the accomplishing of certain computing tasks. That is to say, rather than performing that task using your own software and hardware, whether at home or at work, you utilize the software or hardware of some company or organization that provides it to you as a service, somewhat like a utility. To take a simple example, suppose youdecide to write and store a document using Google Docs, rather than Microsoft Word. In such a case, you would be doing your word processing in the cloud, since youre using a browser to connect to a service that provides computing resources to you over the internet. Authoring a document in Microsoft Word, on the other hand, is done locally on your own computer.

Image courtesy of Centro Systems.

The cloud is, in many ways, just a buzzphrase for the internet itself. But the cloud services out therecan be much more complex than word processing. At the other end of the spectrum, a company might provide an underlying infrastructure of networked servers that allow you to easily create what are called virtual machines basically an emulation of computer hardware that you can access through a web interface. You might install an operating system and other software on those virtual machines in order to develop the latest phone app or to house databases that your company uses. Or you might set up a web server and start hosting websites.

What the cloud effectively provides is affordable, simple access to computer resources over the internet. Rather than spending thousands of dollars buying or building servers that you then have to not only place somewhere but alsopay the costs of electricity for, you can instead use a cloud computing service to easily createvirtualizations, or simulations, of that same hardware and use it like normal.

Because cloud computing services are a lot like utilities, youoften dont pay a fixed monthly price but rather pay according to what youve used. That can be anything from the amount of bandwidth to a number of CPU resources, to the number of virtual machines youve got running.

Cloud hosting tends to follow a general model. While all hosting plans provide a service that you use via the internet, and so are in asense also in the cloud, what makes cloud hosting unique is that the servers are invariably virtual, in the way described above, and the service itself often goes by apay-as-you-use-it model. With other hosting plans, your data is generally located on a single physical server that has a limited amount of physical resources installed. If you need more resources, you typically need to upgrade to another plan. But with virtual servers, those resources are also virtualized and can be quickly scaled up or down, often by the customer herself. If you need more hard drive space, or more bandwidth, or more RAM, you simply change the numbers.

Cloud hosting does have apotential drawback that customers ought to be aware of. With regular hosting, youre often allotted a certain amount of resources, which is typically very large, and you pay a fixed price for those resources whether you use them all or not.Most peoples resource usage is nowhere close to the limit, and it could be more cost-effective to move over to cloud hosting. But some customers, especially those with heavily trafficked sites, could end up paying more by switching to cloud hosting. Of course, switching over may give a performance boost to websites, since you can increase or decrease a number of resources dedicated to your site at will.

Be sure to check out our web hosting reviews to helpyou decide which option is the best for you.

Read the original post:
What is Cloud Hosting? | Web Hosting Sun

Read More..

Webinar: Bitcoin Overshadowed by Altcoin Surge – Nasdaq.com

DailyFX.com –

On December 22, 2017 the cryptocurrency market lost in excess of $200 billion to just over $420 billion while Bitcoin (BTC) traded below $11,000 as sellers hammered the market. Now two weeks later the cryptocurrency market has hit a new all-time high in excess of $700 billion, driven primarily by surging altcoins with Ripple (XRP) leading the charge.

Other topics covered in this week’s Bitcoin and Cryptocurrency webinar include –

If you missed this webinar and would like to know about future events, see the full DailyFX webinar schedule here.

— Written by Nick Cawley , Analyst

To contact Nick , email him at nicholas.cawley@ig.com

Follow Nick on Twitter @ nickcawley1

DailyFX provides forex news and technical analysis on the trends that influence the global currency markets. Learn forex trading with a free practice account and trading charts from IG .

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

See original here:
Webinar: Bitcoin Overshadowed by Altcoin Surge – Nasdaq.com

Read More..

7 Best Cryptocurrency Exchanges to Buy/Sell Any …

Slowly and steadily, Bitcoin and altcoins are getting attention from more investors all around the world.

And why not? These cryptocurrencies are time and again proving themselves to be a safe haven against governments inflationary policies.

Thats why some people are even securing cryptocurrencies astheir retirementfunds, while some are doing pure speculation with short-term trading (i.e. buy low, sell high).

And lets not forget about those who are just starting off by looking around to find the answer to questions like:

But before we talk about the best exchanges out there, I need to tell you that its not too late to get invested in cryptocurrencies. At the time of this writing, the Bitcoin and altcoin market is at anall-time high, with a market cap of $166 billion. I believe we will cross the $250 billion mark later this year.

So now that you know youshouldinvest, heres where you need to go to do that.

Update: Due to high users demand and to focus on current user base, many exchanges have shut down new registrations. I will update this note when they start accepting new registrations. For now here are some of the top exchanges accepting new registrations:

Here is a consolidated list of best cryptocurrency exchanges with my comments:

For Acquiting Cryptocurrencies:

If you live in a country where its not easy to get Bitcoin, you can use any of these three websites. All three of them offersto buy Bitcoin using credit/debit card.

Note: This list is starting from easy to use exchanges and moving towards some of the advanced exchanges.

1.Binance

Binance is a rapidly growing exchange that concluded its ICO a few months back.

Though it is based out of China, it doesnt serve its native country but is open to almost all countries around the world.

Since its ICO to till date, it has grown tremendously and is now placed in top 10 cryptocurrency exchanges in the world.It now has more than 140 altcoins listed on it which are only increasing as the days are passing.

Binance being a centralized exchange has taken a unique take to expand its business and also provides a decent discount for day traders if they use BNB coins.BNB is Binance Coin which is the native currency of this platform.

Read:Binance Cryptocurrency: A Unique And Rapidly Growing Crypto Exchange

Binances fee structure is also unique. To start with they have 0.1% standard trading fee which is already quite less than other peers. You can even reduce your fee furtherif you pay your trading fee in BNB according to the below-shown structure.

To get started with Binance you need to register using your email ID and the process is quite simple & fast. Moreover, you get 1 QTUM coin as a kind gesture for registration which is limited to 10,000 QTUM coins on first come first basis. Binance is one of the few exchanges that offers mobile app for iOS and Android. Being using it for a while, I find it too easy to trade cryptocurrency while on the move. You can watch this video to learn how to use their mobile app.

They also have aggressive plans like multi-lingual support, mobile apps for both iOS and Android users,Binance Angel Program, and theCommunity Coin Per Month etc for more adoption of their platform.

Register free account on Binance

2. Gate.io

Gate is a promising cryptocurrency exchange that offers all major coins. They also have a mobile app which is functional and let you trade cryptocurrencies on the move. Also, they are running a promo where they are offering 10% discount on trading fees.

Gate.io offers multiple trading pair such as BTC Market, ETH Market, USDT Market, QTUM market. The mobile app is decent for trading on the move. You can also deposit or withdraw funds using mobile app.

Create free account on Gate.io

3. KuCoin

KuCoin is another easy and hassle-free cryptocurrency exchange. KuCoin offers many popular and unique coin such as DragonChain, $KCS and many others. Just like Binance, they offer a fully functional mobile app for Android and iOS.

To get started with KuCoin, you can deposit any crypto of your choice ex: BTC and start trading. Personally, I have been using KuCoin since last quarter of 2017 and they are getting popular day by day.

Get started with KuCoin

4. Changelly

Changelly is one of the easiest ways to get ahold of various cryptocurrencies.

Changelly is a product of the mining pool,MinerGate, which has a proven track record of consistently good products being put out into the crypto-space.

One of the best things about Changelly is that you dont need to go through any lengthy verification or registration process. You just log in with your email ID (or any email ID) and start exchanging!

Currently, it supports more than 35 cryptocurrencies along with fiat pairs such as USD/EUR. It is one of the best and easiest to use exchanges out there.If you want to know more, check out Harshsreview on Changelly.

When you use Changelly to exchange cryptocurrency, Changelly bots connect in real time to some of the best and busiest cryptocurrency exchanges in the market to get you the best price.

Usually, when using Changelly, a crypto-to-crypto exchange takes 5 to 30 minutes.

They charge a commission fee of 0.5% on each trade, which I think is minimal in exchange for the volatility and risk that they bear on behalf of their users. In addition to the commission, a miners fee is also paid by the user and is deducted directly from their crypto balance.

But all you need in order to buy from Changelly is aVISA/MasterCard (credit/debit card) or any Changelly-supported cryptocurrency and a wallet where you want to receive your new coins.

The procedure is very simple.

Head towardCoinSutras Cryptocurrency Exchange Changelly, and follow the steps given in thisguide.

Note:Though this guide shows how to buy Ripple in exchange for BTC, the process is exactly the same to buy any other Changelly-supported cryptocurrency.

And if you want to buy cryptos using a VISA/MasterCard, then here is their officialstep-by-step guide on doing that.(Even though this guide is for buying BTC using a VISA/MasterCard, the process is the same for buying any other Changelly-supported cryptocurrency.)

Check out Changelly

5. Bittrex

Bittrex is aUS-based cryptocurrency exchange that provides you the option to trade more than 190 cryptocurrencies at a time. They are well-regulated and compliant with all of the current US rules, so crypto users need not worry about the safety of their funds.

Bittrex handles one of the largest BTC trading volumes out of all the exchanges in the world.

Here, the users (buyers/sellers) decide the rates in which they want to trade, and Bittrex charges them a small service fee for providing this platform (0.25%).

To get started with Bittrex, you need to register and log in through your email ID, but to withdraw funds, you need to do a KYC by submitting your ID documents and phone number, as well as enabling two-factor authentication for higher limits.

But one good thing about Bittrex is the account verification happens quite fast.

Bittrex supports two types of accounts:

Bittrex is a crypto-only exchange, meaning it doesnt allow you to deposit fiat currencies such as USD, EUR, GBP, etc.

They provide access to advanced trading tools like candlestick charts and crosshairs, but the user interface is quite clean and intuitive, so newbies should have no problems.

You can visit Bittrex and open a Bittrex accountby following this official step by step guide here.

Check out Bittrex

6. Poloniex

Founded by Tristan DAgosta, Poloniex has been operational since January 2014 and is undoubtedly one of the biggest cryptocurrency exchanges in the world.

It is based out of the United States and offers +100 cryptocurrencies to its users to trade.

When you talk about trade volumes, nothing beats Poloniex. In 2017, Poloniex had the highest volume for ETH because it supports an independent Ethereum market as well as a BTC market.

It is a crypto-only exchange, but you can start trading easily by depositing USDT (Tether dollars).

Poloniex also has zoomable candlestick charts for 5-minutes, 15-minutes, 30-minutes, 2-hours, 4-hours, and 1-day, along with a stop-limit feature for advanced cryptocurrency traders.

Poloniex charges a fee of0.15% to 0.25% on all trades depending upon whether you are a maker or a taker.

So if you are looking to trade a variety of altcoins, then you should give Poloniex a shot.

To get started with Poloniex, follow this official guide.

Remember: As soon as you sign up for Poloniex using your email,do make sure to enable two-factor authentication!

Check out Poloniex

7. Bitfinex

Bitfinex is another one of the largest and most popular cryptocurrency exchanges out there.

Based out of Hong Kong and operational since 2014, it gives its users the option to trade the following 13 cryptocurrencies in exchange of USD or BTC:

Unlike Bittrex and Poloniex, you can trade using USD (with a wire fee of at least $20). Also, users will need to pay a trade fee which varies from 0.1% to 0.8% (details here).

Also, whenever you withdrawal or deposit anything, you are charged a certain fee:

On Bitfinex, if you are a pro-trader, you will find advanced trading tools such as limit orders, stop orders, trailing stop, fill or kill, TWAP, and others, along with different market charts.

To get started on Bitfinex, you need toregister,verify your ID, andauthenticateyourself. It typically takes 15-20 business days aftersubmitting valid ID proof before youre accepted into the platform.

Update: on 12th January 2018 Bitfinex opened the registration but put a limit of 10000 USD or equivalent cryptos to be deposited for the account to be fully functional.

And whenever you get bored with the web version or want to trade on-the-go, you can use Bitfinexs Android and iOS mobile apps.

Check out Bitfinex

Bonus. Cryptopia

Cryptopia is another popular cryptocurrency exchange that supports buying/selling more than 400 altcoins.

They have aggressively grown to this stature and have the record of listing many cheap coins.

By cheap I dont mean that those coins are fake or scam but yeah they do list those coins that you will not find on other popular exchange.

Thier this approach makes it possible for so many cryptocurrencies to acquire good liquidity for themselves.

It is a centralized exchange based out of NewZealand that allows you to buy/sell cryptos in almost any part of the world.

Getting started here is quite easy & simple. You just need to register yourself using your email ID with a strong password. Always two-factor authentication is recommended when you are using centralized exchanges.

Here is the original post:
7 Best Cryptocurrency Exchanges to Buy/Sell Any …

Read More..

Cryptocurrency News – Bitcoin, Ethereum, NEO, ICO startups

The blockchain market, cryptocurrency and ICO is growing at a tremendous rate. Every day in this area lots of information guides, new articles and analytics are published. To keep track of everything and find really important and useful materials, you need to spend a lot of time.

We are ready to do this for you! Our telegram channel ICOtoday is the source of the most necessary and up-to-date information about ICO and cryptocurrencies.

Looking at the ICO and want to figure out what’s what for? On our channel you will find educational materials for those who make the first steps in crypto investment.

Want to invest in start-ups? We publish practical recommendations for investors, as well as an ICO calendar.

Are you interested in the current agenda? With a daily digest of news and analytics, you will always be aware.

Looking for authoring content? We are preparing our own materials, reviews and analytics.

Channel ICOtoday:

ICOtoday channel is the most important in one place.

See original here:
Cryptocurrency News – Bitcoin, Ethereum, NEO, ICO startups

Read More..

Electroneum. The Mobile Cryptocurrency.

Step 1: Finding the users

Electroneum aims for 10s or even 100s of millions of users and has a clearly defined route to market.

We have signed agreements in place giving access to over 100m smartphone users via mobile operators (the companies that provide airtime and data to your smartphone).

Electroneum is also the first cryptocurrency to secure membership of the GSMA as part of our strategy to expand via this sector.

The viral appeal of Electroneum is immense. When a user downloads the Electroneum app they can experience mining their first Electroneum coins straight into their wallet in minutes. By allowing users to earn a handful of ETN coins per month for just being part of the Electroneum community, we can quickly grow Electroneum to be the largest used cryptocurrency in the world.

The key to mass adoption is to not just ensure people can access your currency. You must ensure the currency has utility.

Once users have Electroneum in their wallets they will start to want to experience spending cryptocurrency for the first time. Thats where the second benefit of our partnerships with mobile operators makes all the difference.

Our partners have agreed to begin the process of accepting Electroneum as payment from their customers. We are currently in negotiation with some enormous global brands who have expressed strong interest in adding Electroneum digital payments to the list of ways to pay.

We already have signed agreements in place to develop Electroneum payment integration for over 1.2 million agents, dealers and distributors in over 9 countries and have many more in negotiation.

As with all disruptive technology, the markets entrepreneurial spirit will find ways to accept and use Electroneum as our numbers of users grow into the 10s of millions.

By making our currency available to millions of people, and allowing those people to spend our currency, were poised to take cryptocurrency further than it has ever been.

See original here:
Electroneum. The Mobile Cryptocurrency.

Read More..

File-Based Encryption | Android Open Source Project

Android 7.0 and later supports file-based encryption (FBE). File-basedencryption allows different files to be encrypted with different keys that canbe unlocked independently.

This article describes how to enable file-based encryption on new devicesand how system applications can be updated to take full advantage of the newDirect Boot APIs and offer users the best, most secure experience possible.

Warning: File-based encryption cannotcurrently be used together with adoptable storage. On devices usingfile-based encryption, new storage media (such as an SD card) must be used astraditional storage.

File-based encryption enables a new feature introduced in Android 7.0 called DirectBoot. Direct Boot allows encrypted devices to boot straight to the lockscreen. Previously, on encrypted devices using full-diskencryption (FDE), users needed to provide credentials before any data couldbe accessed, preventing the phone from performing all but the most basic ofoperations. For example, alarms could not operate, accessibility services wereunavailable, and phones could not receive calls but were limited to only basicemergency dialer operations.

With the introduction of file-based encryption (FBE) and new APIs to makeapplications aware of encryption, it is possible for these apps to operatewithin a limited context. This can happen before users have provided theircredentials while still protecting private user information.

On an FBE-enabled device, each user of the device has two storage locationsavailable to applications:

This separation makes work profiles more secure because it allows more than oneuser to be protected at a time as the encryption is no longer based solely on aboot time password.

The Direct Boot API allows encryption-aware applications to access each of theseareas. There are changes to the application lifecycle to accommodate the need tonotify applications when a users CE storage is unlocked in response tofirst entering credentials at the lock screen, or in the case of work profileproviding aworkchallenge. Devices running Android 7.0 must support these new APIs andlifecycles regardless of whether or not they implement FBE. Although, withoutFBE, DE and CE storage will always be in the unlocked state.

A complete implementation of file-based encryption on an Ext4 file system isprovided in the Android Open Source Project (AOSP) and needs only be enabled ondevices that meet the requirements. Manufacturers electing to use FBE may wishto explore ways of optimizing the feature based on the system on chip (SoC)used.

All the necessary packages in AOSP have been updated to be direct-boot aware.However, where device manufacturers use customized versions of these apps, theywill want to ensure at a minimum there are direct-boot aware packages providingthe following services:

Android provides a reference implementation of file-based encryption, in whichvold (system/vold)provides the functionality for managing storage devices andvolumes on Android. The addition of FBE provides vold with several new commandsto support key management for the CE and DE keys of multiple users. In additionto the core changes to use the ext4 Encryptioncapabilities in kernel many system packages including the lockscreen and theSystemUI have been modified to support the FBE and Direct Boot features. Theseinclude:

* System applications that use the defaultToDeviceProtectedStoragemanifest attribute

More examples of applications and services that are encryption aware can befound by running the command mangrep directBootAware in theframeworks or packages directory of the AOSPsource tree.

To use the AOSP implementation of FBE securely, a device needs to meet thefollowing dependencies:

Note: Storage policies are applied to a folder and all of itssubfolders. Manufacturers should limit the contents that go unencrypted to theOTA folder and the folder that holds the key that decrypts the system. Mostcontents should reside in credential-encrypted storage rather thandevice-encrypted storage.

First and foremost, apps such as alarm clocks, phone, accessibility featuresshould be made android:directBootAware according to DirectBoot developer documentation.

The AOSP implementation of file-based encryption uses the ext4 encryptionfeatures in the Linux 4.4 kernel. The recommended solution is to use a kernelbased on 4.4 or later. Ext4 encryption has also been backported to a 3.10 kernelin the Android common repositories and for the supported Nexus kernels.

The android-3.10.y branch in the AOSP kernel/common git repository mayprovide a good starting point for device manufacturers that want to import thiscapability into their own device kernels. However, it is necessary to applythe most recent patches from the latest stable Linux kernel (currently linux-4.6)of the ext4 and jbd2 projects. The Nexus device kernels already include many ofthese patches.

Note that each of these kernels uses a backport to 3.10. The ext4and jbd2 drivers from linux 3.18 were transplanted into existing kernels basedon 3.10. Due to interdependencies between parts of the kernel, this backportbreaks support for a number of features that are not used by Nexus devices.These include:

In addition to functional support for ext4 encryption, device manufacturers mayalso consider implementing cryptographic acceleration to speed up file-basedencryption and improve the user experience.

FBE is enabled by adding the flagfileencryption=contents_encryption_mode[:filenames_encryption_mode]to the fstab line in the final column for the userdatapartition. contents_encryption_mode parameter defines whichcryptographic algorithm is used for the encryption of file contents andfilenames_encryption_mode for the encryption of filenames.contents_encryption_mode can be only aes-256-xts.filenames_encryption_mode has two possible values: aes-256-ctsand aes-256-heh. If filenames_encryption_mode is not specifiedthen aes-256-cts value is used.

Whilst testing the FBE implementation on a device, it is possible to specify thefollowing flag:forcefdeorfbe=”

This sets the device up with FDE but allows conversion to FBE for developers. Bydefault, this behaves like forceencrypt, putting the device intoFDE mode. However, it will expose a debug option allowing a device to be putinto FBE mode as is the case in the developer preview. It is also possible toenable FBE from fastboot using this command:

This is intended solely for development purposes as a platform for demonstratingthe feature before actual FBE devices are released. This flag may be deprecatedin the future.

The generation of keys and management of the kernel keyring is handled byvold. The AOSP implementation of FBE requires that the devicesupport Keymaster HAL version 1.0 or later. There is no support for earlierversions of the Keymaster HAL.

On first boot, user 0s keys are generated and installed early in the bootprocess. By the time the on-post-fs phase of initcompletes, the Keymaster must be ready to handle requests. On Nexus devices,this is handled by having a script block:

Note: All encryption is based on AES-256 inXTS mode. Due to the way XTS is defined, it needs two 256-bit keys; so ineffect, both CE and DE keys are 512-bit keys.

Ext4 encryption applies the encryption policy at the directory level. When adevices userdata partition is first created, the basic structuresand policies are applied by the init scripts. These scripts willtrigger the creation of the first users (user 0s) CE and DE keys as well asdefine which directories are to be encrypted with these keys. When additionalusers and profiles are created, the necessary additional keys are generated andstored in the keystore; their credential and devices storage locations arecreated and the encryption policy links these keys to those directories.

In the current AOSP implementation, the encryption policy is hardcoded into thislocation:

It is possible to add exceptions in this file to prevent certain directoriesfrom being encrypted at all, by adding to the directories_to_excludelist. If modifications of this sort are made then the devicemanufacturer should include SELinux policies that only grant access to theapplications that need to use the unencrypted directory. This should exclude alluntrusted applications.

The only known acceptable use case for this is in support of legacy OTAcapabilities.

To facilitate rapid migration of system apps, there are two new attributes thatcan be set at the application level. ThedefaultToDeviceProtectedStorage attribute is available only tosystem apps. The directBootAware attribute is available to all.

The directBootAware attribute at the application level is shorthand for markingall components in the app as being encryption aware.

The defaultToDeviceProtectedStorage attribute redirects the defaultapp storage location to point at DE storage instead of pointing at CE storage.System apps using this flag must carefully audit all data stored in the defaultlocation, and change the paths of sensitive data to use CE storage. Devicemanufactures using this option should carefully inspect the data that they arestoring to ensure that it contains no personal information.

When running in this mode, the following System APIs areavailable to explicitly manage a Context backed by CE storage when needed, whichare equivalent to their Device Protected counterparts.

Each user in a multi-user environment gets a separate encryption key. Every usergets two keys: a DE and a CE key. User 0 must log into the device first as it isa special user. This is pertinent for DeviceAdministration uses.

Crypto-aware applications interact across users in this manner:INTERACT_ACROSS_USERS and INTERACT_ACROSS_USERS_FULLallow an application to act across all the users on the device. However, thoseapps will be able to access only CE-encrypted directories for users that arealready unlocked.

An application may be able to interact freely across the DE areas, but one userunlocked does not mean that all the users on the device are unlocked. Theapplication should check this status before trying to access these areas.

Each work profile user ID also gets two keys: DE and CE. When the work challengeis met, the profile user is unlocked and the Keymaster (in TEE) can provide theprofiles TEE key.

The recovery partition is unable to access the DE-protected storage on theuserdata partition. Devices implementing FBE are strongly recommended to supportOTA using A/B system updates. Asthe OTA can be applied during normal operation there is no need for recovery toaccess data on the encrypted drive.

When using a legacy OTA solution, which requires recovery to access the OTA fileon the userdata partition:

To ensure the implemented version of the feature works as intended, employ themany CTS encryption tests.

Once the kernel builds for your board, also build for x86 and run under QEMU inorder to test with xfstest by using:

In addition, device manufacturers may perform these manual tests. On a devicewith FBE enabled:

Additionally, testers can boot a userdebug instance with a lockscreen set on theprimary user. Then adb shell into the device and usesu to become root. Make sure /data/data containsencrypted filenames; if it does not, something is wrong.

This section provides details on the AOSP implementation and describes howfile-based encryption works. It should not be necessary for device manufacturersto make any changes here to use FBE and Direct Boot on their devices.

The AOSP implementation uses ext4 encryption in kernel and is configured to:

Disk encryption keys, which are 512-bit AES-XTS keys, are stored encryptedby another key (a 256-bit AES-GCM key) held in the TEE. To use this TEE key,three requirements must be met:

The auth token is a cryptographically authenticated token generated byGatekeeperwhen a user successfully logs in. The TEE will refuse to use the key unless thecorrect auth token is supplied. If the user has no credential, then no authtoken is used nor needed.

The stretched credential is the user credential after salting andstretching with the scrypt algorithm. The credential is actuallyhashed once in the lock settings service before being passed tovold for passing to scrypt. This is cryptographicallybound to the key in the TEE with all the guarantees that apply toKM_TAG_APPLICATION_ID. If the user has no credential, then nostretched credential is used nor needed.

The secdiscardable hash is a 512-bit hash of a random 16 KB filestored alongside other information used to reconstruct the key, such as theseed. This file is securely deleted when the key is deleted, or it is encryptedin a new way; this added protection ensures an attacker must recover every bitof this securely deleted file to recover the key. This is cryptographicallybound to the key in the TEE with all the guarantees that apply toKM_TAG_APPLICATION_ID. See the KeystoreImplementer’s Reference.

Read more:
File-Based Encryption | Android Open Source Project

Read More..

What is quantum computing? – Definition from WhatIs.com

Quantum computing is the area of study focused on developing computer technology based on the principles of quantum theory, which explains the nature and behavior of energy and matter on the quantum (atomic and subatomic) level. Development of a quantum computer, if practical, would mark a leap forward in computing capability far greater than that from the abacus to a modern day supercomputer, with performance gains in the billion-fold realm and beyond. The quantum computer, following the laws of quantum physics, would gain enormous processing power through the ability to be in multiple states, and to perform tasks using all possible permutations simultaneously. Current centers of research in quantum computing include MIT, IBM, Oxford University, and the Los Alamos National Laboratory.

The essential elements of quantum computing originated with Paul Benioff, working at Argonne National Labs, in 1981. He theorized a classical computer operating with some quantum mechanical principles. But it is generally accepted that David Deutsch of Oxford University provided the critical impetus for quantum computing research. In 1984, he was at a computation theory conference and began to wonder about the possibility of designing a computer that was based exclusively on quantum rules, then published his breakthrough paper a few months later. With this, the race began to exploit his ideas. However, before we delve into what he started, it is beneficial to have a look at the background of the quantum world.

Quantum theory’s development began in 1900 with a presentation by Max Planck to the German Physical Society, in which he introduced the idea that energy exists in individual units (which he called “quanta”), as does matter. Further developments by a number of scientists over the following thirty years led to the modern understanding of quantum theory.

Niels Bohr proposed the Copenhagen interpretation of quantum theory, which asserts that a particle is whatever it is measured to be (for example, a wave or a particle) but that it cannot be assumed to have specific properties, or even to exist, until it is measured. In short, Bohr was saying that objective reality does not exist. This translates to a principle called superposition that claims that while we do not know what the state of any object is, it is actually in all possible states simultaneously, as long as we don’t look to check.

To illustrate this theory, we can use the famous and somewhat cruel analogy of Schrodinger’s Cat. First, we have a living cat and place it in a thick lead box. At this stage, there is no question that the cat is alive. We then throw in a vial of cyanide and seal the box. We do not know if the cat is alive or if it has broken the cyanide capsule and died. Since we do not know, the cat is both dead and alive, according to quantum law – in a superposition of states. It is only when we break open the box and see what condition the cat is in that the superposition is lost, and the cat must be either alive or dead.

The second interpretation of quantum theory is the multiverse or many-worlds theory. It holds that as soon as a potential exists for any object to be in any state, the universe of that object transmutes into a series of parallel universes equal to the number of possible states in which that the object can exist, with each universe containing a unique single possible state of that object. Furthermore, there is a mechanism for interaction between these universes that somehow permits all states to be accessible in some way and for all possible states to be affected in some manner. Stephen Hawking and the late Richard Feynman are among the scientists who have expressed a preference for the many-worlds theory.

Which ever argument one chooses, the principle that, in some way, one particle can exist in numerous states opens up profound implications for computing.

Classical computing relies, at its ultimate level, on principles expressed by Boolean algebra, operating with a (usually) 7-mode logic gate principle, though it is possible to exist with only three modes (which are AND, NOT, and COPY). Data must be processed in an exclusive binary state at any point in time – that is, either 0 (off / false) or 1 (on / true). These values are binary digits, or bits. The millions of transistors and capacitors at the heart of computers can only be in one state at any point. While the time that the each transistor or capacitor need be either in 0 or 1 before switching states is now measurable in billionths of a second, there is still a limit as to how quickly these devices can be made to switch state. As we progress to smaller and faster circuits, we begin to reach the physical limits of materials and the threshold for classical laws of physics to apply. Beyond this, the quantum world takes over, which opens a potential as great as the challenges that are presented.

The Quantum computer, by contrast, can work with a two-mode logic gate: XOR and a mode we’ll call QO1 (the ability to change 0 into a superposition of 0 and 1, a logic gate which cannot exist in classical computing). In a quantum computer, a number of elemental particles such as electrons or photons can be used (in practice, success has also been achieved with ions), with either their charge or polarization acting as a representation of 0 and/or 1. Each of these particles is known as a quantum bit, or qubit, the nature and behavior of these particles form the basis of quantum computing. The two most relevant aspects of quantum physics are the principles of superposition and entanglement .

Think of a qubit as an electron in a magnetic field. The electron’s spin may be either in alignment with the field, which is known as a spin-up state, or opposite to the field, which is known as a spin-down state. Changing the electron’s spin from one state to another is achieved by using a pulse of energy, such as from a laser – let’s say that we use 1 unit of laser energy. But what if we only use half a unit of laser energy and completely isolate the particle from all external influences? According to quantum law, the particle then enters a superposition of states, in which it behaves as if it were in both states simultaneously. Each qubit utilized could take a superposition of both 0 and 1. Thus, the number of computations that a quantum computer could undertake is 2^n, where n is the number of qubits used. A quantum computer comprised of 500 qubits would have a potential to do 2^500 calculations in a single step. This is an awesome number – 2^500 is infinitely more atoms than there are in the known universe (this is true parallel processing – classical computers today, even so called parallel processors, still only truly do one thing at a time: there are just two or more of them doing it). But how will these particles interact with each other? They would do so via quantum entanglement.

Entanglement Particles (such as photons, electrons, or qubits) that have interacted at some point retain a type of connection and can be entangled with each other in pairs, in a process known as correlation . Knowing the spin state of one entangled particle – up or down – allows one to know that the spin of its mate is in the opposite direction. Even more amazing is the knowledge that, due to the phenomenon of superpostition, the measured particle has no single spin direction before being measured, but is simultaneously in both a spin-up and spin-down state. The spin state of the particle being measured is decided at the time of measurement and communicated to the correlated particle, which simultaneously assumes the opposite spin direction to that of the measured particle. This is a real phenomenon (Einstein called it “spooky action at a distance”), the mechanism of which cannot, as yet, be explained by any theory – it simply must be taken as given. Quantum entanglement allows qubits that are separated by incredible distances to interact with each other instantaneously (not limited to the speed of light). No matter how great the distance between the correlated particles, they will remain entangled as long as they are isolated.

Taken together, quantum superposition and entanglement create an enormously enhanced computing power. Where a 2-bit register in an ordinary computer can store only one of four binary configurations (00, 01, 10, or 11) at any given time, a 2-qubit register in a quantum computer can store all four numbers simultaneously, because each qubit represents two values. If more qubits are added, the increased capacity is expanded exponentially.

Perhaps even more intriguing than the sheer power of quantum computing is the ability that it offers to write programs in a completely new way. For example, a quantum computer could incorporate a programming sequence that would be along the lines of “take all the superpositions of all the prior computations” – something which is meaningless with a classical computer – which would permit extremely fast ways of solving certain mathematical problems, such as factorization of large numbers, one example of which we discuss below.

There have been two notable successes thus far with quantum programming. The first occurred in 1994 by Peter Shor, (now at AT&T Labs) who developed a quantum algorithm that could efficiently factorize large numbers. It centers on a system that uses number theory to estimate the periodicity of a large number sequence. The other major breakthrough happened with Lov Grover of Bell Labs in 1996, with a very fast algorithm that is proven to be the fastest possible for searching through unstructured databases. The algorithm is so efficient that it requires only, on average, roughly N square root (where N is the total number of elements) searches to find the desired result, as opposed to a search in classical computing, which on average needs N/2 searches.

The above sounds promising, but there are tremendous obstacles still to be overcome. Some of the problems with quantum computing are as follows:

Even though there are many problems to overcome, the breakthroughs in the last 15 years, and especially in the last 3, have made some form of practical quantum computing not unfeasible, but there is much debate as to whether this is less than a decade away or a hundred years into the future. However, the potential that this technology offers is attracting tremendous interest from both the government and the private sector. Military applications include the ability to break encryptions keys via brute force searches, while civilian applications range from DNA modeling to complex material science analysis. It is this potential that is rapidly breaking down the barriers to this technology, but whether all barriers can be broken, and when, is very much an open question.

View post:
What is quantum computing? – Definition from WhatIs.com

Read More..