Category Archives: Encryption
Insta’s AI finds nudes in encrypted DMs – iTnews
Instagram nudes sent or received by under-18s will be detected and blurred with device-based software able to scan end-to-end encrypted (E2EE) direct messages (DMs).
The launch of the client-side feature coincides with Facebook Messengers current, and Instagrams planned, global rollout of E2EE, which police and regulators have opposed.
E2EE is not interoperable with the server-based software Meta currently uses to detect, remove and report child sexual exploitation material (CSEM).
Following pushback against mandatory E2EE backdoors, online safety watchdogs in the UK and Australia have more recently pitched scanning communications from users devices, or from government-owned, intermediary servers, as an alternative method of detecting and removing illegal content.
However, unlike the device-based content scanning technology that UK and Australian regulators are pushing E2EE providers to deploy, Instagrams Nudity Protection feature does not block illicit material.
The settings, default for teens and available to adults, warn users of the dangers of sexual exploitation scams and revenge porn, but still allows them to unblur detected nudes.
Meta wont have access to these images unless someone chooses to report them to us, the company, which, in the last financial year, handed 5054 users data to various Australian law enforcement and regulatory bodies, said in a statement.
Acting eSafety Commissioner Toby Dagg told iTnews that he welcomes the feature, but would also welcome further information from Meta about the long-term efficacy and uptake of these tools over time.
Scanning platforms for crime
Dagg said that eSafetys transparency notices to 29 services, including those owned by tech giants Apple, Meta, Microsoft and Google had mapped out the use of language analysis processing to detect child grooming, which Xbox Live, Facebook, Instagram, TikTok and Twitch currently use.
Reports to our investigators show that the criminals behind these [sexual extortion] scams initially make contact posing as an attractive young woman on social media services, with Instagram and Snapchat the most frequently targeted.
When unencrypted, Facebook, Instagram, TikTok, Twitch, Google Chat, Twitter, TikTok, Snapchat, Xbox Live, and Discord messages are scanned for verified CSEM, reports eSafety released in 2022 [pdf] and 2023 [pdf] revealed.
Instagram, Facebook, YouTube, Discord and Twitch also use AI trained on verified CSEM to detect new CSEM.
Automate detect and block regime
Dagg said that eSafetys transparency powers to evaluate platforms detection software work hand in hand with new mandatory codes which require providers of online products and services in Australia to do more to address the risk of harmful material, including child sexual exploitation material and grooming.
In the UK and Australia, Meta, Apple, Signal and other E2EE providers are pushing back against their inclusion in industry codes that could mandate solutions that scan, detect and block content before encryption when the regulator deems it "technically feasible" for the provider in question.
Technical feasibility depends on whether it is reasonable for service providers to incur the costs of taking action, having regard to the level of risk to the online safety of end-users.
eSafety has said that scanning communications from a device or government-owned server would not amount to mandating companies to design systematic vulnerabilities or weaknesses into any of their end-to-end encrypted services.
Metas submission [pdf] to eSafety said that, unless the industry codes explicitly defined technically feasibility to exclude solutions that could render methods of encryption less effective, they could force providers to design systematic vulnerabilities or weaknesses.
Like Apples similar, device-side child safety features for iMessage, Metas nudity protection feature is likely aimed at demonstrating to authorities that harmful E2EE material can be reduced without third-parties directly blocking or reporting it.
eSafetys Updated Position Statement on End-to-end encryption [pdf], released in October, said Apples child safety feature demonstrates at scale that device side tools can be used alongside E2EE, without weakening encryption and while protecting privacy.
It adds, however, that Apples intervention is limited in that it does not prevent the sharing of illegal material or activity, or enable accounts to be banned by the service.
eSafety was more supportive of Apples iCloud solution [pdf], which Apple discontinued after a backlash from privacy advocates.
The iCloud solution would have scanned content from users' devices before it was uploaded to their backup; police would have been alerted when illegal material was detected.
Apple's director of user privacy and child safety Erik Neuenschwander said in an email [pdf] obtained by Wired that the project was ditched over concerns it could create new threat vectors for data thieves to find and exploit" and lead to authoritarian surveillance through function creep.
How can users be assured that a tool for one type of surveillance has not been reconfigured to surveil for other content such as political activity or religious persecution? the email - sent to a child rights group that supported Apple readopting the solution - said in August.
See the original post:
Insta's AI finds nudes in encrypted DMs - iTnews
Top 10 Companies with Exceptional Encryption in 2024 – Analytics Insight
Cybersecurity has become an essential issue in the world of digital innovation where cyber threats are evolving at a fast pace. Effective encryption is a necessity. Encryption goes hand in hand with the defense system against illegal access to confidential information, namely, such information being at rest or in transit. Consequently, the data integrity of a system is protected. The intricacies of data encryption in 2024 demand exploration, with some companies standing out from the crowd for their best encryption practices, thus providing the high-quality protection of a companys most important data assets.
In its role as a titanic webmaster that offers the likes of Gmail to Google Drive, encryption is a security principle Google has always stood by with fortitude. With policies and projects such as the Advanced Protection Program and the development of default encryption in all of its products, Google will be the landmark in the direction of data privacy in the age of digital.
Powered by a comprehensive toolkit of enterprise services and cloud options, Microsoft continues as the leader in encryption architecture. Ranging from super strong encryption algorithms to evolutionary threat detection capabilities to the multiple security attributes Microsoft products and services are made up of, it is plain to see security is embedded in its DNA.
The Apple system has been always characterized by its privacy orientation thanks to its implementation of encryption technologies for its hardware or software. Apple has invested in steps like end-to-end encryption on iMessage and Secure Enclave technology in devices which are designed to maintain privacy and functionality in place at the same time.
As the major player in cloud computing provisioning through AWS, Amazon built its encryption technologies to do data protection for customer purposes. As AWS has elements such as AWS KMS and encryption at rest and during transit, it not only encourages businesses to feel more secure but also assists them in encrypting in the cloud effectively.
Responding to the growing realization of the efficiency of using encryption in networking communications, Cisco incorporates cryptographic features into its range of communication hardware and software solutions. Another feature of Cisco is Cisco Encrypted Traffic Analytics and Cisco AnyConnect VPN which allows the organizations to protect the data across the network periphery.
Fortinet has expertise in providing cyber concerns and its broad range of encryption devices is tailored to address the growing threat landscape. Among which SSL examination, and encryption management, and the last one defends a network from advanced threats is just an example of what Fortinet offers to the organization.
Symantec, by accumulating great cyber security products over time, has become a highly valued name in the industry that sells such services. Symantec secures organizations through its varieties of Symantec end point encryption and Symantec data loss prevention software. This helps the companies to keep their sensitive data safe and reduce the risk of threats.
Encryption is at the core of Sophos enterprise cybersecurity solutions, which is why the encryption functionality is written as a critical feature in its product catalog. With these instruments in place, those organizations can secure the most sensitive data from vulnerabilities including but not limited to Sophos SafeGuard Encryption and the intercepting and blocking threats by Sophos Intercept X.
Growing as a global giant in cybersecurity, Trend Micro, its encryption solutions are on target, dealing with the ever-growing cyber threats in this modern era. Trend Micro now offers products like Deep Security and Data Loss Prevention. Such tools become the companys main weapon to defend their data whether its endpoints, networks, or cloud from being lost, leaked, or stolen.
This is an ordinary tool that prevents the data from being exploited by cybercriminals and other cyber threats. It has been seen above that the listed enterprises have demonstrated good abilities in protecting top-10 vital assets through the use of a practical encryption technique.
As a trusted and established player in the team of industry IBM implements encryption as one of the basic elements of its cybersecurity capabilities. With IBM Security Guardium and IBM Data Privacy Passports two powerful instruments, IBM enables organizations to protect data assets from all threats and ensure compliance with the essential data privacy regulations.
Read more:
Top 10 Companies with Exceptional Encryption in 2024 - Analytics Insight
Over and out? Public Advocate Jumaane Williams says keeping public access to NYPD radios more critical in wake of … – amNY
Public Advocate Jumaane Williams.
Photo by Dean Moses
Weeks after 19-year-old Win Rozario was shot to death by police during a mental health crisis, Public Advocate Jumaane Williams and other elected officials told amNewYork Metro that it is imperative that the press have access to NYPD radio chatter.
Those comments come as the NYPD continues a methodical plan to eventually encrypt all police radio communications, shutting out journalists and the public from chatter in a purported effort to block out criminals who could use the frequencies to their advantage.
Journalists descended on Rozarios Ozone Park home on March 27 after it was reported that he was gunned down while wielding scissors shortly after he himself dialed 911. Members of the media were able to get the news of the shooting out rapidly thanks to having heard the incident unfold in real time via police radio communication.
But should the NYPD stay on course with its encryption plan it already locked out communications in northern Brooklyn and Staten Island for all of New York City, it will make such independent reporting on police incidents almost impossible. Thats something which deeply concerns Williams and others in city government.
Its really disturbing, Public Advocate Williams told amNewYork Metro regarding police encryption plans. This administration has a pattern of trying to be less transparent. This seems to be in that modality.
Williams indicated that he and fellow elected officials have put forward ideas in order to ensure the media could maintain access, yet he says the brainstorming has fallen on deaf ears.
Police say the encryption process, which is expected to be completed in 2025, is intended to keep criminals from listening in to their response and planning it. When the NYPD first announced that some radio channels would be going dark, they also stated that they were mulling over how exactly to give media access on a timed delay. Yet as time wore on and more police channels were taken offline, the NYPD has come no closer to providing media access.
Elected leaders like Williams believe it is a necessity and in the public interest for the press to maintain access to police chatter, in real time.
Its one hundred percent needed for the media to be able to have access, Williams said. Going dark completely for the public and the media unfortunately follows the pattern that we have seen of this administration, and I am concerned about it.
Bronx Council Member Pierina Sanchez also weighed in on the debate, going as far as to say that locking press out of radios is dangerous.
I think complete and total and complete encryption of NYPD radios is dangerous to public safety. It is bad for accountability, It is bad for transparency for the public, Sanchez told amNewYork Metro.
The Councilmember conceded that certain aspects of police radios should be taken off the airwaves, such as specific investigation information. However,she said that should be the expectation and not the norm.
I think public transparency is really the most important and access to the media is a really important component of keeping New York City safe, Sanchez noted.
Future quantum computers will be no match for ‘space encryption’ that uses light to beam data around with the 1st … – Livescience.com
By converting data into light particles and beaming them around the world using satellites, we could prevent encrypted messages from being intercepted by a superpowerful quantum computer, scientists claim.
Currently, messaging technology relies on mathematical, or cryptographic, methods of protection, including end-to-end encryption. This technology is used in WhatsApp as well as by corporations, the government and the military to protect sensitive data from being intercepted.
Encryption works by scrambling data or text into what appears to be nonsense, using an algorithm and a key that only the sender and recipient can use to unlock the data. These algorithms can, in theory, be cracked. But they are designed to be so complex that even the fastest supercomputers would take millions of years to translate the data into something readable.
Quantum computers change the equation. Although the field is young, scientists predict that such machines will be powerful enough to easily break encryption algorithms someday. This is because they can process exponentially greater calculations in parallel (depending on how many qubits they use), whereas classical computers can process calculations only in sequence.
Fearing that quantum computers will render encryption obsolete someday, scientists are proposing new technologies to protect sensitive communications. One field, known as "quantum cryptography," involves building systems that can protect data from encryption-beating quantum computers.
Unlike classical cryptography, which relies on algorithms to scramble data and keep it safe, quantum cryptography would be secure thanks to the weird quirks of quantum mechanics, according to IBM.
For example, in a paper published Jan. 21 in the journal Advanced Quantum Technologies, scientists describe a mission called "Quick3," which uses photons particles of light to transmit data through a massive satellite network.
Get the worlds most fascinating discoveries delivered straight to your inbox.
Related: Experts divided over claims of 1st 'practical' algorithm to protect data from quantum computers
"Security will be based on the information being encoded into individual light particles and then transmitted," Tobias Vogl, professor of quantum communication systems engineering at TUM and co-author of the paper, said in a statement. "The laws of physics do not permit this information to be extracted or copied."
That's because the very act of measuring a quantum system changes its state.
"When the information is intercepted, the light particles change their characteristics," he added. "Because we can measure these state changes, any attempt to intercept the transmitted data will be recognized immediately, regardless of future advances in technology."
The challenge with traditional Earth-based quantum cryptography, however, lies in transmitting data over long distances, with a maximum range of just a few hundred miles, the TUM scientists said in the statement. This is because light tends to scatter as it travels, and there's no easy way to copy or amplify these light signals through fiber optic cables.
Scientists have also experimented with storing encryption keys in entangled particles meaning the data is intrinsically shared between two particles over space and time no matter how far apart. A project in 2020, for example, demonstrated "quantum key distribution" (QKD) between two ground stations 700 miles apart (1,120 km).
When it comes to transmitting photons, however, at altitudes higher than 6 miles (10 kilometers), the atmosphere is so thin that light is not scattered or absorbed, so signals can be extended over longer distances.
The Quick3 system would involve the entire system for transmitting data in this way, including the components needed to build the satellites. The team has already tested each component on Earth. The next step will be to test the system in space, with a satellite launch scheduled for 2025.
They will probably need hundreds, or perhaps even thousands, of satellites for a fully working quantum communications system, the team said.
See more here:
Future quantum computers will be no match for 'space encryption' that uses light to beam data around with the 1st ... - Livescience.com
Backdoor found in widely used Linux utility breaks encrypted SSH connections – Ars Technica
Enlarge / Internet Backdoor in a string of binary code in a shape of an eye.
Getty Images
Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian.
The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versionsspecifically, in Fedora Rawhide and Debian testing, unstable and experimental distributions. A stable release of Arch Linux is also affected. That distribution, however, isn't used in production systems.
Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, it's not really affecting anyone in the real world, Will Dormann, a senior vulnerability analyst at security firm Analygence, said in an online interview. BUT that's only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.
Several people, including two Ars readers, reported that the multiple apps included in the HomeBrew package manager for macOS rely on the backdoored 5.6.1 version of xz Utils. HomeBrew has now rolled back the utility to version 5.4.6. Maintainers have more details available here.
The first signs of the backdoor were introduced in a February 23 update that added obfuscated code, officials from Red Hat said in an email. An update the following day included a malicious install script that injected itself into functions used by sshd, the binary file that makes SSH work. The malicious code has resided only in the archived releasesknown as tarballswhich are released upstream. So-called GIT code available in repositories arent affected, although they do contain second-stage artifacts allowing the injection during the build time. In the event the obfuscated code introduced on February 23 is present, the artifacts in the GIT version allow the backdoor to operate.
The malicious changes were submitted by JiaT75, one of the two main xz Utils developers with years of contributions to the project.
Given the activity over several weeks, the committer is either directly involved or there was some quite severe compromise of their system, Freund wrote. Unfortunately the latter looks like the less likely explanation, given they communicated on various lists about the fixes provided in recent updates. Those updates and fixes can be found here, here, here, and here.
On Thursday, someone using the developer's name took to a developer site for Ubuntu to ask that the backdoored version 5.6.1 be incorporated into production versions because it fixed bugs that caused a tool known as Valgrind to malfunction.
This could break build scripts and test pipelines that expect specific output from Valgrind in order to pass, the person warned, from an account that was created the same day.
One of maintainers for Fedora said Friday that the same developer approached them in recent weeks to ask that Fedora 40, a beta release, incorporate one of the backdoored utility versions.
We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added), the Ubuntu maintainer said. "He has been part of the xz project for two years, adding all sorts of binary test files, and with this level of sophistication, we would be suspicious of even older versions of xz until proven otherwise."
Maintainers for xz Utils didnt immediately respond to emails asking questions.
The malicious versions, researchers said, intentionally interfere with authentication performed by SSH, a commonly used protocol for connecting remotely to systems. SSH provides robust encryption to ensure that only authorized parties connect to a remote system. The backdoor is designed to allow a malicious actor to break the authentication and, from there, gain unauthorized access to the entire system. The backdoor works by injecting code during a key phase of the login process.
I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access, Freund wrote. Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution.
In some cases, the backdoor has been unable to work as intended. The build environment on Fedora 40, for example, contains incompatibilities that prevent the injection from correctly occurring. Fedora 40 has now reverted to the 5.4.x versions of xz Utils.
Xz Utils is available for most if not all Linux distributions, but not all of them include it by default. Anyone using Linux should check with their distributor immediately to determine if their system is affected. Freund provided a script for detecting if an SSH system is vulnerable.
Here is the original post:
Backdoor found in widely used Linux utility breaks encrypted SSH connections - Ars Technica
Quantum Encryption: The New Frontier in Cybersecurity – yTech
Amidst the backdrop of heightened cyber threats and the rise of quantum computing, Toshiba and network specialist Ciena have made a breakthrough in data protection with their introduction of a quantum key distribution (QKD) system at the recent OFC Conference. This advancement in secure communication technology has industry experts looking closely at quantum encryptions potential to withstand the sophisticated hacking attempts of the future.
Summary: Toshiba and Cienas QKD system is a state-of-the-art approach to cybersecurity, using the laws of quantum mechanics to generate cryptographic keys that are almost invulnerable to attacks. The systems introduction aligns with evolving security needs as companies like Verizon and SpaceX experiment with quantum encryption for both terrestrial and extraterrestrial communication. The market for quantum encryption is expected to grow exponentially, yet integration and global standardization present notable challenges. Investments are being made to conquer these hurdles and harness the full possibilities of this pioneering technology.
Quantum encryption showcases the peculiar nature of quantum mechanics to produce cryptographic keys that are virtually impossible to intercept or decode. This technology is not just rooted on the ground; its expanding its reach to protect digital information exchanged through satellites and other non-terrestrial means.
Despite its promising prospects, the adoption of quantum cryptography entails overcoming significant integration issues with existing network systems and establishing consistent international protocols. Still, with the potential for incredible market expansion and its capacity to transform security models across numerous industries, quantum encryption remains a focal point for investors.
Individuals and organizations keen on the progression of cybersecurity have ample resources through industry innovators such as Toshiba and Ciena. Their ongoing research and dialogue offer a window into the advancements shaping the cybersecurity domain. With continuous technological development, the introduction of quantum encryption could set a new standard in the protection against emergent and future cyber anomalies. The collaborative work across industries will be crucial in determining the speed and success with which quantum cryptography becomes a mainstream security asset.
The Emergence of Quantum Encryption in the Cybersecurity Industry
The cybersecurity industry stands at the cusp of a revolution with the advent of quantum key distribution (QKD) systems spearheaded by major players like Toshiba and network expert Ciena. This leap in security technology is particularly significant in light of the increasing cyber threats and the anticipated impact of quantum computing on encryption. QKD utilizes the principles of quantum mechanics to create cryptographic keys that are exceedingly difficult for would-be attackers to hack, marking a paradigm shift in how information is secured.
Market Forecasts and Implications for Quantum Cryptography
As the threat landscape evolves, so does the urgency for advanced security measures. Companies such as Verizon and SpaceX are experimenting with quantum encryption to safeguard both earthly and space-based communications. The promise held by quantum encryption technology has profound implications, driving the market towards significant growth. Analysts project that the quantum encryption market will witness explosive expansion in the coming years, with demand permeating from government, financial services, healthcare, and other sectors seeking robust defense mechanisms against cyber espionage and data breaches.
Challenges of Integration and Standardization
Despite the optimistic outlook, integrating quantum cryptography with existing network infrastructures is fraught with complexities. The challenge is not only technological but also involves the harmonization of international standardsa herculean task that requires global cooperation. Investors and technologists are actively seeking solutions to streamline this process, ensuring that the transition to quantum-secure networks does not compromise functionality or interoperability.
The Pioneers in Quantum Cryptography
At the forefront of these developments, Toshiba and Ciena continue to drive innovation in the field, providing critical insights into how quantum encryption can be deployed effectively. Their groundbreaking work, including their presence at prominent events like the OFC Conference, provides a glimpse into the future of cybersecurity and the role quantum technologies will play in it.
Industry stakeholders can explore further advancements and acquire knowledge from leaders in the cyber and quantum realms through reputable sources and innovators. For those interested, reliable information can be accessed through the official websites of industry leaders such as Toshiba and Ciena.
Securing the Future
Quantum encryption is rapidly progressing from a theoretical concept to a pivotal industry resource with the capability to redefine security standards. The intersection of academia, industry, and policy will be instrumental in driving the adoption of quantum cryptography, offering substantial protection for the digital infrastructure of tomorrow. The journey to ubiquitous quantum encryption is contingent upon the collaborative efforts of experts globally, determined to leverage this nascent technology for a more secure future in the face of ever-advancing cyber threats.
Jerzy Lewandowski, a visionary in the realm of virtual reality and augmented reality technologies, has made significant contributions to the field with his pioneering research and innovative designs. His work primarily focuses on enhancing user experience and interaction within virtual environments, pushing the boundaries of immersive technology. Lewandowskis groundbreaking projects have gained recognition for their ability to merge the digital and physical worlds, offering new possibilities in gaming, education, and professional training. His expertise and forward-thinking approach mark him as a key influencer in shaping the future of virtual and augmented reality applications.
Visit link:
Quantum Encryption: The New Frontier in Cybersecurity - yTech
Quantum Encryption: The Vanguard of Digital Safety – yTech
Summary: During the OFC Conference, Toshiba and Ciena presented a groundbreaking secure communications platform employing quantum key distribution, poised to become a fundamental countermeasure against advanced cyber threats, including strategies that leverage the future capabilities of quantum computers.
Amid the mounting concerns over cyber security, a revolutionary technology was unveiled at the recent OFC Conference, signaling a transformative era in cybersecurity with quantum encryption. Toshiba, collaborating with network specialist Ciena, showcased their quantum key distribution (QKD) platform, capable of protecting data transmissions at rapid speeds, a necessity in the metropolitan networks domain.
This technology exemplifies innovation, drawing on the properties of quantum mechanics to enforce powerful security through undecipherable cryptographic keys. The demonstration at the conference illustrated the utilization of Toshibas QKD apparatus in conjunction with Cienas Waveserver 5, culminating in a reinforced, secure transmission network that exemplifies the capability of a Trusted Node system.
Quantum encryptions significance transcends terrestrial limitations. With Verizon experimenting with a quantum-safe virtual network and SpaceX extending quantum key distribution to safeguard satellite communications, the potential applications are as wide as the spectrum of modern communication itself. The absorption of such technology by these sector behemoths indicates a market ready to embrace quantum encryption to counteract potential future cyber-attacks, including those by quantum computers.
Quantum encryption is not without its challenges; from integrating this nascent technology into existing infrastructures to developing standards for universal application. Nonetheless, the market prospects look promising, with increasing investment and research pushing forward this cryptographic frontier.
For further insight into the evolutions of quantum cryptography and other technological advancements, resources such as Toshiba and Ciena provide in-depth knowledge for industry and academic professionals alike. They offer a glimpse into the current technological landscape and the essentials for potential future market dynamics in cybersecurity.
Quantum Encryption Technology: Industry and Market Outlook
The introduction of quantum encryption technology, featuring quantum key distribution (QKD), at the OFC Conference serves as a landmark in the cybersecurity industry. As Toshiba and Ciena navigate the forefront of this space, the implication of their success could redefine how sensitive information is protected across various communication platforms.
The cybersecurity industry is currently faced with the daunting prospect of quantum computer attacks which could render traditional encryption methods obsolete. Herein lies the significance of QKD; it uses the principles of quantum mechanics to create keys which are virtually impossible to intercept without detection. Given the universal importance of data security, this technology has vast implications across numerous sectors, including government, military, financial services, and healthcare.
Market Forecasts for Quantum Cryptography
As quantum technology becomes more tangible, market forecasts reflect an optimistic growth trajectory. Quantum cryptography is expected to experience exponential growth due to the increasing need for secure communications. A report by MarketsandMarkets suggests that the global quantum cryptography market size is expected to grow from an estimated value of USD 89 million in 2020 to USD 214 million by 2025, at a Compound Annual Growth Rate (CAGR) of 19.1% during the forecast period.
This growth is fueled by the rising incidents of cyber threats, government investment in secure communications, and multinational corporations recognizing the urgent need for next-generation security solutions. With companies like Verizon and SpaceX investing in QKD, it indicates a pronounced confidence in its market potential and viability.
Challenges and Advancements in the Quantum Encryption Sector
Despite the markets upward trend, quantum encryption technology is not without hurdles. Key issues include the complexity of integrating this leading-edge technology into existing communication infrastructures and the need for developing universally accepted standards. Additionally, the current reach of QKD is limited in distance, and quantum technologies often require extreme operating conditions, such as very low temperatures, to function effectively.
However, the industry continues to invest heavily in research and development, addressing limitations and enhancing usability. Innovations in QKD systems, such as the Trusted Node system demonstrated by Toshiba and Ciena, hint at a future of more robust and practical quantum-resistant networks that could withstand the capabilities of quantum computers.
For those seeking a deeper understanding of the expanding domain of quantum cryptography and its associated technologies, reputable sites like Toshiba and Ciena can offer a wealth of knowledge. These resources stand as pillars for professionals interested in the ongoing narrative of cybersecurity technology and the market possibilities that it presents. With continuous advancement and the collaboration of tech giants, quantum encryption is becoming an increasingly integral part of the conversation on securing the future of communication.
Leokadia Gogulska is an emerging figure in the field of environmental technology, known for her groundbreaking work in developing sustainable urban infrastructure solutions. Her research focuses on integrating green technologies in urban planning, aiming to reduce environmental impact while enhancing livability in cities. Gogulskas innovative approaches to renewable energy usage, waste management, and eco-friendly transportation systems have garnered attention for their practicality and effectiveness. Her contributions are increasingly influential in shaping policies and practices towards more sustainable and resilient urban environments.
See more here:
Quantum Encryption: The Vanguard of Digital Safety - yTech
GoFetch: Apple chips vulnerable to encryption key stealing attack – SC Media
Apple M-series chips are vulnerable to a side-channel attack called GoFetch, which exploits data memory-dependent prefetchers (DMPs) to extract secret encryption keys.
DMPs are a feature of some modern processors that use memory access patterns to predict which data might be useful, and preload that data into cache memory for fast access.
A group of researchers discovered that the DMP process in Apple M-series chips (M1, M2 and M3) could be probed using attacker-selected inputs, and its prefetching behavior analyzed to ultimately predict encryption keys generated by the intended target. The researchers published their findings in a paper shared on their website Thursday.
This bug can extract encryption keys, which is a problem for servers (using TLS) or for those organizations where users are encrypting information. Largely, it will probably be highly secure environments that need to worry the most over this, but any organization running Apple CPUs and using encryption should be concerned, John Bambanek, president of Bambanek Consulting, told SC Media in an email.
The researchers GoFetch exploit involves feeding guesses into the targeted cryptographic application and observing changes in memory access on the system indicating prefetching patterns. By refining their inputs based on the observed changes, and correlating signals from the DMP to bits of cryptographic data, an attacker could ultimately infer the targeted encryption keys.
This attack essentially circumvents the safeguards of constant-time cryptography, which prevents side-channel extraction of encryption keys by eliminating any relationship between secret data contents and their execution timing.
The GoFetch researchers demonstrated that their proof-of-concept exploit works against Go RSA-2048 encryption, OpenSSL Diffie-Hellman key exchange (DHKE), and even the post-quantum encryption protocols CRYSTALS-Kyber and CRYSTALS-Dilithium. The attack takes a minimum of about 49 minutes (against Go RSA keys) and up to 15 hours (against Dilithium keys) to complete on average.
The attack was primarily tested on Apples M1 processor, but the groups investigations of the M2 and M3 CPUs indicated similar DMP activation patterns, suggesting they are likely vulnerable to the same exploit, the researchers said.
The Intel 13th generation Raptor Lake processor also uses a DMP in its microarchitecture, but the researchers found it was not as susceptible to attack due to its more restrictive activation criteria.
As a microarchitectural hardware feature of Apple chips, the DMPs susceptible to GoFetch cannot be directly patched. However, some mitigations are available to prevent or lower the likelihood of attack.
The attack requires the attackers GoFetch process (which probes and monitors the DMP) to run locally on the same machine as the targeted process, so avoiding the installation of suspicious programs is one line of defense.
Apple cited the ability to enable data-independent timing (DIT) as a mitigation for GoFetch in an email to SC Media. Enabling DIT, which is available on M3 processors, disables the vulnerable DMP feature, Ars Technica reported.
The researchers also noted that DMP does not activate for processes running on Apples Icestorm efficiency cores. Restricting cryptographic processes to these smaller cores will prevent GoFetch attacks but will also likely result in a performance reduction.
Cryptographic software providers can also use techniques like input blinding to mask the contents being fetched, but this also presents challenges in terms of performance penalties. Overall, users are recommended to keep any cryptographic software up to date as providers make changes to counter side-channel attack risks.
The researchers have said they will be releasing the proof-of-concept soon, which will significantly lower the difficulty to exploit this bug, Bambenek commented. There isnt much for [users] to do except to wait for encryption software writers to release updates and to see whether those vendors will create a configurable option so CISOs can choose speed or higher security.
The GoFetch vulnerability was disclosed to Apple in December 2023 and the researchers paper states Apple was investigating the PoC. An Apple spokesperson expressed gratitude toward the researchers in a comment to SC Media without disclosing further details about an investigation.
The vulnerability was also reported to the Go Crypto, OpenSSL and CRYSTALS teams. Go Crypto said the attack was considered low severity, OpenSSL said local side-channel attacks fall outside of its threat model, and CRYSTALS acknowledged that hardware fixes would be needed to resolve the issue in the long term.
SC Media reached out to the GoFetch team to ask about industry reactions to their research and did not receive a reply.
Link:
GoFetch: Apple chips vulnerable to encryption key stealing attack - SC Media
Quantum Encryption Showcased as a Future-Proof Security Solution – yTech
Summary: A recent demonstration at the OFC Conference highlights the promising future of quantum encryption. Toshiba and Ciena presented a secure communications platform, employing quantum key distribution (QKD) to address the threat of advanced cyber attacks, including the worrisome harvest now, decrypt later strategies facilitated by tomorrows quantum computers.
In a significant leap forward for data security, Toshiba, in collaboration with Ciena, showcased a pioneering quantum encryption platform at the OFC Conference. This innovation is poised to effectively safeguard metropolitan network communications at speeds reaching 800 Gbps. This groundbreaking technology introduces a crucial protective measure against futuristic cyber threats that involve collecting encrypted information today with the intent to decipher it using powerful quantum computers later on.
Quantum key distribution, the centerpiece of this advancement, guarantees an unprecedented level of security by utilizing quantum principles to create virtually unbreakable keys. During the conference demonstration, keys forged by Toshibas QKD equipment were essential in securing data transmissions over Cienas Waveserver 5 in a complex network scenario, featuring what is known as a Trusted Node for added security robustness.
The effectiveness of quantum encryption isnt just limited to terrestrial applications. Industry giants like Verizon and SpaceX are also venturing into quantum key technology. Verizon has been experimenting with a Quantum Safe Virtual Private Network to enhance data security, and SpaceX has recently participated in a demonstration aiming to safeguard satellite communications against current and future cyber threats. The growing interest and rapid development in quantum technology signal a pivotal shift in cybersecurity, ensuring a safer digital landscape against the backdrop of ever-evolving cyber risks.
Quantum Encryption: Securing the Future of Cybersecurity
Quantum encryption represents a major innovation in the field of data security. As demonstrated at the OFC Conference, this cutting-edge technology offers a solution to the increasing danger of cyber-attacks, specifically the threat posed by future quantum computing capabilities. Organizations and industries that rely on secure data transmission are particularly interested in quantum key distribution (QKD) as a means to safeguard communications against emerging threats.
The introduction of QKD into data security is driven by the quantum mechanics principle that observation affects the state of quantum particles, thereby creating extremely secure cryptographic keys. The partnership between Toshiba and Ciena is a testament to how technology companies are pushing the boundaries to ensure data security can keep pace with advances in computational power.
As quantum computing continues to develop, the potential for its use in cyber attacks becomes more significant. The harvest now, decrypt later strategy is of particular concern, where data encrypted with traditional methods today could potentially be decrypted with ease once quantum computers reach a certain level of sophistication. This makes the deployment of quantum-resistant technologies imperative.
Industry Analysis and Market Forecasts
The global quantum cryptography market is seeing a surge in growth, with significant investments being made across various sectors. As per market analysis, the demand for quantum encryption solutions is expected to rise rapidly. This growth is driven by the increasing need for secure communication systems in the defense, government, and financial services industries, along with the rising threat of cyber espionage.
The market forecast for quantum cryptography indicates a continuous and significant increase. Advancements in technology and rising awareness of quantum threats are expected to push organizations to adopt QKD and related technologies to protect sensitive information.
Key Industry Issues
Despite its promising potential, the quantum encryption industry also faces various challenges:
Technology Integration: Integrating quantum encryption technology into existing communication infrastructure can be complex and costly. Accessibility and Scalability: Making this technology widely accessible and scalable for various applications is a hurdle that companies must overcome. Standardization: The development of universal standards for quantum encryption is still in its early stages, which can lead to compatibility issues between different systems and products. Research and Development: Quantum encryption is still a relatively new field that requires substantial investment in research and development to continue improving the technology and its applications.
The exploration and application of quantum key distribution (QKD) are still in their infancy, and as such, there is a need for further research and investment to uncover its full potential and to address implementation challenges.
For information on the current state and future prospects of the tech industry, including advances in quantum encryption, you might consider visiting authoritative sites like Toshiba or Ciena, which can provide insights into the developing technologies shaping the security landscape. Additionally, information on broader technology trends and market dynamics can be found on platforms like Space for satellite communications news or Verizon for advancements in network security. These resources offer valuable information regarding the evolving nature of cybersecurity and the role quantum technologies are playing.
Iwona Majkowska is a prominent figure in the tech industry, renowned for her expertise in new technologies, artificial intelligence, and solid-state batteries. Her work, often at the forefront of innovation, provides critical insights into the development and application of cutting-edge AI solutions and the evolution of energy storage technologies. Majkowskas contributions are pivotal in shaping the future of sustainable energy and intelligent systems, making her a respected voice in both academic and industrial circles. Her articles and research papers are a valuable resource for professionals and enthusiasts alike, seeking to understand the impact and potential of these transformative technologies.
Read more from the original source:
Quantum Encryption Showcased as a Future-Proof Security Solution - yTech
Surge in Encrypted Attacks on Government Underscores the Need for Improved Defenses – FedTech Magazine
As agencies look to fortify their security measures, many are following guidance from the National Cybersecurity Strategy and CISA for leveraging zero trust to advance the nations cybersecurity progress.
By reducing the reliance on legacy technology and implementing zero-trust architecture, federal agencies can limit the impact of threat actors and strengthen their security postures.
The adoption of zero-trust architecture emerges as a crucial step to counter encrypted threats. Many conventional devices such as VPNs and firewalls can be vulnerable in the face of sophisticated attacks, and agencies must prioritize replacing such devices with more secure alternatives.
By embracing zero trust, agencies can significantly limit the shortcomings of legacy perimeter-based security approaches by enforcing strict least-privileged access controls and continuous verification. This will help prevent breaches, reduce the blast radius of successful attacks and hold up a strong security posture to protect against evolving threats.
However, not all zero-trust solutions are the same. Its critical that agencies thoroughly test and verify the effectiveness of solutions through proofs of concept and pilots. With the establishment of formalized zero-trust offices, dedicated zero-trust leads and working groups, agencies are on the right track.
There is a wealth of information and expertise that can be leveraged to drive zero-trust adoption. This represents a significant step toward the end goal of widespread implementation of zero trust across the government.
When examining the surge in cyberthreats, the role of encryption and obfuscation techniques takes center stage. By implementing zero-trust architecture and microsegmentation as effective strategies to limit the impact of threat actors, agencies can enhance their overall security posture.
LEARN MORE: Smoothly navigate the cultural shift triggered by zero trust.
As agencies begin the process of selecting and implementing zero-trust solutions, here are a few best practices.
Agencies should look to reduce the number of entry points into an environment by placing internet-facing apps and services behind a cloud proxy that brokers connections, thereby eliminating vulnerable backdoors. Agencies should also evaluate their attack surface to quantify risk and adjust security appropriately.
As federal guidelines urge, establishing a governmentwide implementation of zero trust is imperative for maintaining a robust cyber posture. As cybercriminals continuously evolve their tactics, including encrypted threats and beyond, zero trust remains the best tactic for enhanced security.
Read more from the original source:
Surge in Encrypted Attacks on Government Underscores the Need for Improved Defenses - FedTech Magazine