Friday, 27 July 2012
This article reports from the Black Hat conference about new work to detect cyber threats before they attack (when it is too late - see Stuxnet!). There's not a lot of detail but I expect to see a lot more research like this coming to the fore.
Monday, 2 July 2012
The story here is that researchers have shown it is now practical to use well known key recovery attacks on smart cards that use old encryption standards. The standards have been known to be vulnerable for some years to a particular attack method - in one case since 1998! The attacks require hundreds of thousands of attempts and so were previously thought to be impractical. But new research and performance improvements have made the cards vulnerable.
Monday, 18 June 2012
Quite a few security commentators are calling the Flame malware 'the end of signature-based anti-virus'. Unfortunately it has been clear for some years that targeted attacks, and 'advanced persistent threats,' have signalled the inadequacy of signature-based prevention. The real issue here is where is behaviour-based anti-virus? There have been products around for some time in this area but I don't know how widespread take-up has been. Is it so poor that it could miss such a glaring threat as Flame? There is a critical need for innovation, and scope for new products. It is not the end of signature-based AV. Let's just hope there's a resurgence of behaviour-based protection measures to provide the defence-in-depth.
Monday, 28 May 2012
The McEliece public-key encryption scheme has become an interesting alternative to standard modern cryptosystems. Compared with other schemes it is not known to be broken by a quantum computer. It is also relatively efficent with a reasonable key size.
This work from the arxiv resource, shows the first construction of a McEliece based public-key cryptosystem secure against chosen ciphertext attacks
Friday, 20 April 2012
Yet more cloud based encryption research. Researchers at Trinity College, Dublin are reported by The Register to have developed software providing "'real-time' encryption of data before it is uploaded to the Google servers". The CipherDocs project also goes beyond simple document encryption. It preserves Google Docs ability to let users share their documents, thus allowing the secure sharing of encrypted Google docs transparently. It is also secure in the sense that Google would not have access to the encryption keys.
Friday, 17 February 2012
I've come across a number of technologies like this , proposing various ways to keep data securely encrypted in the cloud. The business need for it has got to be extremely high so it will be interesting to see how this area pans out.