Friday, 27 July 2012

RSA Research Unit Hunts Cyber-Threats 'That Don't Have Names'

This article reports from the Black Hat conference about new work to detect cyber threats before they attack (when it is too late - see Stuxnet!). There's not a lot of detail but I expect to see a lot more research like this coming to the fore.

Monday, 2 July 2012

Researchers Demonstrate Practical Key Recovery Attack Against Smart Cards & Security Tokens

The story here is that researchers have shown it is now practical to use well known key recovery attacks on smart cards that use old encryption standards. The standards have been known to be vulnerable for some years to a particular attack method - in one case since 1998! The attacks require hundreds of thousands of attempts and so were previously thought to be impractical. But new research and performance improvements have made the cards vulnerable.

Monday, 18 June 2012

Flame, Stuxnet and Behaviour-based Anti-virus

Quite a few security commentators are calling the Flame malware 'the end of signature-based anti-virus'. Unfortunately it has been clear for some years that targeted attacks, and 'advanced persistent threats,' have signalled the inadequacy of signature-based prevention. The real issue here is where is behaviour-based anti-virus? There have been products around for some time in this area but I don't know how widespread take-up has been. Is it so poor that it could miss such a glaring threat as Flame? There is a critical need for innovation, and scope for new products. It is not the end of signature-based AV. Let's just hope there's a resurgence of behaviour-based protection measures to provide the defence-in-depth.

Monday, 28 May 2012

Secure Variant of the McEliece Cryptosystem

The McEliece public-key encryption scheme has become an interesting alternative to standard modern cryptosystems. Compared with other schemes it is not known to be broken by a quantum computer. It is also relatively efficent with a reasonable key size.
This work from the arxiv resource, shows the first construction of a McEliece based public-key cryptosystem secure against chosen ciphertext attacks

Friday, 20 April 2012

Researchers' scheme allows encrypted and shareable Google Docs

Yet more cloud based encryption research. Researchers at Trinity College, Dublin are reported by The Register to have developed software providing "'real-time' encryption of data before it is uploaded to the Google servers". The CipherDocs project also goes beyond simple document encryption. It preserves Google Docs ability to let users share their documents, thus allowing the secure sharing of encrypted Google docs transparently. It is also secure in the sense that Google would not have access to the encryption keys.

Friday, 17 February 2012

Startup Porticor launches with encryption technology for cloud computing

I've come across a number of technologies like this , proposing various ways to keep data securely encrypted in the cloud. The business need for it has got to be extremely high so it will be interesting to see how this area pans out.

Wednesday, 18 January 2012