Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

Searching for: attribute encryption

 

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

By Byron V. Acohido

The ubiquity of smart surveillance systems has contributed greatly to public safety.

Related: Monetizing data lakes

Image capture devices embedded far and wide in public spaces help deter crime as well as aid first responders — but they also stir rising concerns about an individual’s right to privacy.

Enter attribute-based encryption (ABE) an advanced type of cryptography that’s now ready for prime time. I’ve had several discussions with scientists who’ve led the development of ABE over the past two decades.

Most recently, I had the chance to visit with Takashi Goto, Vice President, Strategy, and Fang Wu, Consultant, at NTT Research. We discussed how ABE is ready to help resolve some rather sticky privacy issues stemming from widespread digital surveillance – and also do much more.

For a full drill down on this leading-edge form of agile cryptography, please view the accompanying videocast. Here are my takeaways.

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

By Byron V. Acohido

The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes.

Related:  The importance of basic research

We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google. But it’s coming, in the form of driverless cars, climate-restoring infrastructure and next-gen healthcare technology.

In order to get there, one big technical hurdle must be surmounted. A new form of agile cryptography must get established in order to robustly preserve privacy and security as all this raw data gets put to commercial use.

I recently had the chance to discuss this with Kei Karasawa, vice president of strategy, and Fang Wu, consultant, at NTT Research, a Silicon Valley-based think tank which is in the thick of deriving the math formulas that will get us there.

They outlined why something called attribute-based encryption, or ABE, has emerged as the basis for a new form of agile cryptography that we will need in order to kick digital transformation into high gear.

For a drill down on our discussion, please give the accompanying podcast a listen. Here are the key takeaways:

Cloud exposures

Data lakes continue to swell because each second of every day, every human, on average, is creating 1.7 megabytes of fresh data. These are the rivulets feeding the data lakes.

A zettabyte equals one trillion gigabytes. Big data just keeps getting bigger. And we humans crunch as much of it as we can by applying machine learning and artificial intelligence to derive cool new digital services. But we’re going to need the help of quantum computers to get to the really amazing stuff, and that hardware is coming.

As we press ahead into our digital future, however, we’ll also need to retool the public-key-infrastructure. PKI is the authentication and encryption framework … more

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

By Byron V. Acohido

Encryption agility is going to be essential as we move forward with digital transformation.

Refer: The vital role of basic research

All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. But cryptography historically has been anything but agile; major advances require years, if not decades, of inspired theoretical research.

Now comes something called attribute-based encryption, or ABE, a new approach to encrypting data that holds the potential to infuse agility into how encryption gets done online.

I had the chance to learn more about ABE from Brent Waters, a distinguished scientist in the Cryptography & Information Security (CIS) Lab at NTT Research. Waters has been a leading figure in deriving the mathematical concepts behind ABE. For a drill down on our discussion, please give the accompanying podcast a listen. Here are the key takeaways:

PKI basics

If you’re thinking encryption is the polar opposite of agile, you’re correct, historically speaking. Encryption is an arcane science that has long presented an irresistible challenge to the best and brightest researchers. Top mathematicians have been hammering away at improving encryption since before World War II. And since 2005 or so, one area of focus has been on sharpening the math formulas that make attribute-based encryption possible.

GUEST ESSAY: Admitting where encryption falls short is the first step toward a solution

By Kevin Bocek

Newly released findings from the Ponemon Institute and A10 Networks reveal that nearly half of cyber attacks in the past 12 months used encryption to evade detection and distribute malicious software. These findings challenge how we think about the powerful technology we use to protect privacy, security and authenticity. It also demonstrates very effectively how this security technology has been subverted into a powerful weapon for cyber criminals.

This research is another damning piece of evidence that a significant chunk of enterprise security spending is not effective. Possibly half, or even more, of our security technology is doing little to effectively identify bad guys hiding within encrypted traffic. And because the increasing regulations around encryption will continue to drive a dramatic increase in the volume of encrypted traffic, the number of opportunities for bad guys to hide in plain sight is increasing exponentially. We’re fixing one illness but creating a new disease.

Related video: Encryption keys move to the cloud

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) encrypt traffic. TLS and SSL turn on the padlock in our web browsers—they are the most widely relied upon indicators for consumers that a transaction is “secure.” This technology is used to hide data traffic from would-be hackers, but it also hides data from the latest, hot-selling security tools.

Since businesses now are being required to turn on encryption by default, encryption keys and certificates are growing at least 20 percent year over year—with an average of 23,000 TLS/SSL keys and certificates now used in the typical Global 2,000 company.

Volume overwhelms security efforts

As enterprises add more keys and certificates and encrypt more traffic, they are increasingly vulnerable to malicious encrypted traffic. Administrators simply do not have the tools to keep up with the growing number of keys and certificates. Venafi customers reported finding nearly 16,500 unknown TLS/SSL keys and certificates. This discovery represents a … more

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

By Byron V. Acohido

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints.

Related: The role of ‘attribute based encryption’

There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

That could be about to change. Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights.

I had the chance to visit with , senior scientist at NTT Research’s Cryptography & Information Security (CIS) Lab, to learn more about the progress being made on a promising concept called “privacy preserving aggregate statistics.”

MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024

By Byron V. Acohido

Russia’s asymmetrical cyber-attacks have been a well-documented, rising global concern for most of the 2000s.

Related: Cybersecurity takeaways of 2023

I recently visited with Mihoko Matsubara, Chief Cybersecurity Strategist at NTT to discuss why this worry has climbed steadily over the past few years – and is likely to intensify in 2024.

The wider context is all too easy to overlook. Infamous cyber opsattributed to Russia-backed hackers fall into a pattern that’s worth noting:

Cyber attacks on Estonia (2007) Websites of Estonian banks, media outlets and government bodies get knocked down in a dispute over a Soviet-era war memorial.

Cyber attacks on Georgia (2008, 2019) Georgian government websites get defaced; thousands of

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

By Zack Butcher

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world.

Related: The CMMC sea change

NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review.

This special publication was written for security architects and infrastructure designers; it provides useful guidance when designing ZTNA for cloud-native application platforms, especially those in enterprises where applications are hosted in multi-cluster and multi-cloud deployments.

I co-authored SP 207A, and it’s a great blueprint for any organization working to implement a ZTNA, whether they’re working with the U.S. federal government or not.

The 4th Annual Multi-Cloud Conference and Workshop on ZTNA is an upcoming event for anyone interested in how the federal government is advancing standards in ZTNA. The event—May 24-25; in-person and virtual—is hosted by NIST and Tetrate.