Lifeboat Foundation

As far back as 2015, the National Institute of Standards and Technology (NIST) began asking encryption experts to submit their candidate algorithms for testing against quantum computing’s expected capabilities — so this is an issue that has already been front of mind for security professionals and organizations. But even with an organization like NIST leading the way, working through all those algorithms to judge their suitability to the task will take time. Thankfully, others within the scientific community have also risen to the challenge and joined in the research.

It will take years for a consensus to coalesce around the most suitable algorithms. That’s similar to the amount of time it took ECC encryption to gain mainstream acceptance, which seems like a fair comparison. The good news is that such a timeframe still should leave the opportunity to arrive at — and widely deploy — quantum-resistant cryptography before quantum computers capable of sustaining the number of qubits necessary to seriously threaten RSA and ECC encryption become available to potential attackers.

The ongoing development of quantum-resistant encryption will be fascinating to watch, and security professionals will be sure to keep a close eye on which algorithms and encryption strategies ultimately prove most effective. The world of encryption is changing more quickly than ever, and it has never been more important for the organizations dependent on that encryption to ensure that their partners are staying ahead of the curve.

As Internet of Things (IoT) devices rapidly increase in popularity and deployment, economic attackers and nation-states alike are shifting their attention to the vulnerabilities of digital integrated circuit (IC) chips. Threats to IC chips are well known, and despite various measures designed to mitigate them, hardware developers have largely been slow to implement security solutions due to limited expertise, high cost and complexity, and lack of security-oriented design tools integrated with supporting semiconductor intellectual property (IP). Further, when unsecure circuits are used in critical systems, the lack of embedded countermeasures exposes them to exploitation. To address the growing threat this poses from an economic and national security perspective, DARPA developed the Automatic Implementation of Secure Silicon (AISS) program. AISS aims to automate the process of incorporating scalable defense mechanisms into chip designs, while allowing designers to explore chip economics versus security trade-offs based on the expected application and intent while maximizing designer productivity.

Today, DARPA is announcing the research teams selected to take on AISS’ technical challenges. Two teams of academic, commercial, and defense industry researchers and engineers will explore the development of a novel design tool and IP ecosystem – which includes tool vendors, chip developers, and IP licensors – allowing, eventually, defenses to be incorporated efficiently into chip designs. The expected AISS technologies could enable hardware developers to not only integrate the appropriate level of state-of-the-art security based on the target application, but also balance security with economic considerations like power consumption, die area, and performance.

“The ultimate goal of the AISS program is to accelerate the timeline from architecture to security-hardened RTL from one year, to one week – and to do so at a substantially reduced cost,” said the DARPA program manager leading AISS, Mr. Serge Leef.

Researchers at the University of Science and Technology of China have recently introduced a new satellite-based quantum-secure time transfer (QSTT) protocol that could enable more secure communications between different satellites or other technology in space. Their protocol, presented in a paper published in Nature Physics, is based on two-way quantum key distribution in free space, a technique to encrypt communications between different devices.

“Our main idea was to realize quantum-secure time transfer in order to resolve the security issues in practical time–frequency transfer,” Feihu Xu, one of the researchers who carried out the study, told Phys.org.

Quantum key distribution (QKD) is a technique to achieve secure communication that utilize cryptographic protocols based on the laws of quantum mechanics. Quantum key distribution protocols can generate secret security keys based on quantum physics, enabling more secure data transfer between different devices by spotting attackers who are trying to intercept communications.

Samsung has launched a new secure element (SE) chip to protect private and sensitive data on mobile devices, the company said on Tuesday.

The chip, dubbed S3FV9RR, will be offered as a standalone turnkey with security software, Samsung said.

Common Criteria, which certifies the security level of IT products from EAL0 to EAL7 with seven being the most secure, gave the security chip a Common Criteria Evaluation Assurance Level (CC EAL) 6+ certification.

April 2020

Field programmable gate arrays, FPGAs for short, are flexibly programmable computer chips that are considered very secure components in many applications. In a joint research project, scientists from the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and from Max Planck Institute for Security and Privacy have now discovered that a critical vulnerability is hidden in these chips. They called the security bug “Starbleed.” Attackers can gain complete control over the chips and their functionalities via the vulnerability. Since the bug is integrated into the hardware, the security risk can only be removed by replacing the chips. The manufacturer of the FPGAs has been informed by the researchers and has already reacted.

The security researchers will present the results of their work at the 29th Usenix Security Symposium to be held in August 2020 in Boston, Massachusetts, U.S… The scientific paper has been available for download on the Usenix website since April 15, 2020.

Continue reading “Critical ‘Starbleed’ vulnerability in FPGA chips identified” »

China’s legislators will discuss a new national security law specifically crafted for Hong Kong. The issue has long been controversial in the city, despite the Basic Law requiring its enactment.

Researchers have developed a new strategy that uses optical coherence tomography (OCT) to acquire both the surface and underlying details of impressionist style oil paintings. This information can be used to create detailed 3D reconstructions to enhance the viewing experience and offer a way for the visually impaired to experience paintings.

“Visitors to art museums can’t closely examine paintings and see the artists’ techniques because of security and conservation concerns,” said research team leader Yi Yang from Penn State Abington. “Our new technology can create 3D reconstructions that can be rotated and magnified to view details such as brushstrokes. This would be especially useful for online classes.”

Yang and colleagues from Penn State University Park and New Jersey Institute of Technology report the new technique in the Optical Society journal Applied Optics. The research team brought together specialists in art history and conservation with electrical and optical engineers.

Then there is the COVID-19 Open Research Dataset (CORD-19), a multi-institutional initiative that includes The White House Office of Science and Technology Policy, Allen Institute for AI, Chan Zuckerberg Initiative (CZI), Georgetown University’s Center for Security and Emerging Technology (CSET), Microsoft, and the National Library of Medicine (NLM) at the National Institutes of Health (NIH).

The goal of this initiative is to create new natural language processing and machine learning algorithms to scour scientific and medical literature to help researchers prioritize potential therapies to evaluate for further study. AI is also being used to automate screening at checkpoints by evaluating temperature via thermal cameras, as well as modulations in sweat and skin discoloration. What’s more, AI-powered robots have even been used to monitor and treat patients. In Wuhan, the original epicenter of the pandemic, an entire field hospital was transitioned into a “smart hospital” fully staffed by AI robotics.

Any time of great challenge is a time of great change. The waves of technological innovation that are occurring now will echo throughout eternity. Science, technology, engineering and mathematics are experiencing a call to mobilization that will forever alter the fabric of discovery in the fields of bioengineering, biomimicry and artificial intelligence. The promise of tomorrow will be perpetuated by the pangs of today. It is the symbiosis of all these fields that will power future innovations.

Fingerprints and DNA are widely known forms of biometrics, thanks to crime dramas on television. But as technology advances the Internet of Things, the interconnection of computer devices in common objects, other forms of biometrics are sought for security. For example, distinctive physical characteristics of users are increasingly used in computer science as forms of identification and access restriction. Smartphones use fingerprints, iris scans and face recognition in this way. Other biometrics that are likely to come into use include retinas, veins and palm prints.

The ear is another potential biometric. According to research published recently in the Journal of Electronic Imaging, ear recognition technology, or “earprints,” could one day be used as personal identification to secure smart homes via smartphones.