“We are providing the source code specifications, tests, and actually even providing participants at DEF CON with an easy way of actually putting their own malicious software into [the devices],” explains Daniel Zimmerman, principal researcher with Galois, a DARPA contractor working on the project. “We’re not daring them but actually helping them break this.”
In an effort to improve confidence in elections, Microsoft announced Monday that it is releasing an open-source software development kit called ElectionGuard that will use encryption techniques to let voters know when their vote is counted. It will also allow election officials and third parties to verify election results to make sure there was no […]
From the article: The CAVES program employs automated reasoning to identify central problems in cryptographic designs early in the design phase, he said. “If you’re exploring a wide variety of possible algorithms … you will quickly rule out the ones that might have security issues,” he added. “You get the benefits of higher security and […]
“As embedded software developers, the tools we rely on must provide us with low-level control of the functionality and performance of the systems we build. There must be an ability to manipulate hardware registers to write device drivers, and we must be certain that no runtime system will interrupt our tasks and lead to missed […]
Kiniry is leading a team that has just been awarded a $4.5 million contract from the Defense Advanced Research Projects Agency to develop tools and methodologies for designing secure CPUs. The project — Balancing Evaluation of System Security Properties with Industrial Needs (BESSPIN) — will develop security metrics and a framework for making decisions about […]
Once the suite of tools has been developed and tested, Galois aims to help integrate the workbench into government security frameworks. The company also plans to provide the workbench to industry partners that develop their own encryption software.
By David Archer: “An organization evaluating blockchain technology for an application should look deeply at what it needs from such a technology. What do you need a blockchain to do? Are there other, simpler ways to accomplish those ends? When it comes to technology, simpler (and less costly) is almost always better if it meets […]
Isaac Potoczny-Jones, founder and CEO, Tozny said: “This is an excellent example of how developers make mistakes in implementing cryptography, which undermines the power of those toolkits. Crypto is extremely hard to get right.
“This legislation marks a sea change in the continuing conflict between personal privacy and public good,” said David Archer, principal research scientist at Galois, a computer science firm. “The technology mandated here assures two things: that public policies affecting real people can be decided based on factual data about them, and that the privacy of […]
As secure HTTPS becomes more pervasive, it is worth asking: why should you end-to-end encrypt data when HTTPS is pretty secure? The answer is that HTTPS is an important but small piece of the crypto puzzle. Organizations determining what additional security requirements are needed should start the process by answering a few key questions