“[…] people who have tried to deploy authentication devices for smart homes have had a lot of trouble getting them to work, and they’re kind of expensive,” said Isaac Potoczny-Jones, computer security research lead at Galois.“Since a mobile phone can do cryptography, and because we can build beautiful and easy-to-use interfaces on mobile phones, we […]
Amid growing concerns that IoT devices are inherently vulnerable to attacks that could compromise users’ information privacy and security, Galois today announced that it has been awarded a $1.86 million NIST National Strategy for Trusted Identities in Cyberspace (NSTIC) grant to build a secure data storage system that enables next-generation IoT capabilities without sacrificing privacy. Galois’ authentication and mobile security subsidiary, Tozny, will serve as the technical lead for the NSTIC pilot program.
“In a recent 2015 cybersecurity report, AT&T charted a 458% increase in Internet of Things (IoT) vulnerability scans of devices. This is just the latest indication that hyper-growth of IoT devices, sensors and systems across business, consumer and government sectors puts users’ information privacy and security at risk.” In this Network Computing piece, Galois’ Isaac Potoczny-Jones discusses why the Internet of Things are very often vulnerable today, and what vendors can do to built IoT devices with security and privacy in mind.
NIST is also developing standards aimed at protecting consumer privacy in the Internet of Things, noted Isaac Potoczny-Jones, research lead for computer science at Galois, a company working with NIST on consumer privacy. “A lot of the Internet has this financial basis around making the user into the product, not the consumer,” he told Nextgov. “The user’s private data is really the product and that product is sold elsewhere — we see a potential for that happening on the Internet of Things.” Galois is working with NIST on a pilot in which consumers’ information, culled from smart-home services, could be integrated into a “privacy preserving data store,” Potoczny-Jones said.
Isaac Potoczny-Jones, Galois Identity Research Lead and CEO of Galois authentication spin-off Tozny, talks about the new NSTIC pilot in a recent re:ID podcast episode. Galois, a Portland-based company that focuses on cyber security primarily for the U.S. government, is the final winner of the fourth round of NSTIC pilots. Galois and its partners will build […]
The newest version of Android (Android 6.0 Marshmallow) introduces a significant change in the way mobile apps handle permissions – a change that can cause applications to crash if developers do not test to see if the apps handle permissions properly. To address this app crash risk, Galois today announced the release of Fuse Analyzer: Permissions – a new tool capability that will, among other things, enable Android developers to pinpoint the changes they need to make, for their apps to work on Android 6 properly. Fuse Analyzer is part of Galois’ DARPA-funded tool developed for security analysts to evaluate Android app security.
Dr Joseph Kiniry, Galois’s election systems expert, will be speaking before the Elections Commission of San Francisco today on open source software and the benefits it will bring to elections technology. Dr. Kiniry will also touch on the barriers that have kept open software from manifesting in the elections world until now. The Elections Commission […]
While there are straightforward encryption solutions for data in transit and data at rest, data is usually unencrypted while it is being computed on, leaving it exposed to sophisticated attackers. In this guest blog post on Tripwire’s The State of Security blog, David Archer, research lead at Galois, explores a few methods of computing on data while it remains encrypted that are emerging from academic research and slowly becoming practical.
Dr. Aaron Tomb, research lead in Software Correctness at Galois, delivered the invited talk last Friday, Sept 25, 2015 at SAT 2015, the International Conference on Theory and Applications of Satisfiability Testing. In the talk Dr. Tomb walked through the properties of cryptographic code that are within the reach of existing solvers, and described some of the tools in applying SAT solvers to cryptographic algorithms.
Galois will build a tool that allows users to store and share private information online. The user-centric personal data storage system relies on biometric-based authentication and will be built securely from the ground up. As part of the pilot, Galois will work with partners to develop just-in-time transit ticketing on smart phones and to integrate […]