“The proliferation of mobile and IoT-connected devices has accelerated the need for user authentication that moves beyond passwords, and there is evidence that individuals increasingly view password-based authentication as ill-suited for today’s complex threat landscape.”
Portland, OR – December 07, 2015 – Galois today announced that its Jana project has been selected for the Defense Advanced Research Projects Agency (DARPA) Brandeis program – an ambitious effort to unlock the full potential of big data while protecting the privacy of data as it is shared and analyzed across the government, enterprise and […]
“[…] people who have tried to deploy authentication devices for smart homes have had a lot of trouble getting them to work, and they’re kind of expensive,” said Isaac Potoczny-Jones, computer security research lead at Galois.“Since a mobile phone can do cryptography, and because we can build beautiful and easy-to-use interfaces on mobile phones, we […]
Amid growing concerns that IoT devices are inherently vulnerable to attacks that could compromise users’ information privacy and security, Galois today announced that it has been awarded a $1.86 million NIST National Strategy for Trusted Identities in Cyberspace (NSTIC) grant to build a secure data storage system that enables next-generation IoT capabilities without sacrificing privacy. Galois’ authentication and mobile security subsidiary, Tozny, will serve as the technical lead for the NSTIC pilot program.
“In a recent 2015 cybersecurity report, AT&T charted a 458% increase in Internet of Things (IoT) vulnerability scans of devices. This is just the latest indication that hyper-growth of IoT devices, sensors and systems across business, consumer and government sectors puts users’ information privacy and security at risk.” In this Network Computing piece, Galois’ Isaac Potoczny-Jones discusses why the Internet of Things are very often vulnerable today, and what vendors can do to built IoT devices with security and privacy in mind.
NIST is also developing standards aimed at protecting consumer privacy in the Internet of Things, noted Isaac Potoczny-Jones, research lead for computer science at Galois, a company working with NIST on consumer privacy. “A lot of the Internet has this financial basis around making the user into the product, not the consumer,” he told Nextgov. “The user’s private data is really the product and that product is sold elsewhere — we see a potential for that happening on the Internet of Things.” Galois is working with NIST on a pilot in which consumers’ information, culled from smart-home services, could be integrated into a “privacy preserving data store,” Potoczny-Jones said.
Isaac Potoczny-Jones, Galois Identity Research Lead and CEO of Galois authentication spin-off Tozny, talks about the new NSTIC pilot in a recent re:ID podcast episode. Galois, a Portland-based company that focuses on cyber security primarily for the U.S. government, is the final winner of the fourth round of NSTIC pilots. Galois and its partners will build […]
The newest version of Android (Android 6.0 Marshmallow) introduces a significant change in the way mobile apps handle permissions – a change that can cause applications to crash if developers do not test to see if the apps handle permissions properly. To address this app crash risk, Galois today announced the release of Fuse Analyzer: Permissions – a new tool capability that will, among other things, enable Android developers to pinpoint the changes they need to make, for their apps to work on Android 6 properly. Fuse Analyzer is part of Galois’ DARPA-funded tool developed for security analysts to evaluate Android app security.
Dr Joseph Kiniry, Galois’s election systems expert, will be speaking before the Elections Commission of San Francisco today on open source software and the benefits it will bring to elections technology. Dr. Kiniry will also touch on the barriers that have kept open software from manifesting in the elections world until now. The Elections Commission […]
While there are straightforward encryption solutions for data in transit and data at rest, data is usually unencrypted while it is being computed on, leaving it exposed to sophisticated attackers. In this guest blog post on Tripwire’s The State of Security blog, David Archer, research lead at Galois, explores a few methods of computing on data while it remains encrypted that are emerging from academic research and slowly becoming practical.
We take pride in personally connecting with all interested partners, collaborators and potential clients. Please email us with a brief description of how you would like to be connected with Galois and we will do our best to respond within one business day.