In today’s era of widespread surveillance, encrypted communication is a peramount importance.
Introduction
With the advent of the technology, people communicate via smartphones, tablets, laptops, computers and other smart devices. People not only communicate, but do transactions online. Integrity, Confidentiality and Availability of Information resources are the three main key areas. Integrity of data involves a guarantee that it has not been modified or destroyed by an unauthorized individual. Confidentiality of data involves making sure it is protected from unauthorized access. Availability of Information resources is ensuring that data remains online and able to service the users. A weakness in any of 3 Key areas will undermine the security and will pave way to exploitation.
In lieu of this there is the widespread internet surveillance by campaigning about their first phase of a new EFF secure & usable crypto apps based on encrypted and decrypted algorithm.
For that let us first understand what is encryption and decryption algorithm.
Encryption is the conversion of data into an encrypted form, called a ciphertext with the help of the private key of the sender. Cipher text is unreadable by unauthorized people.
Decryption is the process of converting encrypted data back into its original form, so it can be understood.
This can be easily understood by the example. There is one boy whose name is Raj send message to his friend Simmy.
Now with this example, you can understand the importance of encryption and decryption. It will help you to send the message in a secured manner without the fear that it can be read by any unauthorized person.
For Years privacy and security experts worldwide have called for the general public to adopt strong, open source cryptography to protect our communications. The Snowden revelations have confirmed our worst fears: governments are spying on digital lives, grabbing up communications transmitted.
Here is the report of the survey conducted upon various messaging applications being used in the digital era.
Most of the tools that are easy for the general public to use, but they don’t rely on security best practices, including end to end encryption and open source code.
Messaging tools that are really secure are not easy to use; many users may have trouble in installing the apps in their smart devices. Many of them who can install found difficulty in setting up the account or verifying its authenticity. This way they accidentally use it in a way that expose their communication.
As per the study conducted in the first phase of new campaign for the secure and usable crypto following results are obtained which are appended below in the tabular form.
Security levels of common messaging apps email apps, video calling technologies which are commonly used for day to day communications:
CRITERIA USED TO ACCESS THE SECURITY LEVEL OF VARIOUS COMMUNICATION TOOLS
1) Is your communication encrypted in transit?
The communication which takes place between sender and receiver should be encrypted so that no useful data goes to the hackers.
2) Whether the communication remains encrypted when provider has no access to your private key?
This criterion requires that all user communications are end-to end encrypted. This means the keys necessary to encrypt and decrypt messages must be generated and stored at the user ends and not by servers. It is fine that Pubic key can be exchanged via a central server.
Introduction
With the advent of the technology, people communicate via smartphones, tablets, laptops, computers and other smart devices. People not only communicate, but do transactions online. Integrity, Confidentiality and Availability of Information resources are the three main key areas. Integrity of data involves a guarantee that it has not been modified or destroyed by an unauthorized individual. Confidentiality of data involves making sure it is protected from unauthorized access. Availability of Information resources is ensuring that data remains online and able to service the users. A weakness in any of 3 Key areas will undermine the security and will pave way to exploitation.
In lieu of this there is the widespread internet surveillance by campaigning about their first phase of a new EFF secure & usable crypto apps based on encrypted and decrypted algorithm.
For that let us first understand what is encryption and decryption algorithm.
Encryption is the conversion of data into an encrypted form, called a ciphertext with the help of the private key of the sender. Cipher text is unreadable by unauthorized people.
Decryption is the process of converting encrypted data back into its original form, so it can be understood.
This can be easily understood by the example. There is one boy whose name is Raj send message to his friend Simmy.
Now with this example, you can understand the importance of encryption and decryption. It will help you to send the message in a secured manner without the fear that it can be read by any unauthorized person.
For Years privacy and security experts worldwide have called for the general public to adopt strong, open source cryptography to protect our communications. The Snowden revelations have confirmed our worst fears: governments are spying on digital lives, grabbing up communications transmitted.
Here is the report of the survey conducted upon various messaging applications being used in the digital era.
Most of the tools that are easy for the general public to use, but they don’t rely on security best practices, including end to end encryption and open source code.
Messaging tools that are really secure are not easy to use; many users may have trouble in installing the apps in their smart devices. Many of them who can install found difficulty in setting up the account or verifying its authenticity. This way they accidentally use it in a way that expose their communication.
As per the study conducted in the first phase of new campaign for the secure and usable crypto following results are obtained which are appended below in the tabular form.
Security levels of common messaging apps email apps, video calling technologies which are commonly used for day to day communications:
CRITERIA USED TO ACCESS THE SECURITY LEVEL OF VARIOUS COMMUNICATION TOOLS
1) Is your communication encrypted in transit?
The communication which takes place between sender and receiver should be encrypted so that no useful data goes to the hackers.
2) Whether the communication remains encrypted when provider has no access to your private key?
This criterion requires that all user communications are end-to end encrypted. This means the keys necessary to encrypt and decrypt messages must be generated and stored at the user ends and not by servers. It is fine that Pubic key can be exchanged via a central server.
3) Can correspondent’s identity be verified independently?
This criterion requires that a built-in method exists for users to verify the identity of correspondents they are speaking with and the integrity of the channel, even if the service provider or other third parties are compromised. Two acceptable solutions are:
• An interface for users to view and verify the correspondent's digital as well as their own, which users can verify manually.
• A key exchange protocol with a short-authentication-string comparison, such as the Socialist Millionaire's protocol.
4) Whether the communication is secured with the advent of key theft?
This criterion requires that the app provides forward-secrecy, that is all communication must be encrypted with digital verification which are routinely deleted so that it cannot be reconstructed by anybody even given access to both the parties, ensuring both of them choose to delete their local copies of correspondence also.
5) Can independent review of the code is possible?
This criterion requires that sufficient source-code has been published so that a compatible implementation can be independently compiled. Although it is preferable, we do not require the code to be released under any specific free/open source license. We only require that all code which could affect the communication and encryption performed by the client is available for review in order to detect bugs, back doors, and structural problems are preferable.
6) Whether the proper documentation of crypto design being done?
This criterion requires clear and detailed explanations of the cryptography used by the application. Following questions should be awnsered in the document.
• Which algorithms and parameters with the key sizes example 64 bit, 128 bit or 256 bit encryption or elliptic curve groups are used in every step of the encryption and authentication process.
• How keys are generated, stored, and exchanged between users.
• The life-cycle of keys and the process for users to change or revoke their key.
• A clear statement of the properties and the protections the software aims to provide.
• A clear statement of scenarios should also be included in which protocol is not secure.
7) Whether an independent security audit being carried out?
This criterion checks whether an independent security review has been performed within the 12 months prior to evaluation.
This review must cover both the design and the implementation of the app and must be performed by a named auditing party that is independent of the tool's main development team.
In nutshell, strong crypto is a must for sending secured communication otherwise it is open to various agencies and hackers.
This criterion requires that a built-in method exists for users to verify the identity of correspondents they are speaking with and the integrity of the channel, even if the service provider or other third parties are compromised. Two acceptable solutions are:
• An interface for users to view and verify the correspondent's digital as well as their own, which users can verify manually.
• A key exchange protocol with a short-authentication-string comparison, such as the Socialist Millionaire's protocol.
4) Whether the communication is secured with the advent of key theft?
This criterion requires that the app provides forward-secrecy, that is all communication must be encrypted with digital verification which are routinely deleted so that it cannot be reconstructed by anybody even given access to both the parties, ensuring both of them choose to delete their local copies of correspondence also.
5) Can independent review of the code is possible?
This criterion requires that sufficient source-code has been published so that a compatible implementation can be independently compiled. Although it is preferable, we do not require the code to be released under any specific free/open source license. We only require that all code which could affect the communication and encryption performed by the client is available for review in order to detect bugs, back doors, and structural problems are preferable.
6) Whether the proper documentation of crypto design being done?
This criterion requires clear and detailed explanations of the cryptography used by the application. Following questions should be awnsered in the document.
• Which algorithms and parameters with the key sizes example 64 bit, 128 bit or 256 bit encryption or elliptic curve groups are used in every step of the encryption and authentication process.
• How keys are generated, stored, and exchanged between users.
• The life-cycle of keys and the process for users to change or revoke their key.
• A clear statement of the properties and the protections the software aims to provide.
• A clear statement of scenarios should also be included in which protocol is not secure.
7) Whether an independent security audit being carried out?
This criterion checks whether an independent security review has been performed within the 12 months prior to evaluation.
This review must cover both the design and the implementation of the app and must be performed by a named auditing party that is independent of the tool's main development team.
In nutshell, strong crypto is a must for sending secured communication otherwise it is open to various agencies and hackers.
No comments:
Post a Comment