- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Encryption is hot. Perhaps that's because its been around so long it's no longer seen as a black art. Or perhaps security issues have grown so prevalent, everyone wants some sort of encryption as a truly secure way of stopping the pain of those problems. Indeed whatever the reason, encryption technologies seem to be behind a series of important security happenings of late. Here's a look at some of the more interesting happenings shaping encryption today:
The backdoor question: The Obama administration wants e-mail service providers using encryption technology to leave in a backdoor so that the government can peer in if it needs to. According to a New York Times article this week, the Obama administration plans to submit to lawmakers next year that requires e-mail transmitters like BlackBerry, social networking Web sites like Facebook and direct "peer to peer" messaging like Skype — to be technically capable of complying if served with a federal wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.
Ubiquitous encryption?: A group of researchers recently presented a paper on a technology they said could make end-to-end encryption of TCP traffic the default, not the exception. The group presenting at the recent Usenix symposium talked up a TCP extension known as tcpcrypt. Implemented in the transport layer, tcpcrypt protects legacy applications and provides backwards compatibility with legacy TCP stacks and middleboxes, the groups says. The technology also provides a hook for integration with application-layer authentication, largely obviating the need for applications to encrypt their own network traffic and minimizing the need for duplication of features. Finally, tcpcrypt minimizes the cost of key negotiation on servers; a server using tcpcrypt can accept connections at 36 times the rate achieved using SSL, the researchers stated in their paper.
Cryptography and the Internet: In July the 13 globally distributed server clusters -- known within Internet engineering circles as the Root Zone – will start cryptographically signing DNS look-ups today. The Root Zone is got an added layer of protection from hackers through the deployment of DNS Security Extensions (DNSSEC). This emerging Internet standard prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption. Proponents of DNSSEC hope that having the Root Zone cryptographically signed will create a domino effect, prompting operators of top-level domains and individual Web sites to deploy the security standard. That at least in part seems to be happening because in August, Afilias, which operates .info and more than a dozen other Web site extensions, said it would deploy DNSSEC.
Heartland goes with end-to-end encryption: The victim last year of a massive data breach of sensitive card data, Heartland Payment Systems vowed to develop new security gear based on end-to-end encryption between itself and its merchants to prevent such a breach from occurring again. In June the company said such an encryption system, known as E3, is slowly taking shape. The E3 terminals, built by Voltage Security and Uniform Industrial Corp., were custom ordered by Heartland, which isn't requiring its merchants to use them, but strongly recommending them. One incentive for using E3 is a guarantee from Heartland that if merchants using E3 are breached, Heartland will cover fines and forensic costs related to any breach tied to the stand-alone terminals. Heartland is also offering free help to smaller merchants in filling out PCI standard conformance forms, something that can be technically bewildering to them.