DoGoodSoft's Official Blog

How Encryption Software Works in Enterprises’Data Leakage-proof?

For modern enterprises, the trend in information computerization’s development means the data is not only the assets, but is the reflection of enterprise’s core competitiveness. To make your enterprises remain invincible in the fierce business competition, you should protect the sensitive and key data of enterprise effectively. In reality, data leakage will lead to economic losses or even more troubles.

With the development of Internet, the boundary between Intranet and Extranet is becoming blurred because the Intranet and outside world have been linked closely by Email and IMs. Traditional preventive measures like Firewall, Intrusion Detection and Anti-Virus appeared to be inadequate in the protection of sensitive data.

Why Enterprises establish Leakage-proof system

For enterprises, the internal data security is closely bound up with the enterprise security and normal operation of routine work. In some special circumstances, data security is the major part of business, directly related to the survival of enterprise. Based on this case, it is necessary to establish the relevant strategies, so that the effective leakage-proof system can be set up. Only in this way, the enterprise security can be ensured.

From the point of system value, it’s the question that data leakage in two areas, that is transmission and storage. From a security perspective, it needs a more comprehensive safety and preventive mechanism to realize the all-round protection. So how can we protect the enterprises’ data security fundamentally?

How encryption software works in enterprises’ data leakage-proof

To secure the data security of enterprise by the roots, it is suggested to choose a professional encryption software to encrypt data, because the encryption works on the data directly. As long as the encryption algorithm is not cracked, the data still remains safety.

Here an excellent encryption software called Best Encryption Expert is highly recommended, which supports features like file encryption, folder encryption, data shredding, folder protection and disk protection. Besides, there are various encryption types for users to choose. The encrypted files are copy-proof, remove-proof and delete-proof, in this way, the possibility of file leakage reduces a lot, while the security promotes greatly.

How to encrypt data with Best Encryption Expert

1. Download the software from official website or other download sites, and then install it.

2. Right-click a file to encrypt, and then choose Best Encryption in the system menu.

3. Enter the encryption password in the pop-up window, choose the favorable encryption type, and then click “OK”, that’s it.

Official download address: http://www.dogoodsoft.com/best-encryption-expert/free-download.html

Computer-stored encryption keys are not safe from side-channel attacks

Computer-stored encryption keys are not safe from side-channel attacks Figure A: Tel Aviv University researchers built this self-contained PITA receiver.

Not that long ago, grabbing information from air-gapped computers required sophisticated equipment. In my TechRepublic column Air-gapped computers are no longer secure, researchers at Georgia Institute of Technology explain how simple it is to capture keystrokes from a computer just using spurious electromagnetic side-channel emissions emanating from the computer under attack.

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer, researchers at Tel Aviv University, agree the process is simple. However, the scientists have upped the ante, figuring out how to ex-filtrate complex encryption data using side-channel technology.

The process

In the paper Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation (PDF), the researchers explain how they determine decryption keys for mathematically-secure cryptographic schemes by capturing information about secret values inside the computation taking place in the computer.

“We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms,” the team writes. “The attacks can extract decryption keys using a low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs.”

If that doesn’t mean much, this might help: The researchers can extract keys from GnuPG in just a few seconds by measuring side-channel emissions from computers. “The measurement equipment is cheap, compact, and uses readily-available components,” add the researchers. Using that philosophy the university team developed the following attacks.

Software Defined Radio (SDR) attack: This comprises of a shielded loop antenna to capture the side-channel signal, which is then recorded by an SDR program installed on a notebook.

Portable Instrument for Trace Acquisition (PITA) attack: The researchers, using available electronics and food items (who says academics don’t have a sense of humor?), built the self-contained receiver shown in Figure A. The PITA receiver has two modes: online and autonomous.

Online: PITA connects to a nearby observation station via Wi-Fi, providing real-time streaming of the digitized signal.

Autonomous: Similar to online mode, PITA first measures the digitized signal, then records it on an internal microSD card for later retrieval by physical access or via Wi-Fi.

Consumer radio attack: To make an even cheaper version, the team leveraged knowing that side-channel signals modulate at a carrier frequency near 1.7 MHz, which is within the AM radio frequency band. “We used a plain consumer-grade radio receiver to acquire the desired signal, replacing the magnetic probe and SDR receiver,” the authors explain. “We then recorded the signal by connecting it to the microphone input of an HTC EVO 4G smartphone.”

Cryptanalytic approach

This is where the magic occurs. I must confess that paraphrasing what the researchers accomplished would be a disservice; I felt it best to include their cryptanalysis description verbatim:

“Our attack utilizes the fact that, in the sliding-window or fixed window exponentiation routine, the values inside the table of ciphertext powers can be partially predicted. By crafting a suitable ciphertext, the attacker can cause the value at a specific table entry to have a specific structure.

“This structure, coupled with a subtle control flow difference deep inside GnuPG’s basic multiplication routine, will cause a noticeable difference in the leakage whenever a multiplication by this structured value has occurred. This allows the attacker to learn all the locations inside the secret exponent where the specific table entry is selected by the bit pattern in the sliding window. Repeating this process across all table indices reveals the key.”

Figure B is a spectrogram displaying measured power as a function of time and frequency for a recording of GnuPG decrypting the same ciphertext using different randomly generated RSA keys. The research team’s explanation:

“It is easy to see where each decryption starts and ends (yellow arrow). Notice the change in the middle of each decryption operation, spanning several frequency bands. This is because, internally, each GnuPG RSA decryption first exponentiates modulo the secret prime p and then modulo the secret prime q, and we can see the difference between these stages.

“Each of these pairs looks different because each decryption uses a different key. So in this example, by observing electromagnetic emanations during decryption operations, using the setup from this figure, we can distinguish between different secret keys.”

Computer-stored encryption keys are not safe from side-channel attacks Figure B: A spectrogram

Any way to prevent the leakage?

One solution, albeit unwieldy, is operating the computer in a Faraday cage, which prevents any spurious emissions from escaping. “The cryptographic software can be changed, and algorithmic techniques used to render the emanations less useful to the attacker,” mentions the paper. “These techniques ensure the behavior of the algorithm is independent of the inputs it receives.”

Interestingly, the research paper tackles a question about side-channel attacks that TechRepublic readers commented on in my earlier article, “It’s a hardware problem, so why not fix the equipment?”

Basically the researchers mention that the emissions are at such a low level, prevention is impractical because:

Any leakage remnants can often be amplified by suitable manipulation as we do in our chosen-ciphertext attack;

Leakage is often an inevitable side effect of essential performance-enhancing mechanisms.

Something else of interest: the National Institute of Standards and Technology (NIST) considers resistance to side-channel attacks an important evaluation consideration in its SHA-3 competition.

CIA spent last 10 years cracking Apple’s encryption

The CIA has been trying to crack Apple’s encryption for nearly 10 years.

According to a report by The Intercept, the CIA began trying to crack Apple’s encryption in 2006 using funds from the “black budget.” The researchers who worked on breaking down Apple’s privacy wall were purportedly based at Sandia National Laboratories.

Although the report did expose the CIA’s effort, it did not tell us much about whether or not the agency succeeded in meeting their objectives. What it did tell us was Apple became a big enough thorn in the eyes of these secretive agencies that they had to invest heavily to crack the privacy barrier put in place to protect consumers.

Apple isn’t the only tech giant on the radar when it comes to issues regarding national security. Companies such as Facebook, Google and Microsoft have all been probed by government agencies. How much information exchanged hands within the last couple years is unknown, but as the stories continue to unearth themselves it is clear that there are growing distrusts between these companies and their users.

Google and Apple both announced recently that it has either made or will make changes to the encryptions to protect the privacy of consumers. Apple said last September that it altered its encryption method on the iPhone so that even the company couldn’t access its users’ data.

Apple rules its ecosystem with an iron fist, but the same can’t be said about Google and its partners utilizing the Android platform. Google may have the intentions of beefing up the system’s security features, but to apply them on most Android-based handsets around the world is a task that’s nearly impossible.

How to Encrypt Data on Portable Hard Drives with Encryption Software?

In recent years, portable hard drives play a major role in the field of data storage, so people pay more and more attention to its security. Just think of that you stored all of your personal documents, private images, user info and other important data on a normal portable hard drive, which is unavoidably stolen or lost. Portable hard drives, as a common storage medium, have been widely used in various aspects. So how to safely use portable hard drives with private data stored?

If you want to ensure the safety of data on portable hard drives fundamentally, you are suggested to encrypt the portable hard drives. Thus even your original data is illegally accessed by others, if the encryption algorithm is not broken, the stolen data cannot be read directly, and the danger of data misuse can be reduced as well.

How it works

Portable hard drives encryption is to run certain encryption software in operating system to complete the encryption and decryption of data. The encryption is so easy that it can be realized economically. Here a professional encryption software for portable hard drives is highly recommended, that is USB Encryptor, which can encrypt files and folders in USB drives and portable hard drives, shared folders are also included. Besides, this software features perfect removability, superfast encryption and decryption, and high encryption strength.

The features of USB Encryptor

1. High Confidentiality

With the advanced encryption algorithm, the encryption on your files and folders are super strong, so the security of your encrypted data can be ensured.

2. Easy to use

It is easy to encrypt data on USB devices, and the USB device can be accessed on any computer without installation again.

3. Portable encryption

When the file or folder is encrypted in portable hard drives, it will be carried to anywhere and visited anytime.

How to encrypt

1. Download USB Encryptor from official website (www.dogoodsoft.com), and unzip the ude.exe file to the place where the data to be encrypted is stored.

2. Set the software password (the default password for trial version is 888888, the full version user can change it as you wish), and click “OK” to enter the main window of software.The top of window is the functional area, below are two lists – the left displays the files and folders in disk with no encryption, the right are the encrypted file and folders.The top of window is the functional area, below are two lists – the left displays the files and folders in disk with no encryption, the right are the encrypted file and folders.

When encryption, you can choose to Flash-Encrypt Drive, so all of your files and folders will be transferred from left list to right, that is, all these data have been encrypted except for ude.exe file and some system folders.

If you need to use the encrypted data, just double click the specified file or folder in Decrypt Area, and it will be opened automatically.

Kindly note that if you want to protect the data on portable hard drives, first you should choose a good-quality portable hard drive, next is to use a professional encryption software.

Encryption is gone, communications minister Muthambi restates

Government-provided set-top boxes for digital terrestrial television will not contain conditional access based on encryption, and prospective pay-television operators wanting to use such a system will have to deploy their own boxes to subscribers.

That’s according to a statement, issued at the weekend by communications minister Faith Muthambi, in which she makes it clear that conditional access will not feature in the final amended policy on broadcasting digital migration.

The move appears to be a victory for MultiChoice and the SABC, which have opposed encryption in the free-to-air boxes that consumers will need to receive digital terrestrial broadcasts.

The set-top boxes, which will be provided free of charge to as many as 5m households (previously the plan was to provide a subsidy), will still contain a control system. But it won’t employ conditional access and so can’t be used by pay-TV operators. Instead, the minister says, it’s simply a security mechanism that, among other things, will prevent set-top boxes from being used outside South Africa’s borders.

It appears, although it’s not completely clear yet, that the decision means that there will be no restriction on the use of internationally manufactured set-top boxes in South Africa and that modern TVs with integrated digital receivers — those based on the DVB-T2 digital broadcasting standard — will work in South Africa.

In her statement, Muthambi says the control system agreed to by cabinet “does not mean a conditional access system … [or] an encryption of the signal to control access to content by viewers”.

Rather, it is a “security feature to encourage the local electronics manufacturing sector”.

“The set-top box must have minimal switching (on/off) security features to protect the subsidised set-top boxes from theft or leaving South Africa’s borders,” she says.

It must have capabilities to provide government information and services, she adds.

“The new policy position does not in any way prohibit any broadcaster who will want to include conditional access in the provision of broadcasting services to its customers. It is the firm view of the department that broadcasters who will want to do that should make their own investment in the acquisition of a conditional access system.”

MultiChoice, which owns DStv, has long argued that providing a conditional access system in government-subsidised set-top boxes would amount to unfair competition as it would allow prospective pay-TV rivals to launch services without the heavy upfront investment associated with building such a platform.

It has argued, too, that encryption in free-to-air set-top boxes is complex and ultimately runs counter to consumers’ interests.

But rival e.tv has argued, among other things, that encryption is vital to ensure free-to-air broadcasters can secure the latest international content to compete more effectively with DStv.

In her statement, Muthambi also confirms government’s new position is that set-top boxes will be provided free of charge to 5m poor television households. Previously, a partial subsidy had applied.

Distribution of the free boxes will prioritise households in border regions to minimise signal interference from neighbouring countries. After 17 June, the International Telecommunication Union, an agency of the United Nations, will no longer protect countries that have not completed their migration projects from this interference.

Microsoft Windows also vulnerable to ‘FREAK’ encryption flaw

Computers running all supported releases of Microsoft Windows are vulnerable to “FREAK,” a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted when visiting any of hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov.

The flaw was previously thought to be limited to Apple’s Safari and Google’s Android browsers. But Microsoft warned that the encryption protocols used in Windows — Secure Sockets Layer and its successor Transport Layer Security — were also vulnerable to the flaw.

“Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system,” Microsoft said in its advisory. “The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industrywide issue that is not specific to Windows operating systems.”

Microsoft said it will likely address the flaw in its regularly scheduled Patch Tuesday update or with an out-of-cycle patch. In the meantime, Microsoft suggested disabling the RSA export ciphers.

The FREAK (Factoring RSA Export Keys) flaw surfaced a few weeks ago when a group of researchers discovered they could force websites to use intentionally weakened encryption, which they were able to break within a few hours. Once a site’s encryption was cracked, hackers could then steal data such as passwords, and hijack elements on the page.

Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.

“The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor,” Matthew Green, a Johns Hopkins cryptographer who helped investigate the encryption flaw, wrote in a blog post explaining the flaw’s origins and effects. “This was done badly. So badly, that while the policies were ultimately scrapped, they’re still hurting us today.”

Building backdoors into encryption isn’t only bad for China, Mr President

Want to know why forcing tech companies to build backdoors into encryption is a terrible idea? Look no further than President Obama’s stark criticism of China’s plan to do exactly that on Tuesday. If only he would tell the FBI and NSA the same thing.

In a stunningly short-sighted move, the FBI – and more recently the NSA – have been pushing for a new US law that would force tech companies like Apple and Google to hand over the encryption keys or build backdoors into their products and tools so the government would always have access to our communications. It was only a matter of time before other governments jumped on the bandwagon, and China wasted no time in demanding the same from tech companies a few weeks ago.

As President Obama himself described to Reuters, China has proposed an expansive new “anti-terrorism” bill that “would essentially force all foreign companies, including US companies, to turn over to the Chinese government mechanisms where they can snoop and keep track of all the users of those services.”

Obama continued: “Those kinds of restrictive practices I think would ironically hurt the Chinese economy over the long term because I don’t think there is any US or European firm, any international firm, that could credibly get away with that wholesale turning over of data, personal data, over to a government.”

Bravo! Of course these are the exact arguments for why it would be a disaster for US government to force tech companies to do the same. (Somehow Obama left that part out.)

As Yahoo’s top security executive Alex Stamos told NSA director Mike Rogers in a public confrontation last week, building backdoors into encryption is like “drilling a hole into a windshield.” Even if it’s technically possible to produce the flaw – and we, for some reason, trust the US government never to abuse it – other countries will inevitably demand access for themselves. Companies will no longer be in a position to say no, and even if they did, intelligence services would find the backdoor unilaterally – or just steal the keys outright.

For an example on how this works, look no further than last week’s Snowden revelation that the UK’s intelligence service and the NSA stole the encryption keys for millions of Sim cards used by many of the world’s most popular cell phone providers. It’s happened many times before too. Ss security expert Bruce Schneier has documented with numerous examples, “Back-door access built for the good guys is routinely used by the bad guys.”

Stamos repeatedly (and commendably) pushed the NSA director for an answer on what happens when China or Russia also demand backdoors from tech companies, but Rogers didn’t have an answer prepared at all. He just kept repeating “I think we can work through this”. As Stamos insinuated, maybe Rogers should ask his own staff why we actually can’t work through this, because virtually every technologist agrees backdoors just cannot be secure in practice.

(If you want to further understand the details behind the encryption vs. backdoor debate and how what the NSA director is asking for is quite literally impossible, read this excellent piece by surveillance expert Julian Sanchez.)

It’s downright bizarre that the US government has been warning of the grave cybersecurity risks the country faces while, at the very same time, arguing that we should pass a law that would weaken cybersecurity and put every single citizen at more risk of having their private information stolen by criminals, foreign governments, and our own.

Forcing backdoors will also be disastrous for the US economy as it would be for China’s. US tech companies – which already have suffered billions of dollars of losses overseas because of consumer distrust over their relationships with the NSA – would lose all credibility with users around the world if the FBI and NSA succeed with their plan.

The White House is supposedly coming out with an official policy on encryption sometime this month, according to the New York Times – but the President can save himself a lot of time and just apply his comments about China to the US government. If he knows backdoors in encryption are bad for cybersecurity, privacy, and the economy, why is there even a debate?

How to Encrypt Folder in “Encryption Year”?

Recently, the president of United States Barack Obama called himself “a firm believer of strong encryption” when he visited Silicon Valley. Although some people criticized Obama for vague statement, the actual networking environment is really worrying, and the data security is more of concern, so data encryption appears to be more important. That is someone regards 2015 as an “Encryption Year”. When it comes to encryption year, we talk about how to better encrypt folders in the new year.

Want to encrypt folders on computer? First we think of is to choose a high quality of folder encryption software. As a professional folder encryption software, Best Folder Encryptor owns powerful features but with user-friendly design, any computer users can run it easily.

The characteristics of Best Folder Encryptor:

1. Perfect self-protection, it is copy-, remove- and delete-proof.

2. With advanced-encryption algorithms, the encryption on the files and folders is super strong.

3. Easy to use, anyone can grasp it in a short time.

4. Multiple features such as folder encryption, file encryption and disk protection. It works normally in all Windows systems.

5. As long as a file or folder is encrypted by Best Folder Encryptor, even it is transferred to other devices, the file or folder still remains encryption status.

How to encrypt folders:

1. Download Best Folder Encryptor from official website(www.dogoodsoft.com/best-folder-encryptor/free-download.html) and install it;

2. Run Best Folder Encryptor, click Encrypt Folder button, and then choose a folder to encrypt;

3. Set your encryption password, select an encryption type as you wish, and then click “OK”;

Notes: There are 5 encryption types set in Best Folder Encryptor – Flash encryption, Hiding encryption, Full encryption, Diamond encryption and Portable encryption.

Flash- and Hiding encryption are well known as fast encryption and decryption, and take up no extra disk space, which is very fit for oversize folders encryption.

Full-, Diamond- and Portable encryption use the advanced encryption algorithms to encrypt folder, so the encryption on your folder can be super strong. It is good to encrypt those important folders.

Encrypt your folder, protect your data, and have a good time!

Samsung is still lying about the encryption on its Smart TVs

When news broke that Samsung’s Smart TV’s listened to conversations and sent them to a third-party server company, the Korean manufacturer countered by claiming that all data transmissions to and from its televisions were encrypted. When testing demonstrated that the data in question wasn’t encrypted (despite being sent via Port 443, which is typically used for HTTPS traffic), Samsung modified its stance, claiming that new TVs were encrypted properly but older sets were not. This, too, has now been proven false.

After last week’s findings, we spoke to the security researchers at Pentest Partners to ascertain the make and model of the TV they’d tested. The initial model was a UE46ES8000, a top-end TV for its day, but now two years old. This time around, the team tested a UE55HU7500. This screen currently retails for £1,569.86 in the UK according to Amazon. Reviews date from June 2014 through Jan 2015 and the unit is widely available — it is, in other words, a “current” Samsung TV by any reasonable sense of the word.

The team tested the new television in the same manner as the old and found that data is still being transferred in plaintext.

Still, there was a chance that a firmware update to the television would solve the problem, since the new set has been shipping for some months. An update was available, and the team applied it — to absolutely no effect. The data remains unencrypted.

Bad security will destroy the Internet of Things

After the Lenovo Superfish disaster, it’d be easy to dismiss what’s going on with Samsung’s encrypted televisions. While the Lenovo situation is orders of magnitude worse, I’d argue that both issues actually stem from the same root problem — a failure to verify that security procedures have been followed and implemented at every level.

Security is difficult, time consuming, and expensive. By its very nature, it does not respond well to corner-cutting. Companies like Samsung, with huge, cost-optimized product divisions and an emphasis on shipping a huge number of SKUs are ill-suited to the kind of lengthy test cycles that are required to properly lock down products and equipment, and unlikely to want to invest in the sort of device evaluation that’s necessary to guarantee that data is handled properly.

It’s easy to dismiss such rigor as unnecessary and to pretend that the entire burden rests on Microsoft or Google, but that attitude will kill most IoT devices in the long term. If Smart TVs acquire a reputation for risking user security due to high profile hacking incidents, consumers will learn to avoid them. Translate that across the IoT ecosystem, and the long-term market will be fundamentally compromised.

It’s time for Samsung and other manufacturers to directly name the devices they’ve locked down, the devices that remain unencrypted, and a timeline for fixing this problem.

QR codes with advanced imaging and photon encryption protect computer chips

QR, or Quick Response, codes — those commonly black and white boxes that people scan with a smartphone to learn more about something — have been used to convey information about everything from cereals to cars and new homes.

But, University of Connecticut (UConn) researchers think the codes have a greater potential: protecting national security.

Using advanced 3-D optical imaging and extremely low light photon counting encryption, Board of Trustees Distinguished Professor Bahram Javidi and his research team have taken the ordinary QR code and transformed it into a high-end cybersecurity application that can be used to protect the integrity of computer microchips. The findings were published in IEEE Photonics Journal.

“An optical code or QR code can be manufactured in such a way that it is very difficult to duplicate,” said Javidi, whose team is part of UConn’s Center for Hardware Assurance, Security, and Engineering (CHASE) in the School of Engineering. “But if you have the right keys, not only can you authenticate the chip, but you can also learn detailed information about the chip and what its specifications are.

“And, that is important to the person using it.”

Corrupted and recycled integrated circuits or microchips posed a significant threat to the international electronics supply chain. Bogus or used computer chips may not matter much when they cause poor cell phone reception or an occasional laptop computer crash in personal use. But the problem becomes exponentially more serious when counterfeit or hacked chips turn up in the U.S. military.

The problem has been exacerbated in recent years by the fact that much of the national production of microcircuits has moved offshore, where prices are lower but ensuring quality control is more difficult.

In 2012, a Senate Armed Services Committee report found that more than 100 cases of suspected counterfeit electronics parts from China had made their way into the Department of Defense supply chain. In one notable example, officials said counterfeit circuits were used in a high-altitude missile meant to destroy incoming missiles. Fixing the problem cost the government $2.675 million, the report said.

Unlike commercial QR codes, Javidi’s little black and white boxes can be scaled as small as microns or a few millimeters and would replace the electronic part number that is currently stamped on most microchips.

Javidi says he can compress vital information about a chip — its functionality, capacity, and part number — directly into the QR code so it can be obtained by the reader without accessing the Internet. This is important in cybersecurity circles, because linking to the Internet greatly increases vulnerability to hacking or corruption.

To further protect the information in the QR code, Javidi applies an optical imaging “mask” that scrambles the QR code design into a random mass of black-and-white pixels that look similar to the snowy images one might see on a broken TV. He then adds yet another layer of security through a random phase photon-based encryption that turns the snowy image into a darkened nighttime sky with just a few random stars or dots of pixilated light.

The end result is a self-contained, highly secure, information-laden microscopic design that is nearly impossible to duplicate. Only individuals who have the special corresponding codes could decrypt the QR image.

And that is important to all of us.