0

Towards Post-Quantum Cryptography in TLS

We live in a completely connected society. A society connected by a variety of devices: laptops, mobile phones, wearables, self-driving or self-flying things. We have standards for a common language that allows these devices to communicate with each other. This is critical for wide-scale deployment – especially in cryptography where the smallest detail has great importance.

One of the most important standards-setting organizations is the National Institute of Standards and Technology (NIST), which is hugely influential in determining which standardized cryptographic systems see worldwide adoption. At the end of 2016, NIST announced it would hold a multi-year open project with the goal of standardizing new post-quantum (PQ) cryptographic algorithms secure against both quantum and classical computers.

Many of our devices have very different requirements and capabilities, so it may not be possible to select a “one-size-fits-all” algorithm during the process. NIST mathematician, Dustin Moody, indicated that institute will likely select more than one algorithm:

“There are several systems in use that could be broken by a quantum computer - public-key encryption and digital signatures, to take two examples - and we will need different solutions for each of those systems.”

Initially, NIST selected 82 candidates for further consideration from Continue reading

0

Towards Post-Quantum Cryptography in TLS

We live in a completely connected society. A society connected by a variety of devices: laptops, mobile phones, wearables, self-driving or self-flying things. We have standards for a common language that allows these devices to communicate with each other. This is critical for wide-scale deployment – especially in cryptography where the smallest detail has great importance.

One of the most important standards-setting organizations is the National Institute of Standards and Technology (NIST), which is hugely influential in determining which standardized cryptographic systems see worldwide adoption. At the end of 2016, NIST announced it would hold a multi-year open project with the goal of standardizing new post-quantum (PQ) cryptographic algorithms secure against both quantum and classical computers.

Many of our devices have very different requirements and capabilities, so it may not be possible to select a “one-size-fits-all” algorithm during the process. NIST mathematician, Dustin Moody, indicated that institute will likely select more than one algorithm:

“There are several systems in use that could be broken by a quantum computer - public-key encryption and digital signatures, to take two examples - and we will need different solutions for each of those systems.”

Initially, NIST selected 82 candidates for further consideration from Continue reading

0

Introducing CIRCL: An Advanced Cryptographic Library

As part of Crypto Week 2019, today we are proud to release the source code of a cryptographic library we’ve been working on: a collection of cryptographic primitives written in Go, called CIRCL. This library includes a set of packages that target cryptographic algorithms for post-quantum (PQ), elliptic curve cryptography, and hash functions for prime groups. Our hope is that it’s useful for a broad audience. Get ready to discover how we made CIRCL unique.

Cryptography in Go

We use Go a lot at Cloudflare. It offers a good balance between ease of use and performance; the learning curve is very light, and after a short time, any programmer can get good at writing fast, lightweight backend services. And thanks to the possibility of implementing performance critical parts in Go assembly, we can try to ‘squeeze the machine’ and get every bit of performance.

Cloudflare’s cryptography team designs and maintains security-critical projects. It's not a secret that security is hard. That's why, we are introducing the Cloudflare Interoperable Reusable Cryptographic Library - CIRCL. There are multiple goals behind CIRCL. First, we want to concentrate our efforts to implement cryptographic primitives in a single place. This makes it easier Continue reading

0

Introducing CIRCL: An Advanced Cryptographic Library

As part of Crypto Week 2019, today we are proud to release the source code of a cryptographic library we’ve been working on: a collection of cryptographic primitives written in Go, called CIRCL. This library includes a set of packages that target cryptographic algorithms for post-quantum (PQ), elliptic curve cryptography, and hash functions for prime groups. Our hope is that it’s useful for a broad audience. Get ready to discover how we made CIRCL unique.

Cryptography in Go

We use Go a lot at Cloudflare. It offers a good balance between ease of use and performance; the learning curve is very light, and after a short time, any programmer can get good at writing fast, lightweight backend services. And thanks to the possibility of implementing performance critical parts in Go assembly, we can try to ‘squeeze the machine’ and get every bit of performance.

Cloudflare’s cryptography team designs and maintains security-critical projects. It's not a secret that security is hard. That's why, we are introducing the Cloudflare Interoperable Reusable Cryptographic Library - CIRCL. There are multiple goals behind CIRCL. First, we want to concentrate our efforts to implement cryptographic primitives in a single place. This makes it easier Continue reading

0

Cracks appear in Intel’s grip on supercomputing

It’s June, so it’s that time again for the twice-yearly Top 500 supercomputer list, where bragging rights are established or, in most cases, reaffirmed. The list constantly shifts as new trends appear, and one of them might be a break in Intel’s dominance.Supercomputers in the top 10 list include a lot of IBM Power-based systems, and almost all run Nvidia GPUs. But there’s more going on than that.For starters, an ARM supercomputer has shown up, at #156. Astra at Sandia National Laboratories is an HPE system running Cavium (now Marvell) ThunderX2 processors. It debuted on the list at #204 last November, but thanks to upgrades, it has moved up the list. It won’t be the last ARM server to show up, either.To read this article in full, please click here

0

Major Updates to Cisco Certifications Part III (CCNP)

What is changing for CCNP? And why?

Some of the problems that existed in the current CCNP were:

• No way of showing progress until you took all 3 exams and became CCNP certified, usually a 1+ year commitment
• Needed to pass CCNA before being able to become CCNP certified
• The certification wasn’t modular and it was a lot of work to update the certification
• Difficult to stay current with new technologies

Effective 24 February 2020, it will be possible to jump in at CCNP level, meaning that you don’t need to be CCNA certified to become a CCNP.

Instead of taking 3 exams, only 2 exams are needed, one Core exam and one concentration exam. You can take them in any order and you can also keep taking concentration exams to show you have skills in newer technologies such as SD-WAN. These concentration exams will show as badges.

Because the certification is now more modular, it will be easier to keep the certification up to date and to update it as technologies evolve and new ones come to the fore.

Another change is that the RS and Wireless track are now merged into CCNP Enterprise where the Core exam is Continue reading

0

Impact of Controller Failures in Software-Defined Networks

Christoph Jaggi sent me this observation during one of our SD-WAN discussions:

The centralized controller is another shortcoming of SD-WAN that hasn’t been really addressed yet. In a global WAN it can and does happen that a region might be cut off due to a cut cable or an attack. Without connection to the central SD-WAN controller the part that is cut off cannot even communicate within itself as there is no control plane…

A controller (or management/provisioning) system is obviously the central point of failure in any network, but we have to go beyond that and ask a simple question: “What happens when the controller cluster fails and/or when nodes lose connectivity to the controller?”

Read more ...

0

Cisco connects with IBM to simplify hybrid-cloud deployment

Cisco and IBM said the companies would meld their data-center and cloud technologies to help customers more easily and securely build and support on-premises and hybrid-cloud applications.Cisco, IBM Cloud and IBM Global Technology Services (the professional services business of IBM) said they will work to develop a hybrid-cloud architecture that melds Cisco’s data-center, networking and analytics platforms with IBM’s cloud offerings. IBM's contribution includea a heavy emphasis on Kubernetes-based offerings such as Cloud Foundry and Cloud Private as well as a catalog of IBM enterprise software such as Websphere and open source software such as Open Whisk, KNative, Istio and Prometheus.To read this article in full, please click here

0

Cisco connects with IBM to simplify hybrid-cloud deployment

Cisco and IBM said the companies would meld their data-center and cloud technologies to help customers more easily and securely build and support on-premises and hybrid-cloud applications.Cisco, IBM Cloud and IBM Global Technology Services (the professional services business of IBM) said they will work to develop a hybrid-cloud architecture that melds Cisco’s data-center, networking and analytics platforms with IBM’s cloud offerings. IBM's contribution includea a heavy emphasis on Kubernetes-based offerings such as Cloud Foundry and Cloud Private as well as a catalog of IBM enterprise software such as Websphere and open source software such as Open Whisk, KNative, Istio and Prometheus.To read this article in full, please click here

0

Cisco connects with IBM in to simplify hybrid cloud deployment

Cisco and IBM said the companies would meld their data-center and cloud technologies to help customers more easily and securely build and support on-premises and hybrid-cloud applications.Cisco, IBM Cloud and IBM Global Technology Services (the professional services business of IBM) said they will work to develop a hybrid-cloud architecture that melds Cisco’s data-center, networking and analytics platforms with IBM’s cloud offerings. IBM's contribution includea a heavy emphasis on Kubernetes-based offerings such as Cloud Foundry and Cloud Private as well as a catalog of IBM enterprise software such as Websphere and open source software such as Open Whisk, KNative, Istio and Prometheus.To read this article in full, please click here

0

Cisco connects with IBM in to simplify hybrid cloud deployment

Cisco and IBM said the companies would meld their data-center and cloud technologies to help customers more easily and securely build and support on-premises and hybrid-cloud applications.Cisco, IBM Cloud and IBM Global Technology Services (the professional services business of IBM) said they will work to develop a hybrid-cloud architecture that melds Cisco’s data-center, networking and analytics platforms with IBM’s cloud offerings. IBM's contribution includea a heavy emphasis on Kubernetes-based offerings such as Cloud Foundry and Cloud Private as well as a catalog of IBM enterprise software such as Websphere and open source software such as Open Whisk, KNative, Istio and Prometheus.To read this article in full, please click here

0

Network-as-a-Service Part 2 – Designing a Network API

In the previous post, we’ve examined the foundation of the Network-as-a-Service platform. A couple of services were used to build the configuration from data models and templates and push it to network devices using Nornir and Napalm. In this post, we’ll focus on the user-facing part of the platform. I’ll show how to expose a part of the device data model via a custom API built on top of Kubernetes and how to tie it together with the rest of the platform components.

Interacting with a Kubernetes API

There are two main ways to interact with a Kubernetes API: one using a client library, which is how NaaS services communicate with K8s internally, the other way is with a command line tool called kubectl, which is intended to be used by humans. In either case, each API request is expected to contain at least the following fields:

• apiVersion - all API resources are grouped and versioned to allow multiple versions of the same kind to co-exist at the same time.
• kind - defines the type of object to be created.
• metadata - collection of request attributes like name, namespaces, labels etc.
• spec - the actual payload Continue reading

0

HPE Aruba: Think Bigger Than SD-WAN – It’s SD-Branch

SD-WAN capabilities can address networking and security between the branch and clouds or the data...

Read More »

0

Tech Bytes: Network Automation In Multi-Vendor Environments With Anuta ATOM (Sponsored)

On today's Tech Bytes we talk with sponsor Anuta Networks about its ATOM network automation software. Guest Kiran Sirupa explains ATOM’s capabilities including low-code automation, network device configurations, compliance checks, telemetry collection, and more.

0

Tech Bytes: Network Automation In Multi-Vendor Environments With Anuta ATOM (Sponsored)

On today's Tech Bytes we talk with sponsor Anuta Networks about its ATOM network automation software. Guest Kiran Sirupa explains ATOM’s capabilities including low-code automation, network device configurations, compliance checks, telemetry collection, and more.

The post Tech Bytes: Network Automation In Multi-Vendor Environments With Anuta ATOM (Sponsored) appeared first on Packet Pushers.

0

Podcast: EVPN Building Blocks

In this episode, you’ll hear from Keith Townsend, Co-founder, The CTO Advisor; Rahul Aggarwal,...

Read More »

0

Cisco issues critical security warnings on SD-WAN, DNA Center

Cisco has released two critical warnings about security issues with its SD-WAN and DNA Center software packages. The worse, with a Common Vulnerability Scoring System rating of 9.3 out of 10, is a vulnerability in its Digital Network Architecture (DNA) Center software that could let an unauthenticated attacker connect an unauthorized network device to the subnet designated for cluster services. More about SD-WAN How to buy SD-WAN technology: Key questions to consider when selecting a supplier How to pick an off-site data-backup method SD-Branch: What it is and why you’ll need it What are the options for security SD-WAN? A successful exploit could let an attacker reach internal services that are not hardened for external access, Cisco stated.  The vulnerability is due to insufficient access restriction on ports necessary for system operation, and the company discovered the issue during internal security testing, Cisco stated.To read this article in full, please click here

0

Cisco issues critical security warnings on SD-WAN, DNA Center

Cisco has released two critical warnings about security issues with its SD-WAN and DNA Center software packages. The worse, with a Common Vulnerability Scoring System rating of 9.3 out of 10, is a vulnerability in its Digital Network Architecture (DNA) Center software that could let an unauthenticated attacker connect an unauthorized network device to the subnet designated for cluster services. More about SD-WAN How to buy SD-WAN technology: Key questions to consider when selecting a supplier How to pick an off-site data-backup method SD-Branch: What it is and why you’ll need it What are the options for security SD-WAN? A successful exploit could let an attacker reach internal services that are not hardened for external access, Cisco stated.  The vulnerability is due to insufficient access restriction on ports necessary for system operation, and the company discovered the issue during internal security testing, Cisco stated.To read this article in full, please click here

0

Applications for 2019 Chapterthon Now Open

We’re happy to announce that the call for applications for the 2019 Chapterthon is now open.

Our world is more digitally connected than ever before, yet barriers still remain for the half of the world’s population who are unconnected.

For 2019, Chapterthon projects will help with Connecting the Unconnected. The Internet for everyone, including every last person on the planet, and we won’t rest until each person has the option of choosing to be connected.

Want to take part in this challenge?

We are looking for creative, innovative, and impactful short-term projects from our Chapters and Special Interest Groups (SIGs) that are for the community, with the community, by the community.

Find out how to apply at: https://www.internetsociety.org/grants/chapterthon/2019/

Only one project will be selected per Chapter to participate in this contest. The selected projects then participate in the global Chapterthon contest. The three winning projects will receive an award!

To guide you through this process, we’ve organised an info session on 27 June 2019 at 11:00 UTC.You can register in advance at:
https://isoc.zoom.us/meeting/register/5b0fba421a1ce3737510d14dfea9e911

All other information about the Chapterthon is available here:https://www.internetsociety.org/grants/chapterthon/2019/

Take part  and help us connect the world one community Continue reading

0

Spreading Artificial Intelligence Across Storage

Over the last couple of years, Hewlett Packard Enterprise has added to its already broad portfolio of storage, which includes 3PAR arrays, which HPE bought in 2010, and its homegrown XP7 lineup, aimed at mission-critical workloads that need high availability and uptime. …

Spreading Artificial Intelligence Across Storage was written by Jeffrey Burt at .