The post-quantum future: challenges and opportunities

The post-quantum future: challenges and opportunities
“People ask me to predict the future, when all I want to do is prevent it. Better yet, build it. Predicting the future is much too easy, anyway. You look at the people around you, the street you stand on, the visible air you breathe, and predict more of the same. To hell with more. I want better.”
Ray Bradbury, from Beyond 1984: The People Machines
The post-quantum future: challenges and opportunities

The story and the path are clear: quantum computers are coming that will have the ability to break the cryptographic mechanisms we rely on to secure modern communications, but there is hope! The cryptographic community has designed new mechanisms to safeguard against this disruption. There are challenges: will the new safeguards be practical? How will the fast-evolving Internet migrate to this new reality? In other blog posts in this series, we have outlined some potential solutions to these questions: there are new algorithms for maintaining confidentiality and authentication (in a “post-quantum” manner) in the protocols we use. But will they be fast enough to deploy at scale? Will they provide the required properties and work in all protocols? Are they easy to use?

Adding post-quantum cryptography into architectures and networks Continue reading

Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless

Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless
Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless

Theoretically, there is no impediment to adding post-quantum cryptography to any system. But the reality is harder. In the middle of last year, we posed ourselves a big challenge: to change all internal connections at Cloudflare to use post-quantum cryptography. We call this, in a cheeky way, “post-quantum-ifying” our services. Theoretically, this should be simple: swap algorithms for post-quantum ones and move along. But with dozens of different services in various programming languages (as we have at Cloudflare), it is not so simple. The challenge is big but we are here and up for the task! In this blog post, we will look at what our plan was, where we are now, and what we have learned so far. Welcome to the first announcement of a post-quantum future at Cloudflare: our connections are going to be quantum-secure!

What are we doing?

The life of most requests at Cloudflare begins and ends at the edge of our global network. Not all requests are equal and on their path they are transmitted by several protocols. Some of those protocols provide security properties whilst others do not. For the protocols that do, for context, Cloudflare uses: TLS, QUIC, WireGuard, DNSSEC Continue reading

HPE lets you build integrated private 5G/Wi-Fi networks

HP Enterprise will offer private 5G equipment integrated with its Aruba Wi-Fi gear to provide the option of using the technology that best meets the various wireless demands within an enterprise.As the name implies, Private 5G gear supports private 5G networks, not as a replacement for but as complementary to Wi-Fi.HPE says 5G surpasses Wi-Fi in terms of wide-area coverage as well as speed, but Wi-Fi has the advantage when it comes to cost-effective indoor connectivity. So the hybrid network will automatically switch between 5G and Wi-Fi depending on need and use.The technology itself is an evolution of the HPE 5G Core Stack introduced in 2020, and which is open, cloud-native, and container-based. HPE has added two new features to the product: integration with Wi-Fi networks through use of its Aruba wireless technology, and the integration of 5G radio access network (RAN) equipment from third-party vendors to enable deploying a 5G core at customer sites.To read this article in full, please click here

Weekend Reads 022522


To some degree, cyber AI suffers from the pressures exerted by the quest for never-ending sales growth.


The websites for several banks in Ukraine, the Ministry of Defense, and Armed Forces were hit with a distributed denial-of-service (DDoS) attack on Feb. 15.


Threat actors are using software and developer infrastructure, platforms, and providers as valuable entry points into governments, corporations, and critical infrastructure.


Cybercriminals and nation-state actors adapted to defenders’ tactics and became more efficient in 2021, with attackers relying more on data leaks combined with ransomware to extort increasing sums of money from companies — and in some cases using data leaks without encrypting data to force a company to pay, according to two analyses published this week.


Cloud and multi-cloud adoption has greatly increased the workload of already burdened IT teams. Of the 200 IT leaders surveyed, only about half of the respondents said that they are adequately staffed to manage the frequency of alerts they receive.


Imagine that you run an organization out of a building. Imagine that the landlord comes one day and says, “Oh I didn’t know you are a resident of country X or dealing with anybody from country X. I have to close Continue reading

Cisco IDs top 2022 security threats and what to do about them

2022 will be another busy year for enterprise incident responders as ransomware, supply chain and myriad zero-day attacks will continue to rise, according to Cisco's Talos security experts.To help address the threats, the Cisco Talos team used a blog and online presentation to detail steps enterprises can take to defend themselves against the growing field of bad actors and also to point out lessons learned from recent damaging exploits such as the Log4j vulnerability and Microsoft Exchange server zero-day threats.Once, zero-day attacks were typically launched by state actors against service providers, but those days are gone, wrote Nick Biasini head of outreach at Cisco Talos in a blog about the security landscape in 2022. Now new, less experienced combatants seek out a broader range of targets, using less surgical attacks. “This has led to more risky behavior than we’ve seen historically, without as much regard for collateral damage,” he wrote.To read this article in full, please click here

Cisco IDs top 2022 security threats and what to do about them

2022 will be another busy year for enterprise incident responders as ransomware, supply chain and myriad zero-day attacks will continue to rise, according to Cisco's Talos security experts.To help address the threats, the Cisco Talos team used a blog and online presentation to detail steps enterprises can take to defend themselves against the growing field of bad actors and also to point out lessons learned from recent damaging exploits such as the Log4j vulnerability and Microsoft Exchange server zero-day threats.Once, zero-day attacks were typically launched by state actors against service providers, but those days are gone, wrote Nick Biasini head of outreach at Cisco Talos in a blog about the security landscape in 2022. Now new, less experienced combatants seek out a broader range of targets, using less surgical attacks. “This has led to more risky behavior than we’ve seen historically, without as much regard for collateral damage,” he wrote.To read this article in full, please click here

HPKE: Standardizing public-key encryption (finally!)

HPKE: Standardizing public-key encryption (finally!)

For the last three years, the Crypto Forum Research Group of the Internet Research Task Force (IRTF) has been working on specifying the next generation of (hybrid) public-key encryption (PKE) for Internet protocols and applications. The result is Hybrid Public Key Encryption (HPKE), published today as RFC 9180.

HPKE was made to be simple, reusable, and future-proof by building upon knowledge from prior PKE schemes and software implementations. It is already in use in a large assortment of emerging Internet standards, including TLS Encrypted Client Hello and Oblivious DNS-over-HTTPS, and has a large assortment of interoperable implementations, including one in CIRCL. This article provides an overview of this new standard, going back to discuss its motivation, design goals, and development process.

A primer on public-key encryption

Public-key cryptography is decades old, with its roots going back to the seminal work of Diffie and Hellman in 1976, entitled “New Directions in Cryptography.” Their proposal – today called Diffie-Hellman key exchange – was a breakthrough. It allowed one to transform small secrets into big secrets for cryptographic applications and protocols. For example, one can bootstrap a secure channel for exchanging messages with confidentiality and integrity using a key exchange Continue reading

What a more holistic approach to cloud-native security and observability looks like

The rise of cloud native and containerization, along with the automation of the CI/CD pipeline, introduced fundamental changes to existing application development, deployment, and security paradigms. Because cloud native is so different from traditional architectures, both in how workloads are developed and how they need to be secured, there is a need to rethink our approach to security in these environments.

As stated in this article, security for cloud-native applications should take a holistic approach where security is not an isolated concern, but rather a shared responsibility. Collaboration is the name of the game here. In order to secure cloud-native deployments, the application, DevOps, and security teams need to work together to make sure security happens earlier in the development cycle and is more closely associated with the development process.

Since Kubernetes is the most popular container orchestrator and many in the industry tend to associate it with cloud native, let’s look at this holistic approach by breaking it down into a framework for securing Kubernetes-native environments.

Framework

At a high level, the framework for securing cloud-native environments consists of three stages: build, deploy, and runtime.

Build

In the build stage, developers write code and the code gets compiled, Continue reading

Decentralized Compute Is The Foundation Of The Metaverse

The metaverse is still a thing, an experience, a service in the making, an envisioned 3D world fueled in large part by artificial intelligence and immersive graphics that will, many hope, be a place where consumers can play games and interact with others and companies can do business in ways that can’t be done today.

Decentralized Compute Is The Foundation Of The Metaverse was written by Jeffrey Burt at The Next Platform.

Mobile Edge Computing (MEC) Puts Compute, Networking Services Closer To Applications

The following post originally appeared on the Packet Pushers’ Ignition site on November 13, 2020. 5G has long been declared the future of mobile networks by both tech analysts and the popular press, but scratch the surface and IT pros will find that behind all the hype and headlines lies a massive redesign of network […]

The post Mobile Edge Computing (MEC) Puts Compute, Networking Services Closer To Applications appeared first on Packet Pushers.

Hedge 119: Product Marketing with Cathy Gadecki

Marketing is an underappreciated (and even demonized) part of the process in creating and managing networking products. Cathy Gadecki of Juniper joins Russ White and Tom Ammon on this episode of the Hedge to fill in the background and discuss the importance of marketing, and some of the odd corners where marketing impacts product development.

download

Cloudflare re-enforces commitment to security in Germany via BSIG audit

Cloudflare re-enforces commitment to security in Germany via BSIG audit
Cloudflare re-enforces commitment to security in Germany via BSIG audit

As a large data processing country, Germany is at the forefront of security and privacy regulation in Europe and sets the tone for other countries to follow. Analyzing and meeting the requirements to participate in Germany’s cloud security industry requires adherence to international, regional, and country-specific standards. Cloudflare is pleased to announce that we have taken appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity, and confidentiality of Cloudflare’s production systems in accordance with BSI-KritisV. TÜViT, the auditing body tasked with auditing Cloudflare and providing the evidence to BSI every two years. Completion of this audit allows us to comply with the NIS Directive within Germany.

Why do cloud companies operating in Germany need to go through a BSI audit?

In 2019, Cloudflare registered as an Operator of Essential Services’ under the EU Directive on Security of Network and Information Systems (NIS Directive). The NIS Directive is cybersecurity legislation with the goal to enhance cybersecurity across the EU. Every member state has started to adopt national legislation for the NIS Directive and the criteria for compliance is set individually by each country. As an ‘Operator of Essential Services’ in Germany, Cloudflare is regulated by the Federal Continue reading

Building Confidence in Cryptographic Protocols

Building Confidence in Cryptographic Protocols

An introduction to formal analysis and our proof of the security of KEMTLS

Building Confidence in Cryptographic Protocols

Good morning everyone, and welcome to another Post-Quantum–themed blog post! Today we’re going to look at something a little different. Rather than look into the past or future quantum we’re going to look as far back as the ‘80s and ‘90s, to try and get some perspective on how we can determine whether a protocol is or is not secure. Unsurprisingly, this question comes up all the time. Cryptographers like to build fancy new cryptosystems, but just because we, the authors, can’t break our own designs, it doesn’t mean they are secure: it just means we are not smart enough to break them.

One might at this point wonder why in a post-quantum themed blog post we are talking about security proofs. The reason is simple: the new algorithms that claim to be safe against quantum threats need proofs showing that they actually are safe. In this blog post, not only are we going to introduce how we go about proving a protocol is secure, we’re going to introduce the security proofs of KEMTLS, a version of TLS designed to be more secure against quantum computers, and Continue reading

1 516 517 518 519 520 3,792