All Activity

Researchers at Ecole Polytechnique Fédérale de Lausanne have combined silver nanostructures with polarised light to yield a range of brilliant colours, which can be used to encode messages. The polarisations are used as keys and the message is encrypted in a quaternary colour subset. https://onlinelibrary.wiley.com/doi/10.1002/adom.202202165 https://www.sciencedaily.com/releases/2023/02/230213120701.htm

Lightweight Authenticated Encryption & Hashing Ascon is a family of authenticated encryption and hashing algorithms designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks. Ascon has been selected as new standard for lightweight cryptography in the NIST Lightweight Cryptography competition (2019–2023). Ascon has also been selected as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition (2014–2019). ascon.iaik.tugraz.at www.bleepingcomputer.com/news/security/us-nist-unveils-winning-encryption-algorithm-for-iot-data-protection/

Security researcher Paul Moore discovered the Eufy Doorbell Dual camera’s feed could be accessed via a web browser by simply knowing the right URL, and no password was required. Moore said camera videos encrypted with AES-128 are using a simple key that can be broken with relative ease, and the app was uploading thumbnails to the cloud, before sending them to people’s mobile apps as notifications, the camera was uploading facial recognition data to its AWS cloud without encryption. In a blog post Eufy (owned by Anker) addressed these claims, confirming some of them, but denying others. www.techradar.com/news/anker-admits-eufy-camera-security-issues community.security.eufy.com/t/to-our-eufy-security-customers-and-partners/3568215

Peter Eckersley, one of the original founders of Let’s Encrypt, passed away at CPMC Davies Hospital in San Francisco on 2nd September 2022. He had been diagnosed with cancer on 31 August, but died of complications during pre-operative preparations to treat the disease. https://community.letsencrypt.org/t/peter-eckersley-may-his-memory-be-a-blessing/183854 https://nakedsecurity.sophos.com/2022/09/04/peter-eckersley-co-creator-of-lets-encrypt-dies-at-just-43/ https://en.wikipedia.org/wiki/Peter_Eckersley_(computer_scientist)

A cipher key was written in the form of a defined monomer sequence, dissolved in isopropanol and mixed with glycerol and soot. This created an ink that was used to write a letter. The 256-bit cipher key was successfully recovered by the recipient of the letter by extracting with dichloromethane and following instructions for sequencing. https://pubs.acs.org/doi/pdf/10.1021/acscentsci.2c00460

Microsoft SEAL prior to v3.6 using the Brakerski/Fan-Vercauteren (BFV) protocol is vulnerable to a power-based side-channel attack. Aydin Aysu at North Carolina State University demonstrated that by monitoring power consumption in a device that is encoding data for homomorphic encryption, you can read the data as it is being encrypted. https://securityboulevard.com/2022/06/researchers-demonstrate-they-can-steal-data-during-homomorphic-encryption/

Microsoft SEAL is an open-source homomorphic encryption library that enables running computations directly on encrypted data. A cloud provider does not have unencrypted access to the data they are storing and computing on. SEAL comes with two homomorphic encryption schemes. BFV allows modular arithmetic on encrypted integers. CKKS allows additions and multiplications on encrypted real or complex numbers, but yields only approximate results. https://www.microsoft.com/en-us/research/project/microsoft-seal/