Encryption and Databases Are Actually Similar

We have been building encryption service for a while. I grew up in the world of encryption and many things just came with experience, without being spelled out. Here’s another why I believe in “hardware encryption”.

“Read More”

PDF Signing, eIDAS for Companies – CloudFoxy

Category : crypto , cybersec

We have implemented a solution for eIDAS USB smart cards, with no drivers on user computers. We simply access smart cards HTTPS to sign PDF documents. A solution, which can be automated, integrated with an internal IT infrastructure, and managed by a dedicated support.

“Read More”

ROCA vulnerability impact on Gemalto IDPrime .NET smart cards

We have reasonable grounds to believe that all Gemalto IDPrime .NET smart cards generate weak RSA keys vulnerable to the recently published ROCA vulnerability (CVE-2017-15361, VU#307015). Gemalto stopped selling these cards in September 2017, but there are large numbers of cards still in use in corporate environments. Their primary use is in enterprise PKI systems for secure email, VPN access, and so on.
“Read More”

ROCA vulnerability and Axalto / Gemalto .NET v2 smartcards

I wrote about the ROCA vulnerability yesterday. It affects Infineon security chips used in TPMs and smart cards. While it is easy to identify TPM modules and computers using them, smart cards are more difficult.

“Read More”

ROCA – Critical vulnerability in Infineon security chips

Looking back, we can find many examples of errors in the algorithms used to create encryption keys. Not very many of them, however, were found in chips designed and sold as high-security devices for email signing, verifying software integrity, VPN access, or citizen e-ID cards.

“Read More”

Enigma Bridge encryption gets recognition – DEFCON, BlackHat, and ACM CCS

Category : crypto , enigmabridge , security , UCL

We have had a busy Summer so far. We introduced a new service for SSL certificate monitoring (keychest.net), presented at Black Hat USA, and gave a talk at DEFCON. The latest news was recognition of our cryptographic platform by reviewers of the ACM CCS conference.

“Read More”

As secure as rock, paper, scissors at once – Art of Defence, Demo at DEFCON

Category : crypto , enigmabridge , UCL

A team of great people from the Security Group at UCL and our start-up Enigma Bridge designed and implemented a practical security system tolerant to severe attacks compromising all parts of the supply chain. We will present and demonstrate it at DEFCON in Las Vegas.

“Read More”

First BlackHat, now DEFCON: We talk “Trojan-tolerant hardware security in practice”

Category : crypto , enigmabridge , security , UCL

I have mentioned this multi-party encryption project of ours (Enigma Bridge) and University College London here earlier. If you’re planning to go to BlackHat US or DEFCON-25, come and see our talks about practical “ultra-secure” multi-party encryption for the cloud and some of the technology enabling it (Unchaining the JavaCard Ecosystem).

“Read More”

Black Hat 2017 USA – OpenCrypto: Unchaining the JavaCard Ecosystem

Category : crypto , enigmabridge , UCL

We have been working with University College London (UCL) for a while and one of the results is an easy to use implementation of cryptographic functions for JavaCards. We will be briefing on this at Black Hat 2017 USA.

“Read More”