Even fitness trackers ruled a big risk due to potential for record-matching identifying your family.
Category: security – Page 87
Quantum key distribution is one kind of important cryptographic protocols based on quantum mechanics, in which any outside eavesdropper attempting to obtain the secret key shared by two users will be detected. The successful detection comes from Heisenberg’s uncertainty principle: the measurement of a quantum system, which is required to obtain information of that system, will generally disturb it. The disturbances provide two users with the information that there exists an outside eavesdropper, and they can therefore abort the communication. Nowadays, most people need to share some of their private information for certain services such as products recommendation for online shopping and collaborations between two companies depending on their comm interests. Private Set Intersection Cardinality (PSI-CA) and Private Set Union Cardinality (PSU-CA), which are two primitives in cryptography, involve two or more users who intend to obtain the cardinalities of the intersection and the union of their private sets through the minimum information disclosure of their sets1,2,3.
The definition of Private Set Intersection (PSI), also called Private Matching (PM), was proposed by Freedman4. They employed balanced hashing and homomorphic encryption to design two PSI protocols and also investigated some variants of PSI. In 2012, Cristofaro et al.1 developed several PSI-CA and PSU-CA protocols with linear computation and communication complexity based on the Diffie-Hellman key exchange which blinds the private information. Their protocols were the most efficient compared with the previous classical related ones. There are also other classical PSI-CA or PSU-CA protocols5,6,7,8. Nevertheless, the security of these protocols relies on the unproven difficulty assumptions, such as discrete logarithm, factoring, and quadratic residues assumptions, which will be insecure when quantum computers are available9,10,11.
For the sake of improving the security of PSI-CA protocols for two parties, Shi et al.3 designed a probabilistic protocol where multi-qubit entangled states, complicated oracle operators, and measurements in high N-dimensional Hilbert space were utilized. And the same method in Ref.3 was later used to develop a PSI-CA protocol for multiple parties12. For easy implementation of a protocol, Shi et al.13 leveraged Bell states to construct another protocol for PSI-CA and PSU-CA problems that was more practical than that in Ref.3. In both protocols Ref.3 and Ref.13, only two parties who intend to get the cardinalities of the intersection and the union of their private sets are involved. Although Ref.12 works for multiple parties, it only solves the PSI-CA problem and requires multi-qubit entangled states, complicated oracle operators, and measurements. It then interests us that how we could design a more practical protocol for multiple parties to simultaneously solve PSI-CA and PSU-CA problems. Inspired by Shi et al.’s work, we are thus trying to design a three-party protocol to solve PSI-CA and PSU-CA problems, where every two and three parties can obtain the cardinalities of the intersection and the union of their respective private sets with the aid of a semi-honest third party (TP). TP is semi-honest means that he loyally executes the protocol, makes a note of all the intermediate results, and might desire to take other parties’ private information, but he cannot collude with dishonest parties. We then give a detailed analysis of the presented protocol’s security. Besides, the influence of six typical kinds of Markovian noise on our protocol is also analyzed.
CSL’s Systems and Networking Research Group (SyNRG) is defining a new sub-area of mobile technology that they call “earable computing.” The team believes that earphones will be the next significant milestone in wearable devices, and that new hardware, software, and apps will all run on this platform.
“The leap from today’s earphones to ‘earables’ would mimic the transformation that we had seen from basic phones to smartphones,” said Romit Roy Choudhury, professor in electrical and computer engineering (ECE). “Today’s smartphones are hardly a calling device anymore, much like how tomorrow’s earables will hardly be a smartphone accessory.”
Instead, the group believes tomorrow’s earphones will continuously sense human behavior, run acoustic augmented reality, have Alexa and Siri whisper just-in-time information, track user motion and health, and offer seamless security, among many other capabilities.
The security company FireEye was breached by a sophisticated attack that stole multiple red team assessment tools. Malwarebytes customers are safe.
Hello folks! If you have not heard yet, the security firm FireEye has had a breach of many red team assessment tools used for identification of vulnerabilities to help protect customers.
While it is not known exactly who was behind this attack, a big concern is the sharing and use of these stolen red team tools by both sophisticated and non-sophisticated actors, similar to what we saw in 2017 with the ShadowBrokers group breach of the NSA’s Equation Group.
Circa 2018
Scientists have created an ultrathin, flexible film that can emit laser light — and successfully tested it on a contact lens, demonstrating the possibility of laser eye-beams.
Before you rush out and buy a Cyclops-style visor, it’s not even close to powerful enough to cause damage. Instead, the researchers say, the technology has potential for use as wearable security tags, or even as a type of laser barcode.
The membranes containing the material are less than a thousandth of a millimetre thick, and flexible, which means they can easily be stuck to, or embedded into, polymer banknotes, or the soft plastics used for flexible contact lenses.
IBM security researchers said the “precision targeting of executives and key global organizations hold the potential hallmarks of a nation-state tradecraft.”
Drone privacy laws vary all around the world — and what might get you a great shot in one country could get you jail time in another.
Surfshark, a digital security firm, introduces Mapped: The state of drone privacy laws in (nearly) every country.
Drone privacy is serious business – and what gets you a great image in one country could get you a jail term in another. Finding these laws, however, is hit or miss – so this new research from Surfshark is a great place to start for world travelers.
Amazon acknowledged that the system failure was exacerbated by the co-dependencies its various services have on one another. The company had been trying to add capacity to its Amazon Kinesis service that customers use to process real-time data including video, audio and application logs. To resolve the issue, Amazon needed to restart a piece of its system it described as “many thousands of servers,” a lengthy process that had to be done gradually. But because other Amazon cloud services rely on Kinesis, including its Cognito authentication offering, they failed as well.
If you’re a user of Google’s Messages app on your Android smartphone, then you will now likely have the RCS update intended to bring standard text messaging into the current century. RCS is now available in all major countries except China, Russia and Iran. Building on standard SMS capabilities, this adds chat functionality to compete with WhatsApp and iMessage. But, in truth, it doesn’t compete at all. There’s a glaring issue that doesn’t look like being properly fixed anytime soon. This is now bad enough that you should now go use something else.
The issue, of course, is end-to-end encryption. Six months ago, reports emerged that Google was developing this level of security to upgrade RCS. As of this week, this is now finally available for public beta testing. On the surface, its intent is to deliver Android users with an iMessage alternative. But there is a glaring issue—and it’s a deal breaker. This deployment of end-to-end encryption on RCS is not available for groups—that’s seemingly too complex to handle right now. And there’s also no word yet as to when this limited upgrade might be rolled out.
With that in mind, Android users should opt for a different iMessage-like alternative. Fortunately, there is a simple solution available now. While its standard messenger is not end-to-end encrypted by default, Android offers users the option to select an alternative default messenger that does. Signal is the best secure messenger available. And while its install base is modest in comparison to WhatsApp or iMessage, it’s growing fast.
After years of underplaying soft threats like disease and climate change, the national-security establishment faces calls for a new approach in light of Covid-19 crisis.