Home » Archive for category "security" (Page 2)

Archive for the ‘security’ Category:


Identity Based Encryption (IBE)

Published by in security on October 16th, 2006

Lazy days are just perfect for me to catch up with reading. This Saturday, as I was browsing through the Internet reading up on new (at least for me) trends and technologies, I came across a recent I-D on a scheme called Identity Based Encryption (IBE) here. The premise and applicability of this technology seemed pretty interesting, so I read more here, here and other places. This technology is currently being pioneered by a relatively new company, called Voltage Security.I don’t claim to understand complex mathematics, so I am going to restrict my comments on its applicability. Simply put, IBE is not a complete replacement of existing asymmetrical cryptographic algorithms. It allows a mechanism where an arbitrary string could be used by the ‘sender’ as a means to encrypt a message. Based on that identity string, the receiver can obtain a private key to decrypt it, as long as the receiver can satisfactorily prove to some ‘Key Server’ that it is the rightful owner of that ‘arbitary identity’ string. This eliminates the need for certificate exchanges before a communication takes place in traditional PKI schemes. This makes more sense when we apply a deployment model to it. Consider for example,

(Read More…)

3 Comments »

Security and Convergence in your Palm

Published by in mobile, security on January 5th, 2006

Playing Devil’s advocate (or when keeping 4 devices instead of one is a good thing): One Device. In your pocket. Large Screen, hi speed over the air connection. Your phone, your planner, your email, your presence, your Instant Messaging client, your gaming console, your shopping center. It remembers all your preferences and your details. Just ‘one click and go’. Watch TV, order PPV – just one click. Listen to music, buy new albums – one click. Read documents, interact. In other words, that little PDA of yours is your home away from home. Always connected. How much better can it get ? One Word: SecurityAs phones get more ‘powerful’ they morph into general purpose machines, succeptible to the same remote exploits, DoS and security issues an open PC on the internet is. To top it off, many phones work on embedded OSes that cannot offer expensive virtual address space and address locking mechanisms making it easier for one application to write over the address space of others (think heap and stack exploits). Proof of concept viruses for smart phones are already old news (here and here. ) Most of the attacks on PDA phones use the basic concept of buffer

(Read More…)

No Comments »

Hooplah about the Sony DRM EULA

Published by in security on November 11th, 2005

UPDATE (Nov/17/05): It seems Sony is in a bigger mess than I thought – I recently read that they actually ripped code for their DRM software from Jon ‘DVD’ Johansen’s Fair Play code which I understand is under LGPL. Obviously, this is a copyright violation. Oh well, they seem to be getting into a deeper mess with each day. Original Article:It is human nature – controversies are what we thrive on. As much as we like to hear about heroes, it is villians who make our day. This time, Sony-BMG faces the wrath of the righteous. The story so far: 1. Sony has been shipping DRM protected CDs for a while now 2. Mark Russovich discovers, almost by accident, that Sony installs a program in your computer that actually installs some hidden files and also ensures that those files are cloaked (in other words, a normal user will never be able to see these files, unless he knows exactly how). In short, Sony installs a driver that hides any files that begin with the special letters ‘$sys$’ 3. To Make it worse, Sony does not provide a clean uninstaller – to uninstall, one has to go through cumbersome filling up

(Read More…)

1 Comment »
© Arjun Roychowdhury. My personal opinions only.