Encryption for Defense

Depth in Native and Browser Apps Isaac Potoczny-Jones, Tozny’s CEO, will be speaking at the QCon San Francisco convention November 13th, 2019. QCon is a convention showcasing use cases of some of the most cutting edge developments in software engineering. Isaac will be presenting a talk titled, Encryption for Defense in Depth in Native and Browser Apps, which outlines some of …

IoT Device and Key Management with End-to-End Encryption

Raspberry Pi is a very popular embedded platform. It can be used for both production smart devices and hobbyists for weekend experiments. It’s great for building innovative embedded systems. We’re doing security work in embedded devices and sensors for smart phones, but our work isn’t public, so we wanted to put together a demonstration system that shows what you can …

Managing Public and Private Datasets in Smart Cities

Come see us at the #GCTC Global Tech Jam in Portland Sept 11, 2019 at 3:00 for the panel discussion “Building an Open Smart City Platform.” Download the Paper: Published in ACM SCC 2019 by Isaac Potoczny-Jones, Erin Kenneally, and John Ruffing. The Global Tech Jam is an annual conference focused on bringing emerging technology together to better communities and …

Encrypted One Time Secret Sharing App – A Tozny Labs Project

Introducing the Tozny Encrypted One Time Secret Sharing App. It encrypts a secret in your browser, gives you a link to share it (with an optional password), and decrypts it in the browser of whoever you send it to. It also deletes the secret after a set number of reads. The Options At some point you will want to share …

Privacy Fines for Marriott – Can End-to-End Encryption Help?

Regulators hit Marriott and British Airways with massive privacy fines. This is related to the relatively new privacy law known as GDPR, which requires increased security. You might be asking yourself, “What kind of security would have helped avoid these privacy fines?” End-to-end encryption? Better firewalls? Better coding? The damage: Marriott: $124 million (£99 million) privacy fine British Airways: $230 …

Cryptographic Access Control for True Policy Enforcement

Most of the systems we use today have some type of access control. This is enforced by software products based on a set of rules or policy, but increasingly, organizations are using cryptographic access control in addition to policy-based systems to truly enforce access control. This article is part of our Security Guide series – Encryption for Developers. Read more …

Can I Use Intel’s SGX for Secure Computation in the Cloud Yet?

With so much emphasis on secure computation we thought it might be useful to take a look at the state of SGX availability across some popular providers. In case you’re not familiar with SGX this primer will be helpful, but in short it is a set of security related instructions built into some modern Intel CPUs. Tozny has been analyzing …

Encryption Core Concepts: Adding Crypto to your System

Are you developing an application that you think would benefit from encryption? Do you know it will save money in a data breach, but don’t know where to go from there? Encryption core concepts are not rocket science, but they rely on complex math and software life-cycle issues that make encryption challenging in practice. Read on to understand more about …

Strong Attackers: Planning for the Adversary

Organizations have spent a lot of time, effort, and money securing their perimeter and transport layers. This is a necessary first step, but insufficient as more needs to be done for data to be really secure from a strong attacker. The problem with an over reliance on perimeter and transport security is that organizations often make compromises on cryptography. These …

Encryption for Developers: A Guide to Add Security to your Code

As a developers, you’ve decided to encrypt your data, either because it’s a requirement that’s come down from management and customers, or just because it’s the right thing to do. If you’re like many developers, you’ve done some preliminary research into the encryption tools available for your language or platform and realized that the APIs are vague, the terminology is …