Managing Public and Private Datasets in Smart Cities

.Come see us at the #GCTC Global Tech Jam in Portland Sept 11, 2019 at 3:00 for the panel discussion “Building an Open Smart City Platform” Download the Paper: Published in ACM SCC 2019 by Isaac Potoczny-Jones, Erin Kenneally, and John Ruffing. The Global Tech Jam is an annual conference focused on bringing emerging technology together to better communities and …

Encrypted One Time Secret Sharing App – A Tozny Labs Project

Introducing the Tozny Encrypted One Time Secret Sharing App. It encrypts a secret in your browser, gives you a link to share it (with an optional password), and decrypts it in the browser of whoever you send it to. It also deletes the secret after a set number of reads. The Options At some point you will want to share …

Privacy Fines for Marriott – Can End-to-End Encryption Help?

Regulators hit Marriott and British Airways with massive privacy fines. This is related to the relatively new privacy law known as GDPR, which requires increased security. You might be asking yourself, “What kind of security would have helped avoid these privacy fines?” End-to-end encryption? Better firewalls? Better coding? The damage: Marriott: $124 million (£99 million) privacy fine British Airways: $230 …

Cryptographic Access Control for True Policy Enforcement

Most of the systems we use today have some type of access control. This is enforced by software products based on a set of rules or policy, but increasingly, organizations are using cryptographic access control in addition to policy-based systems to truly enforce access control. This article is part of our Security Guide series – Encryption for Developers. Read more …

Can I Use Intel’s SGX for Secure Computation in the Cloud Yet?

With so much emphasis on secure computation we thought it might be useful to take a look at the state of SGX availability across some popular providers. In case you’re not familiar with SGX this primer will be helpful, but in short it is a set of security related instructions built into some modern Intel CPUs. Tozny has been analyzing …

Encryption Core Concepts: Adding Crypto to your System

Are you developing an application that you think would benefit from encryption? Do you know it will save money in a data breach, but don’t know where to go from there? Encryption core concepts are not rocket science, but they rely on complex math and software life-cycle issues that make encryption challenging in practice. Read on to understand more about …

Strong Attackers: Planning for the Adversary

Organizations have spent a lot of time, effort, and money securing their perimeter and transport layers. This is a necessary first step, but insufficient as more needs to be done for data to be really secure from a strong attacker. The problem with an over reliance on perimeter and transport security is that organizations often make compromises on cryptography. These …

Encryption for Developers: A Guide to Add Security to your Code

As a developers, you’ve decided to encrypt your data, either because it’s a requirement that’s come down from management and customers, or just because it’s the right thing to do. If you’re like many developers, you’ve done some preliminary research into the encryption tools available for your language or platform and realized that the APIs are vague, the terminology is …

Key Management Should Be Designed First Not Last

Many good conversations about cryptography have ended badly after someone asks this: “How are you managing your keys?” Bad key management undermines even the best cryptography. Why? Because if the bad guy gets the key and the encrypted data, they get the unencrypted data. It’s as simple as that. There are three important things to consider in good key management: …

Why Encrypt Data in an Application? Save money in a data breach

Why encrypt data? Believe it or not, this is one of the most common questions we get in our work. Read on for why encryption saves money and lets you launch your product with confidence. This article is part of our Security Guide series – Encryption for Developers. Read more in that series of in-depth technical articles on getting encryption …