Managing Public and Private Datasets in Smart Cities

Come see us at the #GCTC Global Tech Jam in Portland Sept 11, 2019 at 3:00 for the panel discussion “Building an Open Smart City Platform.” Download the Paper: Published in ACM SCC 2019 by Isaac Potoczny-Jones, Erin Kenneally, and John Ruffing. The Global Tech Jam is an annual conference …

Privacy Fines for Marriott – Can End-to-End Encryption Help?

Regulators hit Marriott and British Airways with massive privacy fines. This is related to the relatively new privacy law known as GDPR, which requires increased security. You might be asking yourself, “What kind of security would have helped avoid these privacy fines?” End-to-end encryption? Better firewalls? Better coding? The damage: …

Cryptographic Access Control for True Policy Enforcement

Most of the systems we use today have some type of access control. This is enforced by software products based on a set of rules or policy, but increasingly, organizations are using cryptographic access control in addition to policy-based systems to truly enforce access control. This article is part of …

Encryption Core Concepts: Adding Crypto to your System

Are you developing an application that you think would benefit from encryption? Do you know it will save money in a data breach, but don’t know where to go from there? Encryption core concepts are not rocket science, but they rely on complex math and software life-cycle issues that make …

Strong Attackers: Planning for the Adversary

Organizations have spent a lot of time, effort, and money securing their perimeter and transport layers. This is a necessary first step, but insufficient as more needs to be done for data to be really secure from a strong attacker. The problem with an over reliance on perimeter and transport …

Encryption for Developers: A Guide to Add Security to your Code

As a developers, you’ve decided to encrypt your data, either because it’s a requirement that’s come down from management and customers, or just because it’s the right thing to do. If you’re like many developers, you’ve done some preliminary research into the encryption tools available for your language or platform …

Key Management Should Be Designed First Not Last

Many good conversations about cryptography have ended badly after someone asks this: “How are you managing your keys?” Bad key management undermines even the best cryptography. Why? Because if the bad guy gets the key and the encrypted data, they get the unencrypted data. It’s as simple as that. There …