Design Con 2015
Breaking News
Comments
Newest First | Oldest First | Threaded View
przemek0
User Rank
Rookie
re: Data security in cloud computing - Part 2: Data encryption applications and limits
przemek0   8/1/2011 9:20:17 PM
NO RATINGS
To RWatkins, who wrote "The use of standard encryption systems (available to civilians) has been outlawed for military applications requiring any level of security for decades" On the contrary, the serious encryption is ONLY possible with standard methods that have been vetted thoroughly by professional cryptographers, and which depend on fundamental mathematical principles, not on some secret algorithm. Bruce Schneier put it nicely: "anyone can invent an encryption system that they themselves cannot break". It is true that there may be a technological or mathematical discovery that breaks the current encryption, but the chance of that is small compared to the chance of leakage of an encryption based on a secret algorithm.

RWatkins
User Rank
Rookie
re: Data security in cloud computing - Part 2: Data encryption applications and limits
RWatkins   7/26/2011 1:47:55 PM
NO RATINGS
As a student of cryptography since middle-school days, now over 45 years, a lot of what is spouted here is great to protect one from relatively weak decryption attacks or for relatively short periods of time. The use of "standard" encryption systems (available to civilians) has been outlawed for military applications requiring any level of security for decades and for very good reason. Any public/private key system by definition has a mathematical relationship between the public key and the private key. The "back door" is as simple as to derive said relationship. The statements made in this article propagate the wrong attitude that data can be shared in open interfaces and connected to open computational resources that contain decryption software, all safely. To be truly safe, somewhere there must be a proverbial funnel with a check valve to prevent hacking, extraction, or analysis attacks on data. If your data is time critical and worthless in a matter of hours, all of this may not matter if you keep changing the algorithm, choose a good algorithm and sometimes vary it, and keep the key and algorithm away from prying software. However, if you really want to STORE information or keep information from competitors for longer periods of time, current techniques are a recipe for disaster. This is shown time and again in internet banking transactions where attacks have become increasingly sophisticated and fraud more and more prevalent.

prabhakar_deosthali
User Rank
CEO
re: Data security in cloud computing - Part 2: Data encryption applications and limits
prabhakar_deosthali   7/26/2011 11:22:00 AM
NO RATINGS
It is very difficult to have a perfect world. So having a perfect Web with no viruses, no spy ware is something we can only hope for. Like all the physical security measures we take : most of them are prone for attack. The automatic teller machines have CCTV cameras to catch a person doing mis-deed. But we have cases where the thieves have covered the cameras with a cloth and stolen the whole machine itself . Combination locks are yet another security measures which can be decoded by a thief with sustained effort and sufficient amount of time. So in case of data encryption you are never 100% sure that your encryption key code is broken into. The only way I see is to be able to detect that your security has been broken into as early as you can and contain the damage by a scheme of revolving keys, like the frequency hopping techniques used in secure communications

EREBUS0
User Rank
Rookie
re: Data security in cloud computing - Part 2: Data encryption applications and limits
EREBUS0   7/26/2011 12:57:07 AM
NO RATINGS
The only way you can control Cloud content and access is to implement a solid series of encrypted techniques throughout the architecture. Single techniques can be broken, but if you use a comprehensive layering approach, you can make it too difficult for the casual vandal to penetrate and you can quickly identify when someone is doing more than just using the system for their legitamate purposes. Yes you will make it harder and more tedious to access the cloud, but I would bet that every common user would rather go through a little inconvience if they could be ensured of not having their data vandalized or stolen. Just think of it, a web where we don't get overwhelmed with spam, no viruses, just a clean environment where we can do our work and go about our business without worrying about someone screwing everything up. Now that would make a very pleasent web indeed. Thanks,



Most Recent Comments
resistion
 
resistion
 
David Ashton
 
Susan Rambo
 
AZskibum
 
AZskibum
 
alex_m1
 
alex_m1
 
AZskibum
Top Comments of the Week
Flash Poll
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
<b><a href=Betajet">

The Circle – The Future's Imperfect in the Present Tense
Betajet
5 comments
The Circle, a satirical, dystopian novel published in 2013 by San Francisco-based writer Dave Eggers, is about a large, very powerful technology company that combines aspects of Google, ...

Max Maxfield

Recommended Reads From the Engineer's Bookshelf
Max Maxfield
27 comments
I'm not sure if I read more than most folks or not, but I do I know that I spend quite a lot of time reading. I hate to be idle, so I always have a book or two somewhere about my person -- ...

Martin Rowe

Make This Engineering Museum a Reality
Martin Rowe
Post a comment
Vincent Valentine is a man on a mission. He wants to make the first house to ever have a telephone into a telephone museum. Without help, it may not happen.

Rich Quinnell

Making the Grade in Industrial Design
Rich Quinnell
16 comments
As every developer knows, there are the paper specifications for a product design, and then there are the real requirements. The paper specs are dry, bland, and rigidly numeric, making ...

Special Video Section
The LT8640 is a 42V, 5A synchronous step-down regulator ...
The LTC2000 high-speed DAC has low noise and excellent ...
How do you protect the load and ensure output continues to ...
General-purpose DACs have applications in instrumentation, ...
Linear Technology demonstrates its latest measurement ...
10:29
Demos from Maxim Integrated at Electronica 2014 show ...
Bosch CEO Stefan Finkbeiner shows off latest combo and ...
STMicroelectronics demoed this simple gesture control ...
Keysight shows you what signals lurk in real-time at 510MHz ...
TE Connectivity's clear-plastic, full-size model car shows ...
Why culture makes Linear Tech a winner.
Recently formed Architects of Modern Power consortium ...
Specially modified Corvette C7 Stingray responds to ex Indy ...
Avago’s ACPL-K30T is the first solid-state driver qualified ...
NXP launches its line of multi-gate, multifunction, ...
Doug Bailey, VP of marketing at Power Integrations, gives a ...
See how to ease software bring-up with DesignWare IP ...
DesignWare IP Prototyping Kits enable fast software ...
This video explores the LT3086, a new member of our LDO+ ...
In today’s modern electronic systems, the need for power ...