Tag Archive for: advances

China’s technological advances raise security concerns for lawmakers, defense leaders


China’s cyber capabilities are drawing more focus from Congress, U.S. defense and intelligence officials and private businesses as Washington’s relationship with Beijing becomes more adversarial amid stiff economic competition and China’s efforts to expand its influence as a world power.

While there are lingering concerns about a military conflict with China over Taiwan, many of the battles the U.S. is trying to prepare for and prevent do not involve direct altercations that lead to military warfare.

Many of the recent U.S. initiatives are related to limiting China’s access to American-made technology that can be used to advance its military objections, protecting data from falling into the Chinese government’s hands and bolstering cyber defenses amid concerns about Beijing’s advancing capabilities.

The most recent high-profile example is a Congress-led effort to ban the popular video app TikTok over its parent company’s connections to Beijing. A bill passed the House with broad bipartisan margins and President Joe Biden has pledged to sign it if it passes the Senate, which is more uncertain with questions from lawmakers about targeting a specific company and if it will address the root of the issues with TikTok.

The root of the issue with TikTok is a Chinese law that could compel ByteDance, TikTok’s parent company, to give Americans’ data to China’ intelligence agencies or coerce the app to use its algorithm to sway public discourse. In addition to using its algorithm to create a profile of a user to feed them content they are more likely to stay on the app and watch, people can also opt into sharing more data with TikTok through allowing access to contacts or by simply divulging it in posts on the platform.

TikTok is the most well-known and prominent example of the risks lawmakers and intelligence experts say presents a risk to Americans’ data security, but there are other problems lingering.

Among them is China’s heavy investments and capabilities with blockchain technology. Blockchain is known for its connection to cryptocurrencies but has seen its uses expand with time to cloud-based storage and other applications.

China has invested…

Source…

NTT advances CPU security with new cache random function


Tokyo – August 16, 2023 – NTT Corporation (NTT) in collaboration with the Research Institute of Electrical Communication, Tohoku University and CASA (Cyber Security in the Age of Large-Scale Adversaries) at Ruhr University Bochum has developed a dedicated cache random function to eliminate the vulnerability caused by delay differences with the cache which is generated in the event of acquiring and updating data between CPU memories. This research contributes to the realization of a highly secure CPU that prevents information leakage due to cache attacks.

NTT designed and proposed a Secure Cache Randomization Function (SCARF) for randomization of cache index and formulated what type of function is suitable for randomizing of cache index by providing design guidelines for randomization of cache function which formulated appropriate random function. This paper will be accepted and presented at USENIX Security ’23※ in Anaheim which will be held from August 9th to August 11th, 2023.

Key Points:

  • Modeling attackers to perform cache attacks
  • Design of a concrete function SCARF dedicated to cache index randomization
  • An efficient and secure design theory against modeled attackers is realized using a tweakable block cipher2

Background of Research:

Current CPU introduces cache memory to reduce impact of delay required to transfer data between CPU memories by accelerating on subsequence references by placing used data near the CPU. Although data referred once can be referred at high speed from the next time which also makes it available to attackers. These attacks that exploit information are called a cache attack which causes a real vulnerability and countermeasures are needed. Among other things, contention-typed cache attacks resulting from a cache scramble between the target program and the attack program are recognized as a real threat with fewer prerequisites for attackers.

Randomization of cache index is a promising way for countermeasure of contention-based cache attacks. The randomization is thought to be impossible for an attacker to exploit the cache by not being able to determine the target’s cache index used by an address, but it has not been known what level of implementation is…

Source…

Farm security advances with technology


It struck me recently during my routine of locking the house for the night that I can’t remember us ever locking up on the farm.

Maybe I wasn’t paying attention. I might have been lying on the living-room floor, reading and listening to “The Shadow’’ on the radio. My mom worried a lot. She would have wanted to lock up. I just don’t remember that we did.

We did not lock the place when we went away. We returned from a holiday trip once to find my mom’s favorite parakeet on the floor and one of the cats prowling the house. The cat was supposed to be outside. The bird was supposed to be in its cage. A neighbor popped by with some gifts, letting the cat slip in, too. The neighbor apparently opened the cage and didn’t get it latched. My mom missed that bird’s happy chirping.

As someone who has lived in town most of his adult life, I would no more go to bed without checking the locks than I would leave my cash and credit cards on the front step with a “Free, Take Some’’ sign. I don’t expect to be robbed in the night, but I want to make it as difficult as possible, just in case.

From the time Nancy and I got married, and that’s almost 55 years now, I have made sure the house was locked. It was kind of a Ronald Reagan “Trust but verify’’ policy many years before Reagan left the movies for the White House. My dad might have described the approach as “don’t expect trouble, but don’t be a fool, either.’’

I have no recollection of us locking doors on the farm, ever. I don’t know that our neighbors did, either. Now that the topic is in my mind, I will try to track down some old people from my generation and see what they remember. I should talk to a few of them, anyway.

People are also reading…

Maybe farm folks in the 1950s had a higher level of trust. Maybe their judgment of the honesty and integrity of their fellow humans was higher than mine sometimes is today.

As I look…

Source…

Digital tech advances, AI spur hacking of society


“A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend Them Back” by Bruce Schneier (W.W. Norton & Company)

Hacking is universally understood as the exploitation of a software vulnerability by a malicious actor.

But hacking encompasses oh, so much more. By gaming systems, it achieves outcomes for which they were not designed. People do it to the economy, the tax code, the law. Discover a loophole, profit from an oversight.

Security guru Bruce Schneier’s latest book, “The Mind of a Hacker,” surveys hacking’s most effective applications — the good and bad — with both hope and dread, the latter because digital technology and artificial intelligence are putting it on steroids. His focus: Hacking as a lever of power.

If data is the new oil, hacking is the new lube. Bots will be the delivery system.

A simple hack I just performed: Early in a six-mile run, I hit the post office to mail a bulky letter-sized envelope. But it was closed. I lacked postage. So I slid the envelope into the mailbox. The return address would ensure a free-of-charge delivery to my home.

Some things humans have hacked to great effect: the IRS, stock exchanges (high-frequency trading; see Michael Lewis’ “Flash Boys”), airline frequent flier programs, religious rules (Orthodox Jews and the Sabbath, e.g.).

Following a Hacking 101 that many readers won’t need, Schneier provides an easily digestible, mind-opening treatise on how hacking exacerbates inequality. The elite have long hired smart folks to shimmy in and around the rules of high finance, law and politics to their profit.

A fellow at Harvard’s Berkman-Klein Center for Internet & Society and board member of the Electronic Frontier Foundation, Schneier is a public-interest technologist. He’s no fan of wealth and monopolist market concentration.

“Hacking is parasitical, mostly performed by the rich and powerful, and it comes at the expense of everyone else,” he writes. Want to subvert the plutocrats? Hack back, Schneier advises. The deck is stacked against us, after all.

Much hacking tears…

Source…