Biometric recognition is a booming technology with many applications under development and beginning to reach the end user. Biometrics is, for instance, a promising alternative to current methods of authentication and access control, replacing the traditional username and password credentials for some unique user biometric information such as fingerprints or iris .
The biometric data of a person are therefore becoming extremely sensitive information.
Biometric technology can already be see on mobile devices to authenticate the user . This is a local setting in which biometric data remains under the control of the user, but there are many other scenarios where the user must authenticate to non-secure environments, like cloud.
In a scenario of biometric verification in the cloud, such as access to a web service by fingerprint scanning, data should be granted the highest level of privacy. Criptonube technology offers this possibility, performing the biometric verification algorithm inside the Secure Hardware Modules in the Cryptonodes installed in the cloud environment.
Biometric information is encrypted on the client side before being sent to the cloud and is compared with the encrypted biometric information stored in the database server. Only once in the Hardware Secure Module (HSM), decryption, and verification takes place. Criptonube guarantees that the verification has been performed in a secure environment, inaccessible to the cloud provider or any other attacker.
A recent study by researcher at Johns Hopkins University questions how safe are the tactics of “zero knowledge” undertaken by some providers of Cloud storage
The study identifies serious weaknesses in the security and confidentiality of data stored in alleged “safe” clouds . According to the study , users should investigate in detail how suppliers manage their data. The cloud providers analyzed by researchers (Spider Oak, Wuala and Tresorit) typically use a method where data is encrypted when stored in the cloud and is only decrypted when the user downloads it from the cloud.
But the service providers might watch the contents of the documents if the data is shared with other user of the storage service. Usually these providers have an intermediary service that verifies the user before providing the keys to encrypt data. Researchers have found that suppliers can sometimes provide their own verification. This represents an opportunity for providers to offer false credentials that would decode the data using a very similar precedure to the attack known as “man in the middle”.
Fortunately, there are no news about commited data so far, but the possibility has been discovered and vulnerability is much greater than thought in this alleged “safe” services.
SCAPE Solutions could be of help in guaranteeing the data management is made in a safe way keeping the data encrypted at all times, avoiding sensitive data leakages and supressing those aforementioned weaknesses of “secure” cloud storage services.
NewsWise.com, Original Johns Hopkins U Study, NetworkWorld.com, JHU
Interesting talk by Alessandro Acquisti about the importance of privacy today.
[ted id=1848 width=560 height=315]
Credit card details (names, credit card and social security numbers) from almost half of all South Koreans have been stolen and sold to marketing firms. The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores.
Last december another crime was committed against Target US retail. The company says up to 70 million customers had payment card and personal data stolen from the company’s databases. These data includes card numbers, names, postal addresses, phone numbers and email addresses.
This kind of cyber-crime could be avoided or minimized applying strict security policies, saving millions of dollars in indemnifications to the companies. Solutions provided by SCAPE could be of help in guaranteeing the data management is made in a safe way, avoiding sensitive data leakages.
For the average citizen, the problem is not who spies on him or her, but to whom he or she is voluntarily transfering private data. There are doubts about how this private information should be managed and by whom.
El País, 14 – 11 – 2013
Criptonube, CloudSEEP and SafeGDocs provide solutions for automatic privacy protection, so that the data can be effectively managed and processed without transfer the actual clear-text data. This implies a full privacy protection.
Read more at (in Spanish):
Everything changed when news of the U.S. government’s PRISM spying program came to light. In an instant, we went from assuming our dealings online were mostly kept private (or as private as we wanted them to be) to knowing that virtually nothing is out of bounds, not even instant messaging conversations.
CloudSEEP, Criptonube and SafeGDocs provide effective solutions to fill this gap and fully protect sensitive data, accounting for user privacy needs and enabling secure Cloud services.
Read more at: http://news360.com/article/209987833
Privacy in the open web is becoming a must. Encryption is the way to go to protect data in the Cloud, and the mayor standards organizations are shifting towards this view. CloudSEEP, Criptonube and SafeGDocs go one step further and enable fully secure and private web services in the Cloud.
Following recent discussions between the big browser makers, standards-setters and other industry folks, the World Wide Web Consortium’s (W3C) HTTP Working Group announced on Wednesday that the upcoming second version of the HTTP protocol will only work with secure “https” web addresses.
Read more at (article by David Meyer): http://gigaom.com/2013/11/13/snowdens-legacy-the-open-web-could-soon-be-encrypted-by-default/
Francisco Ginel, director marketing of security products and services at Telefonica Digital, explains there is a big distrust towards the United States and many look for securing their data. The Snowden case is having not just political but also economics consequences for the IT companies under the American laws, mainly due to the power granted to the secret services of this country.
The Cloud Security Alliance pointed out in a recent survey from July –made to 207 companies from outside the U.S.– that more of the 56% of the companies were reticent to use services providers from that country. Moreover, a 10% of them even also cancelled projects related with it. These reservations are not only extensible to the private sector, but also some countries like Sweden or Brazil have already started taking measures to stop using their cloud services.
Some foresights predict that if there are no changes in the current legislation, many business opportunities could be lost until 2016 for a value of 25.6 billion euros. However, until the moment none of the big companies involved (Google, Yahoo…) have recognized a loss of clients.
Snowden case has caused great lessening of trust of the U.S. data storage providers, encouraging EU companies to move their data to another countries. Solutions offered by SCAPE, with CloudSEEP or Criptonube will help in keeping data safe and accessible even during its processing in untrusted environments, such as the ones based on cloud services.
Source (in Spanish): El País