Tag Archives: PKI

TLS 1.3 Released: Most secure Web based communication protocol – Now Available

Just saw the tweet… IETF finally released the long-awaited TLS 1.3 version of the secure Web communication, considered to be the most secure protocol specification that assures high-degree of security, privacy and also faster performance compared to its predecessor TLS 1.2. The most compelling features of TLS 1.3 : More secure, removed out-dated algorithms previously had known vulnerabilities from TLS cipher… Read more »

Post-quantum Cryptography: Impacts, Algorithms, and Hybrid Approaches!

After a week-long dose of non-stop security adventure, I am back from RSA Conference….and here is my quick dump on PQC!  “Post-quantum Cryptography (PQC) and strategies that resist quantum computer attacks on Public Key Cryptography” was one of the hottest topics discussed in Cryptographer’s panel and almost all cryptography panels and sessions – Not surprised at all!  While we do… Read more »

TLS 1.3 Approved – Let’s get ready for much faster and secure HTTPS connections !

It’s been few years now, the IETF’s TLS 1.3 standardization effort always looked like a never-ending story. Glad to note the wait is over. After 28 drafts for review, last week IETF finally ratified TLS 1.3 as an approved standard.  Indeed, TLS 1.3 promises significantly faster SSL/TLS performance and a much secure communication protocol standard ever before!  It also brings a radical change… Read more »

Encryption and Key Management in AWS – Comparing KMS vs. CloudHSM

A secure data protection using encryption depends more on secure key management processes than the encryption itself. Although enabling encryption looks quite trivial, managing the underlying Key management lifecycle processes and handling the associated cryptographic operations always been a daunting challenge! The challenges are too many till we really know..beginning from key generation and issuance, key ownership, key usage, privileged… Read more »

Post-Quantum Cryptography (PQC) – Future proofing for quantum-safe encryption !

Everything is hackable! During the RSA Conference 2017 Crypto panel, Prof. Shamir (the letter “S” in the RSA) said, “I think there is a higher chance that RSA could be broken by a mathematical attack.” and he also wondered to note “Quantum Computers” will be a reality soon! That said, the evolution of practical quantum computers are not far away, according… Read more »

Good old memories from Java Keystore (JKS)

Thanksgiving holidays! Had great time meeting with a bunch of my old friends from Javasoft! Back in the days (~1998) I was working at Sun Microsystems and was part of a team working on Java Keystore.  It was a lot of fun..still remains fresh on my mind! It’s been a while I played with Java. Can’t believe JKS still remains as… Read more »

Firesheep: HTTP Session Hijacking made so easy !

      1 Comment on Firesheep: HTTP Session Hijacking made so easy !

Way cool ! HTTP Session Hijacking can’t be made simpler than using Firesheep. Couple of days ago, a friend of mine suggested me to login a most popular website and he demonstrated how he took control and accessed my user session in less than a minute. First, I thought he used a network protocol analyser tool such as Wireshark or… Read more »

Hardware Assisted Security: Cryptographic Acceleration for SOA and Java EE applications

I’ve spent the last few days attending Oracle OpenWorld conference at San Francisco..it is my second OOW experience, so it is not a surprise to see the conference was fully packed with people, hundreds of sessions and demos – I did have an opportunity to attend few and also present two sessions focused on Security topics featuring “Hardware Assisted Security… Read more »

Java Cryptography on Intel Westmere

      3 Comments on Java Cryptography on Intel Westmere

When it comes to Java cryptography based application security –  Solaris has significant performance advantage over Linux and Windows on Intel Westmere processor equipped servers.  I am not debunking Linux performance on Intel but evidently Linux does not take advantage of Intel Westmere’s AES-NI instructions when the Java applications relies on Java cryptographic implementations  for performing AES encryption/decryption functions.  AES is one of the most popular symmetric-key encryption algorithm widely… Read more »

Using Hardware Security Module (HSM) for Oracle Transparent Data Encryption (TDE)

Hardware Security Module (HSM) plays a critical role in securing the storage of private keys and accelerating compute-intensive cryptographic processes associated with public-key encryption, symmetric-key(secret-key) encryption and digital signature applications. Using HSM in Oracle Transparent Data Encryption applications will ensure that the Key material stored on the card is protected and not exportable (never leaves the card) and all associated… Read more »