Categories: "Analysis"

About the Analysis category

  03:20, by Hagai Bar-El   , 48 words
Categories: Analysis

The Analysis category contains articles that discuss security analysis of requirements and analysis of solutions. This category is further divided into sub-categories that address cybersecurity (critical infrastructure and homeland security), IT security (deployment of IT security tools and operations), security engineering (the development of security tools), and policy.

Pages: 1 2 ...3 ... 5 ...7 ...8 9 10 11

  2013-02-05

My new patent on a secure execution environment

  23:32, by Hagai Bar-El   , 119 words
Categories: Personal News, Security Engineering

I recently got a US patent application granted by the Patent and Trademark Office. The patent bears the title "Device, System, and Method of Securely Executing Applications".

Full story »

  2012-03-08

Against the collection of private data: The unknown risk factor

  23:48, by Hagai Bar-El   , 734 words
Categories: Security Policies, Counter-media

I bet there are thousands of blog posts advocating privacy and explaining why people should resist governments and companies collecting personal data. I dare to write yet another one because I would like to make a couple of points that I have never seen made before. This post will discuss one of these two points: the unknown risk.

Full story »

  2012-03-02

Improving the security provided by Yubikey for local encryption

  23:47, by Hagai Bar-El   , 697 words
Categories: IT Security

In the previous post, I discussed the use of Yubikey for local encryption. I noted that Yubikey can store a long string that can be used as an encryption key, or a password. It provides no extra protection against key-loggers, but still allows to use strong passwords without remembering and typing them. Today, I would like to discuss a technique that makes Yubikey based encryption more secure; still not resistant to a key-logger, but resistant to having the Yubikey “borrowed” by a thief.

Full story »

  2012-02-26

Using Yubikey with constant keys

  23:46, by Hagai Bar-El   , 322 words
Categories: IT Security

Yubikey is the first one-time password generator I saw that can also emit a static password. When you press the button, a constant pre-defined string is entered, just as if it was typed on the keyboard. Is it more secure than typing the password on the keyboard? Not at all (unless shoulder-surfing is an issue.) So how does it differ from entering a long key yourself? It does not. And still, local encryption is a valid use-case just for such a function.

Full story »

  2012-02-25

The case for supporting one-time passwords in conjunction with regular ones

  23:42, by Hagai Bar-El   , 874 words
Categories: IT Security

A few days ago I got a Yubikey. While exploring use-cases for it, it occurred to me that there is a strong case for a mode of operation which is seldom (never?) used by IT departments: using the token while also supporting static passwords for the same services. It is not suitable for everyone, but it is suitable for the security-aware users. I will now introduce Yubikey in a few words, and then explain the purpose of adding support for one-time password to services that already support static passwords, without eliminating the latter.

Full story »

  2011-07-30

Handling the Security Aspect of Smart Grid Product Purchasing

  23:33, by Hagai Bar-El   , 1581 words
Categories: Security Engineering, Cyber Security

Smart Grid security is one of the new emerging fields of security. Everybody knows that the new generation of electricity grids requires a new level of security against cyber-wars, cyber-terrorism, and all the rest. Yet, for the purchaser of Smart Grid solutions, it is not always obvious where to start and that to require. The topic is wide, complex, and not very well documented. I do not intend to write a compendium here, but I will share my perspective on how an integrator, or purchaser, may prefer to approach the problem of evaluating Smart Grid solutions from the security perspective.

Full story »

  2011-06-20

The Difference Between Content Protection and Cyber Security

  23:32, by Hagai Bar-El   , 1156 words
Categories: Security Engineering

A few days ago I was presented with an interesting question: What is the difference between Content Protection and Cyber Security? These domains of Information Security are so different and unrelated, that the difference in their definition is more or less the entire definition of both. This question, however, was asked in the context of the factors that make each of these problems hard to solve. Both problems are hard ones, and seem to require more than the state of the art in security can provide; yet they are hard problems for completely different reasons.

Full story »

1 2 ...3 ... 5 ...7 ...8 9 10 11