DOCSLIB.ORG

Enterprise Key Management and Protection Whitepaper

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Enterprise Key Management and Protection Whitepaper Key Management and Protection in a Connected World: Analysis of Available Technologies White Paper www.unboundtech.com Copyright 2018, Unbound Tech Inc. 1 Introduction As corporate IT becomes more digital and dispersed, security CONTENTS: functions that leverage cryptography - data encryption, digital signing, and authentication, for example - have come to play an increasingly 1. Impact of Digital vital role in organizations’ cybersecurity strategies and regulatory Transformation on Key compliance initiatives. Management and Protection » The digital transformation has not only impacted the use of 2. Key Management Security cryptography as part of IT security, but also the underlying methods Principles » for the critical task of protecting and controlling cryptographic keys. Enterprise key management solutions are evolving to address 3. Assessment of Key Protection organizations’ changing needs as they migrate to distributed IT and Methods » hybrid cloud environments, addressing both lifecycle management of • Dedicated Hardware » keys and their protection from unauthorized use or theft. Endpoint • Software Tokens and Vaults » security solutions leveraging cryptography are also advancing in the wake of the internet of things, BYOD and consumer-oriented mobile • Trusted Execution services and apps, with security requirements often weighed against Environments » user experience, deployment and support considerations. • Multi-Party Computation » This document provides in-depth analysis of traditional as well as 4. Conclusion » emerging cryptographic key management and protection technologies available today. We cover both security and usability considerations, to help IT security professionals assess the extent to which each technology fits their current and future business needs. Copyright 2018, Unbound Tech Inc. 2 1. Impact of Digital Transformation on Key Management and Protection As businesses transform their IT, key management methods must evolve in tow, supporting agility, scalability and usage requirements. At the same time, the highest standards of key protection must be maintained—otherwise the very foundation of security provided by cryptography is compromised. For years, organizations have been using EXPLOSION OF DATA AND cryptography to encrypt, sign, authenticate and CONNECTIVITY validate the integrity of corporate digital assets and With a constant influx of people and things joining users. With the rise of digital and cloud computing, the digitization trend globally, vast amounts of data as organizations rely on open, externally managed are being created, stored, processed and and shared infrastructure, they are exposed to communicated, raising security and privacy increasingly sophisticated cyber-attacks with concerns. At the same time, IT infrastructure is potentially devastating ramifications. In addition, increasingly open and connected, making data more they are required to comply with increasingly accessible and thus vulnerable to theft. stringent security and privacy regulations. In this changing landscape, cryptography is becoming ever Cryptography is one of the foundational tools that more important as a means for organizations to organizations can use to protect sensitive data protect and grow their business. wherever it resides. To address increasing data security requirements, organizations need to step up One of the pillars of cryptography implementation is their key management capabilities accordingly. Not the secure storage and management of the keys only is scalability in terms of volume of keys and key used to perform cryptographic operations. Strong operations critical, but also the flexibility to address protection of cryptographic keys is critical because in a bigger range of use cases with increasing levels of case of undesired exposure or use, organizations risk sophistication, such as application-level data completely undermining the security of the assets encryption, database encryption, and strong that their cryptography schemes were designed to authentication. protect, much like exposing the key to a safe. If they get into the wrong hands, keys can be used for mass theft of sensitive data, online fraud, or distribution of malware in the name of a legitimate organization, Volume of Data Created Globally to name just a few examples. 180 Following is a brief overview of some of the main 160 facets of digital transformation and how they impact 140 key management and protection requirements. 120 100 Zettabytes 80 60 40 20 0 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 Source: IDC’s Data Age 2025 study, sponsored by Seagate, April 2017 Copyright 2018, Unbound Tech Inc. 3 IT WITHOUT PERIMETERS DevSecOps Hybrid cloud and data center infrastructures are the Sec new norm for many businesses. According to the Create Plan Release Configure Detect Thales 2018 Global Threat Report, 84% of organizations globally are using more than one IaaS vendor and 34% use over 50 SaaS applications. In Dev Ops addition, a plethora of endpoint devices are Monitoring Monitoring & & connecting to corporate networks, with increasing Analytics Analytics adoption of BYOD and the internet of things. As companies diversify their infrastructure, new security challenges arise around protecting sensitive Verify Preproduction Adapt Predict Respond keys in an open and uncontrolled environment, which must be addressed. Source: Gartner (September 2016) Further, faced with different key protection requirements and constraints across different Cryptography implementations must adapt to new platforms, organizations may end up with key application development practices, not only to serve protection silos that are complex to manage and these applications in performing security functions difficult to conform with corporate security policies. such as encryption and digital signing, but also to Platform-agnostic solutions will likely provide an enable application security techniques such as code advantage to organizations with highly distributed signing in an agile environment, and to address new infrastructures. security needs such as identifying, authenticating and protecting individual containers. CHANGING APPLICATION From a technology standpoint, to be practical for DEVELOPMENT AND DELIVERY agile and cloud-scale applications, the cryptographic New software development practices and tools such key management and protection mechanisms as DevOps, continuous integration and delivery, themselves need to be agile, elastic, and automated. containers and microservices are increasingly being adopted for business applications, to enable faster NEW CRYPTO-BASED DIGITAL SERVICES and more frequent release cycles. The integration of The digital transformation is enabling new crypto security into these new practices, termed services and applications that were not possible in DevSecOps, requires significant change in security the past, such as cryptocurrency wallets and mindset and technology. exchanges. Companies that wish to leverage these services as a core or ancillary part of their business must be able to support advanced cryptography schemes and have robust key protection by design. Copyright 2018, Unbound Tech Inc. 4 2. Key Management Security Principles We know that strong key protection is paramount to the effective use of cryptography, but how can we judge the level of security provided by a key management solution? It comes down to a few criteria that guide the design of key protection mechanisms and determine their security strength. A number of key management and protection • Physical access attacks are possible when the technologies are available today. Some have been in attacker can obtain physical proximity to the use for many years, while others are emerging in hardware on which the keys reside. The most response to the transforming IT environment. prevalent physical threat today is hardware- Key management solutions need to fulfill a core based side-channel attacks. In such attacks, the tenet of cryptography: they must protect keys from aversary deduces secret data located inside the exposure and unauthorized use. So, before we machine by measuring hardware characteristics, review the available solutions, let’s first take a closer such as power usage or noise levels, which vary look at the security principles that determine the based on data processing activities inside the effectiveness of a key protection scheme. machine. These characteristics are called side channels because they reveal additional NON-EXTRACTABILITY information besides the regular data inputs and outputs. Like a safe, the primary role of key protection schemes is to prevent extraction of cryptographic • Software side-channel attacks are possible when key material by people or machines, to prevent their an attacker can exploit logical access to the theft and unauthorized use. machine where keys are protected to extract key material via software-based side-channel The theft of cryptographic keys is disastrous because information. Attackers can achieve this by attackers can use the keys freely for all intended running a separate software application co- purposes (i.e. sign transactions, authenticate to located on the machine, crafted to extract key business-critical applications, decrypt sensitive material from shared resources such as the CPU content). or cache. In virtualized environments, such co- Because the keys remain intact in their original location attacks are possible even from a location, detection of such attacks
Load more

Recommended publications
  • Download a PDF Version of the 2017 Annual Review
    Front Back Cover for Avisan.qxp_Layout 1 11/15/17 1:27 PM Page 1 Secure Technology Alliance 191 Clarksville Road Princeton Junction, New Jersey 08550 Annual Review 2017 Alliance A Secure Publication Technology 7 Volume www.securetechalliance.org Annual Review 2017 SCA-ad 2017 resized.indd 1 10/30/2017 10:40:22 AM EXECUTIVE DIRECTOR’S LETTER: A MESSAGE FROM RANDY VANDERHOOF Delivering Value to a Diverse Market Thank you for taking the time to read the 2017 Annual Review. This publication captures the best aspects of the membership experience for 2017 that hundreds of individual members and their organizations helped to provide. This year was especially sig- nificant, as the organization expanded its mission beyond smart cards and was re-branded as the Secure Technology Alliance. The new name and scope allows the Alliance to include embedded chip technology, hardware and software, and the future of digital security in all forms. The vast number of deliverables and member-driven activities recorded in the publication illustrates the diversity of the markets we serve and the commitment of all the industry professionals who contribute their knowledge and leadership toward expanding the market for smart card and related secure chip technologies. CHANGE COMES WITH NEW OPPORTUNITIES The decision to expand the mission and rebrand the organization was driven THE DECISION TO EXPAND by the changes in the secure chip industry, mostly from mobile technol- ogy and the growth of Internet-connected devices. This does not mean the THE MISSION AND REBRAND market for smart cards has disappeared. In fact, over the last few years, the THE ORGANIZATION WAS U.S.
    [Show full text]
  • Safe and Secure Model-Driven Design for Embedded Systems Letitia Li
    Safe and secure model-driven design for embedded systems Letitia Li To cite this version: Letitia Li. Safe and secure model-driven design for embedded systems. Embedded Systems. Université Paris-Saclay, 2018. English. NNT : 2018SACLT002. tel-01894734 HAL Id: tel-01894734 https://pastel.archives-ouvertes.fr/tel-01894734 Submitted on 12 Oct 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Approche Orientee´ Modeles` pour la Suretˆ e´ et la Securit´ e´ des Systemes` Embarques´ These` de doctorat de l’Universite´ Paris-Saclay prepar´ ee´ a` Telecom ParisTech Ecole doctorale n◦580 Denomination´ (STIC) NNT : 2018SACLT002 Specialit´ e´ de doctorat: Informatique These` present´ ee´ et soutenue a` Biot, le 3 septembre` 2018, par LETITIA W. LI Composition du Jury : Prof. Philippe Collet Professeur, Universite´ Coteˆ d’Azur President´ Prof. Guy Gogniat Professeur, Universite´ de Bretagne Sud Rapporteur Prof. Maritta Heisel Professeur, University Duisburg-Essen Rapporteur Prof. Jean-Luc Danger Professeur, Telecom ParisTech Examinateur Dr. Patricia Guitton
    [Show full text]
  • User Controlled Hardware Security Anchors: Evaluation and Designs Dr David Oswald, Prof Mark Ryan, Prof Flavio Garcia the University of Birmingham
    User Controlled Hardware Security Anchors: Evaluation and Designs Dr David Oswald, Prof Mark Ryan, Prof Flavio Garcia The University of Birmingham Industry partners: HP Labs, Yubico Why Hardware Security Anchors? 2 Why Hardware Security Anchors? 3 User Controlled Hardware Security Anchors: Evaluation and Designs (1) . WP1: Evaluate the security of available security anchors and Trusted Execution Environments (more later) . WP2: Establishing secure channels between TEE and the user through … – Auxiliary devices – Platform features for secure I/O 4 User Controlled Hardware Security Anchors: Evaluation and Designs (2) . WP3: Enhancing user authentication – Basis: FIDO(2) and U2F – Addressing enrollment and revocation – Authentication policies (e.g. location, …) – Formal modelling and verification . WP4: Demonstrators – TEE implementation – Smartphone app – Authentication token 5 Evaluating the state of TEE security An overview Trusted Execution Environments in a nutshell . Main technologies at present: – Trusted Platform Module (separate chip or firmware) – Intel Software Guard eXtensions (microcode w/ HW) – AMD Platform Security Processor (separate core) – ARM TrustZone (software w/ HW support) – Apple Secure Enclave Processor (separate core, same die) . All provide some form of running code or crypto operations in isolation . Most require cooperation with the silicon/device manufacturer (to different extent) 7 Relevant attack vectors . “Classical” vulnerabilities, e.g. buffer overflows . Microarchitecture (e.g. cache timing, Spectre and
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • Artificial Intelligence (AI) in Security Aspects of Industrie 4.0 Imprint
    RESULT PAPER Artificial Intelligence (AI) in Security Aspects of Industrie 4.0 Imprint Publisher Federal Ministry for Economic Affairs and Energy (BMWi) Public Relations Division 11019 Berlin www.bmwi.de Editorial responsibility Plattform Industrie 4.0 Bertolt-Brecht-Platz 3 10117 Berlin Design PRpetuum GmbH, Munich Status February 2019 Image credits Gorodenkoff – Fotolia (title), ipopba – iStockphoto (p. 5, p. 6), matejmo– iStockphoto (p. 13, p. 17), monsitj – iStockphoto (p. 23) You can obtain this and other brochures from: Federal Ministry for Economic Affairs and Energy (BMWi) Public Relations Email: [email protected] www.bmwi.de Central ordering service: Tel.: +49 30 182722721 Fax: +49 30 18102722721 This brochure is published as part of the public relations work of the Federal Ministry for Economic Affairs and Energy. It is distributed free of charge and is not intended for sale. The distribution of this brochure at campaign events or at infor- mation stands run by political parties is prohibited, and political party-related information or advertising shall not be inserted in, printed on, or affixed to this publication. 2 Contents Introduction . 3. Management Summary . 4. 1. Artificial Intelligence: Definition and Categories ..................................................................................................................................................... 6 1.1 Historical development – Phases of artificial intelligence......................................................................................................................
    [Show full text]
  • Combined Management Report
    15 Content Combined Management Report Our Group 16 Finances and strategy 16 2019 fiscal year 21 Business focus 22 Growth drivers 29 Group strategy 37 Human Resources strategy 39 The segments 40 Automotive 45 Industrial Power Control 49 Power Management & Multimarket 52 Digital Security Solutions 56 Research and development 60 Operations 62 Internal management system 65 Sustainability at Infineon 65 The Infineon share Our 2019 fiscal year 68 Group performance 68 Review of results of operations 73 Review of financial condition 76 Review of liquidity 79 Report on outlook, risk and opportunity 79 Outlook This report combines the Group Management 83 Risk and opportunity report Report of Infineon (“Infineon” or “Group”) – comprising Infineon Technologies AG (hereafter also referred to as “the Company”) and its 95 Overall statement on Infineon’s financial condition consolidated subsidiaries – and the Management 96 Infineon Technologies AG Report of Infineon Technologies AG. 99 Corporate Governance The Combined Management Report contains forward-looking statements about the business, 99 Information pursuant to section 289a, paragraph 1, financial condition and earnings performance and section 315a, paragraph 1, of Infineon. These statements are based on assumptions and projections based on currently of the German Commercial Code (HGB) available information and present estimates. They 102 Statement on Corporate Governance pursuant are subject to a multitude of uncertainties and risks. Actual business development may therefore to section 289f, 315d of the German Commercial differ materially from what has been expected. Code (HGB)/Corporate Governance Report Beyond disclosure requirements stipulated by law, Infineon does not undertake any obligation to 103 Compensation report update forward-looking statements.
    [Show full text]
  • EAFE EQUITY 2020 Year End Report
    EAFE EQUITY 2020 Year End Report COMPOSITE PERFORMANCE (% TOTAL RETURN) FOR PERIODS ENDED DECEMBER 31, 20201 SINCE 3 MONTHS 1 YEAR 3 YEARS2 5 YEARS2 10 YEARS2 INCEPTION2,3 HL EAFE EQUITY (GROSS OF FEES) 14.94 23.89 11.50 13.92 9.54 10.85 HL EAFE EQUITY (NET OF FEES) 14.82 23.26 10.91 13.32 8.92 10.23 MSCI EAFE INDEX4,5 16.09 8.28 4.79 7.96 6.00 6.80 1The Composite performance returns shown are preliminary; 2Annualized Returns; 3Inception Date: February 28, 2010; 4The Benchmark Index; 5Gross of withholding taxes. Please read the above performance in conjunction with the footnotes on the last page of this report. Past performance does not guarantee future results. All performance and data shown are in US dollar terms, unless otherwise noted. SECTOR EXPOSURE (%) WHAT'S INSIDE HL EAFE MSCI EAFE (UNDER) / OVER THE BENCHMARK Market Review › INFO TECHNOLOGY 21.3 8.9 After a turbulent year, and CASH 3.7 — despite an escalation in the global pandemic, international CONS STAPLES 14.2 11.0 stock markets rose dramatically HEALTH CARE 15.1 12.9 following positive results for COVID-19 vaccine trials. INDUSTRIALS 16.8 15.2 MATERIALS 9.4 7.9 Performance and Attribution › ENERGY 1.7 3.1 Sources of relative return by FINANCIALS 14.1 16.3 region and sector. REAL ESTATE 0.0 3.1 Perspective and Outlook › COMM SERVICES 1.3 5.2 We revisit our quaint worries from UTILITIES 0.0 3.9 a year ago about a “world turned upside down” by unsustainable CONS DISCRETIONARY 2.4 12.5 valuations and turn to some (14.0) (7.0) 0.0 7.0 14.0 newer concerns about regulatory threats to Big Tech.
    [Show full text]
  • 2015 Conference Program
    Conference Program ESWEEK.ORG OCTOBER 4-9, 2015 AMSTERDAM SPONSORED BY: Welcome to ESWEEK 2015 in Amsterdam! Embedded Systems Week (ESWEEK) is the premier event covering all aspects of research topic priorities, the cost of security and who is willing to pay for it or possibly embedded systems and software. By bringing together three leading conferences (CASES, accept reduced comfort. CODES+ISSS, and EMSOFT), three symposia (ESTIMedia, IoT, and RSP) and several Thursday and Friday are the days for symposia and workshops. The two established workshops and tutorials, ESWEEK allows attendees to benefit from the whole range of symposia, ESTIMEDIA (Real-time Multimedia) and RSP (Rapid System Prototyping), embedded system topics in research and development. which have been part of ESWEEK for many years, are now accompanied by a third, new The 21 regular sessions with three papers each are complemented by 7 invited sessions symposium on the Internet-of-Things. The Workshop on Design, Modeling and Evaluation focusing on new research trends or challenges. The regular sessions and special sessions of Cyber Physical Systems, CyPhy, is an established event that has joined ESWEEK for the of the three conferences are organized in four parallel tracks. There is a strong emphasis first time, just like the Embedded Operating Systems Workshop, EWiLi. WESE (education) on interaction: At the end of each session, there is a poster presentation during which and WESS (security) have been with ESWEEK for a while. There is one new workshop on all presented papers are discussed with the authors. As always, the paper selection Resiliency in Embedded Electronic Systems, REES, that is organized for the first time.
    [Show full text]
  • Recommendations for Implementing the Strategic Initiative INDUSTRIE 4.0
    Securing the future of German manufacturing industry Recommendations for implementing the strategic initiative INDUSTRIE 4.0 Final report of the Industrie 4.0 Working Group April 2013 Imprint Authors Contact details / Marketing Communication Promoters Group of the Industry-Science Office of the Industry-Science Research Alliance Research Alliance: beim Stifterverband für die Deutsche Prof. Dr. Henning Kagermann Wissenschaft Ulrike Findeklee, M.A. National Academy of Science and Engineering [email protected] (Spokesperson of the Promoters Group) Prof. forschungsunion.de Dr. Wolfgang Wahlster German Research Center for Artificial Secretariat of the Platform Industrie 4.0 Intelligence Dr. Johannes Helbig Lyoner Straße 9 60528 Deutsche Post AG Frankfurt/Main kontakt@plattform- acatech – National Academy of Science and Engineering i40.de plattform-i40.de Editorial staff Ariane Hellinger, M.A. Veronika Stumpf, M.A. With the assistance of: Christian Kobsda, B.A. acatech – National Academy of Science and Engineering Publication date: April 2013 Copy editing Linda Treugut, M.A. acatech – National Academy of Science and Engineering English translation Joaquín Blasco Dr. Helen Galloway Layout and typesetting HEILMEYERUNDSERNAU QGESTALTUNG © Copyright reserved by the authors. All rights reserved. This heilmeyerundsernau.com work and all its parts are protected by copyright. Any use not explicitly permitted by copyright law shall require the written consent of the authors. Failure to obtain this consent may result Graphics in legal action. This applies in particular to reproductions, isotype.com translations, microfilming and storage in electronic systems. The HEILMEYERUNDSERNAU QGESTALTUNG authors are not liable for the accuracy of manufacturers’ data. Contents Contents Executive summary . .. .. 04 Working group members | Authors | Technical experts .
    [Show full text]
  • Program & Exhibits Guide
    FROM CHIPS TO SYSTEMS – LEARN TODAY, CREATE TOMORROW CONFERENCE PROGRAM & EXHIBITS GUIDE JUNE 24-28, 2018 | SAN FRANCISCO, CA | MOSCONE CENTER WEST Mark You Calendar! DAC IS IN LAS VEGAS IN 2019! MACHINE IP LEARNING ESS & AUTO DESIGN SECURITY EDA IoT FROM CHIPS TO SYSTEMS – LEARN TODAY, CREATE TOMORROW JUNE 2-6, 2019 LAS VEGAS CONVENTION CENTER LAS VEGAS, NV DAC.COM DAC.COM #55DAC GET THE DAC APP! Fusion Technology Transforms DOWNLOAD FOR FREE! the RTL-to-GDSII Flow GET THE LATEST INFORMATION • Fusion of Best-in-Class Optimization and Industry-golden Signoff Tools RIGHT WHEN YOU NEED IT. • Unique Fusion Data Model for Both Logical and Physical Representation DAC.COM • Best Full-flow Quality-of-Results and Fastest Time-to-Results MONDAY SPECIAL EVENT: RTL-to-GDSII Fusion Technology • Search the Lunch at the Marriott Technical Program • Find Exhibitors www.synopsys.com/fusion • Create Your Personalized Schedule Visit DAC.com for more details and to download the FREE app! GENERAL CHAIR’S WELCOME Dear Colleagues, be able to visit over 175 exhibitors and our popular DAC Welcome to the 55th Design Automation Pavilion. #55DAC’s exhibition halls bring attendees several Conference! new areas/activities: It is great to have you join us in San • Design Infrastructure Alley is for professionals Francisco, one of the most beautiful who manage the HW and SW products and services cities in the world and now an information required by design teams. It houses a dedicated technology capital (it’s also the city that Design-on-Cloud Pavilion featuring presentations my son is named after).
    [Show full text]
  • Equity Perspectives
    MARKET GPS EQUITY PERSPECTIVES APRIL 2021 Featuring the latest quarterly insights from our investment teams: Powerful factors coalescing for a rebound in U.S. travel and leisure Health care’s innovation shifts into high gear Technology: solutions for a sustainable future in transport Emerging market equities: China’s “smart” opportunity For professional investors only | For promotional purposes | Not for onward distribution OUR EQUITY CAPABILITIES Janus Henderson provides an active approach to equity investing. The equities platform is shaped by the belief that fundamental research is the foundation for delivering long-term, market-leading risk-adjusted returns. Independent thought and unique viewpoints are central to this approach and result in portfolios that are meaningfully different to an index. Each team expresses their individual, high-conviction ideas through processes that have evolved to suit their specific areas of the market and within robust risk control frameworks. While operating with independence, the equities teams benefit from collaboration and shared research that provide a source of portfolio ideas. The culture encourages intellectual challenge and stimulating debate to test – and ultimately strengthen – investment thinking. The success of ideas is measured by overall client outcomes with the aim to deliver consistent, long-term risk-adjusted excess returns over benchmarks and peers regardless of the investment landscape. This effort is supported by award-winning, proprietary portfolio construction technology and a cultural emphasis on the client promise. The equity teams, led by Co-Heads of Equities Alex Crooke and George Maris, include 167 investment professionals, responsible for US$219.4bn in assets under management1. The teams include those with a global perspective, those with a regional focus – US, Europe, Asia Pacific and Emerging Markets – and those invested in specialist sectors.
    [Show full text]
  • Vulnerability of RSA Algorithm
    Vulnerability of RSA Algorithm Aleksandra V. Markelova Information Security Department Bauman Moscow State Technical University Moscow, Russia [email protected] Abstract—This paper is dedicated to ROCA-vulnerability that Google, HP, Lenovo and Fujitsu released updates for their was detected by scientists from Masaryk University, Czech. Their software products susceptible to this attack. investigation offers low-cost algorithm of factorization of RSA module for special type of keys generated by some widely used Recall that the public key of the RSA algorithm is a pair cryptographic library. They proposed a practical factorization (n, e), where n is the product of two large primes and gcd(e, method for various key lengths including 1024 and 2048 bits. (n))=1. Private key is number d such that ed=1(mod (n)). This attack requires no additional information except for the Some implementations also store prime divisors of n as part of value of the public key and does not depend on a weak or a faulty the private key. random number generator. We examine the possibility of modification of type of keys to embed the trapdoor with universal Thus, RSA requires two large random primes p and q, that protection into key generator. In some cases we can design can be obtained by generating a random candidate number Secretly Embedded Trapdoor with Universal Protection in the (usually with half of the bits of n) and then testing it for generator of RSA key. This problem is serious and relevant for primality. If the candidate is found to be composite, the all closed (so-called black-box) implementations of cryptographic process is repeated with a different candidate.
    [Show full text]