Cisco Blogs


Cisco Blog > Security

Cybersecurity in the Post-Quantum Era

One of the great scientific challenges of our time is the construction of a practical quantum computer. Operating using the counterintuitive principles of quantum physics, such a device could rapidly explore an vast number of possible states. It could perform computational tasks that are far beyond our current capabilities, such as modeling molecules and designing new types of drugs—and breaking most of the cryptographic systems that are currently in use. Fortunately, no one has yet built a practical quantum computer, though many countries and companies are striving do just that. It has been claimed that the U.S. National Security Agency has a secret US$80M project with that aim, for example. Quantum computing is still an unproven technology, and it may not be practical for decades, but since it poses an existential threat to cryptography, we need to start preparing now for the possibility that one day the news will announce a breakthrough in quantum computing, and we will be living in a post-quantum world.

Read More »

Tags: , , , , ,

In Search of The First Transaction

At the height of an eventful week – Cloud and IoT developments, Open Source Think Tank,  Linux Foundation Summit – I learned about the fate of my fellow alumnus, an upperclassman as it were, the brilliant open source developer and crypto genius known for the first transaction on Bitcoin.

Hal Finney is a Caltech graduate who went on to become one of the most dedicated, altruistic and strong contributors to open source cryptography. We are a small school in size, so one would think it’s easy to keep in touch; we try but do poorly, mostly a very friendly and open bunch, but easy to loose ourselves into the deep work at hand and sometimes miss what’s hiding in plain sight.

He was among the first to work with Phil Zimmermann on PGP, created the first reusable proof-of-work (POW) system years before Bitcoin, had just the right amount of disdain for noobs in my opinion, and years later, one of the first open source developers with Satoshi Nakamoto on Bitcoin, in fact the first transaction ever. There is a great story about Hal in Forbes this week, “My hunt for Bitcoin’s creator led to a paralyzed crypto genius, thank you, Hal Finney for going through with it, and Andy Greenberg for writing it. Sometimes it is very painful, shocking to see how things turn out, I think this is one of those moments when we realize how much this is going to mean to all of us, the brilliant minds of programmers like Hal Finney, who never sought the limelight, but did so much for us without asking for anything in return, who leave behind a long lasting contributions to privacy and security in our society, he is in fact a co-creator of the Bitcoin project. Do you realize that every bitminer successfully providing the required POW, should in fact reach the very same conclusion at the end of every new transaction… forever? You’d better accurately represent who was the very first. What a legacy to remember!

I often go to Santa Barbara to see a very, very close and dear person there, my daughter. But now, there is another reason to stop by and pay tribute to one of the finest there. We will all be in search of the first transaction, eventually.

Tags: , , , , , , , , , , , , , , , , ,

David McGrew Discusses Legacy Encryption Solutions with Mike Danseglio of 1105 Media at RSA 2013

Today, many encrypted networks use insecure cryptography. Attackers exploiting weak cryptography are nearly undetectable, and the data you think is secure is less safe every day. Legacy encryption technology can’t keep up with current advances in hacking and brute force computing power. Additionally, legacy solutions are increasingly inefficient as security levels rise, and perform poorly at high data rates. In order to stay ahead of this challenge, encryption needs to evolve.

Read More »

Tags: , , , , , , ,

Cisco Unified IP Phones earn FIPS Certification!

The Global Certification Team is proud to announce the FIPS 140-2 Crypto certification of the 6900 and 7900 Series IP Phones.

The phones received FIPS certificate #1647 for Models 6901 and 6911 and Certificate #1650 for 6921, 6941, 6945, and 6961.  Finally the 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE, and 7975G were awarded FIPS certificate #1689.

Take full advantage of converged voice and data networks while retaining the convenience and user-friendliness you expect from a business phone. Cisco Unified IP Phones can help improve productivity by meeting the needs of users throughout your organization. Advanced media endpoints in this innovative suite of Cisco Unified IP Phones enhance the end-user experience.

6900 Series on Cisco.com

7900 Series Phones on Cisco.com

FIPS-140 is a US and Canadian government standard that specifies security requirements for cryptographic modules. A cryptographic module is defined as “the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.” The cryptographic module is what is being validated.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Cisco Common Crypto Hybrid Module (C3M-hybrid) is FIPS certified!

The Global Certification team is pleased to announce the Cisco Common Crypto Hybrid Module, C3M-hybrid, has been awarded FIPS validation #1668 and is complete!  The C3M-hybrid module leverages AES-NI (C3M, #1643, completed in 2011). This is the first crypto module that leverages AES-NI.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1668

The Cisco Common Cryptographic Module (C3M) is a software library that that can be utilized by many Cisco products. The module provides FIPS validated cryptographic algorithms, including advanced (Suite B) cryptography requested by USG, for services such as sRTP, SSH, TLS, 802.1x etc. Once the FIPS validated C3M is integrated into our products, GCT can engage the FIPS lab to write letters of compliance. In the future, leveraging this FIPS validation while performing HW validation will reduce cost, time and effort.

FIPS-140 is a US and Canadian government standard that specifies security requirements for cryptographic modules. A cryptographic module is defined as “the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.” The cryptographic module is what is being validated.

Tags: , , , , , , ,