Cryptographic Inventory: A Crucial Step in the Transition to Post-Quantum Cryptography

The Emergence of Post-Quantum Cryptography (PQC)

The advent of quantum computing poses a significant threat to current cryptographic standards. Quantum computers, with their ability to perform complex calculations at unprecedented speeds, can potentially break many widely used encryption algorithms. As a result, there is an urgent need to transition to post-quantum cryptography (PQC), algorithms designed to resist attacks from both classical and quantum computers.

The Importance of Cryptographic Inventory

To ensure a smooth and secure transition to PQC, it is essential to conduct a thorough cryptographic inventory. A cryptographic inventory is a comprehensive list of all cryptographic algorithms, protocols, and systems used within an organization or nation. This inventory provides valuable insights into the current cryptographic landscape, helping to identify vulnerabilities, prioritize migration efforts, and develop effective strategies for adopting PQC.

Steps to Conduct a Cryptographic Inventory

• Identify Cryptographic Assets: This involves identifying all systems, applications, and devices that use cryptographic algorithms, including hardware, software, and cloud-based services.

• Document Cryptographic Algorithms: For each identified asset, document the specific cryptographic algorithms and protocols being used.

• Assess Vulnerability: Evaluate the vulnerability of each algorithm to quantum attacks based on the latest research and expert assessments.

• Prioritize Migration: Based on the vulnerability assessment, prioritize the migration of critical systems to PQC.

• Develop a Migration Plan: Create a detailed plan outlining the steps, timelines, and resources required for the migration process.

    As PQC standards have already released @ FIPS 203-204-205 and would continue to evolve, it is imperative for organizations and nations to prepare for the transition. A cryptographic inventory is a fundamental step in this process, providing essential information for risk assessment, migration planning, and compliance. By conducting a thorough inventory and developing a comprehensive migration strategy, organizations can ensure the security and resilience of their cryptographic infrastructure in the face of emerging quantum threats.

Blockchain and Cyber Defense Strategies

 A brief presentation given at Gurugram Police Internship program 2024 #GPCSSI2024 on Blockchain and Cyber Security

Data Sovereignty and Cybersecurity at Indo-Pacific GeoIntelligence Forum 2024

Sharing a small video clip below from my participation at Indo-Pacific GeoIntelligence Forum 2024on Day 2

Demystifying PQC with a Mind Map: NIST Competition & Theoretical Foundations

The world of cryptography is constantly evolving, and with the rise of quantum computers, traditional encryption methods are becoming vulnerable. Enter Post-Quantum Cryptography (PQC) – a set of new algorithms designed to resist attacks from these powerful machines.

This blog post offers a unique resource: a downloadable mind map that breaks down the complexities of PQC and the NIST standardization process.

What you'll find in the mind map:

• A clear overview of all four rounds of the NIST PQC competition. This includes the different candidate algorithms and their functionalities.
• A breakdown of the theoretical basis of PQC. Explore the underlying mathematical concepts that make these algorithms resistant to quantum attacks.
• A visual representation of the relationships between different PQC schemes and their security properties.

Call to action

Download the mind map today and gain a comprehensive understanding of PQC and its journey through NIST standardization. This mind map is perfect for anyone interested in cryptography, cybersecurity, or the future of secure communication.

SVG Download link: https://drive.google.com/file/d/12k31FIzD92qYy-CmiWO7529S7Kpz69Hs/view?usp=sharing

PDF Download link: https://drive.google.com/file/d/1vCO7SQF6TAW2oI4-lpgA7fXlouObStJT/view?usp=sharing

PQC in a Flash: A Downloada... by Anupam Tiwari

WEBSHAG : Scan a Web server@Kali Linux

1.    The name of this tool is such that a layman might start pondering some other thoughts :-)..Webshag ... is actually a multi-threaded, multi-platform web server audit tool  that's coded in Python and gathers useful common functionality for web server auditing like website crawling, URL scanning and file fuzzing.This can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication. In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated. It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames (in addition to common list-based fuzzing).This post gives out a stepped screenshot on how to use it in Kali Linux for auditing a website.

The post shows the screen-shots for a Webshag version 1.10....that's the latest as on date...like always I have...this tool is too an opensource tool with a great functionality.....

Spying your friend at WhatsApp : Cause of concern

1.   In my last post here,I discussed about the growing lure of using WhatsApp and the basic security concerns that comes with it from point of a naive user.Now will take you one step higher to the level of a script kiddie....

2.  How does WhatApp identify you in billions?The answer is the unique MAC address that each digital device on this earth holds. If any one changes his/her device,then automatically the MAC address also changes and the user is requested to re-verify their WhatsApp account. Means he/she cannot access same WhatsApp account from two devices. But is MACSPOOFING not existing ?So,if the Mac is spoofed,then who stops from seeing your friends traffic that includes his/her chats,downloads etc!!!although for a naive user this may be look of some technical nature but for the young gen which has lots of techno enthusiasts there should be no stopping....that would include rooting your phone and installing Busybox. How to get your friends MAC address,here it goes :

For Android phone users simply go to settings—> About phone—> Status—> Wi-Fi MAC address.

For iPhone users go to Settings—> General—> About—> Wi-Fi address.

For Windows Phone users go to Settings—> About—> More info—> MAC address.

and for BlackBerry users go to options—> Device—> Device and Status info—> WLAN MAC.

3.   And the best part is that your Andorid can be anyone starting from 1.6 on wards till date.

SMART TVs : OUTSMARTED & HACKED

1.   In the land of Hacking,no one can be spared.We all keep hearing about how websites have been hacked,how smartphones are getting out smarted by various exploits in recent times.Now comes something new ,that makes smart TV owners prone .Yess!!all the proud owners of Smart TVs(SAMSUNG LEDs specifically)...can start checking if they are the lucky ones to get bitten here..this one is all about SMART TVs getting HACKED...So now on all the data that is available in their respective HDDs connected vide the USB is vulnerable to be accessed by undesired third party.So now it is not just that you watch the TV....its time for the TV to watch you.Few valuable briefs given out here :

- The Vulnerability exposed in all Samsung's Smart LED TV Software.

- This Vulnerability allows remote attackers to swipe data.

- ReVuln,a Malta-based security firm claims to have discovered this vulnerability.

- Remains a zero-day vulnerability as on date.

- A demo video by ReVuln shows how a "vulnerability for such devices can be used to retrieve sensitive information, monitor and root the device.Click on the video below to have a glimpse of how the vulnerability is exploitable.

2.   I am sure whatever efforts are made by the typical user as on date,he remains vulnerable round the clock in all the fields.How can a normal user who is not so tech savvy be aware of securing his PC,his Laptop,his smartphone,his TV,his external HDD with his personal data without encryption,his pendrives and the list is actually endless.He simply remains one of the choices by any hacker..if he is chosen he is gone...or he can remain lucky ..but how long can anyone remain lucky? The hackers community is growing at a pace which is pretty fast owing to the lure of what else but DOLLARs and more DOLLARs.With "Crimeware as a Service" readily available as a service at the click, NO ONE IS SECURE.It will actually take years to stabilize the current security environment from perspective of a typical user as he understands that giving an equal importance to his IT assets security is more important then locking his house as he leaves for work.

BIGGEST SPYING CENTRE:NSA@USA

1.  At a time when we all realize the cyber traffic movement monitoring around us via hackers,spies and the government....this will come as a news...a big news....

2.  National Security Agency,where else but United States of America ,is engaged building and ramping up the largest Spy center in the history of the world.Special points that I read about this upcoming centre are enumerated below for ur info :

-  To be completed by September 2013.

-  This will make NSA the largest, most covert, and potentially most intrusive intelligence agency ever.

- Will be able to intercept your private emails, cell phone calls, internet connections and Google/Bing searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital litter 

-  To be located at Bluffdale.

-  Also known named Utah Data Center.

- Main purpose to tap, decipher, decrypt, analyze, and store Brobdingnagian Yotta bytes of the world’s communications as they take place across international,foreign and domestic networks.

-  Approx investment@$2 billion.

-  Realization of the “total information awareness” program initiated by Bush administration.

-  Also critical for breaking and decrypting codes to decipher encrypted financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal document etc.

-  This will consist of 100,000-square-foot halls filled with servers, complete with raised floor space for cables and storage excluding more than 900,000 square feet for technical support and administration.