Monday, 20 February 2017

Unbreakable - 1104

Unbreakable Security

Can you relate to this immense number? Does such an exponent represent an order of magnitude that makes sense?

101104 is how many times stronger CORA is than military grade encryption when considering a brute force attack. Why 1104, instead of 1105, or 1203? Truth be told, because I like 1104; my point being that there is 'no limit' on how large CORA Cyber Security can make this number!

101104 sufficiently demonstrates that, not even 'quantum computers' will be capable of breaking this encryption with a brute force attack... at least not in this century!

Sure, anyone can make such a claim! The question is, can anyone back up such a claim? CORAcsi can backup this claim - TODAY!

While we are making fast inroads into the marketplace, with a beach head that is growing quickly in select industries, such as industrial controls, robotics and manufacturing, my question is this:

Why doesn't a 'bigger player' investigate our claim further so as to take a leadership role in properly securing the global marketplace? CORAcsi is getting there, but every month delayed is costing the global community upwards of $100 B in cyber crime.

Bottom line: if our claim of 101104 times stronger than everything else that is available, is correct, then the entire Industry is already antiquated - so take a chance, a few moments, and lets have a conversation. Perhaps if you need a little more convincing, take a look at Claude Shannon and his definition of 'perfect encryption'.

Friday, 3 February 2017

Physics Rocks – a journey of excellence and bounded perception

Bottom lines are the foundation from which the mind can sing a song of pure joy, creativity and innovation.

Imagination is the invisible ether that connects basic truths with imagined realities. This is the joy that is, or should be, Physics.
Don't misinterpret my meaning; the discipline and beauty of math is certainly the language of Physics, however, language can only glimpse the depth that is contained in the visualizations the reach beyond the confines of expressible truths.
The mind is the ultimate toy chest. Math and Physics are two side to the same coin - the game of patterns.

This has been my journey from Physics to technology. How can someone without an official degree in computer science possibly develop an 'unbreakable data security' technology? Without a doctorate in math – why would anyone believe that CORA (Context Ordered Replacement Algorithm) is actually "a step beyond encryption that is unbreakable"?

Those who have tasted from the fountain of Physics, or who have realized the love of learning that springs forth from the fountain of youth understand this question, and its answer.

Bottom line – try it – you won't break it. Better yet, because of the nature of 'chaos maps', if you do break 'one', it won't be repeatable – so what good is it?

What do you have to lose? Anyone who knows the industry, or follows the media knows that the current state of encryption 'can and is being broken'. Alas I deviate from Physics. The real question you should be asking is: "how can any student of Physics believe in an absolute", such as 'unbreakable'.

Forgive my egress into the convenience of a coined phrase. The public can relate to 'unbreakable' more readily that a number like 101104 times stronger than anything else that is available.
Who wants to think about "chaos maps" and the problems that exists when an expensive (time, human-hours and money) endeavor might accidentally work once, but cannot be repeated?

For those of you who might contemplate the journey from Physics to innovation & technology, take a look at CORA and see if you can break it; think of it as the ultimate puzzle, Sudoku or game of chess.

When you are ready to embrace a step beyond encryption that is at least 101104 times stronger than every other form of encryption, give us a shout and together we can provide proper security for, well anything and everything 'connected'.


Sunday, 18 December 2016

CORA Industrial


The origin of CORA

I am amazed at how many pathways are emerging for CORA. I suppose it isn't too surprising when one contemplates the need for 'unbreakable security', and yet, my original thought was to protect "static data", particularly that which is found on 'my computer'.
I knew that I wanted to store my technology bases in multiple, online locations. I further knew that encryption as is currently found in the industry, can be broken.

Surprise realizations

goCORA

goCORA, the online, fun, app that will be released in 2017 allows users to maintain control of their online, digital footprint. This exciting pathway for CORA was never considered in its development.
For years we have spoken to young people (in particular) about the need for caution when posting pictures, opinions, videos, and the like online - once it is online, it will exists somewhere, for ever...
goCORA will allow users to post anything they want online, without the fear of "losing control" over their data - they can shut it down permanently regardless of how many people have seen, copies, or shared the information.
To this end, if you are a Xamarin developer, we may have some work for you.

CORA Industrial

I must say, trade shows are relatively boring, and yet, they are surprisingly productive. While 'putting in time' at the last trade show on emerging technologies, a local industrial company spoke with CORA Cyber Security and we became aware of another import pathway for CORA, as illustrated in the follow:

What good is a pathway without some math


While I personally love the math, what does 101848 look like? 
Answer: Unbreakable.

Saturday, 3 December 2016

HISTORY becomes THE FUTURE

Venona project (1943–80)



I have read that this was one of the most successful counter-intelligence efforts of the Cold War; purportedly successful because individual(s) on the soviet side began to reuse keys, rather than generating a new key for each message.

Perfect Encryption

 

Claude Shannon is accredited with defining the idea of "perfect encryption" in which the encryption key would be, at least as long, as the message.
These two paths from our collective HISTORY converge with CORA, and become THE FUTURE of data security.

CORA stands for Context Ordered Replacement Algorithm.

While the 'magic of CORA' temporarily remains a trade secret, the following expose makes for an acceptable 'letter of introduction' to CORA.
 Context Ordered infers that the same CORA bloc (key in the Venona project cited above) will always be created anew when 'CORAfying' data.
Replacement Algorithm infers that each CORA bloc's relevant data (perfect encryption cited above) should span a proportionate size that exceeds the relative data.

Bottom Line

A CORAfied solution at its worst, is far more than a 'googol' times stronger than military grade encryption, at its best.

CORAfied - at its worst:

  • 3 CORA blocs in the solution.
  • 2 out of the 3 blocs are stolen.
  • The blocs are at the minimum size required for CORAfication.
  • The hacker has:
    • the catalog file.
    • the chaos maps.
  • The thief knows:
    • there are only 3 blocs in the solution.
    • the size of the 3rd bloc.
    • the relevant order of blocs including boundary conditions.
Giving this scenario in which the CORAfied data is horribly compromised, a brute force attack would take no more than 102400 attempts to obtain the CORAfied data.

Contrast this to military grade encryption that uses a 256 bit key which would take no more than 2256 1078 attempts to obtain the encrypted data.

Hence CORA at its worst is 102322 times stronger  - a step beyond encryption! 
I prefer to refer to this as "astronomically stronger" or "unbreakable"!

Addendum (4 Dec 2016)


It should be noted that patterns in random number generators, and optimization routines based upon frequency distributions in the byte structures will result in the potential for optimizations. Taking a smarter approach based on these patterns might pragmatically decrease this complexity of the attack pathway by 20%, which could result in as little as 101926  attempts, or 101848 times stronger than military based encryption.
The enormity of this number is still astronomical unbreakable

Sunday, 28 August 2016

Block Chains: a contrasting position on decentralization

Fact and Fiction - love the contrast

My brother once quoted Winston Churchill:
If you're not a liberal when you're 25, you have no heart. If you're not a conservative by the time you're 35, you have no brain.
An interesting muse for the mind, however, upon  research, one discovers that Churchill is not attributed with this saying.
  1. What was my brother trying to do? Convince me of his position.
  2. My response - why does the heart and brain have to be at odds with one another?

"Time is the hand, that writes the truth, on the wall of experience"

One often holds a belief in youth, that matures with age. Ideally the heart and mind work in unison. Think of the heart and emotions as the fuel in your vehicle. The head is the steering wheel. Both are needed for the journey.

Who doesn't wish there were no rules, speed limits, or fences when bouncing around with enthusiasm and reckless abandon, in one's youth? An yet, as the currents of time demonstrate the lessons that are too hard to embrace in childhood, one's appreciation for 'responsible freedoms' and 'conscientious authorities' evolves into a maturity of mind and heart.
I often joke that "the world would be perfect if everyone were like me". This sentiment is behind those that seek chaos, or the absence of authority; where there are no bullies, thieves, or "big kids on the block" that would certainly "take without asking" or "do without caring".

Block Chains and decentralization

Block Chains are beautiful - mathematically and technologically. They are robust and redundant. One might be capable of burning a $20 bill, but don't expect to 'burn' a bitcoin!

Wait, that just happened, didn't it?

  1. A hacker stole $64 M of ether (bitcoin alternative) from an investment firm.
  2. There was a time delay during which the hacker could not claim the funds - they sat there without the true owners being empowered to retrieve them.
  3. Ethereum reset their system (burned the ether currency for the past day) to a backup that existed previously.
  4. While this eradicated the transactions that occurred during the past day, and thus, the theft of the "investors' money", it also resulted in a 'fork' in which some users choose to stay with the original, pre-fork currency, and others choose the new, post-fork currency.
What does this mean? Consider the following analogy to simplify the concept:

Imagine that someone compromised a corporate 'MasterCard' and used it to steal a large amount of money. MasterCard cannot deal with a 'single transaction' (Block Chains), so it decides to reset the system to 1 day ago, resulting in the deletion of 'all transactions' that have occurred, and the issuing of a second set of 'cards' and 'processing machines' for all card holders and merchants. 
  1. All transactions since this reset are gone.
  2. An entirely new set of cards (for all clients) and machines (for all merchants) are issued.
  3. Those who don't want the new cards may keep using the old cards. Those merchants that don't want the new machines may continue to use the old machines. There are now effectively '2 forks', 2 sets of MasterCards; remember there isn't a central authority that can insist that everyone uses the new cards and machines.
In all fairness, this isn't limited to Ethereum. In August of this year $94M of Bitcoins was stolen in a hack of the Bitfinex exchange. While Bitcoin did not 'reset the system' as cited above, these is an interesting story about a proposed fork that dates back to early this year: Bitcoin feud over expansion threatens to destabilize currency .

Bottom line:
  1. Forks can be produced resulting in multiple "online currencies". Without  a central authority, there is no limit to how many different forks, and online currencies might result as time marches forward.
  2. Mike Hearn (one time advocate and developer for Bitcoin) states in the article cited above, and on his blog, 'What was meant to be a new, decentralised form of money that lacked “systemically important institutions” and “too big to fail” has become something even worse:  "a system completely controlled by just a handful of people".'

A Centralized system

Block Chains may be great for online currency, however, for data security we do need a centralized methodology that allows the owners of the data to control it, and if necessary, shut it down. 

In the ideal world, in which everyone, equally, respects one another, and lives by the same rules and guidelines, there would be no need for security and built in controls. 
This is a great direction and beautiful dream. I am confident that quality education will eventually empower this evolved society.
While the journey remains ahead of us, and is marvelous in many ways, we have yet to arrive at this destination.


Wednesday, 13 July 2016

Homeland security's Report - substantial in context and scope

GOING DARK, GOING FORWARD a primer on the encryption debate.

These 25 pages are enough to make me speechless - with only 3 exceptions:
  1. There is so much happening in cyber security. There are so many opinions, facts, options and directions. WOW! If I think so, I can't imagine who among my friends and associates will actually read this report.
  2. The article posted on engadget.com entitled Homeland Security's big encryption report wasn't fact-checked is another interesting read. Again, so many facts, counter facts, opinions and directions.
    My only thought here is that, I appreciate all that our governments and professionals are doing to safeguard our security, rights, and freedoms.
    The fact that there is accountability and free speech, speaks volumes about those of us who are fortunate to live in a free, safeguarded and educated society.
  3. The first point on page 6 of this report states:
Encryption plays a vital role in modern society, and increasingly widespread use of encryption in digital communications and data management has become a “fact of life.”
In regards to 'data management', sadly encryption has fallen short. The massive loss of more than 400 billion dollars per year is clear evidence of this fact, rather than the opinion.

Sooner or later (and I am betting on sooner) CORA will be recognized as the standard for data security. Unlike encryption, CORA is capable of producing "unbreakable data security".

Soon the CORAcsi Challenge 2016 will be launched to the global community. While this challenge is admittedly 'unfair', it will announce and validate this bold statement about "unbreakable data security". Stay tuned and spread the word.


A bitter placebo - Encryption

If only this placebo were bitter. The sad news is that it is a sweet pill to swallow which makes it an easy sell. I call it 'bitter' because it is costing us billions of dollars a year!


Google: Today’s Encryption May Not Survive Tomorrow’s Attacks

An article about how Encryption is not be enough. Yet the fact is that for years, it has not been protecting data sufficiently. The proof is in the pudding. More than 400 billion dollars lost, yearly, to cyber criminals! Unless your an ostrich, you must know that much of the data stolen has been encrypted!

Researchers claim Android Keystore encryption is broken. This interesting article provides a particular quote I would like to cite:
“Unfortunately, system designers still tend to choose cryptographic schemes not for their proved security but for their apparent simplicity,” 
I would add that cryptographic schemes cannot be chosen for their proven security, but rather for their 'apparent security'.

  • There is no doubt that encryption is better than plain text
  • There is no doubt that encryption will cost the cyber criminal time and money
  • There is no doubt that give time and money, encryption can be broken! Read one of my previous articles on Encryption, breaking the myth for a small sample of breaches that resulted in significant losses. Keep in mind that not all losses are reported, and moreover, monetary loss may be measured more easily than the public relations nightmare that follows.

In the article cited above about Encryption surviving tomorrow's attacks, they mention 'Advanced Quantum attacks'. Encryption used for 'data security' is vulnerable because:

  1. Technology continues to evolve producing faster and more efficient hardware and software.
  2. Static data is much easier to find, store and work on, then data in transit. While encryption used for communication is much more difficult to capture, then break - static data should be though of as 'a sitting duck'.
  3. Prime number generators are available which significantly reduce the time needed to find the keys. An organic sieve which my generator can easily produce would result in a 'look up table' for all prime numbers. If my generator can do it, you know others must have superior 'organic sieves'! 
Wait a minute you say, what if companies aren't using prime numbers as keys for their encrypted data? My company, CORAcsi, isn't using prime numbers: "we aren't using encryption for data security". We are pioneering the use of chaos Maps and CORA. Soon enough, others will follow and we will secure the global community.


Admittedly I am biased towards CORA. In my defense, my bias is altruistic. I believe in security. I believe in the right to protect one's information. I believe in sharing 'my information' on my terms. I believe in 'the Cloud'. CORA makes 'the Cloud' a value add (unbreakable data security) to corporate and private clients; not knowing everything about 'where the CORA fragments' are stored makes "the Cloud" a value add, rather than a hard sell to shareholders.