The EuropeanCyberSecurityMonth is in full swing. Again this year, in October, numerous companies and associations from all over Europe are participating in campaigns to raise awareness of cyber security. Private individuals and companies are sensitized to responsible behaviour in virtual space. Even today, IT security and encryption are still too often neglected. However, it is well known that the need for secure communication is rising rapidly.
With the increasing networking of people and things in everyday life (IoT), the degree of digitization only knows one course – it is growing exponentially. This also increases the demand for encryption concepts and intelligent solutions for secure digitization in almost all areas.
From discounters around the corner to security communication in the secret service – cryptovision GmbH solution concepts find an answer to the dangers of the digital world. This includes the technical security device (TSE) developed for Bundesdruckerei for cash register systems and the VS-NfD approved e-mail and file encryption software GreenShield: In Germany alone, sales tax fraud causes damage worth billions every year. The cryptovision GmbH with its TSE provides more security in the tax system – so that each tax paid by the customer at the cash register arrives at the intended places and does not disappear into private bags.
With the state certified VS-NfD E-Mail and file coding solution GreenShield, the cryptovision GmbH provides safe digital communication in secret protected authorities and enterprises.
Since its establishment in the year 1999 the cv cryptovision GmbH stands for user friendly cryptography solutions. With its well-balanced product range of electronic ID cards, e-mail and file encryption and fiscalisation solutions, cryptovision contributes significantly to the protection of digital identities and communication. The key to the application of security solutions lies in simplicity, user-friendliness and reliability. Therefore, the dynamic 60-person team of cryptovision GmbH is working hard this month to improve existing and develop new user-friendly encryption solutions in order to further optimize our proven products and create new solutions. And so we make – not only in October – our concrete contribution to the EuropeanCyberSecurityMonth!
cryptovision is a strong team. This applies not only to the company’s business fields, electronic identities and cryptography, but also to sporting challenges. For this reason, a cryptovision team took part in the company run (B2Run 2019) in Gelsenkirchen – for the third time in a row. With managing director Markus Hoffmeister as team leader, the run went on a 5.3 kilometer long course with a finish in the Gelsenkirchen soccer stadium. With typical cryptovision virtues, such as fighting spirit and stamina, all 12 cryptovision runners mastered the demanding course confidently, which was subsequently rewarded with medals. In the end, everyone agreed: It was great fun, and next year cryptovision will be at the start again.
B2Run Gelsenkirchen website
Good news for German authorities and companies in the field of VS: You can now use the GreenShield software to encrypt and exchange digital content that has been classified as VS-NfD. The Federal Office for Information Security (BSI) has approved Greenshield as the only software so far. The GreenShield components were developed in Germany according to BSI’s “VS requirement profile Secure transmission of e-mails and files”.
BSI President Arne Schönbohm emphasizes:
“Strong and correctly implemented encryption protects the confidentiality of any digital communication. By approving GreenShield, we help governments and businesses effectively protect the sharing of sensitive information. “
With GreenShield, emails and files can be encrypted, signed, and securely stored in their familiar workspaces. Used by the BSI for VS-NfD.
More about GreenShield
Have you checked to see if your password is one of the 21 million currently offered for sale on an illegal website under the name “Collection#1”? If not, you can do so on the website Have I been pwned?. If so, you may have to check again soon, as rumour has it that there will be more in the near future. As it seems, an unknown hacker has made rich loot here.
But how is such a gigantic password theft even possible? Quite simply: It is in the nature of a password that both sides must know it. So if an online provider has one million customers who log in with a password, that provider has to store one million passwords. In the current case, an employee with the appropriate rights or a hacker has gained access to stored passwords. Although there are ways to protect stored passwords, the current hack, as well as many others, show that these methods do not always work.
There are alternatives to passwords – especially the so-called two-factor authentication. For example, a transaction number (TAN) provided via a text message the customer needs to type in in addition to the password (M-TAN method) is a second factor. In this case, an attacker cannot use a stolen password because he doesn’t know the transaction number.
While the M-TAN method is widely used in online banking, you certainly would not want to access your emails in this way. This is why another form of two-factor authentication is often the better solution: two-factor authentication with a smartcard. This technique uses what is known as asymmetric cryptography, which makes it possible to check a type of password (here we are talking about a private key) without even knowing it. This “password” is usually stored on a smartcard. To log in, the user needs the smartcard in question and a secret number (PIN) to unlock it – two factors. A hacker or a corrupt IT employee has no chance from the outset. He can’t steal a password collection from the online provider because such a collection simply doesn’t exist. The provider can identify the user via the counterpart to the private key, the so-called public key.
Numerous companies and authorities have long since switched to two-factor authentication in the form described and thus abolished passwords. Online shops, email services and social media providers, on the other hand, usually shy away from the costs that arise when they equip their customers with smart cards. However, a loss of 21 million passwords (as in the current case) causes much greater damage. It is time for these providers to change their minds.
cryptovision CEO Markus Hoffmeister is not surprised about the recent data thefts German politicians and other celebrities fell victim to. His demand: Strong authentication and encryption must finally prevail among private users as well.
“Have the security systems of the Bundestag failed?” many a person asks with regards to the current reports on the leaked data of various politicians. In my opinion, the answer is no, because according to the current state of knowledge, the perpetrator(s) have not leveraged any security measures of the Bundestag (especially as celebrities who have nothing to do with the Bundestag are affected, too). Like other people, however, politicians are sometimes privately on the Internet and use social media, e-mail servers or cloud services. This is obviously where hackers have come in. Via stolen passwords, poorly secured access and other gaps, they have been able to access private data. This method is not new, but it still works, because Internet users tend to be carefree. Or as Frank Rieger from the Chaos Computer Club puts it: “As you can see, some of those affected have been relatively generous with their data.”
So what is to be done? In my opinion, the providers of e-mail, social media and cloud services are in demand. They need to ensure greater protection for end users. This is not rocket science but has long been an everyday occurrence in the professional sector. Many companies and authorities are currently switching from passwords to smart cards or other smart credentials – if they haven’t already done so. Encryption is also spreading more and more in this environment. It is high time that these standards from professional information technology also become a matter of course in private life. If necessary, the legislator must intervene and force the providers to take appropriate measures.
With its solutions (sc/interface for strong authentication as well as s/mail and GreenShield for mail and file encryption) cryptovision has proven for almost two decades that these security measures can be implemented in a user-friendly and practicable way. The current data theft therefore could have been avoided.
Shortly before the end of the year, cryptovision once again sets a medial exclamation mark. In the latest issue of the magazine The Vault, published by industry association Silicon Trust, cryptovision’s CEO Markus Hoffmeister (together with co-author Klaus Schmeh) presents his assessment of the currently most discussed topic in the identity industry: the blockchain. In his article BLOCKCHAIN Blues – the END of eID cards? Hoffmeister shows that the blockchain can be very useful for eID technology and that there are interesting synergy effects. The question asked in the title of the article is therefore easy to answer: The blockchain is not the end of eID cards. There is therefore no reason for a blockchain blues.
Read article (page 20): https://silicontrust.files.wordpress.com/2018/11/the_vault_23_web.pdf