Franklin Heath Ltd

Master Your Information Assets

  • Categories

  • Meta

Archive for the ‘Cryptography’ Category

Comparing the Security of Low-Power Wide-Area Network Technologies

Posted by Craig H on 2 May 2017

I was recently asked by the GSMA to undertake an independent study looking at the security of various LPWA (Low-Power Wide-Area) network technologies. I took on the project because I find it a very interesting topic; these types of network are targeted at IoT (Internet-of-Things) devices, an area I have been working on over the last couple of years with IoTUK and the IoT Security Foundation. One of the main challenges of the IoT space is in making trade-offs to accommodate low-power and low-cost devices, and security is one of the things that might be traded off.

You can download the 20-page report here.
Read the rest of this entry »

Posted in Cryptography, Internet of Things, Network Protocols, Risks | 1 Comment »

Ideal Christmas Present* – Personalised Enigma Logo Mugs!

Posted by Craig H on 3 November 2015

Today we’ve launched a new web site,, and an associated CafePress store. The idea is that you enter your name, or whatever other word(s) you might like on a mug, it creates a design in the style of the Enigma machine logo and you can then (if you like it!) buy a mug with that design from CafePress. We have other designs also in the store: Enigma machine pluboards, with or without the plugs and cables, which we think look pretty good wrapped around a mug.
Read the rest of this entry »

Posted in Amusement, Bletchley Park, Cryptography, Enigma | Leave a Comment »

Raspberry Pi Fishcam – The Secure Version

Posted by Craig H on 16 August 2013

Having proved the concept using netcat, we need to add access control and make it accessible via a discoverable external address. The design is essentially the same, running the video capture command on the Pi and routing the output stream over IP to a remote client, but we use ssh (Secure SHell) as the transport to add authentication and encryption.

The first thing to do before exposing your Pi to the outside world is: change the default password! With Raspbian, the default admin user name and password is “pi” and “raspberry”. You should change the password to something that’s not based on a name or word that could be found in a cracking dictionary; best would be a randomly generated password that you write down and keep with you, or you can use initial letters of words in a sentence you can remember but others can’t guess. For extra security you could change the name of the admin account too.
Read the rest of this entry »

Posted in Authentication, Cryptography, Open Source | Tagged: , | 6 Comments »

Security Lessons from Bletchley Park and Enigma

Posted by Craig H on 29 May 2013

I had fun presenting at the DC4420 security meetup in London yesterday. The topic was “Security Lessons from Bletchley Park and Enigma” and the slides are now up on SlideShare.

We covered how the Enigma machine works, how Bletchley Park exploited German mistakes, and the five lessons I picked out were:

  1. Cryptosystems have subtle flaws
  2. Plan for key compromise
  3. Users pick poor passwords
  4. Pick a good RNG and trust it
  5. Don’t underestimate the enemy
  6. Read the rest of this entry »

Posted in Cryptography, Enigma | 6 Comments »

Smartphone Apps, Cryptography and Export Controls

Posted by Craig H on 15 January 2012

You can’t work in software product security for as long as I have and not learn something about export controls, like it or not! Historically, many governments regarded encryption as military technology and defined and controlled it as such in their regulations. These days, pretty much anyone who uses the Internet or a mobile phone (and that’s more than 2/3 of the world’s entire population) uses encryption every day, for shopping on the web, logging in to social networks, or simply to call their friends. Nevertheless, export control regulations for encryption are still on the statute books of most countries around the world, and could still be enforced. The UK records of export control prosecutions and fines don’t include any relating to encryption technology in recent years; I would be interested to know if there have been any elsewhere.

Although I have sat in many export control meetings with lawyers over the last twenty-some years, I have to point out that I am not a lawyer, and this is not legal advice. I just thought it might interest others if I share my thinking on the current regimes of export controls, as I’m now in the situation of needing to consider it (again) as we want to publish an Android app that contains cryptographic technology (a simulation of a World War II Enigma machine, more on this soon…)

The main things I’ve learned about export controls on cryptography are that common sense often doesn’t apply and nothing is ever simple.
Read the rest of this entry »

Posted in Applications, Cryptography, Enigma, Export Control | 1 Comment »