We would like to announce our latest Gold Lock 3G version for Nokia phones – now with the ability to send encrypted SMS messages even when the phone is not connected to the internet.

Download the latest versions simply by browsing from your Nokia phone to the following URL: “www.gold-lock.com/symbian”.

Sending and receiving an encrypted SMS is very simple, the manual is available online at: https://www.gold-lock.com/app/en/product/Goldlock3G.

The new feature is included in Gold Lock 3G for Nokia, with no additional charge. Customers who already purchased Gold Lock licenses for Nokia phones, will receive the upgrade automatically (completely free of charge) the next time Gold Lock is activated on their device.

As always, us and our worldwide licensed dealers are looking forward to your questions, requests and feedback.

Organizations are finally starting to become aware of the benefits of using appropriate encryption technology to ensure that information they hold is protected against the risks of data theft and or manipulation.

However, with the growth in adoption of using encryption to protect files and sensitive data, organizations are failing to ensure that other policies are up-to-speed with the advantages offered by encryption. One of the largest gaps is the spending on training to ensure that there is critical awareness about the risks involved in failing to follow security policies.

Social attacks have played a part in various forms of hacking since it began, and given the increased security offered by encryption social attacks are once again playing a large role when it comes to acquiring access to encryption keys in order to decrypt and steal sensitive information.

In the corporate environment, data theft can cost billions of dollars. It seems stupid to try to cut corners by not offering appropriate security guidelines for staff that have physical or virtual access to any location where sensitive information is kept. This means ensuring that there are clear processes and guidelines in place when it comes to divulging key information.

However, hackers that try to launch social attacks are undoubtedly going to be able to find a weak link somewhere within the organization. The only way to limit the effects of social vulnerabilities within the organization is to ensure that key access is restricted to a few individuals company wide.

No matter what, social attacks will continue to be a risk that no software can guard against, as we are all vulnerable to the effects of coercion.
The only thing we can do is to ensure that employees are aware of the risks and access is restricted to all but the most trusted individuals.

In 1979, Whitfield Diffie and Martin Hellman authored a practical method of public key exchange, which was known almost immediately as Diffie-Hellman. After thirty years, Diffie Hellman is still used in all the best examples of encryption software due to its speed, accuracy and ability to ensure protection from “Man in the Middle attacks” when used in conjunction with various authentication techniques.

The true beauty of Diffie-Hellman key exchange is in the way that it establishes a quick and secure ‘key’ which can be used for full secrecy due to the fact that the steps required to generate the key no longer exist.
This secure key can then be used in conjunction with single key encryption algorithms such as RSA to transport public key details in order to set up more secure relationships.

The efficiency of Diffie-Hellman is mostly due to the simplicity of the system. It is simple enough to be integrated in almost every main security suite as a basis for key-exchange to try to setup secure asymmetrical cryptography, which is greatly more secure than the likes of RSA.

It is important to understand that Diffie-Hellman is not an encryption algorithm, but a way to generate a completely random key that is unique to the two parties that underwent the key agreement phase. This means that Diffie-Hellman can generate keys for any symmetric encryption algorithm, such as ecliptic curve cryptography, which is currently one of the most efficient private-key algorithms currently available.

Gold Lock Enterprise utilizes Diffie-Hellman and Elliptic Curve cryptography to ensure the security of information that will be transported or shared with others. This means by choosing Gold Lock Enterprise, key management becomes fully automated due to the highly secure transparent negotiation that takes place in the beginning of each call, and in the background during each call.

Today’s encryption algorithms are almost impossible to ‘brute-force’. This makes it increasingly difficult for hackers to expose encrypted information by simply guessing the encryption key. As a direct result, attacks have evolved and there are now far more threats than simple brute force based attacks.

Technically, a brute force attack is still possible on older cryptographic algorithms. DES and Triple DES are known algorithms that have been vulnerable to brute force due to limitations on key size. As a result, the current mainstream encryption algorithm is AES that utilizes varying key lengths, which resultantly take longer to crack.

The truth for any modern encryption algorithm is that the major weakness lies in the key being used, which effectively dictates how effective the encryption will be.

In the past, computational limitations required limited key lengths, but in today’s multi-core parallel processing world 4096-bit and even larger keys are not unheard of.

Cryptography developments have largely eliminated the effectiveness of brute force attacks when appropriate guidelines are followed to ensure key length and that obviously modern encryption techniques are being used.
However, thanks to the downfall of brute-force attacks there has been growth in other forms of attack such as side-channel and man in the middle attacks. These can both be very effective should developers not follow appropriate guidelines when it comes to security.

When it comes to enterprise security and even home security, encryption is one of the essentials from corporate security to shopping online via the internet.
For many, encryption is a transparent technology that is relied upon as being adequate for the task, but the truth is that encryption is a technology that remains relatively misunderstood and many misconceptions exist about cryptography in general.

To start with, encryption is only part of the process required to ensure that data is secure. As with any form of protection, an item is only secure as long as no one has access – encryption is similar in that it uses keys to ‘lock’ up the data which can only be solved if you have the appropriate key.

This technique is known as symmetric or private key encryption. When files are encrypted, the creator uses a private-key to encrypt and decrypt the file. This private key is then shared to those who need to decrypt the file or send encrypted messages back to the original creator. Symmetric key cryptography is both highly efficient and secure when used with appropriate key management techniques.

On the other hand, in direct parallel is asymmetric encryption or public key cryptography, which was devised in the 1970s. This technique uses two sets of keys, one to encrypt and one to decrypt.
Public key /private key cryptography is use of asymmetric key algorithms because the key used to encrypt a message is not the same as the key used to decrypt it.

Each side has a private key which is kept secret, and a public key which can be widely distributed.

Messages are encrypted with the recipient’s public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but if implemented properly, the private key cannot be obtained from the public key.

The following diagram illustrates how asymmetric encryption works:

Bob encrypts a message using Alice’s public key. That public key can only be used for encryption, not for decryption. Alice uses her private key to decrypt the message.

Gold Lock products use a mixture of these techniques to ensure absolute and total security, which parallels NSA and Military standards. The progress that made by Gold Lock has created a uniform solution when it comes to economically securing not just data but all forms of communication (Voice, Text, Files, and Emails).

GSM Base Station

Independent studies have recently revealed that corporate espionage is one of the fastest growing underground markets for hackers.  In the past few decades, hackers were seen as nothing but a nuisance causing menace.
In today’s world of multi-national corporations and multi-million dollar trade brokering, hacking has became an essential part of under-the-table dealings for many unscrupulous individuals and corporations.
The truth is that it is not just governments and the fortune 500 that are at risk.  We are seeing an increase in scanning attacks that probe not just for a specific individual, but also for whole areas in the hopes that hackers can extract something valuable.
One of the largest areas in which we are seeing a trend is that of GSM data snooping in which hackers use sophisticated technology to intercept calls made over not just GSM networks, but PSTN as well.
With the current shift from PSTN over to VOIP technology, many professional hackers are finding it harder to circumvent corporate network security, so they are being forced to focus on other ‘weak-points’ that may provide entry or lucrative information.
GSM is one of those weak points in the net, and many corporations are lax when it comes to cellular security.  The truth is that ensuring cellular calls are secure has been highly difficult for corporations up until now.
With the advent of technology such as Gold Lock, corporations can finally start to create a layered security model that ensures all endpoints are covered.
By ensuring that point-to-point GSM encryption is used, corporations rely on not just the fact that their call is secure, but also that recipients have genuine credentials and are who they say they are.
This protects both parties from GSM Interceptors, and other forms of cellular hijacking.

Gold Line Group Ltd. (Israel)

We would like to welcome you to our Information Defense Blog, updated and maintained by the security experts at Gold Line Group Ltd. A leading Israeli manufacturer of encryption systems, including the popular Gold Lock mobile encryption solutions.

In this blog, we will cover many aspects of information security, including potential risks, ways to protect your organization from those risks, and new technology in the field of security.

As always, we will be happy to receive any comments or feedback you might have, including questions and requests for us to post information about issues that you find interesting, simply contact us and let us know what you think.

Gold Lock Team

www.gold-lock.com