sciencetech-blog

comments

It could give every internet user access to simple encryption - and make the internet a far more secure place.

Scientists at Scentrics, working with University College London, say they have created an algorithm that can guarantee total privacy for everything from emails and text messages.

Called 'the construct', they hope the system could be used to give everything from desktop machines to mobile phones simple to use encryption. 

Scientists at Scentrics, working with University College London, say they have created an algorithm that can guarantee total privacy for everything from emails and text messages.

The company is headed by a computer scientist and mathematician, Paran Chandrasekaran, who used to be technology counsellor to the Prince of Wales' Business Advisory Board.

'This allows people to lock their digital front doors and alarm their online lives,' he told DailyMail.com.

'The challenge is to give crypto to the masses, make it a one click solution and comply with corporate security. 

'What we have developed is an algorithm that places a security layers into the DNA of the internet - it will have crypto for the masses, and you won't even need a special app.'

The company has found a way of defeating what cryptologists call 'the man-in-the-middle attack' or MITM – the ability of someone to hack and intercept an electronic message.

This requires an attacker to have the ability to both monitor and alter or inject messages into a communication channel. 

One example of this used by hackers is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. 

The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. 

This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle. 

Until now, said Chandrasekaran said, there has been no foolproof way of blocking a third person from gaining access to the electronic conversation.

The team recently received a patent for their solution, and is currently in talks with a major backer, with a deal expected to be announced within weeks.

'The buyer of this company must be commercial and responsible, well respected and not fight with other firms,' Chandrasekaran warned.

'Whoever aquires it can put this in place withih 30 days, and the deal going forward is that we will grow a small group to bring out more IP for this layer.'

The firm says it could even have been able to thwart the Sony attack. 

'Sony used to have a reputation for having biggest spend per head for security software,' said Chandrasekaran.'

'To be able to go inside there and get all the records is like walking through the front door, you need to nail these things to the floor.

'Encryption is hard to use because of key management, and we have solved this.'

Earlier this year, another company which had been working closely with UCL, the artificial intelligence start-up DeepMind, was sold to Google for £400m. 

The service was developed with researchers at University College London.

Professor Anthony Finkelstein, Dean of the Faculty of Engineering Sciences at UCL and a Fellow of the Royal College of Engineering, a member of Scentrics' Technical Advisory Board (TAB) said: 'What differentiates low and high value IP is algorithmic research or its absence. 

'Scentrics, rather like many of the other companies founded on algorithmic research, such as Google and Facebook, has done incredible work to solve the problem of automated key distribution and was one of the many reasons why UCL became involved.'  

Where issues of national security are concerned, the ciphers used are all government-approved, which means messages can be accessed if they need to be by the security services, he said.  

'No longer will there be the complaint that security is hard to use on the internet or phones,' the firm claims.

'The impact is truly revolutionary as it envisages a future in which there will be total user controlled privacy whilst also balancing the needs of national security by the architecture of the service which allows for Legitimised Key Escrow.

'In short, every individual and/or machine now has the ability to call, from the cloud, its own cryptographic key (pair). This process, for the first time in history, is fully automated.'