Now, Microsoft has also announced several improvements to the encryption used in its online cloud services in order to protect them from cyber criminals, bad actors and prying eyes. The company effort detailed in a blog entry by Matt Thomlinson, Microsoft's Vice President of Trustworthy Computing Security.
MICROSOFT'S COMMITMENT
Last December, Microsoft promised to protect its users data from government snooping by expanding encryption across its services, reinforcing legal protections for its customers' data and enhancing the transparency of its software code, making it easier for the customers to reassure themselves that its products contain no backdoors.
Yesterday's announcement comes as an achievement in its ongoing endeavor.
ENABLED PERFECT FORWARD SECRECY (PFS)
Both Outlook.com and OneDrive have been empowered with Perfect Forward Secrecy (PFS) encryption support for sending and receiving mail between the e-mail providers.
Perfect Forward Secrecy is an encryption technique that uses randomly generated encryption key for each connection on a per-session basis, making it even more difficult for cyber attackers to decrypt the connections.
Perfect Forward Secrecy is an encryption technique that uses randomly generated encryption key for each connection on a per-session basis, making it even more difficult for cyber attackers to decrypt the connections.
That means, from a service without PFS, government or hacker can demand or steal the long-term secret key used to secure connections and with the help of it they can decrypt that particular session to which the key belongs as well as all past, recorded sessions. But, using PFS, one can prevent itself from this situation, as in this case, compromising one session's key only enables them to decrypt that particular session.
But Perfect Forward Secrecy (PFS) will only protect the connections between the Outlook.com server and other email providers, not the connection between the end user and the Outlook.com server.
MAKE USE OF TLS
In addition to this, both inbound and outbound mail on the Microsoft's Outlook.com service will also make use of Transport Layer Security (TLS) encryption when communicating with other mail servers that also support TLS. This will make it more difficult for any eavesdropper to listen in to the communications.
Microsoft has worked with a several other mail providers to ensure that the communication is encrypted in transit.
"Over the past six months, we have been working across the industry to further protect and help ensure your mail remains protected," said Thomlinson. "This includes working closely with several international providers throughout our implementation, including, Deutsche Telekom, Yandex and Mail.Ru to test and help ensure that mail stays encrypted in transit to and from each email service."
OPENED TRANSPARENCY CENTER
The company has also opened its first "Transparency Center", on its Redmond campus, WA, where Governments can participate to analyze Microsoft source code to confirm that there are no "backdoors" and assure software integrity.
Microsoft had previously announced a Brussels Transparency Center, which is another goal in its list to achieve.
JAVA SCRIPT CRYPTOGRAPHIC CODE FOR DEVELOPERS
Also last month, Microsoft Research team published an under-development JavaScript cryptographic library that extends the W3C WebCrypto API for exposure to software developers and researchers interested in cloud and browser security.
Microsoft Research JavaScript Cryptography Library is designed to work with HTML5-compliant cloud services. Cryptographic library been tested on IE browsers 8, 9, 10, 11, the last Firefox, Chrome, Opera and Safari.
"It provides useful utility functions, such as endianness management and conversion routines. The big integer library is likely to change in future releases. There are also unit tests and some sample code." Microsoft said.
The library is still under-development and currently supports encryption/decryption of RSA (PKCS#1 v1.5, OAEP, and PSS), AES-CBC and GCM, SHA-256/384/512, HMAC with supported hash functions, PRNG (AES-CTR based) as specified by NIST, ECDH, ECDSA, and KDF (Concat mode).
