September 30, 2008 • 2:46 pm 0
With the official rolling out of Phorm a new era is dawn. You can relax and stop fighting spyware inside your computer, your Internet Service Provider will be the spyware.
More details on the full horror of this idea can be found on this Security Now podcast.
Filed under: InSecurity, in the News
September 26, 2008 • 6:12 am 0
The ominous promise of a quantum computer able to factor large primes is often cited as the end of the road for cryptographic systems based in number theory, that is all forms of public key cryptography. To gain some perspective on the probabilities that a practical quantum computer with such capacity be around the corner, I have compiled a list of links related to the most promising technologies being developed in labs around the world.
A very nice graphical representation of the concepts of qubit and entanglement can be found here.
Detailed description of the trap technique (also here).
Developments on Quantum dots at Delft.
A recent survey of quantum algorithms.
IBM’s famous Quantum Information Group.
A quantum communication bus.
News from Nature blog.
Filed under: Quantum Cryptography, Technology , Quantum Cryptography, Technology
September 20, 2008 • 12:22 am 0
A very effective attack on secure systems is the good old man on the inside attack. A recent press report affirms that:
Countrywide, the big mortgage lender recently acquired by Bank of America, is notifying customers that a former employee may have sold their personal information to a third party
The Identity Theft Resource Center has interesting statistics on how prevalent this problem is.
Filed under: InSecurity, in the News
September 19, 2008 • 6:26 am 0
Contrary to stream ciphers in which the message, represented as a stream of binary digits (bits), is encrypted, bit by bit, a Block Cipher is symmetric-key cipher which encrypt fixed-length groups of bits into fixed length group of bits. The message is broken up into substrings (called blocks) of a fixed length 
A block ciphers consists of a reversible algorithm that takes two inputs, a block of length 
Currently NIST approves only 3 types of block ciphers AES, Triple-DES and Skipjack.
At a basic level, block ciphers are a combination of the two fundamental techniques for construction of ciphers advocated by Shannon in 1949, namely, confusion and diffusion.
Confusion tends to block the cryptanalyst from obtaining statistical patterns and redundancies in the cipher text arising from the plain text. Thus, the statistical dependency of the cipher text on the plain text is obfuscated. The easiest way to cause confusion is through the use of substitutions. In the case of a binary string, we substitute various ones and zeros by zeros and ones respectively, according to a pre-determined formula.
Diffusion dissipates the redundancy of the plain text by spreading it over the cipher text. For the moment, we can think of it informally as statistical patterns. Diffusion implies that, if we change just one letter or character in the plain text, we cause a big change in the cipher text. Thus, we will need a large amount of cipher text to capture redundancy in the plain text.
Filed under: Encryption, Security , AES, Ciphers, Cryptography, Encryption
September 6, 2008 • 3:28 am 0
I’ve added a little glossary page that (Ihope) will grow with time. Suggestions are welcome.
Filed under: in the News
September 4, 2008 • 5:50 am 0
Over a year ago I was posting about advances on practical quantum cryptography. In particular on the commercial side of it. Since then I’ve been keeping an eye on the news and everything is very quiet on this front with the exception of id Quantique.
As far as I know they have the only commercial implementation of a quantum key distribution (QKD) system. They are advertising a hybrid system in which a quantum channel is used to exchange the encryption keys for a AES encrypted classical channel. From the latest news at their website I can guess they figured out that without a standard to conform to, the sales of any new type of encryption system is an uphill battle.
The arXiv has a recent paper on practical quantum cryptography in which the authors mention mainly QKD as the only quantum technology mature enough to be commercial.
Other than the above mentioned systems, quantum cryptography is still a promise that has not delivered real, usable products.
Filed under: Quantum Cryptography, Technology , Quantum Cryptography, Technology
Data Security and Information Theory are essential to modern life. Far from being the exclusive domain of academics and geeks, the fundamentals and its application are easy to understand for most people. Here, my modest attempt to bring some of the issues to the public discourse and spread the knowledge to make the internet a safer place for your virtual self.
Click below to find out more
ScienceDaily: Computer Security News Wired: Commentary
