November 16, 2009 • 12:49 am 0
An “Authentication Gap” was discovered in the latest version of SSL/TLS protocol.This could potentially be a huge problem. The gap is not due to some erroneous implementation, it is a property of the protocol.
Here is a list of links to websites where the issue is being followed:
Filed under: Authentication, Encryption, Hacking, InSecurity, SSL, Security, Technology, e-commerce, networks , Authentication, e-commerce, Encryption, Hacking, InSecurity, networks, Security, SSL
November 2, 2009 • 6:40 am 0
I have a few new reviews of papers on cryptography in my updated page. For those interested in the security of NMAC and HMAC or affiliation hiding key exchanges, I recommend reading the reviews. They include links to relevant papers.
Filed under: AMS, Authentication, Cryptanalysis, Cryptography, Encryption, Information Theory, Security , Authentication, crypt, Cryptography, Mathematics, Security
October 22, 2009 • 8:53 pm 0
Two underused resources, “Dark Fiber” and “White Space” are to be taken advantage of to increase the power of the network.
One application seeks to use optic fiber that has being laid but not being used to enable the establishment of secure keys using quantum technology http://www.technologyreview.com/computing/23317/page1/
The other is a wireless network in which the information is carried in the unused interstices of the TV spectrum. http://www.technologyreview.com/communications/23781/
Filed under: Key Generation, Quantum Cryptography, Technology, in the News, networks, wi-fi , communications, Information Theory, networks, Quantum Cryptography, Technology, wi-fi, wireless
September 17, 2009 • 3:44 pm 0
He deserved much better
National Post
14 Sep 2009
In the very distant future, the name of Alan Turing (1912-1954) will be among the very few for which the 20th century is remembered, long after most of the politicians, artists and celebrities have receded into confusion and oblivion. His stature is…read more…
Filed under: Cryptanalysis, Cryptography, ENIGMA, Encryption, Infomation Theory, in the News , Cryptanalysis, Cryptography, ENIGMA, in the News, Information Theory
August 22, 2009 • 6:01 am 0
An article stating the need to protect biometric data appeared in the IEEE spectrum magazine. Not a lot of new information, a good summary of the threats as biometrics are being used more and more as authenticators.
Filed under: Authentication, Encryption, Security, biometrics, in the News , Authentication, biometrics, Encryption, Security
April 18, 2009 • 5:49 am 0
Continuing with the main theme my last two posts, hacking, I am going to wrap up with this post about Secure Processors.
A secure processor is meant to protect the information and the communications, validate the communications channel and be tamper-resistant, should it falls into the adversary’s hands.
Successful hacking of secrets has the duality of being a happy/sad event, depending on which team are you playing for. The design of secure processors makes this duality patent as, in practice, the most important evaluation criterion is that the resulting product should resist the designer’s best attempts at hacking it.
The current research and development efforts are guided by U.S. DoD Anti-Tamper specifications. To prevent reverse engineering, architectures of secure processors are based on a combination of hardware and encrypted software in such a way that if the hardware is captured, its exact functions cannot be guessed without knowing the encryption keys. During WWII, the capture of an ENIGMA machine paved the way for the breaking of the enciphering by the allied forces. These historical lessons are incorporated into today’s design criteria. Some design even incorporate sensors that will detect attempts at using physical means to force the hardware and destroy the critical information upon detection (often called zeroization).
A new dimension to the problem is added by procurement system. Electronic chips are nowadays a commodity and absolute control over the manufacturing of chips is not possible. Therefore it is essential to ensure that the critical parts, that is the processors, are designed and made in controlled facilities.
The lessons learned in military applications are now being applied to commercial system. This is where the lines blurred because in the interconnected world the enemy can wreak havoc on the infrastructure without firing a shot. Communication and control networks associated with utilities will become more resistant to attacks by using computers fitted with secure processors.
Related:
Filed under: Anti-tamper, Cryptography, Encryption, Hacking, Security, Software, Technology , Anti-tamper, secure processors, Security, Technology
March 26, 2009 • 5:49 pm 0
ENIGMA crackers reunite at Bletchley Park
I had the honour to meet one of them, now an emeritus math professor.
Check this article for pictures of the Turing Bombe the electronic-mechanical code-breaking machine used by the British to crack 3,000 Enigma messages a day during the Second World War.
Cryptool ver 1.4 has a very well done simulator of the ENIGMA machine encryption.
del.icio.us Tags: ENIGMA,encryption,Cryptoblog,cryptography,Information Theory,cracking,in the news
Filed under: Cryptography, ENIGMA, Encryption, Information Theory, Math & Computers, in the News , codebreakers, Cryptography, Cryptool, Encryption, ENIGMA, in the News, Information Theory
February 21, 2009 • 2:44 am 0
The trouble with the use of MD5 in digital signatures recently uncovered by Sotirov et al. is common to other hash functions.
NIST has been discouraging people to use MD5 and even SHA 1 since many years ago. A good account of this was posted by Dustin Trammell here.
Because the output of a hash function is of a fixed length, usually smaller that the input, there will necessarily be collisions. The collision-free property for hash is thus defined by:
A function 
1. It is a one-way hash function.
2. It is hard to find two distinct messages 
Cryptographers talk about “relatively collision free” hash functions. A good hash function should be designed with the Avalanche Criterion in mind.
The Avalanche Criterion (AC) is used in the analysis of S-boxes or substitution boxes. S-boxes take a string as input and produce an encoded string as output.
The avalanche criterion requires that if any one bit of the input to an S-box is changed, about half of the bits that are output by the S-box should change their values. Therefore, even if collisions are unavoidable, there is no way to generate two strings with the same hash value other than brute force.
Filed under: Authentication, Cryptography, Encryption, Hash Functions , Authentication, Cryptography, Encryption, Hash Functions, MD5, SHA1
December 5, 2008 • 3:31 am 0
The latest stable version of cryptool is 1.4.21. I highly recommend to download both 
Filed under: Encryption, Software , Cryptool, Encryption
November 14, 2008 • 5:52 pm 0
For the longest time I have the suspicion that quantum cryptography, although a neat idea, is overrated. I was keeping an eye into developments (see previous posts) just in case. currently my impression is that, with the current, technology, QC is an expensive proposition for the added value it provides. It looks like I am in good company on this. In the October issue of Wired, Bruce Schneier writes a commentary piece where he asserts:
While I like the science of quantum cryptography — my undergraduate degree was in physics — I don’t see any commercial value in it. I don’t believe it solves any security problem that needs solving. I don’t believe that it’s worth paying for, and I can’t imagine anyone but a few technophiles buying and deploying it. Systems that use it don’t magically become unbreakable, because the quantum part doesn’t address the weak points of the system.
Security is a chain; it’s as strong as the weakest link. Mathematical cryptography, as bad as it sometimes is, is the strongest link in most security chains. Our symmetric and public-key algorithms are pretty good, even though they’re not based on much rigorous mathematical theory. The real problems are elsewhere: computer security, network security, user interface and so on.
Moreover I have a nagging question about the fundamental tenet of quantum cryptography. The principle is that Alice and Bob will know for sure that Eve is eavesdropping in their channel because their bits will be changing as required by the uncertainty principle. Eve may be out of luck in getting the secrets as Bob and Alice will certainly decide not to exchange them in her presence. However, the mischievous Eve may decide that she is quite happy with only preventing the exchange. I will call this a denial of channel attack by which Eve can prevent Alice and Bob to exchange any secret until the police figures out where she is tapping the quantum line and force her to stop. Eve-hacker can now start a cat and mouse chase, that judging from the record on netting hackers by the internet police, is lopsided on Eve’s favor.
A mathematical note aside, Schneier mentions in his article the Bennet-Brassard and key reconciliation algorithms used by quantum cryptography. In a paper written with A. Bruen and D. Wehlau we gave rigurous proof of convergence for the Bennet-Bessete-Brassard-Salvail and Smolin (BBBSS92)method. These results and more about quantum cryptography also appear on the our book.
Filed under: Encryption, Infomation Theory, Quantum Cryptography, Security, Technology, in the News , Encryption, Information Theory, Quantum Cryptography, Security
Data Security and Information Theory are essential to modern life. Far from being the exclusive domain of academics and geeks, the fundamentals and its application are easy to understand for most people. Here, my modest attempt to bring some of the issues to the public discourse and spread the knowledge to make the internet a safer place for your virtual self.
Click below to find out more
ScienceDaily: Computer Security News Wired: Commentary
