The Myth of Superiority of American Encryption Products

Encryption software and hardware use sophisticated mathematical algorithms to encipher a message so that only the intended recipient may read it. Fearing that criminals and terrorists will use encryption to evade authorities, the United States now restricts the export of encryption products with key lengths of more than 56 bits. The controls are futile, because strong encryption products are readily available overseas. Foreign-made encryption products are as good as, or better than, U.S.-made products. U.S. cryptographers have no monopoly on the mathematical knowledge and methods used to create strong encryption. Powerful encryption symmetric-key technologies developed in other countries include IDEA and GOST. Researchers in New Zealand have developed very strong public-key encryption systems. As patents on strong algorithms of U.S. origin expire, researchers in other countries will gain additional opportunities to develop strong encryption technology based on those algorithms

Flexible Yet Secure De-Duplication Service for Enterprise Data on Cloud Storage

The cloud storage services bring forth infinite storage capacity and flexible access capability to store and share large-scale content. The convenience brought forth has attracted both individual and enterprise users to outsource data service to a cloud provider. As the survey shows 56% of the usages of cloud storage applications are for data back up and up to 68% of data backup are user assets. Enterprise tenants would need to protect their data privacy before uploading them to the cloud and expect a reasonable performance while they try to reduce the operation cost in terms of cloud storage, capacity and I/Os matter as well as systems’ performance, bandwidth and data protection. Thus, enterprise tenants demand secure and economic data storage yet flexible access on their cloud data. In this paper, we propose a secure de-duplication solution for enterprise tenants to leverage the benefits of cloud storage while reducing operation cost and protecting privacy. First, the solution uses a proxy to do flexible group access control which supports secure de-duplication within a group; Second, the solution supports scalable clustering of proxies to support large-scale data access; Third, the solution can be integrated with cloud storage seamlessly. We implemented and tested our solution by integrating it with Dropbox. Secure de-duplication in a group is performed at low data transfer latency and small storage overhead as compared to de-duplication on plaintext

ADB–OECD Study on Enhancing Financial Accessibility for SMEs: Lessons from Recent Crises

During the era of global financial uncertainty, stable access to appropriate funding sources has been much harder for small and medium-sized enterprises (SMEs). The global financial crisis impacted SMEs and entrepreneurs disproportionately, exacerbating their traditional financing constraints. The financial conditions of many SMEs were weakened by the drop in demand for goods and services and the credit tightening. The sovereign debt crisis that hit several European countries contributed to further deterioration in bank lending activities, which negatively affected private sector development. The global regulatory response to financial crises, such as the Basel Capital Accord, while designed to reduce systemic risks may also constrain bank lending to SMEs. In particular, Basel III requires banks to have tighter risk management as well as greater capital and liquidity. Resulting asset preference and deleveraging of banks, particularly European banks with significant presence in Asia, could limit the availability of funding for SMEs in Asia and the Pacific. Lessons from the recent financial crises have motivated many countries to consider SME access to finance beyond conventional bank credit and to diversify their national financial system. Improving SME access to finance is a policy priority at the country and global level. Poor access to finance is a critical inhibiting factor to the survival and growth potential of SMEs. Financial inclusion is thus key to the development of the SME sector, which is a driver of job creation and social cohesion and takes a pivotal role in scaling up national economies. The Asian Development Bank (ADB) and the Organisation for Economic Co-operation and Development (OECD) have recognized that it is crucial to develop a comprehensive range of policy options on SME finance, including innovative financing models. With this in mind, sharing Asian and OECD experiences on SME financing would result in insightful discussions on improving SME access to finance at a time of global financial uncertainty. Based on intensive discussions in two workshops organized by ADB in Manila on 6–7 March 2013 and by OECD in Paris on 21 October 2013, the two organizations together compiled this study report on enhancing financial accessibility for SMEs, especially focusing on lessons from the past and recent crises in Asia and OECD countries. The report takes a comparative look at ADB and OECD experiences, and aims to identify promising policy solutions for creating an SME base that is resilient to crisis, from a viewpoint of access to finance, and which can help drive growth and development

Quantum Computing: Pro and Con

I assess the potential of quantum computation. Broad and important applications must be found to justify construction of a quantum computer; I review some of the known quantum algorithms and consider the prospects for finding new ones. Quantum computers are notoriously susceptible to making errors; I discuss recently developed fault-tolerant procedures that enable a quantum computer with noisy gates to perform reliably. Quantum computing hardware is still in its infancy; I comment on the specifications that should be met by future hardware. Over the past few years, work on quantum computation has erected a new classification of computational complexity, has generated profound insights into the nature of decoherence, and has stimulated the formulation of new techniques in high-precision experimental physics. A broad interdisciplinary effort will be needed if quantum computers are to fulfill their destiny as the world's fastest computing devices. (This paper is an expanded version of remarks that were prepared for a panel discussion at the ITP Conference on Quantum Coherence and Decoherence, 17 December 1996.)Comment: 17 pages, LaTeX, submitted to Proc. Roy. Soc. Lond. A, minor correction

Naturally Rehearsing Passwords

We introduce quantitative usability and security models to guide the design of password management schemes --- systematic strategies to help users create and remember multiple passwords. In the same way that security proofs in cryptography are based on complexity-theoretic assumptions (e.g., hardness of factoring and discrete logarithm), we quantify usability by introducing usability assumptions. In particular, password management relies on assumptions about human memory, e.g., that a user who follows a particular rehearsal schedule will successfully maintain the corresponding memory. These assumptions are informed by research in cognitive science and validated through empirical studies. Given rehearsal requirements and a user's visitation schedule for each account, we use the total number of extra rehearsals that the user would have to do to remember all of his passwords as a measure of the usability of the password scheme. Our usability model leads us to a key observation: password reuse benefits users not only by reducing the number of passwords that the user has to memorize, but more importantly by increasing the natural rehearsal rate for each password. We also present a security model which accounts for the complexity of password management with multiple accounts and associated threats, including online, offline, and plaintext password leak attacks. Observing that current password management schemes are either insecure or unusable, we present Shared Cues--- a new scheme in which the underlying secret is strategically shared across accounts to ensure that most rehearsal requirements are satisfied naturally while simultaneously providing strong security. The construction uses the Chinese Remainder Theorem to achieve these competing goals

From Golden to Unimodular Cryptography

We introduce a natural generalization of the golden cryptography, which uses general unimodular matrices in place of the traditional Q-matrices, and prove that it preserves the original error correction properties of the encryption. Moreover, the additional parameters involved in generating the coding matrices make this unimodular cryptography resilient to the chosen plaintext attacks that worked against the golden cryptography. Finally, we show that even the golden cryptography is generally unable to correct double errors in the same row of the ciphertext matrix, and offer an additional check number which, if transmitted, allows for the correction.Comment: 20 pages, no figure