A Security Analysis of Some Physical Content Distribution Systems

Content distribution systems are essentially content protection systems that protect premium multimedia content from being illegally distributed. Physical content distribution systems form a subset of content distribution systems with which the content is distributed via physical media such as CDs, Blu-ray discs, etc. This thesis studies physical content distribution systems. Specifically, we concentrate our study on the design and analysis of three key components of the system: broadcast encryption for stateless receivers, mutual authentication with key agreement, and traitor tracing. The context in which we study these components is the Advanced Access Content System (AACS). We identify weaknesses present in AACS, and we also propose improvements to make the original system more secure, flexible and efficient

Framework for privacy-aware content distribution in peer-to- peer networks with copyright protection

The use of peer-to-peer (P2P) networks for multimedia distribution has spread out globally in recent years. This mass popularity is primarily driven by the efficient distribution of content, also giving rise to piracy and copyright infringement as well as privacy concerns. An end user (buyer) of a P2P content distribution system does not want to reveal his/her identity during a transaction with a content owner (merchant), whereas the merchant does not want the buyer to further redistribute the content illegally. Therefore, there is a strong need for content distribution mechanisms over P2P networks that do not pose security and privacy threats to copyright holders and end users, respectively. However, the current systems being developed to provide copyright and privacy protection to merchants and end users employ cryptographic mechanisms, which incur high computational and communication costs, making these systems impractical for the distribution of big files, such as music albums or movies.El uso de soluciones de igual a igual (peer-to-peer, P2P) para la distribución multimedia se ha extendido mundialmente en los últimos años. La amplia popularidad de este paradigma se debe, principalmente, a la distribución eficiente de los contenidos, pero también da lugar a la piratería, a la violación del copyright y a problemas de privacidad. Un usuario final (comprador) de un sistema de distribución de contenidos P2P no quiere revelar su identidad durante una transacción con un propietario de contenidos (comerciante), mientras que el comerciante no quiere que el comprador pueda redistribuir ilegalmente el contenido más adelante. Por lo tanto, existe una fuerte necesidad de mecanismos de distribución de contenidos por medio de redes P2P que no supongan un riesgo de seguridad y privacidad a los titulares de derechos y los usuarios finales, respectivamente. Sin embargo, los sistemas actuales que se desarrollan con el propósito de proteger el copyright y la privacidad de los comerciantes y los usuarios finales emplean mecanismos de cifrado que implican unas cargas computacionales y de comunicaciones muy elevadas que convierten a estos sistemas en poco prácticos para distribuir archivos de gran tamaño, tales como álbumes de música o películas.L'ús de solucions d'igual a igual (peer-to-peer, P2P) per a la distribució multimèdia s'ha estès mundialment els darrers anys. L'àmplia popularitat d'aquest paradigma es deu, principalment, a la distribució eficient dels continguts, però també dóna lloc a la pirateria, a la violació del copyright i a problemes de privadesa. Un usuari final (comprador) d'un sistema de distribució de continguts P2P no vol revelar la seva identitat durant una transacció amb un propietari de continguts (comerciant), mentre que el comerciant no vol que el comprador pugui redistribuir il·legalment el contingut més endavant. Per tant, hi ha una gran necessitat de mecanismes de distribució de continguts per mitjà de xarxes P2P que no comportin un risc de seguretat i privadesa als titulars de drets i els usuaris finals, respectivament. Tanmateix, els sistemes actuals que es desenvolupen amb el propòsit de protegir el copyright i la privadesa dels comerciants i els usuaris finals fan servir mecanismes d'encriptació que impliquen unes càrregues computacionals i de comunicacions molt elevades que fan aquests sistemes poc pràctics per a distribuir arxius de grans dimensions, com ara àlbums de música o pel·lícules

A framework for development and implementation of secure hardware-based systems

Orientador : Ricardo Dahab.Tese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo A concepção de sistemas seguros demanda tratamento holístico, global. A razão é que a mera composição de componentes individualmente seguros não garante a segurança do conjunto resultante2. Enquanto isso, a complexidade dos sistemas de informação cresce vigorosamente, dentre outros, no que se diz respeito: i) ao número de componentes constituintes; ii) ao número de interações com outros sistemas; e iii) 'a diversidade de natureza dos componentes. Este crescimento constante da complexidade demanda um domínio de conhecimento ao mesmo tempo multidisciplinar e profundo, cada vez mais difícil de ser coordenado em uma única visão global, seja por um indivíduo, seja por uma equipe de desenvolvimento. Nesta tese propomos um framework para a concepção, desenvolvimento e deployment de sistemas baseados em hardware que é fundamentado em uma visão única e global de segurança. Tal visão cobre um espectro abrangente de requisitos, desde a integridade física dos dispositivos até a verificação, pelo usuário final, de que seu sistema está logicamente íntegro. Para alcançar este objetivo, apresentamos nesta tese o seguinte conjunto de componentes para o nosso framework: i) um conjunto de considerações para a construção de modelos de ataques que capturem a natureza particular dos adversários de sistemas seguros reais, principalmente daqueles baseados em hardware; ii) um arcabouço teórico com conceitos e definições importantes e úteis na construção de sistemas seguros baseados em hardware; iii) um conjunto de padrões (patterns) de componentes e arquiteturas de sistemas seguros baseados em hardware; iv) um modelo teórico, lógico-probabilístico, para avaliação do nível de segurança das arquiteturas e implementações; e v) a aplicação dos elementos do framework na implementação de sistemas de produção, com estudos de casos muito significativos3. Os resultados relacionados a estes componentes estão apresentados nesta tese na forma de coletânea de artigos. 2 Técnicas "greedy" não fornecem necessariamente os resultados ótimos. Mais, a presença de componentes seguros não é nem fundamental. 3 Em termos de impacto social, econômico ou estratégicoAbstract: The conception of secure systems requires a global, holistic, approach. The reason is that the mere composition of individually secure components does not necessarily imply in the security of the resulting system4. Meanwhile, the complexity of information systems has grown vigorously in several dimensions as: i) the number of components, ii) the number of interactions with other components, iii) the diversity in the nature of the components. This continuous growth of complexity requires from designers a deep and broad multidisciplinary knowledge, which is becoming increasingly difficult to be coordinated and attained either by individuals or even teams. In this thesis we propose a framework for the conception, development, and deployment of secure hardware-based systems that is rooted on a unified and global security vision. Such a vision encompasses a broad spectrum of requirements, from device physical integrity to the device logical integrity verification by humans. In order to attain this objective we present in this thesis the following set of components of our framework: i) a set of considerations for the development of threat models that captures the particular nature of adversaries of real secure systems based on hardware; ii) a set of theoretical concepts and definitions useful in the design of secure hardware-based systems; iii) a set of design patterns of components and architectures for secure systems; iv) a logical-probabilistic theoretical model for security evaluation of system architectures and implementations; and v) the application of the elements of our framework in production systems with highly relevant study cases. Our results related to these components are presented in this thesis as a series of papers which have been published or submitted for publication. 4Greedy techniques do not inevitably yield optimal results. More than that, the usage of secure components is not even requiredDoutoradoCiência da ComputaçãoDoutor em Ciência da Computaçã

A Signature Scheme Based on Implicit and Explicit Certificates Against k-Traitors Collusion Attack

Part 7: Various Aspects of Computer SecurityInternational audienceIn 2002, Mitsunari, Sakai and Kasahara formulated the Collusion Attack Algorithm with k traitors (known as k-CAA problem) and used it to develop the first traitor tracing scheme based on the bilinear pairings. Traitor tracing scheme is needed to discourage legitimate subscribers from sharing their secret keys to construct pirate decoders. In this paper, we propose a first signature scheme (IE-CBS-kCAA) based on k-CAA problem, which belongs to the fourth category of PKC schemes: the public key cryptography schemes based on an implicit and explicit certificates. The security analysis proves that our IE-CBS-kCAA scheme is secure against two game attacks in the random oracle model. The security is closely related to the difficulty of solving the modified k-CAA and discrete logarithm problems

Tabloidisation and the coverage of political issues in Zimbabwe - the case of Joice Mujuru

The study critically explored the tabloidisation of political news in Zimbabwe by focussing on the coverage of the expulsion of Joice Mujuru from ZANU PF and government by selected newspapers. The study analysed three national dailies across the ownership divide; The Herald, Daily News and NewsDay. The objective of the study was to establish whether or not the decline in standards of journalism and performance in Zimbabwe could be attributed to tabloidisation. The study employed a qualitative methodology through qualitative content analysis and in-depth interviews to assess whether the framing reflected tabloid or broadsheet journalism styles. The framing of Joice Mujuru by The Herald was pejorative and derisive as she was depicted as corrupt, traitor, inept and a simplistic thinker who cannot handle issues to do with statecraft. Daily News sympathised with Joice Mujuru as a victim of chauvinistic factional politics in ZANU PF, especially, after the death of her husband, General Solomon Mujuru. The study argued that Joice was also depicted as a brave leader who could challenge for the office of the president, if she formed a coalition with MDC –T leader Morgan Tsvangirai. Daily News sought to counter all the negative framing of Joice Mujuru by The Herald. NewsDay framing was sympathetic, like Daily News but was more inclined on creating an image of a moderate leader in Mujuru, one who would be acceptable to all Zimbabweans because she had the critical liberation war credentials that Tsvangirai lacked and Mujuru’s perceived abilities to extricate the country from the economic challenges by mending relationships with the West. Despite the diametrically opposed frames in terms of The Herald versus Daily News and NewsDay, all the newspapers are undergoing the damaging process of tabloidisation by employing tabloid styles and formatting in their political news coverage through sensationalism, trivialisation and emotionalism. It was argued that the media needs self-introspection and recommitment to ethical and objective journalism as the watchdogs of society.CommunicationD. Litt. et Phil. (Communication

From Blueprint to Genocide

Through an analysis of the Iraq’s engineered genocides against Kurds during the years of Saddam Hussein’s regime, this work aimed to reveal the weakness of the current political and social situation in Iraq. The purpose was to offer an overview of the dangers posed by the current difficult coexistence between the Federal Government in Baghdad and the Kurdish Regional Government in Erbil. The birth of a new political system after the fall of Saddam's regime meant that every institutional power had to be built from scratch in a political and social reality new to most Iraqis. This process of renovation, already witnessed in Europe after World War II, in particular in Italy and Germany, implied the writing of a new constitution and of a new set of legal frames with the purpose to give the country a strong and reliable democratic base. In the case of Iraqi Kurds, who suffered discrimination, death and, ultimately genocide, it is important to revisit their recent past in order to feel they are an integral part of the new country born after the last Gulf War in 2003. Despite the international interest in the Kurdish case, Kurdish people did not have the opportunity to see the ones responsible of the crimes committed against them brought to international justice, as happened in the past in the case of Rwanda and Bosnia. The execution of Saddam Hussein in 2006 meant that the charges against him and his commanders related to the Kurdish case were not discussed in court preventing Kurdish people not only from obtaining the justice they were entitled to but, most importantly, from gaining access to the truth about the massacres and human rights abuses carried out by Saddam's regime between 1963 and 2003. Through an analysis of the Iraq’s engineered genocides against Kurds during the years of Saddam Hussein’s regime, this work aimed to reveal the weakness of the current political and social situation in Iraq. The purpose was to offer an overview of the dangers posed by the current difficult coexistence between the Federal Government in Baghdad and the Kurdish Regional Government in Erbil. The birth of a new political system after the fall of Saddam's regime meant that every institutional power had to be built from scratch in a political and social reality new to most Iraqis. This process of renovation, already witnessed in Europe after World War II, in particular in Italy and Germany, implied the writing of a new constitution and of a new set of legal frames with the purpose to give the country a strong and reliable democratic base. In the case of Iraqi Kurds, who suffered discrimination, death and, ultimately genocide, it is important to revisit their recent past in order to feel they are an integral part of the new country born after the last Gulf War in 2003. Despite the international interest in the Kurdish case, Kurdish people did not have the opportunity to see the ones responsible of the crimes committed against them brought to international justice, as happened in the past in the case of Rwanda and Bosnia. The execution of Saddam Hussein in 2006 meant that the charges against him and his commanders related to the Kurdish case were not discussed in court preventing Kurdish people not only from obtaining the justice they were entitled to but, most importantly, from gaining access to the truth about the massacres and human rights abuses carried out by Saddam's regime between 1963 and 2003

Decentralised computer systems

The architecture of the Web was designed to enable decentralised exchange of information. Early architects envisioned an egalitarian yet organic society thriving in cyberspace. The reality of the Web today, unfortunately, does not bear out these visions: information networks have repeatedly shown a tendency towards consolidation and centralisation with the current Web split between a handful of large corporations. The advent of Bitcoin and successor blockchain networks re-ignited interest in developing alternatives to the centralised Web and paving a way back to the earlier architectural visions for the Web. This has led to immense hype around these technologies with the cryptocurrency market valued at several hundred billions of dollars at the time of writing. With great hype, apparently, come great scams. I start off by analysing the use of Bitcoin as an enabler for crime and then present both technical solutions as well as policy recommendations to mitigate the harm these crimes cause. These policy recommendations then lead us on to look more closely at cryptocurrency's tamer cousin: permissioned blockchains. These systems, while less revolutionary in their premise, nevertheless aim to provide sweeping improvements in the efficiency and transparency of existing enterprise systems. To see whether they work in practice, I present the results of my work in delivering a production permissioned blockchain system to real users. This involves comparing several permissioned blockchain systems, exploring their deficiencies and developing solutions for the most egregious of those. Lastly, I do a deep dive into one of the most persistent technical issues with permissioned blockchains, and decentralised networks in general: the lack of scalability in their consensus mechanisms. I present two novel consensus algorithms that aim to improve upon the state of the art in several ways. The first is designed to enable existing permissioned blockchain networks to scale to thousands of nodes. The second presents an entirely new way of building decentralised consensus systems utilising a trie-based data structure at its core as opposed to the usual linear ledgers used in current systems

Covid Conspiracy Theories in Global Perspective

Covid Conspiracy Theories in Global Perspective examines how conspiracy theories and related forms of misinformation and disinformation about the Covid-19 pandemic have circulated widely around the world. Covid conspiracy theories have attracted considerable attention from researchers, journalists, and politicians, not least because conspiracy beliefs have the potential to negatively affect adherence to public health measures. While most of this focus has been on the United States and Western Europe, this collection provides a unique global perspective on the emergence and development of conspiracy theories through a series of case studies. The chapters have been commissioned by recognized experts on area studies and conspiracy theories. The chapters present case studies on how Covid conspiracism has played out (some focused on a single country, others on regions), using a range of methods from a variety of disciplinary perspectives, including history, politics, sociology, anthropology, and psychology. Collectively, the authors reveal that, although there are many narratives that have spread virally, they have been adapted for different uses and take on different meanings in local contexts. This volume makes an important contribution to the rapidly expanding field of academic conspiracy theory studies, as well as being of interest to those working in the media, regulatory agencies, and civil society organizations, who seek to better understand the problem of how and why conspiracy theories spread

Children's classics translated from English under Franco: the censorship of the William books and the Adventures of Tom Sawyer.

PhDThe thesis documents the censorship histories of Mark Twain's The Adventures of Tom Sawyer and Richmal Crompton's William books under Franco, and analyses these censorship histories in terms of the changing character of the regime. Previously unconsulted primary sources are used, such as censors' reports and translation proofs held in the Archivo General de la Administración del Estado at Alcalá de Henares. The censors' reports demonstrate that children's literature and translated literature were treated as special cases by the regime, and that censorship was particularly harsh in both areas. These findings demonstrate the crucial importance of attitudes to childhood and foreignness in the Francoist ideological scheme. The censorship histories of Tom Sawyer and the William books reveal some surprising facts. The William books began to be persecuted by the censors in late 1942, precisely the moment when the regime was seeking a rapprochement with the Allied powers as the course of the War turned in the latter's favour. This prohibition cannot be understood without exploring the factors which differentiate children's literature from adult literature in the context of Francoism. The books' peculiarly English character also had a vital bearing on how they were censored. The history of Tom Sawyer in Spain demonstrates the effect of literary status on censorship practice. Early in the regime, the censors generally considered Tom Sawyer to be a work for adults. From the mid-1950s, however, children's literature was inscribed as a special category in censorship legislation, and the censors began to view editions of the work as specifically intended for children. Tom Sawyer thus encountered censorship problems in the later years of the regime, supposedly more liberal than the earlier period. Again, these problems would be inexplicable without examining the evolution of the publishing industry and Francoist attitudes to literature and the child. The thesis also provides a detailed analysis of the type of suppressions imposed on the books studied, under the following headings: religion; love, sexuality and gender; authority and politics, nation and race; crime, terror and violence