419 research outputs found

    My Life with the FBI

    Get PDF
    When I was a child, the FBI was everywhere in my world and I loved my world more for that. My first remembered experience of entertainment — one could even say of story — was listening on the radio in the late forties to The FBI in Peace and War, and I can still hum its theme. My older brother Joe and I, and then Brian, too, when he came along, huddled together by the old Philco, riveted because those tales of gangbusters, spy catchers, and G-men evoked the world of our father, who was himself an FBI agent. He was rarely home by the time we went to bed, and so those radio programs filled that primordial need of ours to draw close to him at night before daring to close our eyes against the dark. With such protection, how could we be afraid? With a father engaged in such noble, dangerous, and important pursuits — saving lives and countries — how could our mere loneliness for him deflect the pride we felt

    Questions related to Bitcoin and other Informational Money

    Get PDF
    A collection of questions about Bitcoin and its hypothetical relatives Bitguilder and Bitpenny is formulated. These questions concern technical issues about protocols, security issues, issues about the formalizations of informational monies in various contexts, and issues about forms of use and misuse. Some questions are formulated in the more general setting of informational monies and near-monies. We also formulate questions about legal, psychological, and ethical aspects of informational money. Finally we formulate a number of questions concerning the economical merits of and outlooks for Bitcoin.Comment: 31 pages. In v2 the section on patterns for use and misuse has been improved and expanded with so-called contaminations. Other small improvements were made and 13 additional references have been include

    Blogs, wikis and creative innovation

    Get PDF
    blogs, internet, innovation

    Collegiate Codebreakers: Winthrop, Women, and War

    Get PDF
    During World War II, college-aged women from across the nation filled United States Army and Navy secretive cryptanalysis facilities to help win the war. For many women, colleges facilitated involvement in codebreaking. Through information gathered in oral histories, this thesis primarily explores war related programs at American colleges and the young women that became cryptanalysts. Academic institutions, like Winthrop College, became the nuclei for colligate codebreakers. They acted as early crypt education centers, through the offering of cryptology classes, functioned as recruitment centers, and operated as essential training hubs. While in school, young women were saturated by a climate of war and secrecy as campuses became militarized during this period. Their careers in academia and moral character came into account when cryptanalysis sectors began searching for loyal workers. While working as codebreakers for the United States government, women experienced a degree of freedom and witnessed a change in their position. In the name of the war effort and patriotic ideologies, female cryptanalysts broke codes and tested the strength of American ciphers. From college campuses to Army and Navy facilities, young women played essential roles in the war effort

    Malware Detection and Prevention

    Get PDF
    Malware first appeared in 1971, before broadband internet even existed. The first variations began with people just testing what they could do and were not malicious. Eventually, that time came to an end once cybercriminals began to realize that they could wreak havoc and profit from creating malware. Almost at the same time, cybersecurity was created to help combat these viruses and malicious attacks by cybercriminals. This project paper will dive into the technical issues that arise from malware detection and prevention. It starts with defining malware and goes over the history of malware from its birth to today. Then this paper will list all of the different variations of malware and the processes they execute to break into systems and propagate. Next, it goes over the different variations of malware defenses, starting with antivirus software. The paper will define antivirus software and how it functions as well as provide a history. Then it will dive into cryptographic defenses to define, provide history, and explain the methods employed by cryptography. Finally, it will go over firewalls explaining how they function and their history. Malware will never cease to exist, so it is highly important to consider what computer and network technologies you should employ to protect yourself. This paper isn’t just to dismiss malware but to help people understand better how these technologies can work to prevent malware attacks both during and before the attack even happens. Key Words: Malware, Antivirus Software, Cryptography, Firewall, Key, Cipher, Gatewa

    Dynamic block encryption with self-authenticating key exchange

    Get PDF
    One of the greatest challenges facing cryptographers is the mechanism used for key exchange. When secret data is transmitted, the chances are that there may be an attacker who will try to intercept and decrypt the message. Having done so, he/she might just gain advantage over the information obtained, or attempt to tamper with the message, and thus, misguiding the recipient. Both cases are equally fatal and may cause great harm as a consequence. In cryptography, there are two commonly used methods of exchanging secret keys between parties. In the first method, symmetric cryptography, the key is sent in advance, over some secure channel, which only the intended recipient can read. The second method of key sharing is by using a public key exchange method, where each party has a private and public key, a public key is shared and a private key is kept locally. In both cases, keys are exchanged between two parties. In this thesis, we propose a method whereby the risk of exchanging keys is minimised. The key is embedded in the encrypted text using a process that we call `chirp coding', and recovered by the recipient using a process that is based on correlation. The `chirp coding parameters' are exchanged between users by employing a USB flash memory retained by each user. If the keys are compromised they are still not usable because an attacker can only have access to part of the key. Alternatively, the software can be configured to operate in a one time parameter mode, in this mode, the parameters are agreed upon in advance. There is no parameter exchange during file transmission, except, of course, the key embedded in ciphertext. The thesis also introduces a method of encryption which utilises dynamic blocks, where the block size is different for each block. Prime numbers are used to drive two random number generators: a Linear Congruential Generator (LCG) which takes in the seed and initialises the system and a Blum-Blum Shum (BBS) generator which is used to generate random streams to encrypt messages, images or video clips for example. In each case, the key created is text dependent and therefore will change as each message is sent. The scheme presented in this research is composed of five basic modules. The first module is the key generation module, where the key to be generated is message dependent. The second module, encryption module, performs data encryption. The third module, key exchange module, embeds the key into the encrypted text. Once this is done, the message is transmitted and the recipient uses the key extraction module to retrieve the key and finally the decryption module is executed to decrypt the message and authenticate it. In addition, the message may be compressed before encryption and decompressed by the recipient after decryption using standard compression tools

    STPA-Sec Applied to Path Planning: Quantum-Safe Autonomous Vehicles

    Get PDF
    Autonomous vehicles and quantum computers are two emerging technologies that will transform our world in the not-too-distant future. This thesis examines the safety and security of autonomous vehicles in a world where adversaries have access to large-scale quantum computers. Large-scale quantum computers are relevant to automotive security because they can defeat the cryptographic foundation underlying critical safety systems such as path planning, perceptual unit, braking, steering, and engine electronic control units (ECUs). Peter Shor discovered a quantum computer algorithm in 1994 that can defeat modern-day public-key cryptography, including digital signatures (e.g., RSA, EdDSA), due to the algorithm’s ability to factor large numbers and find discrete logarithms efficiently [23]. According to existing mathematical theory, classical computers cannot factor large numbers or find discrete logarithms efficiently. The critical insight derived from this thesis is that an adversary can defeat an autonomous vehicle’s security of safety-critical systems with a large-scale quantum computer. In particular, the digital signatures used for authentication of over-the-air (OTA) software updates can be forged by an adversary with a large-scale quantum computer which, in the worst-case scenario, could enable a fleet-wide hack of an autonomous vehicle system potentially compromising a million vehicles simultaneously. The thesis explicitly identifies Tesla as a significant risk through their use of Ed25519, a discrete logarithm-based digital signature for OTA software updates [77], [78], [79]. Likely, most automotive manufacturers are at risk, but Tesla was the only company whose digital signature protocols were found to be publicly available on the internet. The analysis was completed using STPA-Sec (System-Theoretic Process Analysis for Security), an engineering risk management framework for identifying safety issues caused by security breaches. Overviews of quantum computing and quantum-safe cryptography are given. In addition, a Monte Carlo simulation framework is proposed to estimate the probability and severity of a large-scale quantum computer attack on autonomous vehicles. In addition to outlining the attack, countermeasures are provided to mitigate the risk, such as automotive companies upgrading to quantum-safe cryptography that NIST is currently standardizing. The NIST standardization is scheduled for completion in 2024. If automotive companies upgrade to quantum-safe cryptography, the risk against known attacks is eliminated, but there is a residual risk regarding currently unknown attacks. There is a reasonable amount of time to mitigate this risk as large-scale quantum computers are not expected to exist until the end of the decade. However, the section on quantum cyber risk analytics focuses on estimating the risk in the worst 1 in 1,000 chance scenario. Based on a model that estimates quantum risk, whose details including assumptions are outlined in Chapter 11, the central insight from the analytics is that there is an approximate 99 in 100 chance the RSA-2048 will be broken in 24 hours within the next 15 years in the worst 1 in 1,000 chance scenario. A vision of a quantum-safe and quantum-enhanced autonomous vehicle future is painted where quantum computers and quantum sensors may significantly enhance many aspects of autonomous vehicles. Recommendations to improve STPA-Sec are provided. The main contributions of this work are identifying a worst-case scenario where a million cars could be compromised by an adversary with access to a large-scale quantum computer, conducting a formal STPA-Sec analysis on the path planning control loop of an autonomous vehicle in the presence of an adversary with a large-scale quantum computer, providing suggestions on how to improve STPA-Sec, and the section on quantum risk management. In particular, conducting the first known quantum stress test by estimating the risk of the worst 1 in 1,000 chance scenario for RSA-2048 to be broken in 24 hours within 15, 20, and 30 years completes the contributions of this thesis

    The Moral Character of Cryptographic Work

    Get PDF
    Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently \textit{political} tool, and it confers on the field an intrinsically \textit{moral} dimension. The Snowden revelations motivate a reassessment of the political and moral positioning of cryptography. They lead one to ask if our inability to effectively address mass surveillance constitutes a failure of our field. I believe that it does. I call for a community-wide effort to develop more effective means to resist mass surveillance. I plea for a reinvention of our disciplinary culture to attend not only to puzzles and math, but, also, to the societal implications of our work

    Ransomware: Evolution, Mitigation and Prevention

    Get PDF
    Ransomware is a rapidly growing threat to the data files of individuals and businesses. It encrypts files on an infected computer and holds the key to decrypt the files until the victim pays a ransom. This malware is responsible for hundreds of millions of dollars of losses annually. Due to the large amounts of money to be made, new versions appear frequently. This allows bypassing antivirus software and other intrusion detection methods. In this paper, we present a brief history of ransomware, the arguments for and against paying the ransom, best practices to prevent an infection, and to recover from an infection should one happen
    • …
    corecore