419 research outputs found
My Life with the FBI
When I was a child, the FBI was everywhere in my world and I loved my world more for that. My first remembered experience of entertainment — one could even say of story — was listening on the radio in the late forties to The FBI in Peace and War, and I can still hum its theme. My older brother Joe and I, and then Brian, too, when he came along, huddled together by the old Philco, riveted because those tales of gangbusters, spy catchers, and G-men evoked the world of our father, who was himself an FBI agent. He was rarely home by the time we went to bed, and so those radio programs filled that primordial need of ours to draw close to him at night before daring to close our eyes against the dark. With such protection, how could we be afraid? With a father engaged in such noble, dangerous, and important pursuits — saving lives and countries — how could our mere loneliness for him deflect the pride we felt
Questions related to Bitcoin and other Informational Money
A collection of questions about Bitcoin and its hypothetical relatives
Bitguilder and Bitpenny is formulated. These questions concern technical issues
about protocols, security issues, issues about the formalizations of
informational monies in various contexts, and issues about forms of use and
misuse. Some questions are formulated in the more general setting of
informational monies and near-monies.
We also formulate questions about legal, psychological, and ethical aspects
of informational money. Finally we formulate a number of questions concerning
the economical merits of and outlooks for Bitcoin.Comment: 31 pages. In v2 the section on patterns for use and misuse has been
improved and expanded with so-called contaminations. Other small improvements
were made and 13 additional references have been include
Collegiate Codebreakers: Winthrop, Women, and War
During World War II, college-aged women from across the nation filled United States Army and Navy secretive cryptanalysis facilities to help win the war. For many women, colleges facilitated involvement in codebreaking. Through information gathered in oral histories, this thesis primarily explores war related programs at American colleges and the young women that became cryptanalysts. Academic institutions, like Winthrop College, became the nuclei for colligate codebreakers. They acted as early crypt education centers, through the offering of cryptology classes, functioned as recruitment centers, and operated as essential training hubs. While in school, young women were saturated by a climate of war and secrecy as campuses became militarized during this period. Their careers in academia and moral character came into account when cryptanalysis sectors began searching for loyal workers. While working as codebreakers for the United States government, women experienced a degree of freedom and witnessed a change in their position. In the name of the war effort and patriotic ideologies, female cryptanalysts broke codes and tested the strength of American ciphers. From college campuses to Army and Navy facilities, young women played essential roles in the war effort
Malware Detection and Prevention
Malware first appeared in 1971, before broadband internet even existed. The first variations began with people just testing what they could do and were not malicious. Eventually, that time came to an end once cybercriminals began to realize that they could wreak havoc and profit from creating malware. Almost at the same time, cybersecurity was created to help combat these viruses and malicious attacks by cybercriminals. This project paper will dive into the technical issues that arise from malware detection and prevention. It starts with defining malware and goes over the history of malware from its birth to today. Then this paper will list all of the different variations of malware and the processes they execute to break into systems and propagate. Next, it goes over the different variations of malware defenses, starting with antivirus software. The paper will define antivirus software and how it functions as well as provide a history. Then it will dive into cryptographic defenses to define, provide history, and explain the methods employed by cryptography. Finally, it will go over firewalls explaining how they function and their history. Malware will never cease to exist, so it is highly important to consider what computer and network technologies you should employ to protect yourself. This paper isn’t just to dismiss malware but to help people understand better how these technologies can work to prevent malware attacks both during and before the attack even happens.
Key Words: Malware, Antivirus Software, Cryptography, Firewall, Key, Cipher, Gatewa
Dynamic block encryption with self-authenticating key exchange
One of the greatest challenges facing cryptographers is the mechanism used
for key exchange. When secret data is transmitted, the chances are that there
may be an attacker who will try to intercept and decrypt the message. Having
done so, he/she might just gain advantage over the information obtained, or
attempt to tamper with the message, and thus, misguiding the recipient.
Both cases are equally fatal and may cause great harm as a consequence.
In cryptography, there are two commonly used methods of exchanging secret
keys between parties. In the first method, symmetric cryptography, the key is
sent in advance, over some secure channel, which only the intended recipient
can read. The second method of key sharing is by using a public key exchange
method, where each party has a private and public key, a public key is shared
and a private key is kept locally. In both cases, keys are exchanged between
two parties.
In this thesis, we propose a method whereby the risk of exchanging keys
is minimised. The key is embedded in the encrypted text using a process
that we call `chirp coding', and recovered by the recipient using a process
that is based on correlation. The `chirp coding parameters' are exchanged
between users by employing a USB flash memory retained by each user. If the
keys are compromised they are still not usable because an attacker can only
have access to part of the key. Alternatively, the software can be configured
to operate in a one time parameter mode, in this mode, the parameters
are agreed upon in advance. There is no parameter exchange during file
transmission, except, of course, the key embedded in ciphertext.
The thesis also introduces a method of encryption which utilises dynamic blocks, where the block size is different for each block. Prime numbers are
used to drive two random number generators: a Linear Congruential Generator
(LCG) which takes in the seed and initialises the system and a Blum-Blum
Shum (BBS) generator which is used to generate random streams to encrypt
messages, images or video clips for example. In each case, the key created is
text dependent and therefore will change as each message is sent.
The scheme presented in this research is composed of five basic modules. The
first module is the key generation module, where the key to be generated is
message dependent. The second module, encryption module, performs data
encryption. The third module, key exchange module, embeds the key into
the encrypted text. Once this is done, the message is transmitted and the
recipient uses the key extraction module to retrieve the key and finally the
decryption module is executed to decrypt the message and authenticate it.
In addition, the message may be compressed before encryption and decompressed
by the recipient after decryption using standard compression tools
STPA-Sec Applied to Path Planning: Quantum-Safe Autonomous Vehicles
Autonomous vehicles and quantum computers are two emerging technologies that will transform our world in the not-too-distant future. This thesis examines the safety and security of autonomous vehicles in a world where adversaries have access to large-scale quantum computers. Large-scale quantum computers are relevant to automotive security because they can defeat the cryptographic foundation underlying critical safety systems such as path planning, perceptual unit, braking, steering, and engine electronic control units (ECUs). Peter Shor discovered a quantum computer algorithm in 1994 that can defeat modern-day public-key cryptography, including digital signatures (e.g., RSA, EdDSA), due to the algorithm’s ability to factor large numbers and find discrete logarithms efficiently [23]. According to existing mathematical theory, classical computers cannot factor large numbers or find discrete logarithms efficiently. The critical insight derived from this thesis is that an adversary can defeat an autonomous vehicle’s security of safety-critical systems with a large-scale quantum computer. In particular, the digital signatures used for authentication of over-the-air (OTA) software updates can be forged by an adversary with a large-scale quantum computer which, in the worst-case scenario, could enable a fleet-wide hack of an autonomous vehicle system potentially compromising a million vehicles simultaneously. The thesis explicitly identifies Tesla as a significant risk through their use of
Ed25519, a discrete logarithm-based digital signature for OTA software updates [77], [78], [79]. Likely, most automotive manufacturers are at risk, but Tesla was the only company whose digital signature protocols were found to be publicly available on the internet. The analysis was completed using STPA-Sec (System-Theoretic Process Analysis for Security), an engineering risk management framework for identifying safety issues caused by security breaches. Overviews of quantum computing and quantum-safe cryptography are given. In addition, a Monte Carlo simulation framework is proposed to estimate the probability and severity of a large-scale quantum computer attack on autonomous vehicles. In addition to outlining the attack, countermeasures are provided to mitigate the risk, such as automotive companies upgrading to quantum-safe cryptography that NIST is currently standardizing. The NIST standardization is scheduled for completion in 2024. If automotive companies upgrade to quantum-safe cryptography, the risk against known attacks is eliminated, but there is a residual risk regarding currently unknown attacks. There is a reasonable amount of time to mitigate this risk as large-scale quantum computers are not expected to exist until the end of the decade. However, the section on quantum cyber risk analytics focuses on estimating the risk in the worst 1 in 1,000 chance scenario. Based on a model that estimates quantum risk, whose details including assumptions are outlined in Chapter 11, the central insight from the analytics is that there is an approximate 99 in 100 chance the RSA-2048 will be broken in 24 hours within the next 15 years in the worst 1 in 1,000 chance scenario. A vision of a quantum-safe and quantum-enhanced autonomous vehicle future is painted where quantum computers and quantum sensors may significantly enhance many aspects of autonomous vehicles. Recommendations to improve STPA-Sec are provided. The main contributions of this work are identifying a worst-case scenario where a million cars could be compromised by an adversary with access to a large-scale quantum computer, conducting a formal STPA-Sec analysis on the path planning control loop of an autonomous vehicle in the presence of an adversary with a large-scale quantum computer, providing suggestions on how to improve STPA-Sec, and the section on quantum risk management. In particular, conducting the first known quantum stress test by estimating the risk of the worst 1 in 1,000 chance scenario for RSA-2048 to be broken in 24 hours within 15, 20, and 30 years completes the contributions of this thesis
The Moral Character of Cryptographic Work
Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently \textit{political} tool, and it confers on the field an intrinsically \textit{moral} dimension. The Snowden revelations motivate a reassessment of the political and moral positioning of cryptography. They lead one to ask if our inability to effectively address mass surveillance constitutes a failure of our field. I believe that it does. I call for a community-wide effort to develop more effective means to resist mass surveillance. I plea for a reinvention of our disciplinary culture to attend not only to puzzles and math, but, also, to the societal implications of our work
Ransomware: Evolution, Mitigation and Prevention
Ransomware is a rapidly growing threat to the data files of individuals and businesses. It encrypts files on an infected computer and holds the key to decrypt the files until the victim pays a ransom. This malware is responsible for hundreds of millions of dollars of losses annually. Due to the large amounts of money to be made, new versions appear frequently. This allows bypassing antivirus software and other intrusion detection methods. In this paper, we present a brief history of ransomware, the arguments for and against paying the ransom, best practices to prevent an infection, and to recover from an infection should one happen
- …