Cryptographically Secure Information Flow Control on Key-Value Stores

We present Clio, an information flow control (IFC) system that transparently incorporates cryptography to enforce confidentiality and integrity policies on untrusted storage. Clio insulates developers from explicitly manipulating keys and cryptographic primitives by leveraging the policy language of the IFC system to automatically use the appropriate keys and correct cryptographic operations. We prove that Clio is secure with a novel proof technique that is based on a proof style from cryptography together with standard programming languages results. We present a prototype Clio implementation and a case study that demonstrates Clio's practicality.Comment: Full version of conference paper appearing in CCS 201

Cryptography Export Controls - Canada\u27s Dichotomous Cryptography Policy

The effort to erect strong legal barriers to trans-national distribution of cryptography has significant gaps because strong cryptography can be obtained and used within Canada without legal restrictions. This paper advocates that Canada should exercise its discretion under the WA to diminish, not fortify, the restrictions of the export control regime

Encryption’s Importance to Economic and Infrastructure Security

Det övergripande syftet med den här avhandlingen var att utreda om network coopetition, samarbete mellan konkurrerande aktörer, kan öka värdeskapandet inom hälso- och sjukvården. Inom hälso- och sjukvården är network coopetition ett ämne som fått liten uppmärksamhet i tidigare studier. För att besvara syftet utvecklades en modell för network coopetition inom hälso- och sjukvården. Modellen applicerades sedan på en del av vårdkedjan för patienter i behov av neurokirurgisk vård. Resultaten från avhandlingen visar att: (1) Förutsättningarna för network coopetition i vårdkedjan för patienter i behov av neurokirurgisk vård är uppfyllda. (2) Det finns exempel på horisontell network coopetition i den studerade vårdkedjan. (3) Det existerar en diskrepans mellan hur aktörerna  ser  på  sitt  eget  och  de  andra  aktörernas  värdeskapande. (4)  Värdeskapandet bör utvärderas som ett gemensamt system där hänsyn tas till alla aktörer och utvärderas på process- nivå där hänsyn tas till alla intressenter. Dessa resultat leder fram till den övergripande slutsatsen är att network coopetition bör kunna öka värdeskapandet för högspecialiserade vårdkedjor med en stor andel inomlänspatienter.The overall purpose of this thesis was to investigate whether network coopetition, cooperation between competitive actors, can increase the value creation within the health care system. Within health care, network coopetition is a subject granted little attention in previous research. To fulfil the purpose a model for network coopetition within the health care system was developed. The model was the applied to one part of the chain of care for patients in need of neurosurgery. The results from this thesis show: (1) The conditions for network coopetition in the chain of care for patients in need of neurosurgery are fulfilled. (2) Examples of horizontal network coopetition have been found in the studied chain of care. (3) There is an existing discrepancy between how each actor recognizes its own and the other actors’ value creation. (4) The value creation ought to be evaluated as a common system where all actors are taken into account and at a process level where all stakeholders are considered. These results supports the final conclusion that network coopetition ought to be able to increase the value creation for highly specialized chain of cares with a large share of within-county patients

Model for cryptography protection of confidential information

УДК 004.056 Борсуковський Ю.В., Борсуковська В.Ю. Модель криптографічного захисту конфіденційної інформації В даній статті проведено детальний аналіз вимог щодо формування моделі криптографічного захисту конфіденційної інформації. Розглянуто використання засобів криптографічного захисту інформації з метою реалізації організаційних та технічних заходів по запобіганню витокам конфіденційної інформації на об’єктах критичної інфраструктури. Сформульовані базові вимоги та рекомендації щодо структури та функціональних складових моделі захисту конфіденційної інформації. Формалізовані вимоги щодо створення, впровадження та експлуатації превентивних процедур управління багатоступінчатим захистом конфіденційної інформації. Наведено приклад використання моделі криптографічного захисту інформації для створення захищеної і прозорої в використанні бази аутентифікаційних даних користувача. Запропонована модель захисту дозволяє мати кілька ступенів програмного та апаратного захисту, що із однієї сторони спрощує їх використання при виконанні чинних політик безпеки і зменшує ймовірність дискредитації аутентифікаційних даних, а із іншої сторони підвищує ймовірність виявлення зловмисних дій третьої сторони за рахунок багатоступінчатої системи захисту. Враховано практичний досвід створення типових моделей захисту конфіденційної інформації для розробки, впровадження та управління сучасними політиками інформаційної безпеки щодо питань використання засобів криптографічного захисту конфіденційної інформації на підприємствах різних форми власності.UDC 004.056 Borsukovskyi Y., Borsukovska V. Model for Cryptography Protection of Confidential Information Current article provides the detailed analysis of requirements for creation of model for cryptography protection of confidential information. Article defines the use of information cryptography protection tools in order to ensure the application of organizational and technical actions to prevent leakage of confidential information at critical infrastructure assets. It provides the basic requirements for the structure and functional elements of model for protection of confidential information. Formalize requirements on creation, implementation and exploitation of preventive procedure in management of multi-level protection of confidential information. The article includes example of use of model for cryptography protection of information for creation of secure and transparent in use the authenticating data base of user. The presented model of protection ensures to have a few levels of firewalls, that, on one hand, simplifies its use in execution of acting security policies and decrease the probability of discrediting of authenticating data, and, on other hand, increase the probability to detect the criminal actions of third party by means of multi-level protection system. It considers the practical experience in creation of standard models for protection of confidential information for development, implementation and management of modern policies on information security in part of use of cryptography protection tools for confidential information at enterprises of different forms of incorporation

Strong Cryptography: The Global Tide of Change

Encryption technology allows people using electronic networks to ensure that the messages they send remain private--secure from hackers, industrial espionage, government wiretap abuses, and spies. Encryption technology will prove vital to the future of electronic commerce. For example, thefts of nuclear secrets from U.S. national laboratories would be much less likely if the labs' commercial software had built-in encryption features that could be used to limit unauthorized access--a type of security product discouraged by export controls. For years the U.S. government has struggled unsuccessfully to control the export of encryption technology from this country. Those ineffectual controls do, however, adversely affect the competitive position of the U.S. software industry and national security. Despite the controls, powerful encryption products are increasingly available around the world. Those products include Pretty Good Privacy, which offers 128-bit encryption, and many others. This paper provides a list of Web sites where such products may be found, thus establishing beyond doubt the futility of controls. Although some of the Web sites may from time to time disappear, others will spring up in their place

Quantum Cryptography in Practice

BBN, Harvard, and Boston University are building the DARPA Quantum Network, the world's first network that delivers end-to-end network security via high-speed Quantum Key Distribution, and testing that Network against sophisticated eavesdropping attacks. The first network link has been up and steadily operational in our laboratory since December 2002. It provides a Virtual Private Network between private enclaves, with user traffic protected by a weak-coherent implementation of quantum cryptography. This prototype is suitable for deployment in metro-size areas via standard telecom (dark) fiber. In this paper, we introduce quantum cryptography, discuss its relation to modern secure networks, and describe its unusual physical layer, its specialized quantum cryptographic protocol suite (quite interesting in its own right), and our extensions to IPsec to integrate it with quantum cryptography.Comment: Preprint of SIGCOMM 2003 pape

A Comparison of Cryptography Courses

The author taught two courses on cryptography, one at Duke University aimed at non-mathematics majors and one at Rose-Hulman Institute of Technology aimed at mathematics and computer science majors. Both tried to incorporate technical and societal aspects of cryptography, with varying emphases. This paper will discuss the strengths and weaknesses of both courses and compare the differences in the author's approach.Comment: 14 pages; to appear in Cryptologi