High-level Cryptographic Abstractions

The interfaces exposed by commonly used cryptographic libraries are clumsy, complicated, and assume an understanding of cryptographic algorithms. The challenge is to design high-level abstractions that require minimum knowledge and effort to use while also allowing maximum control when needed. This paper proposes such high-level abstractions consisting of simple cryptographic primitives and full declarative configuration. These abstractions can be implemented on top of any cryptographic library in any language. We have implemented these abstractions in Python, and used them to write a wide variety of well-known security protocols, including Signal, Kerberos, and TLS. We show that programs using our abstractions are much smaller and easier to write than using low-level libraries, where size of security protocols implemented is reduced by about a third on average. We show our implementation incurs a small overhead, less than 5 microseconds for shared key operations and less than 341 microseconds (< 1%) for public key operations. We also show our abstractions are safe against main types of cryptographic misuse reported in the literature

The Value of User-Visible Internet Cryptography

Cryptographic mechanisms are used in a wide range of applications, including email clients, web browsers, document and asset management systems, where typical users are not cryptography experts. A number of empirical studies have demonstrated that explicit, user-visible cryptographic mechanisms are not widely used by non-expert users, and as a result arguments have been made that cryptographic mechanisms need to be better hidden or embedded in end-user processes and tools. Other mechanisms, such as HTTPS, have cryptography built-in and only become visible to the user when a dialogue appears due to a (potential) problem. This paper surveys deployed and potential technologies in use, examines the social and legal context of broad classes of users, and from there, assesses the value and issues for those users

Knowledge Flow Analysis for Security Protocols

Knowledge flow analysis offers a simple and flexible way to find flaws in security protocols. A protocol is described by a collection of rules constraining the propagation of knowledge amongst principals. Because this characterization corresponds closely to informal descriptions of protocols, it allows a succinct and natural formalization; because it abstracts away message ordering, and handles communications between principals and applications of cryptographic primitives uniformly, it is readily represented in a standard logic. A generic framework in the Alloy modelling language is presented, and instantiated for two standard protocols, and a new key management scheme.Comment: 20 page

Application of Quantum Cryptography to Cybersecurity and Critical Infrastructures in Space Communications

As society becomes more dependent on technology and the internet, critical infrastructure, which provides the fundamental services that millions of people depend on, becomes more vulnerable to cyber threats. This paper presents the importance of cybersecurity in critical infrastructure addressing the communications sector which is prevailed by space systems. It gives an overview of laser communications via satellite, and it argues the utility that quantum cryptography can provide to secure the data transmitted between communication satellites and ground stations from cyber attacks. Common encryption algorithms are briefly introduced as well as a review on quantum computing. Quantum cryptography is still a primitive concept, but as technology advances more and more researchers are focusing their attention into this visionary cryptography system

A Survey of Serious Games for Cybersecurity Education and Training

Serious games can challenge users in competitive and entertaining ways. Educators have used serious games to increase student engagement in cybersecurity education. Serious games have been developed to teach students various cybersecurity topics such as safe online behavior, threats and attacks, malware, and more. They have been used in cybersecurity training and education at different levels. Serious games have targeted different audiences such as K-12 students, undergraduate and graduate students in academic institutions, and professionals in the cybersecurity workforce. In this paper, we provide a survey of serious games used in cybersecurity education and training. We categorize these games into four types based on the topics they cover and the purposes of the games: security awareness, network and web security, cryptography, and secure software development. We provide a catalog of games available online. This survey informs educators of available resources for cybersecurity education and training using interactive games. Keywords: Serious games; Game-based Learning; Cybersecurity

Shuffle, cut, and learn: Crypto Go, a card game for teaching cryptography

This article belongs to the Special Issue Mathematical Modeling and Simulation in Science and Engineering Education II.Cryptography is the mathematical core of information security. It serves both as a source of hard computational problems and as precise language allowing for the formalization of sound security models. While dealing with the mathematical foundations of cybersecurity is only possible in specialized courses (tertiary level and beyond), it is essential to promote the role of mathematics in this field at early educational stages. With this in mind, we introduce Crypto Go, a physical card game that may be used both as a dissemination and as an educational tool. The game is carefully devised in order to entertain and stimulate players, while boosting their understanding on how basic cryptographic tools work and interplay. To get a preliminary assessment of our design, we collected data from a series of test workshops, which engaged over two hundred players from different ages and educational backgrounds. This basic evaluation indeed confirms that Crypto Go significantly improves students' motivation and has a positive impact in their perception and understanding of the field.The printouts of Crypto Go decks, and some of the experimental workshops described in this paper have been financially supported by several institutions: Instituto Nacional de Ciberseguridad (INCIBE; contract 2018/00520/001), Fundación Madri+d (Science Week), and Universidad Carlos III de Madrid (Technological Fridays). M.I.G.V.'s work is funded by the NATO Science for Peace and Security Programme, grant number G5448 and by MINECO under Grant MTM2016-77213-R

The Effectiveness of Smart Learning Based on Expert Systems in Cryptography Courses

The development of science and technology requires universities not only to matter but also to have abilities in their respective fields including Security System. The unavailability of network design laboratory and its minimum, network design, cryptography design and flexibility of face-to-face time in the discussion of material compiled not in accordance with the competencies in this course. To overcome these deficiencies in learning activities, development of a project-based blended learning model is carried out. The development carried out in this study uses the Puslitjaknov development model which reduces the Borg and Gall stages to five stages namely product analysis, initial product design, expert validation and revision, field trials and implementation. Data were collected by interview, observation, questionnaire and test. Data were analyzed using quantitative and qualitative methods to produce research products in the form of books, modules, learning plans and manuals for the use of learning applications. Product validation by experts, practicality tests carried out by users and effectiveness tests with student learning outcomes. Based on the results of data analysis, the results of this study are: 1) Research has successfully developed a project-based blended learning model in Cryptography courses. 2) The developed learning model syntax consists of 9 stages / syntax. 3) In supporting learning activities, modules, RPS and manuals are used for learning applications. All products and models developed have been developed and are categorized as valid, practical and effective

Radical Librarian-Technologists

Librarians may be finding themselves in the role of the technologist that supports students and faculty in Internet security, censorship circumvention, and supports whistleblowers and journalists. This paper looks at three cases where librarians present and teach technologies with these aims: the Tor anonymity network, secure communication in the field of journalism, and the librarian’s place in the maker/hackerspace movement