2,346 research outputs found
High-level Cryptographic Abstractions
The interfaces exposed by commonly used cryptographic libraries are clumsy,
complicated, and assume an understanding of cryptographic algorithms. The
challenge is to design high-level abstractions that require minimum knowledge
and effort to use while also allowing maximum control when needed.
This paper proposes such high-level abstractions consisting of simple
cryptographic primitives and full declarative configuration. These abstractions
can be implemented on top of any cryptographic library in any language. We have
implemented these abstractions in Python, and used them to write a wide variety
of well-known security protocols, including Signal, Kerberos, and TLS.
We show that programs using our abstractions are much smaller and easier to
write than using low-level libraries, where size of security protocols
implemented is reduced by about a third on average. We show our implementation
incurs a small overhead, less than 5 microseconds for shared key operations and
less than 341 microseconds (< 1%) for public key operations. We also show our
abstractions are safe against main types of cryptographic misuse reported in
the literature
The Value of User-Visible Internet Cryptography
Cryptographic mechanisms are used in a wide range of applications, including
email clients, web browsers, document and asset management systems, where
typical users are not cryptography experts. A number of empirical studies have
demonstrated that explicit, user-visible cryptographic mechanisms are not
widely used by non-expert users, and as a result arguments have been made that
cryptographic mechanisms need to be better hidden or embedded in end-user
processes and tools. Other mechanisms, such as HTTPS, have cryptography
built-in and only become visible to the user when a dialogue appears due to a
(potential) problem. This paper surveys deployed and potential technologies in
use, examines the social and legal context of broad classes of users, and from
there, assesses the value and issues for those users
Knowledge Flow Analysis for Security Protocols
Knowledge flow analysis offers a simple and flexible way to find flaws in
security protocols. A protocol is described by a collection of rules
constraining the propagation of knowledge amongst principals. Because this
characterization corresponds closely to informal descriptions of protocols, it
allows a succinct and natural formalization; because it abstracts away message
ordering, and handles communications between principals and applications of
cryptographic primitives uniformly, it is readily represented in a standard
logic. A generic framework in the Alloy modelling language is presented, and
instantiated for two standard protocols, and a new key management scheme.Comment: 20 page
Application of Quantum Cryptography to Cybersecurity and Critical Infrastructures in Space Communications
As society becomes more dependent on technology and the internet, critical infrastructure, which provides the fundamental services that millions of people depend on, becomes more vulnerable to cyber threats. This paper presents the importance of cybersecurity in critical infrastructure addressing the communications sector which is prevailed by space systems. It gives an overview of laser communications via satellite, and it argues the utility that quantum cryptography can provide to secure the data transmitted between communication satellites and ground stations from cyber attacks. Common encryption algorithms are briefly introduced as well as a review on quantum computing. Quantum cryptography is still a primitive concept, but as technology advances more and more researchers are focusing their attention into this visionary cryptography system
A Survey of Serious Games for Cybersecurity Education and Training
Serious games can challenge users in competitive and entertaining ways. Educators have used serious games to increase student engagement in cybersecurity education. Serious games have been developed to teach students various cybersecurity topics such as safe online behavior, threats and attacks, malware, and more. They have been used in cybersecurity training and education at different levels. Serious games have targeted different audiences such as K-12 students, undergraduate and graduate students in academic institutions, and professionals in the cybersecurity workforce. In this paper, we provide a survey of serious games used in cybersecurity education and training. We categorize these games into four types based on the topics they cover and the purposes of the games: security awareness, network and web security, cryptography, and secure software development. We provide a catalog of games available online. This survey informs educators of available resources for cybersecurity education and training using interactive games.
Keywords: Serious games; Game-based Learning; Cybersecurity
Shuffle, cut, and learn: Crypto Go, a card game for teaching cryptography
This article belongs to the Special Issue Mathematical Modeling and Simulation in Science and Engineering Education II.Cryptography is the mathematical core of information security. It serves both as a source of hard computational problems and as precise language allowing for the formalization of sound security models. While dealing with the mathematical foundations of cybersecurity is only possible in specialized courses (tertiary level and beyond), it is essential to promote the role of mathematics in this field at early educational stages. With this in mind, we introduce Crypto Go, a physical card game that may be used both as a dissemination and as an educational tool. The game is carefully devised in order to entertain and stimulate players, while boosting their understanding on how basic cryptographic tools work and interplay. To get a preliminary assessment of our design, we collected data from a series of test workshops, which engaged over two hundred players from different ages and educational backgrounds. This basic evaluation indeed confirms that Crypto Go significantly improves students' motivation and has a positive impact in their perception and understanding of the field.The printouts of Crypto Go decks, and some of the experimental workshops described in this paper have been financially supported by several institutions: Instituto Nacional de Ciberseguridad (INCIBE; contract 2018/00520/001), FundaciĂłn Madri+d (Science Week), and Universidad Carlos III de Madrid (Technological Fridays). M.I.G.V.'s work is funded by the NATO Science for Peace and Security Programme, grant number G5448 and by MINECO under Grant MTM2016-77213-R
The Effectiveness of Smart Learning Based on Expert Systems in Cryptography Courses
The development of science and technology requires universities not only to matter but also to have abilities in their respective fields including Security System. The unavailability of network design laboratory and its minimum, network design, cryptography design and flexibility of face-to-face time in the discussion of material compiled not in accordance with the competencies in this course. To overcome these deficiencies in learning activities, development of a project-based blended learning model is carried out. The development carried out in this study uses the Puslitjaknov development model which reduces the Borg and Gall stages to five stages namely product analysis, initial product design, expert validation and revision, field trials and implementation. Data were collected by interview, observation, questionnaire and test. Data were analyzed using quantitative and qualitative methods to produce research products in the form of books, modules, learning plans and manuals for the use of learning applications. Product validation by experts, practicality tests carried out by users and effectiveness tests with student learning outcomes. Based on the results of data analysis, the results of this study are: 1) Research has successfully developed a project-based blended learning model in Cryptography courses. 2) The developed learning model syntax consists of 9 stages / syntax. 3) In supporting learning activities, modules, RPS and manuals are used for learning applications. All products and models developed have been developed and are categorized as valid, practical and effective
Radical Librarian-Technologists
Librarians may be finding themselves in the role of the technologist that supports students and faculty in Internet security, censorship circumvention, and supports whistleblowers and journalists. This paper looks at three cases where librarians present and teach technologies with these aims: the Tor anonymity network, secure communication in the field of journalism, and the librarian’s place in the maker/hackerspace movement
- …