1,160 research outputs found
Cyber(in)security
The purpose of this article is to present three theses â (1) a cultural one: cyberspace is an advanced technical and cultural creation â it is an embodiment of dreams of numerous creators, inventors and engineers; (2) a technical one: security and cyberspace are inseparable components (hence cybersecu- rity); (3) and a paranoid one: complete security, if achievable, is not a permanent state (hence cyber(in)security). Cyberspace is conceived as a set of digital techniques used to exchange information but also as a new type of social space, partially virtual, which may constitute a being entirely separated from a physical one. A pivotal date for arising of cyberspace may be considered the year 1968 in which routing in the ARPANET network appeared and so did the first programmable logical controller (PLC). For cyberspace this will be the year 1976 â publishing of the key agreement protocol by Witfield Diffie and Martin Hellman. Development of security is correlated with warfare and armament â the military sector has historically made the most significant investments in this area
Bitcoin: the wrong implementation of the right idea at the right time
This paper is a study into some of the regulatory implications of cryptocurrencies using the CAMPO research framework (Context, Actors, Methods, Methods, Practice, Outcomes). We explain in CAMPO format why virtual currencies are of interest, how self-regulation has failed, and what useful lessons can be learned. We are hopeful that the full paper will produce useful and semi-permanent findings into the usefulness of virtual currencies in general, block chains as a means of mining currency, and the profundity of current âmedia darlingâ currency Bitcoin as compared with the development of block chain generator Ethereum.
While virtual currencies can play a role in creating better trading conditions in virtual communities, despite the risks of non-sovereign issuance and therefore only regulation by code (Brown/Marsden 2013), the methodology used poses significant challenges to researching this âcommunityâ, if BitCoin can even be said to have created a single community, as opposed to enabling an alternate method of exchange for potentially all virtual community transactions. First, BitCoin users have transparency of ownership but anonymity in many transactions, necessary for libertarians or outright criminals in such illicit markets as #SilkRoad. Studying community dynamics is therefore made much more difficult than even such pseudonymous or avatar based communities as Habbo Hotel, World of Warcraft or SecondLife. The ethical implications of studying such communities raise similar problems as those of Tor, Anonymous, Lulzsec and other anonymous hacker communities. Second, the journalistic accounts of BitCoin markets are subject to sensationalism, hype and inaccuracy, even more so than in the earlier hype cycle for SecondLife, exacerbated by the first issue of anonymity. Third, the virtual currency area is subject to slowly emerging regulation by financial authorities and police forces, which appears to be driving much of the early adopter community âundergroundâ. Thus, the community in 2016 may not bear much resemblance to that in 2012. Fourth, there has been relatively little academic empirical study of the community, or indeed of virtual currencies in general, until relatively recently. Fifth, the dynamism of the virtual currency environment in the face of the deepening mistrust of the financial system after the 2008 crisis is such that any research conclusions must by their nature be provisional and transient.
All these challenges, particularly the final three, also raise the motivation for research â an alternative financial system which is separated from the real-world sovereign and which can use code regulation with limited enforcement from offline policing, both returns the study to the libertarian self-regulated environment of early 1990s MUDs, and offers a tantalising prospect of a tool to evade the perils of âprivate profit, socialized riskâ which existing large financial institutions created in the 2008-12 disaster. The need for further research into virtual currencies based on blockchain mining, and for their usage by virtual communities, is thus pressing and should motivate researchers to solve the many problems in methodology for exploring such an environment
Cyber(in)security
The purpose of this article is to present three theses â (1) a cultural one: cyberspace is an advanced technical and cultural creation â it is an embodiment of dreams of numerous creators, inventors and engineers; (2) a technical one: security and cyberspace are inseparable components (hence cybersecu- rity); (3) and a paranoid one: complete security, if achievable, is not a permanent state (hence cyber(in)security). Cyberspace is conceived as a set of digital techniques used to exchange information but also as a new type of social space, partially virtual, which may constitute a being entirely separated from a physical one. A pivotal date for arising of cyberspace may be considered the year 1968 in which routing in the ARPANET network appeared and so did the first programmable logical controller (PLC). For cyberspace this will be the year 1976 â publishing of the key agreement protocol by Witfield Diffie and Martin Hellman. Development of security is correlated with warfare and armament â the military sector has historically made the most significant investments in this area
Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions
As computation spreads from computers to networks of computers, and migrates
into cyberspace, it ceases to be globally programmable, but it remains
programmable indirectly: network computations cannot be controlled, but they
can be steered by local constraints on network nodes. The tasks of
"programming" global behaviors through local constraints belong to the area of
security. The "program particles" that assure that a system of local
interactions leads towards some desired global goals are called security
protocols. As computation spreads beyond cyberspace, into physical and social
spaces, new security tasks and problems arise. As networks are extended by
physical sensors and controllers, including the humans, and interlaced with
social networks, the engineering concepts and techniques of computer security
blend with the social processes of security. These new connectors for
computational and social software require a new "discipline of programming" of
global behaviors through local constraints. Since the new discipline seems to
be emerging from a combination of established models of security protocols with
older methods of procedural programming, we use the name procedures for these
new connectors, that generalize protocols. In the present paper we propose
actor-networks as a formal model of computation in heterogenous networks of
computers, humans and their devices; and we introduce Procedure Derivation
Logic (PDL) as a framework for reasoning about security in actor-networks. On
the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL)
that evolved through our work in security in last 10 years. Both formalisms are
geared towards graphic reasoning and tool support. We illustrate their workings
by analysing a popular form of two-factor authentication, and a multi-channel
device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended
references, added discussio
Recommended from our members
'Secure, anonymous, unregulated': 'Cryptonomicon' and the transnational data haven
This essay considers how Neal Stephensonâs 1999 epic novel Cryptonomicon engages with the long-standing and complex relationship between cryptology and national/transnational identity. Cryptonomicon's layered and disjointed structure allows it to explore the impact of cryptography and cryptanalysis in the Second World War (as well as their impact on the consequent rewriting of the international political stage), to reflect on the place of technology in the recent history of cryptology, and to consider how emergent (and supposedly secure) data storage technologies not only open up planetary-wide communication traffic but also unsettle the agreed protocols of national and international law. Stephenson provides a sense of technology's global effects by offering not a straightforward narrative of the demise of the nation-state but by showing how technologies are in a process of constant negotiation with the institutions of the nation-state, drawing upon the economic, material, and intellectual resources of the nation state, while at the same time challenging notions of a bordered and coherent national identity and working to disestablish nations of their regulatory authority. The essay is informed by recent work on cryptology, data havens, globalization, transnationalism, and postcoloniality, as well as Derrida's work on archives and technology
Creating a Multifarious Cyber Science Major
Existing approaches to computing-based cyber undergraduate majors typically take one of two forms: a broad exploration of both technical and human aspects, or a deep technical exploration of a single discipline relevant to cybersecurity. This paper describes the creation of a third approachâa multifarious major, consistent with Cybersecurity Curricula 2017, the ABET Cybersecurity Program Criteria, and the National Security Agency Center for Academic ExcellenceâCyber Operations criteria. Our novel curriculum relies on a 10-course common foundation extended by one of five possible concentrations, each of which is delivered through a disciplinary lens and specialized into a highly relevant computing interest area serving societyâs diverse cyber needs. The journey began years ago when we infused cybersecurity education throughout our programs, seeking to keep offerings and extracurricular activities relevant in societyâs increasingly complex relationship with cyberspace. This paper details the overarching design principles, decision-making process, benchmarking, and feedback elicitation activities. A surprising key step was merging several curricula proposals into a single hybrid option. The new major attracted a strong initial cohort, meeting our enrollment goals and exceeding our diversity goals. We provide several recommendations for any institution embarking on a process of designing a new cyber-named major
Recommended from our members
Telecommunication Network Security
YesOur global age is practically defined by the ubiquity of the Internet; the worldwide interconnection of
cyber networks that facilitates accessibility to virtually all ICT and other elements of critical
infrastructural facilities, with a click of a button. This is regardless of the userâs location and state of
equilibrium; whether static or mobile. However, such interconnectivity is not without security
consequences.
A telecommunication system is indeed a communication system with the distinguishing key
word, the Greek tele-, which means "at a distance," to imply that the source and sink of the system
are at some distance apart. Its purpose is to transfer information from some source to a distant user;
the key concepts being information, transmission and distance. These would require a means, each,
to send, convey and receive the information with safety and some degree of fidelity that is
acceptable to both the source and the sink.
Chapter K begins with an effort to conceptualise the telecommunication network security
environment, using relevant ITU-T2* recommendations and terminologies for secure telecommunications.
The chapter is primarily concerned with the security aspect of computer-mediated
telecommunications. Telecommunications should not be seen as an isolated phenomenon; it is a critical
resource for the functioning of cross-industrial businesses in connection with IT. Hence, just as
information, data or a computer/local computer-based network must have appropriate level of security,
so also a telecommunication network must have equivalent security measures; these may often be the
same as or similar to those for other ICT resources, e.g., password management.
In view of the forgoing, the chapter provides a brief coverage of the subject matter by first assessing
the context of security and the threat-scape. This is followed by an assessment of telecommunication
network security requirements; identification of threats to the systems, the conceivable counter or
mitigating measures and their implementation techniques. These bring into focus various
cryptographic/crypt analytical concepts, vis a vis social engineering/socio-crypt analytical techniques and
password management.
The chapter noted that the human factor is the most critical factor in the security system for at least
three possible reasons; it is the weakest link, the only factor that exercises initiatives, as well as the factor
that transcends all the other elements of the entire system. This underscores the significance of social
2*International Telecommunications Union - Telecommunication Standardisation Sector
12
engineering in every facet of security arrangement. It is also noted that password security could be
enhanced, if a balance is struck between having enough rules to maintain good security and not having
too many rules that would compel users to take evasive actions which would, in turn, compromise
security. The chapter is of the view that network security is inversely proportional to its complexity. In
addition to the traditional authentication techniques, the chapter gives a reasonable attention to locationbased
authentication. The chapter concludes that security solutions have a technological component, but
security is fundamentally a people problem. This is because a security system is only as strong as its
weakest link, while the weakest link of any security system is the human infrastructure.
A projection for the future of telecommunication network security postulates that, network security
would continue to get worse unless there is a change in the prevailing practice of externality or vicarious
liability in the computer/security industry; where consumers of security products, as opposed to
producers, bear the cost of security ineffectiveness. It is suggested that all transmission devices be made
GPS-compliant, with inherent capabilities for location-based mutual authentication. This could enhance
the future of telecommunication security.Petroleum Technology Development Fun
- âŠ