Cyber(in)security

The purpose of this article is to present three theses – (1) a cultural one: cyberspace is an advanced technical and cultural creation – it is an embodiment of dreams of numerous creators, inventors and engineers; (2) a technical one: security and cyberspace are inseparable components (hence cybersecu- rity); (3) and a paranoid one: complete security, if achievable, is not a permanent state (hence cyber(in)security). Cyberspace is conceived as a set of digital techniques used to exchange information but also as a new type of social space, partially virtual, which may constitute a being entirely separated from a physical one. A pivotal date for arising of cyberspace may be considered the year 1968 in which routing in the ARPANET network appeared and so did the first programmable logical controller (PLC). For cyberspace this will be the year 1976 – publishing of the key agreement protocol by Witfield Diffie and Martin Hellman. Development of security is correlated with warfare and armament – the military sector has historically made the most significant investments in this area

Bitcoin: the wrong implementation of the right idea at the right time

This paper is a study into some of the regulatory implications of cryptocurrencies using the CAMPO research framework (Context, Actors, Methods, Methods, Practice, Outcomes). We explain in CAMPO format why virtual currencies are of interest, how self-regulation has failed, and what useful lessons can be learned. We are hopeful that the full paper will produce useful and semi-permanent findings into the usefulness of virtual currencies in general, block chains as a means of mining currency, and the profundity of current ‘media darling’ currency Bitcoin as compared with the development of block chain generator Ethereum. While virtual currencies can play a role in creating better trading conditions in virtual communities, despite the risks of non-sovereign issuance and therefore only regulation by code (Brown/Marsden 2013), the methodology used poses significant challenges to researching this ‘community’, if BitCoin can even be said to have created a single community, as opposed to enabling an alternate method of exchange for potentially all virtual community transactions. First, BitCoin users have transparency of ownership but anonymity in many transactions, necessary for libertarians or outright criminals in such illicit markets as #SilkRoad. Studying community dynamics is therefore made much more difficult than even such pseudonymous or avatar based communities as Habbo Hotel, World of Warcraft or SecondLife. The ethical implications of studying such communities raise similar problems as those of Tor, Anonymous, Lulzsec and other anonymous hacker communities. Second, the journalistic accounts of BitCoin markets are subject to sensationalism, hype and inaccuracy, even more so than in the earlier hype cycle for SecondLife, exacerbated by the first issue of anonymity. Third, the virtual currency area is subject to slowly emerging regulation by financial authorities and police forces, which appears to be driving much of the early adopter community ‘underground’. Thus, the community in 2016 may not bear much resemblance to that in 2012. Fourth, there has been relatively little academic empirical study of the community, or indeed of virtual currencies in general, until relatively recently. Fifth, the dynamism of the virtual currency environment in the face of the deepening mistrust of the financial system after the 2008 crisis is such that any research conclusions must by their nature be provisional and transient. All these challenges, particularly the final three, also raise the motivation for research – an alternative financial system which is separated from the real-world sovereign and which can use code regulation with limited enforcement from offline policing, both returns the study to the libertarian self-regulated environment of early 1990s MUDs, and offers a tantalising prospect of a tool to evade the perils of ‘private profit, socialized risk’ which existing large financial institutions created in the 2008-12 disaster. The need for further research into virtual currencies based on blockchain mining, and for their usage by virtual communities, is thus pressing and should motivate researchers to solve the many problems in methodology for exploring such an environment

Cyber(in)security

The purpose of this article is to present three theses – (1) a cultural one: cyberspace is an advanced technical and cultural creation – it is an embodiment of dreams of numerous creators, inventors and engineers; (2) a technical one: security and cyberspace are inseparable components (hence cybersecu- rity); (3) and a paranoid one: complete security, if achievable, is not a permanent state (hence cyber(in)security). Cyberspace is conceived as a set of digital techniques used to exchange information but also as a new type of social space, partially virtual, which may constitute a being entirely separated from a physical one. A pivotal date for arising of cyberspace may be considered the year 1968 in which routing in the ARPANET network appeared and so did the first programmable logical controller (PLC). For cyberspace this will be the year 1976 – publishing of the key agreement protocol by Witfield Diffie and Martin Hellman. Development of security is correlated with warfare and armament – the military sector has historically made the most significant investments in this area

Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions

As computation spreads from computers to networks of computers, and migrates into cyberspace, it ceases to be globally programmable, but it remains programmable indirectly: network computations cannot be controlled, but they can be steered by local constraints on network nodes. The tasks of "programming" global behaviors through local constraints belong to the area of security. The "program particles" that assure that a system of local interactions leads towards some desired global goals are called security protocols. As computation spreads beyond cyberspace, into physical and social spaces, new security tasks and problems arise. As networks are extended by physical sensors and controllers, including the humans, and interlaced with social networks, the engineering concepts and techniques of computer security blend with the social processes of security. These new connectors for computational and social software require a new "discipline of programming" of global behaviors through local constraints. Since the new discipline seems to be emerging from a combination of established models of security protocols with older methods of procedural programming, we use the name procedures for these new connectors, that generalize protocols. In the present paper we propose actor-networks as a formal model of computation in heterogenous networks of computers, humans and their devices; and we introduce Procedure Derivation Logic (PDL) as a framework for reasoning about security in actor-networks. On the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL) that evolved through our work in security in last 10 years. Both formalisms are geared towards graphic reasoning and tool support. We illustrate their workings by analysing a popular form of two-factor authentication, and a multi-channel device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended references, added discussio

'Secure, anonymous, unregulated': 'Cryptonomicon' and the transnational data haven

This essay considers how Neal Stephenson’s 1999 epic novel Cryptonomicon engages with the long-standing and complex relationship between cryptology and national/transnational identity. Cryptonomicon's layered and disjointed structure allows it to explore the impact of cryptography and cryptanalysis in the Second World War (as well as their impact on the consequent rewriting of the international political stage), to reflect on the place of technology in the recent history of cryptology, and to consider how emergent (and supposedly secure) data storage technologies not only open up planetary-wide communication traffic but also unsettle the agreed protocols of national and international law. Stephenson provides a sense of technology's global effects by offering not a straightforward narrative of the demise of the nation-state but by showing how technologies are in a process of constant negotiation with the institutions of the nation-state, drawing upon the economic, material, and intellectual resources of the nation state, while at the same time challenging notions of a bordered and coherent national identity and working to disestablish nations of their regulatory authority. The essay is informed by recent work on cryptology, data havens, globalization, transnationalism, and postcoloniality, as well as Derrida's work on archives and technology

Creating a Multifarious Cyber Science Major

Existing approaches to computing-based cyber undergraduate majors typically take one of two forms: a broad exploration of both technical and human aspects, or a deep technical exploration of a single discipline relevant to cybersecurity. This paper describes the creation of a third approach—a multifarious major, consistent with Cybersecurity Curricula 2017, the ABET Cybersecurity Program Criteria, and the National Security Agency Center for Academic Excellence—Cyber Operations criteria. Our novel curriculum relies on a 10-course common foundation extended by one of five possible concentrations, each of which is delivered through a disciplinary lens and specialized into a highly relevant computing interest area serving society’s diverse cyber needs. The journey began years ago when we infused cybersecurity education throughout our programs, seeking to keep offerings and extracurricular activities relevant in society’s increasingly complex relationship with cyberspace. This paper details the overarching design principles, decision-making process, benchmarking, and feedback elicitation activities. A surprising key step was merging several curricula proposals into a single hybrid option. The new major attracted a strong initial cohort, meeting our enrollment goals and exceeding our diversity goals. We provide several recommendations for any institution embarking on a process of designing a new cyber-named major

Telecommunication Network Security

YesOur global age is practically defined by the ubiquity of the Internet; the worldwide interconnection of cyber networks that facilitates accessibility to virtually all ICT and other elements of critical infrastructural facilities, with a click of a button. This is regardless of the user’s location and state of equilibrium; whether static or mobile. However, such interconnectivity is not without security consequences. A telecommunication system is indeed a communication system with the distinguishing key word, the Greek tele-, which means "at a distance," to imply that the source and sink of the system are at some distance apart. Its purpose is to transfer information from some source to a distant user; the key concepts being information, transmission and distance. These would require a means, each, to send, convey and receive the information with safety and some degree of fidelity that is acceptable to both the source and the sink. Chapter K begins with an effort to conceptualise the telecommunication network security environment, using relevant ITU-T2* recommendations and terminologies for secure telecommunications. The chapter is primarily concerned with the security aspect of computer-mediated telecommunications. Telecommunications should not be seen as an isolated phenomenon; it is a critical resource for the functioning of cross-industrial businesses in connection with IT. Hence, just as information, data or a computer/local computer-based network must have appropriate level of security, so also a telecommunication network must have equivalent security measures; these may often be the same as or similar to those for other ICT resources, e.g., password management. In view of the forgoing, the chapter provides a brief coverage of the subject matter by first assessing the context of security and the threat-scape. This is followed by an assessment of telecommunication network security requirements; identification of threats to the systems, the conceivable counter or mitigating measures and their implementation techniques. These bring into focus various cryptographic/crypt analytical concepts, vis a vis social engineering/socio-crypt analytical techniques and password management. The chapter noted that the human factor is the most critical factor in the security system for at least three possible reasons; it is the weakest link, the only factor that exercises initiatives, as well as the factor that transcends all the other elements of the entire system. This underscores the significance of social 2*International Telecommunications Union - Telecommunication Standardisation Sector 12 engineering in every facet of security arrangement. It is also noted that password security could be enhanced, if a balance is struck between having enough rules to maintain good security and not having too many rules that would compel users to take evasive actions which would, in turn, compromise security. The chapter is of the view that network security is inversely proportional to its complexity. In addition to the traditional authentication techniques, the chapter gives a reasonable attention to locationbased authentication. The chapter concludes that security solutions have a technological component, but security is fundamentally a people problem. This is because a security system is only as strong as its weakest link, while the weakest link of any security system is the human infrastructure. A projection for the future of telecommunication network security postulates that, network security would continue to get worse unless there is a change in the prevailing practice of externality or vicarious liability in the computer/security industry; where consumers of security products, as opposed to producers, bear the cost of security ineffectiveness. It is suggested that all transmission devices be made GPS-compliant, with inherent capabilities for location-based mutual authentication. This could enhance the future of telecommunication security.Petroleum Technology Development Fun