Man Versus Machine: Can Computers Crack Cryptography?

After starting the project with the hopes of developing a program able to crack substitution ciphers via artificial life concepts, some deeper questions were arrived at. What is the line between the man and the machine? Can computers ever be capable of sentient thought? What does it mean for us as a species as we continually develop better ways to compute hard problems fast? Ultimately, I may not have the answer to these problems, but science might. I have to conclude that for now cryptography is safe, but will it always be safe? With the advent of the quantum computing era just over the horizon, the definition of a smart and intelligent computer is about to change drastically, and achievements in computing such as Deep Blue are going to become more commonplace than ever

CryptoKnight:generating and modelling compiled cryptographic primitives

Cryptovirological augmentations present an immediate, incomparable threat. Over the last decade, the substantial proliferation of crypto-ransomware has had widespread consequences for consumers and organisations alike. Established preventive measures perform well, however, the problem has not ceased. Reverse engineering potentially malicious software is a cumbersome task due to platform eccentricities and obfuscated transmutation mechanisms, hence requiring smarter, more efficient detection strategies. The following manuscript presents a novel approach for the classification of cryptographic primitives in compiled binary executables using deep learning. The model blueprint, a Dynamic Convolutional Neural Network (DCNN), is fittingly configured to learn from variable-length control flow diagnostics output from a dynamic trace. To rival the size and variability of equivalent datasets, and to adequately train our model without risking adverse exposure, a methodology for the procedural generation of synthetic cryptographic binaries is defined, using core primitives from OpenSSL with multivariate obfuscation, to draw a vastly scalable distribution. The library, CryptoKnight, rendered an algorithmic pool of AES, RC4, Blowfish, MD5 and RSA to synthesise combinable variants which automatically fed into its core model. Converging at 96% accuracy, CryptoKnight was successfully able to classify the sample pool with minimal loss and correctly identified the algorithm in a real-world crypto-ransomware applicatio

Implementing and Evaluating Nonsingular Matrices Generators for the Hill Cipher

A Cifra de Hill (Hill Cipher) é um exemplo clássico de um sistema criptográfico com propriedades muito interessantes, nomeadamente a implementação dos conceitos de confusão e difusão apresentados por Shannon como propriedades essenciais para as cifras; no entanto, a sua forma básica é vulnerável a Known Plaintext Attacks (KPAs). [...]Hill Cipher is a classical example of a cryptosystem with interesting properties, namely that it implements the diffusion and confusion concepts coined by Shannon as essential properties for ciphers; nonetheless, its basic form is vulnerable to KPAs. [...

Law, Metaphor, and the Encrypted Machine

The metaphors we use to imagine, describe, and regulate new technologies have profound legal implications. This article offers a critical examination of the metaphors we choose to describe encryption technology and aims to uncover some of the normative and legal implications of those choices. The article begins with a basic technical backgrounder and reviews the main legal and policy problems raised by strong encryption. Then it explores the relationship between metaphor and the law, demonstrating that legal metaphor may be particularly determinative wherever the law seeks to integrate novel technologies into old legal frameworks. The article establishes a loose framework for evaluating both the technological accuracy and the legal implications of encryption metaphors used by courts and lawmakers—from locked containers, car trunks, and combination safes to speech, shredded letters, untranslatable books, and unsolvable puzzles. What is captured by each of these cognitive models, and what is lost

Unlocking Test-Driven Development

Women Partnering is non-profit organization that helps women who are financially vulnerable. This organization establishes relationships with the women and connects them to support services. This project created a software system to support Women Partnering\u27s daily operations and reporting needs, which replaced the previous manually intensive, paper-based system. There were many problems with the previous paper-based system including the following: data duplication, data not readily available, and lack of a reporting capability. Besides these problems, the previous system was not expected to support anticipated growth. The student followed a Test-Driven Development Methodology while building the software system. This is the first time that the student has used Test-Driven Development on a project. To help with his understanding, he compared and contrasted this methodology to the Zachman Framework Methodology. The student knew that he also had to secure the application, so he researched the Rijndael cipher. The analysis, design, and testing is handled differently in Test-Drive

Some Facets of Complexity Theory and Cryptography: A Five-Lectures Tutorial

In this tutorial, selected topics of cryptology and of computational complexity theory are presented. We give a brief overview of the history and the foundations of classical cryptography, and then move on to modern public-key cryptography. Particular attention is paid to cryptographic protocols and the problem of constructing the key components of such protocols such as one-way functions. A function is one-way if it is easy to compute, but hard to invert. We discuss the notion of one-way functions both in a cryptographic and in a complexity-theoretic setting. We also consider interactive proof systems and present some interesting zero-knowledge protocols. In a zero-knowledge protocol one party can convince the other party of knowing some secret information without disclosing any bit of this information. Motivated by these protocols, we survey some complexity-theoretic results on interactive proof systems and related complexity classes.Comment: 57 pages, 17 figures, Lecture Notes for the 11th Jyvaskyla Summer Schoo

A DISTRIBUTED APPROACH TO PRIVACY ON THE CLOUD

The increasing adoption of Cloud-based data processing and storage poses a number of privacy issues. Users wish to preserve full control over their sensitive data and cannot accept it to be fully accessible to an external storage provider. Previous research in this area was mostly addressed at techniques to protect data stored on untrusted database servers; however, I argue that the Cloud architecture presents a number of specific problems and issues. This dissertation contains a detailed analysis of open issues. To handle them, I present a novel approach where confidential data is stored in a highly distributed partitioned database, partly located on the Cloud and partly on the clients. In my approach, data can be either private or shared; the latter is shared in a secure manner by means of simple grant-and-revoke permissions. I have developed a proof-of-concept implementation using an in\u2011memory RDBMS with row-level data encryption in order to achieve fine-grained data access control. This type of approach is rarely adopted in conventional outsourced RDBMSs because it requires several complex steps. Benchmarks of my proof-of-concept implementation show that my approach overcomes most of the problems