Increased security through open source

In this paper we discuss the impact of open source on both the security and transparency of a software system. We focus on the more technical aspects of this issue, combining and extending arguments developed over the years. We stress that our discussion of the problem only applies to software for general purpose computing systems. For embedded systems, where the software usually cannot easily be patched or upgraded, different considerations may apply

Bitcoin: the wrong implementation of the right idea at the right time

This paper is a study into some of the regulatory implications of cryptocurrencies using the CAMPO research framework (Context, Actors, Methods, Methods, Practice, Outcomes). We explain in CAMPO format why virtual currencies are of interest, how self-regulation has failed, and what useful lessons can be learned. We are hopeful that the full paper will produce useful and semi-permanent findings into the usefulness of virtual currencies in general, block chains as a means of mining currency, and the profundity of current ‘media darling’ currency Bitcoin as compared with the development of block chain generator Ethereum. While virtual currencies can play a role in creating better trading conditions in virtual communities, despite the risks of non-sovereign issuance and therefore only regulation by code (Brown/Marsden 2013), the methodology used poses significant challenges to researching this ‘community’, if BitCoin can even be said to have created a single community, as opposed to enabling an alternate method of exchange for potentially all virtual community transactions. First, BitCoin users have transparency of ownership but anonymity in many transactions, necessary for libertarians or outright criminals in such illicit markets as #SilkRoad. Studying community dynamics is therefore made much more difficult than even such pseudonymous or avatar based communities as Habbo Hotel, World of Warcraft or SecondLife. The ethical implications of studying such communities raise similar problems as those of Tor, Anonymous, Lulzsec and other anonymous hacker communities. Second, the journalistic accounts of BitCoin markets are subject to sensationalism, hype and inaccuracy, even more so than in the earlier hype cycle for SecondLife, exacerbated by the first issue of anonymity. Third, the virtual currency area is subject to slowly emerging regulation by financial authorities and police forces, which appears to be driving much of the early adopter community ‘underground’. Thus, the community in 2016 may not bear much resemblance to that in 2012. Fourth, there has been relatively little academic empirical study of the community, or indeed of virtual currencies in general, until relatively recently. Fifth, the dynamism of the virtual currency environment in the face of the deepening mistrust of the financial system after the 2008 crisis is such that any research conclusions must by their nature be provisional and transient. All these challenges, particularly the final three, also raise the motivation for research – an alternative financial system which is separated from the real-world sovereign and which can use code regulation with limited enforcement from offline policing, both returns the study to the libertarian self-regulated environment of early 1990s MUDs, and offers a tantalising prospect of a tool to evade the perils of ‘private profit, socialized risk’ which existing large financial institutions created in the 2008-12 disaster. The need for further research into virtual currencies based on blockchain mining, and for their usage by virtual communities, is thus pressing and should motivate researchers to solve the many problems in methodology for exploring such an environment

Securing The Root: A Proposal For Distributing Signing Authority

Management of the Domain Name System (DNS) root zone file is a uniquely global policy problem. For the Internet to connect everyone, the root must be coordinated and compatible. While authority over the legacy root zone file has been contentious and divisive at times, everyone agrees that the Internet should be made more secure. A newly standardized protocol, DNS Security Extensions (DNSSEC), would make the Internet's infrastructure more secure. In order to fully implement DNSSEC, the procedures for managing the DNS root must be revised. Therein lies an opportunity. In revising the root zone management procedures, we can develop a new solution that diminishes the impact of the legacy monopoly held by the U.S. government and avoids another contentious debate over unilateral U.S. control. In this paper we describe the outlines of a new system for the management of a DNSSEC-enabled root. Our proposal distributes authority over securing the root, unlike another recently suggested method, while avoiding the risks and pitfalls of an intergovernmental power sharing scheme

Giving You back Control of Your Data: Digital Signing Practical Issues and the eCert Solution

As technologies develop rapidly, digital signing is commonly used in eDocument security. However, unaddressed issues exist. An eCertificate system represents the problem situation, and therefore is being used as case study, in a project called eCert, to research for the solution. This paper addresses these issues, explores the gap between current tools and the desired system, through analysis of the existing services and eCertificate use cases, and the identified requirements, thereby presenting an approach which solves the above problems. Preliminary results indicate that the recommendation from this research meets the design requirements, and could form the foundation of future study of solving digital signing issues

One-way Quantum Key Distribution System based on Planar Lightwave Circuits

We developed a one-way quantum key distribution (QKD) system based upon a planar lightwave circuit (PLC) interferometer. This interferometer is expected to be free from the backscattering inherent in commercially available two-way QKD systems and phase drift without active compensation. A key distribution experiment with spools of standard telecom fiber showed that the bit error rate was as low as 6% for a 100-km key distribution using an attenuated laser pulse with a mean photon number of 0.1 and was determined solely by the detector noise. This clearly demonstrates the advantages of our PLC-based one-way QKD system over two-way QKD systems for long distance key distribution.Comment: 23 pages, 5 figure

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

The secret keys of critical network authorities - such as time, name, certificate, and software update services - represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-in-the-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.Comment: 20 pages, 7 figure

Ransomware in High-Risk Environments

In today’s modern world, cybercrime is skyrocketing globally, which impacts a variety of organizations and endpoint users. Hackers are using a multitude of approaches and tools, including ransomware threats, to take over targeted systems. These acts of cybercrime lead to huge damages in areas of business, healthcare systems, industry sectors, and other fields. Ransomware is considered as a high risk threat, which is designed to hijack the data. This paper is demonstrating the ransomware types, and how they are evolved from the malware and trojan codes, which is used to attack previous incidents, and explains the most common encryption algorithms such as AES, and RSA, ransomware uses them during infection process in order to produce complex threats. The practical approach for data encryption uses python programming language to show the efficiency of those algorithms in real attacks by executing this section on Ubuntu virtual machine. Furthermore, this paper analyzes programming languages, which is used to build ransomware. An example of ransomware code is being demonstrated in this paper, which is written specifically in C sharp language, and it has been tested out on windows operating system using MS visual studio. So, it is very important to recognize the system vulnerability, which can be very useful to prevent the ransomware. In contrast, this threat might sneak into the system easily, allowing for a ransom to be demanded. Therefore, understanding ransomware anatomy can help us to find a better solution in different situations. Consequently, this paper shows a number of outstanding removal techniques to get rid from ransomware attacks in the system

Means of Payment in E-Commerce (Credit Cards and E-Money)

Once the web has spread and due to the great mass of users, firms with trade activity intesified their commercial tranzactions on-line. Thus the e-commerce implies e-payments which lead to creating e-money and implicitly some specific means of payment, all of these used with the aim of deployment and development of commercial tranzactions on-line.e-commerce, First Virtual, e-cash, Net-Cash