7 research outputs found
Some Facets of Complexity Theory and Cryptography: A Five-Lectures Tutorial
In this tutorial, selected topics of cryptology and of computational
complexity theory are presented. We give a brief overview of the history and
the foundations of classical cryptography, and then move on to modern
public-key cryptography. Particular attention is paid to cryptographic
protocols and the problem of constructing the key components of such protocols
such as one-way functions. A function is one-way if it is easy to compute, but
hard to invert. We discuss the notion of one-way functions both in a
cryptographic and in a complexity-theoretic setting. We also consider
interactive proof systems and present some interesting zero-knowledge
protocols. In a zero-knowledge protocol one party can convince the other party
of knowing some secret information without disclosing any bit of this
information. Motivated by these protocols, we survey some complexity-theoretic
results on interactive proof systems and related complexity classes.Comment: 57 pages, 17 figures, Lecture Notes for the 11th Jyvaskyla Summer
Schoo
Recommended from our members
Vernam, Mauborgne, and Friedman: The One-Time Pad and the Index of Coincidence
The conventional narrative for the invention of the AT and T one-time pad was related by David Kahn. Based on the evidence available in the AT and T patent files and from interviews and correspondence, he concluded that Gilbert Vernam came up with the need for randomness, while Joseph Mauborgne realized the need for a non-repeating key. Examination of other documents suggests a different narrative. It is most likely that Vernam came up with the need for non-repetition; Mauborgne, though, apparently contributed materially to the invention of the two-tape variant. Furthermore, there is reason to suspect that he suggested the need for randomness to Vernam. However, neither Mauborgne, Herbert Yardley, nor anyone at AT and T really understood the security advantages of the true one-time tape. Col. Parker Hitt may have; William Friedman definitely did. Finally, we show that Friedman's attacks on the two-tape variant likely led to his invention of the index of coincidence, arguably the single most important publication in the history of cryptanalysis
Key recovery in a business environment
This thesis looks at the use of key recovery primarily from the
perspective of business needs, as opposed to the needs of governments
or regulatory bodies.
The threats that necessitate the use of key recovery as a
countermeasure are identified together with the requirements for a
key recovery mechanism deployed in a business environment. The
applicability of mechanisms (mainly designed for law enforcement
access purposes) is also examined. What follows from this analysis is
that whether the target data is being communicated or archived can
influence the criticality of some of the identified requirements.
As a result, key recovery mechanisms used for archived data need to
be distinguished from those used for communicated data, and the
different issues surrounding those two categories are further
investigated. Two mechanisms specifically designed for use on
archived data are proposed.
An investigation is also carried out regarding the interoperability
of dissimilar key recovery mechanisms, when these are used for
encrypted communicated data. We study a scheme proposed by the Key
Recovery Alliance to promote interoperability between dissimilar
mechanisms and we show that it fails to achieve one of its
objectives. Instead, a negotiation protocol is proposed where the
communicating parties can agree on a mutually acceptable or
different, yet interoperable, key recovery mechanism(s).
The issue of preventing unfair key recovery by either of two
communicating parties, where one of the parties activates a covert
channel for key recovery by a third party, is also investigated. A
protocol is proposed that can prevent this. This protocol can also
be used as a certification protocol for Diffie-Hellman keys in cases
where neither the user nor the certification authority are trusted to
generate the user’s key on their own.
Finally, we study the use of key recovery in one of the authentication
protocols proposed in the context of third generation mobile communications.
We propose certain modifications that give it a key recovery capability in an
attempt to assist its international deployment given potential government
demands for access to encrypted communications
A message-level security approach for RESTful services
In the past ten years Web Services have positioned themselves to be one of the leading
distributed technologies. The technology, supported by major IT companies, offers
specifications to many challenges in a distributed environment like strong interface and
message contacts, service discovery, reliable message exchange and advanced security
mechanisms. On the other hand, all these specifications have made Web Services very
complex and the industry is struggling to implement those in a standardized manner.
REST based services, also known as RESTful services, are based on pure HTTP and
have risen as competitors to Web Services, mainly because of their simplicity. Now they are
being adopted by the majority of the big industry corporations including Microsoft, Yahoo
and Google, who have deprecated or passed on Web Services in favor of RESTful services.
However, RESTful services have been criticized for lacking functionality offered by Web
Services, especially message-level security. Since security is an important functionality which
may tip the scale in a negative direction for REST based services, this thesis proposes a
prototype solution for message-level security for RESTful services. The solution is for the
most part technical and utilizes well-known, cross-platform mechanisms which are composed
together while a smaller part of the solution discusses a non-technical approach regarding the
token distribution. During the development of the prototype, much of the focus was to adapt
the solution according to the REST principals and guidelines, such are multi-format support
(XML or JSON) and light-weight, human readable messages
User acceptance of systems for archiving and securing degree certificates and related documents.
Doctoral Degree. University of KwaZulu-Natal, Durban.Changing economic circumstances have led to the investigation of alternative solutions to
economic problems. This has had an impact on communities who see academic qualifications
as a solution to securing employment. With the increase in job opportunities requiring suitable
qualifications, an increase in ‘qualification competition’ has occurred. This has resulted in
academic qualifications being seen as a ‘key’ to securing employment. Unfortunately, such a
perception has caused many individuals to pursue opportunities using ‘quick fix’ solutions and
acquiring academic qualifications through breaches of security around these qualifications.
Higher Education is one of the many sectors that is battling with security issues of this type. In
South Africa alone, for the past few years, there has been a considerable increase in cases of
persons who have been found to have faked either their senior certificates or university
degrees, including doctorates. This is becoming a growing concern as it taints the image of the
higher education sector in South Africa, and places at risk international relationshipsin higher
education and beyond that the country has enjoyed over many years.
Many education sectors are based on security systems in which the basic data of a person’s
name and surname, for example, are retained when they graduateand the qualification they
have legitimately received is recorded. This data is used when a re-print of a certificate is
required. Though this method has been working well for some time, it has developed major
flaws, in line with the sophistication of information and communications technology in
general. This applies especially to the ability to edit e-versions of a certificate using image
processing software. Thus, proper verification of the data captured in an e-version or hardcopy
of a certificate (when reprinted, for example), represents an increasing risk, and, in some
cases, results in a breach of security. Furthermore, some individuals have found ways to e-edit
and print their own certificates, which look effectively identical to the authenticated
certificates.
While the emerging trend in various sectors is to store all data using the appropriate technology
tools as a security measure for protecting information, organizations are becoming exposed to
cybercrimes. As a result, data security has increasingly become a cause for concern. What is
most disturbing, is that computer security breaches have increased, and in many cases, shown
to be the result of ‘insider misuse and abuse’ of the information security measures established
by an organization. It is for this reason that the current study and the work reported in this
thesis has been undertaken and involves a focus on understanding what causes users to accept
and follow an organization’s information systems security measures. The study is informed by the Unified Theory of Acceptance and Use of Technology (UTAUT),
as a framework to explore securing and archiving academic transcripts at the University of
KwaZulu-Natal (UKZN). The results showed that the intention of the UKZN staff to use the
system positively, relates to their performance expectancy, effort expectancy, social influence
and facilitating conditions. The use of UTAUT in a mixed methods study within an academic
environment assesses the existing measures of securing and archiving academic transcripts and
identifies various weaknesses in the current system. Based on the findings of the study, the
steganographic method is demonstrated and suggested as an improved method of securing and
archiving academic certificates at UKZN.
The original contribution is an in-depth study at UKZN that answered the user acceptance
research questions and demonstrated the practical application of the steganographic method in
securing and archiving data
HM 32: New Interpretations in Naval History
Selected papers from the twenty-first McMullen Naval History Symposium held at the U.S. Naval Academy, 19–20 September 2019.https://digital-commons.usnwc.edu/usnwc-historical-monographs/1031/thumbnail.jp
Commerce Raiding
The sixteen case studies in this book reflect the extraordinary diversity of experience of navies attempting to carry out, and also to eliminate, commerce raiding. Because the cases emphasize conflicts in which commerce raiding had major repercussions, they shed light on when, how, and in what manner it is most likely to be effective. The authors have been asked to examine the international context, the belligerents, the distribution of costs and benefits, the logistical requirements, enemy countermeasures, and the operational and strategic effectiveness of these campaigns.https://digital-commons.usnwc.edu/usnwc-newport-papers/1039/thumbnail.jp