Some Facets of Complexity Theory and Cryptography: A Five-Lectures Tutorial

In this tutorial, selected topics of cryptology and of computational complexity theory are presented. We give a brief overview of the history and the foundations of classical cryptography, and then move on to modern public-key cryptography. Particular attention is paid to cryptographic protocols and the problem of constructing the key components of such protocols such as one-way functions. A function is one-way if it is easy to compute, but hard to invert. We discuss the notion of one-way functions both in a cryptographic and in a complexity-theoretic setting. We also consider interactive proof systems and present some interesting zero-knowledge protocols. In a zero-knowledge protocol one party can convince the other party of knowing some secret information without disclosing any bit of this information. Motivated by these protocols, we survey some complexity-theoretic results on interactive proof systems and related complexity classes.Comment: 57 pages, 17 figures, Lecture Notes for the 11th Jyvaskyla Summer Schoo

Vernam, Mauborgne, and Friedman: The One-Time Pad and the Index of Coincidence

The conventional narrative for the invention of the AT and T one-time pad was related by David Kahn. Based on the evidence available in the AT and T patent files and from interviews and correspondence, he concluded that Gilbert Vernam came up with the need for randomness, while Joseph Mauborgne realized the need for a non-repeating key. Examination of other documents suggests a different narrative. It is most likely that Vernam came up with the need for non-repetition; Mauborgne, though, apparently contributed materially to the invention of the two-tape variant. Furthermore, there is reason to suspect that he suggested the need for randomness to Vernam. However, neither Mauborgne, Herbert Yardley, nor anyone at AT and T really understood the security advantages of the true one-time tape. Col. Parker Hitt may have; William Friedman definitely did. Finally, we show that Friedman's attacks on the two-tape variant likely led to his invention of the index of coincidence, arguably the single most important publication in the history of cryptanalysis

Key recovery in a business environment

This thesis looks at the use of key recovery primarily from the perspective of business needs, as opposed to the needs of governments or regulatory bodies. The threats that necessitate the use of key recovery as a countermeasure are identified together with the requirements for a key recovery mechanism deployed in a business environment. The applicability of mechanisms (mainly designed for law enforcement access purposes) is also examined. What follows from this analysis is that whether the target data is being communicated or archived can influence the criticality of some of the identified requirements. As a result, key recovery mechanisms used for archived data need to be distinguished from those used for communicated data, and the different issues surrounding those two categories are further investigated. Two mechanisms specifically designed for use on archived data are proposed. An investigation is also carried out regarding the interoperability of dissimilar key recovery mechanisms, when these are used for encrypted communicated data. We study a scheme proposed by the Key Recovery Alliance to promote interoperability between dissimilar mechanisms and we show that it fails to achieve one of its objectives. Instead, a negotiation protocol is proposed where the communicating parties can agree on a mutually acceptable or different, yet interoperable, key recovery mechanism(s). The issue of preventing unfair key recovery by either of two communicating parties, where one of the parties activates a covert channel for key recovery by a third party, is also investigated. A protocol is proposed that can prevent this. This protocol can also be used as a certification protocol for Diffie-Hellman keys in cases where neither the user nor the certification authority are trusted to generate the user’s key on their own. Finally, we study the use of key recovery in one of the authentication protocols proposed in the context of third generation mobile communications. We propose certain modifications that give it a key recovery capability in an attempt to assist its international deployment given potential government demands for access to encrypted communications

A message-level security approach for RESTful services

In the past ten years Web Services have positioned themselves to be one of the leading distributed technologies. The technology, supported by major IT companies, offers specifications to many challenges in a distributed environment like strong interface and message contacts, service discovery, reliable message exchange and advanced security mechanisms. On the other hand, all these specifications have made Web Services very complex and the industry is struggling to implement those in a standardized manner. REST based services, also known as RESTful services, are based on pure HTTP and have risen as competitors to Web Services, mainly because of their simplicity. Now they are being adopted by the majority of the big industry corporations including Microsoft, Yahoo and Google, who have deprecated or passed on Web Services in favor of RESTful services. However, RESTful services have been criticized for lacking functionality offered by Web Services, especially message-level security. Since security is an important functionality which may tip the scale in a negative direction for REST based services, this thesis proposes a prototype solution for message-level security for RESTful services. The solution is for the most part technical and utilizes well-known, cross-platform mechanisms which are composed together while a smaller part of the solution discusses a non-technical approach regarding the token distribution. During the development of the prototype, much of the focus was to adapt the solution according to the REST principals and guidelines, such are multi-format support (XML or JSON) and light-weight, human readable messages

User acceptance of systems for archiving and securing degree certificates and related documents.

Doctoral Degree. University of KwaZulu-Natal, Durban.Changing economic circumstances have led to the investigation of alternative solutions to economic problems. This has had an impact on communities who see academic qualifications as a solution to securing employment. With the increase in job opportunities requiring suitable qualifications, an increase in ‘qualification competition’ has occurred. This has resulted in academic qualifications being seen as a ‘key’ to securing employment. Unfortunately, such a perception has caused many individuals to pursue opportunities using ‘quick fix’ solutions and acquiring academic qualifications through breaches of security around these qualifications. Higher Education is one of the many sectors that is battling with security issues of this type. In South Africa alone, for the past few years, there has been a considerable increase in cases of persons who have been found to have faked either their senior certificates or university degrees, including doctorates. This is becoming a growing concern as it taints the image of the higher education sector in South Africa, and places at risk international relationshipsin higher education and beyond that the country has enjoyed over many years. Many education sectors are based on security systems in which the basic data of a person’s name and surname, for example, are retained when they graduateand the qualification they have legitimately received is recorded. This data is used when a re-print of a certificate is required. Though this method has been working well for some time, it has developed major flaws, in line with the sophistication of information and communications technology in general. This applies especially to the ability to edit e-versions of a certificate using image processing software. Thus, proper verification of the data captured in an e-version or hardcopy of a certificate (when reprinted, for example), represents an increasing risk, and, in some cases, results in a breach of security. Furthermore, some individuals have found ways to e-edit and print their own certificates, which look effectively identical to the authenticated certificates. While the emerging trend in various sectors is to store all data using the appropriate technology tools as a security measure for protecting information, organizations are becoming exposed to cybercrimes. As a result, data security has increasingly become a cause for concern. What is most disturbing, is that computer security breaches have increased, and in many cases, shown to be the result of ‘insider misuse and abuse’ of the information security measures established by an organization. It is for this reason that the current study and the work reported in this thesis has been undertaken and involves a focus on understanding what causes users to accept and follow an organization’s information systems security measures. The study is informed by the Unified Theory of Acceptance and Use of Technology (UTAUT), as a framework to explore securing and archiving academic transcripts at the University of KwaZulu-Natal (UKZN). The results showed that the intention of the UKZN staff to use the system positively, relates to their performance expectancy, effort expectancy, social influence and facilitating conditions. The use of UTAUT in a mixed methods study within an academic environment assesses the existing measures of securing and archiving academic transcripts and identifies various weaknesses in the current system. Based on the findings of the study, the steganographic method is demonstrated and suggested as an improved method of securing and archiving academic certificates at UKZN. The original contribution is an in-depth study at UKZN that answered the user acceptance research questions and demonstrated the practical application of the steganographic method in securing and archiving data

HM 32: New Interpretations in Naval History

Selected papers from the twenty-first McMullen Naval History Symposium held at the U.S. Naval Academy, 19–20 September 2019.https://digital-commons.usnwc.edu/usnwc-historical-monographs/1031/thumbnail.jp

Commerce Raiding

The sixteen case studies in this book reflect the extraordinary diversity of experience of navies attempting to carry out, and also to eliminate, commerce raiding. Because the cases emphasize conflicts in which commerce raiding had major repercussions, they shed light on when, how, and in what manner it is most likely to be effective. The authors have been asked to examine the international context, the belligerents, the distribution of costs and benefits, the logistical requirements, enemy countermeasures, and the operational and strategic effectiveness of these campaigns.https://digital-commons.usnwc.edu/usnwc-newport-papers/1039/thumbnail.jp