Secrets and lies: digital security in a networked world

Bestselling author Bruce Schneier offers his expert guidance on achieving security on a networkInternationally recognized computer security expert Bruce Schneier offers a practical, straightforward guide to achieving security throughout computer networks. Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. This practical guide provides readers with a better understanding of why protecting information is harder in the digital world, what they need to know to protect digital information, how t

Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

Agonistic behavior of captive saltwater crocodile, crocodylus porosus in Kota Tinggi, Johor

Agonistic behavior in Crocodylus porosus is well known in the wild, but the available data regarding this behavior among the captive individuals especially in a farm setting is rather limited. Studying the aggressive behavior of C. porosus in captivity is important because the data obtained may contribute for conservation and the safety for handlers and visitors. Thus, this study focuses on C. porosus in captivity to describe systematically the agonistic behaviour of C. porosus in relation to feeding time, daytime or night and density per pool. This study was carried out for 35 days in two different ponds. The data was analysed using Pearson’s chi-square analysis to see the relationship between categorical factors. The study shows that C. porosus was more aggressive during daylight, feeding time and non-feeding time in breeding enclosure (Pond C, stock density =0.0369 crocodiles/m2) as compared to non-breeding pond (Pond B, stock density =0.3317 crocodiles/m2) where it is only aggressive during the nighttime. Pond C shows the higher domination in the value of aggression in feeding and non-feeding time where it is related to its function as breeding ground. Chi-square analysis shows that there is no significant difference between ponds (p=0.47, χ2= 2.541, df= 3), thus, there is no relationship between categorical factors. The aggressive behaviour of C. porosus is important for the farm management to evaluate the risk in future for the translocation process and conservation of C. porosus generally

Attack vectors against social networking systems : the Facebook example

Social networking systems (SNS&rsquo;s) such as Facebook are an ever evolving and developing means of social interaction, which is not only being used to disseminate information to family, friends and colleagues but as a way of meeting and interacting with &quot;strangers&quot; through the advent of a large number of social applications. The attractiveness of such software has meant a dramatic increase in the number of frequent users of SNS&rsquo;s and the threats which were once common to the Internet have now been magnified, intensified and altered as the potential for criminal behaviour on SNS&rsquo;s increases. Social networking sites including Facebook contain a vast amount of personal information, that if obtained could be used for other purposes or to carry out other crimes such as identity theft. This paper will focus on the security threats posed to social networking sites and gain an understanding of these risks by using a security approach known as &ldquo;attack trees&rdquo;. This will allow for a greater understanding of the complexity associated with protecting Social Networking systems with a particular focus on Facebook.<br /

On the security of the Yen-Guo's domino signal encryption algorithm (DSEA)

Recently, a new domino signal encryption algorithm (DSEA) was proposed for digital signal transmission, especially for digital images and videos. This paper analyzes the security of DSEA, and points out the following weaknesses: 1) its security against the brute-force attack was overestimated; 2) it is not sufficiently secure against ciphertext-only attacks, and only one ciphertext is enough to get some information about the plaintext and to break the value of a sub-key; 3) it is insecure against known/chosen-plaintext attacks, in the sense that the secret key can be recovered from a number of continuous bytes of only one known/chosen plaintext and the corresponding ciphertext. Experimental results are given to show the performance of the proposed attacks, and some countermeasures are discussed to improve DSEA.Comment: 11 pages, 5 figure

The Myth of Superiority of American Encryption Products

Encryption software and hardware use sophisticated mathematical algorithms to encipher a message so that only the intended recipient may read it. Fearing that criminals and terrorists will use encryption to evade authorities, the United States now restricts the export of encryption products with key lengths of more than 56 bits. The controls are futile, because strong encryption products are readily available overseas. Foreign-made encryption products are as good as, or better than, U.S.-made products. U.S. cryptographers have no monopoly on the mathematical knowledge and methods used to create strong encryption. Powerful encryption symmetric-key technologies developed in other countries include IDEA and GOST. Researchers in New Zealand have developed very strong public-key encryption systems. As patents on strong algorithms of U.S. origin expire, researchers in other countries will gain additional opportunities to develop strong encryption technology based on those algorithms

Usability and Trust in Information Systems

The need for people to protect themselves and their assets is as old as humankind. People's physical safety and their possessions have always been at risk from deliberate attack or accidental damage. The advance of information technology means that many individuals, as well as corporations, have an additional range of physical (equipment) and electronic (data) assets that are at risk. Furthermore, the increased number and types of interactions in cyberspace has enabled new forms of attack on people and their possessions. Consider grooming of minors in chat-rooms, or Nigerian email cons: minors were targeted by paedophiles before the creation of chat-rooms, and Nigerian criminals sent the same letters by physical mail or fax before there was email. But the technology has decreased the cost of many types of attacks, or the degree of risk for the attackers. At the same time, cyberspace is still new to many people, which means they do not understand risks, or recognise the signs of an attack, as readily as they might in the physical world. The IT industry has developed a plethora of security mechanisms, which could be used to mitigate risks or make attacks significantly more difficult. Currently, many people are either not aware of these mechanisms, or are unable or unwilling or to use them. Security experts have taken to portraying people as "the weakest link" in their efforts to deploy effective security [e.g. Schneier, 2000]. However, recent research has revealed at least some of the problem may be that security mechanisms are hard to use, or be ineffective. The review summarises current research on the usability of security mechanisms, and discusses options for increasing their usability and effectiveness

IMPROVING SMART GRID SECURITY USING MERKLE TREES

Abstract—Presently nations worldwide are starting to convert their aging electrical power infrastructures into modern, dynamic power grids. Smart Grid offers much in the way of efficiencies and robustness to the electrical power grid, however its heavy reliance on communication networks will leave it more vulnerable to attack than present day grids. This paper looks at the threat to public key cryptography systems from a fully realized quantum computer and how this could impact the Smart Grid. We argue for the use of Merkle Trees in place of public key cryptography for authentication of devices in wireless mesh networks that are used in Smart Grid applications