232 research outputs found
Towards Quantum-Safe VPNs and Internet
Estimating that in 10 years time quantum computers capable of breaking public-key cryptography currently considered safe could exist, this threat is already eminent for information that require secrecy for more than 10 years. Considering the time required to standardize, implement and update existing networks signifies the urgency of adopting quantum-safe cryptography.
In this work, we investigate the trade-off between network and CPU overhead and the security levels defined by NIST. To do so, we integrate adapted OpenSSL libraries into OpenVPN, and perform experiments on a large variety of quantum-safe algorithms for respectively TLS versions 1.2 and 1.3 using OpenVPN and HTTPS independently. We describe the difficulties we encounter with the integration and we report the experimental performance results, comparing setting up the quantum-safe connection with setting up the connection without additional post-quantum cryptography
Adapting U.S. Electronic Surveillance Laws, Policies, and Practices to Reflect Impending Technological Developments
Intelligence collection must always evolve to meet technological developments. While the collection programs under Section 702 of the FISA Amendments Act of 2008 have produced a great deal of valuable intelligence over the last decade, the United States must begin to think about foreseeable technological developments and strategically consider how to conduct signals intelligence (SIGINT) collection in the future.
This Article identifies four technological trends that could significantly impact the way the United States conducts SIGINT. Individuals now have access to sophisticated technologies that formerly only governments seemed capable of creating, and this decentralization of capabilities will likely only increase in the future. The increased prevalence of anonymity and location-spoofing technologies offer benefits to individual users, but may create significant difficulties for the Intelligence Community in determining the location of targets, which is a fundamental aspect of the current legal regime governing SIGINT activities. Also, the United States’ “home field” advantage is receding. This trend means that the United States will have a smaller share of the world’s communications traffic transit its physical infrastructure, which will reduce the Intelligence Community’s ability to acquire precise and intact communications by serving directives on United States companies. The push towards data localization laws may further reduce the United States’ home field advantage. Finally, technology companies have begun to innovate in a manner that reduces their capability to respond to lawful government orders. Technology companies are increasingly adopting encryption technologies and may shift data overseas to try to avoid complying with lawful surveillance orders. Decisions by major private sector technology companies have the ability to shift how SIGINT is collected.
If a person’s true location becomes increasingly more difficult to ascertain, the law should adapt to the uncertainty of location. In addition to legislative reforms, it may be prudent to create more forward leaning procedures to ease some of the difficulties that could be caused by increased uncertainty of the location of targets. Finally, as Section 702 becomes less useful in the future, the Intelligence Community must improve collection under Executive Order 12333 to ensure that the government continues to acquire vital intelligence to protect United States national security interests
The Prom Problem: Fair and Privacy-Enhanced Matchmaking with Identity Linked Wishes
In the Prom Problem (TPP), Alice wishes to attend a school dance with Bob and needs a risk-free, privacy preserving way to find out whether Bob shares that same wish. If not, no one should know that she inquired about it, not even Bob. TPP represents a special class of matchmaking challenges, augmenting the properties of privacy-enhanced matchmaking, further requiring fairness and support for identity linked wishes (ILW) – wishes involving specific identities that are only valid if all involved parties have those same wishes.
The Horne-Nair (HN) protocol was proposed as a solution to TPP along with a sample pseudo-code embodiment leveraging an untrusted matchmaker. Neither identities nor pseudo-identities are included in any messages or stored in the matchmaker’s database. Privacy relevant data stay within user control. A security analysis and proof-of-concept implementation validated the approach, fairness was quantified, and a feasibility analysis demonstrated practicality in real-world networks and systems, thereby bounding risk prior to incurring the full costs of development.
The SecretMatch™ Prom app leverages one embodiment of the patented HN protocol to achieve privacy-enhanced and fair matchmaking with ILW. The endeavor led to practical lessons learned and recommendations for privacy engineering in an era of rapidly evolving privacy legislation. Next steps include design of SecretMatch™ apps for contexts like voting negotiations in legislative bodies and executive recruiting. The roadmap toward a quantum resistant SecretMatch™ began with design of a Hybrid Post-Quantum Horne-Nair (HPQHN) protocol. Future directions include enhancements to HPQHN, a fully Post Quantum HN protocol, and more
Landscape Mapping of Civil Society Digital Security in West Africa
In today's digital age, organisations are constantly exposed to various digital security threats. For civil society organisations (CSOs) in West Africa, the threat of cyber-attacks and data breaches is a real and growing concern. This study aims to shed light on the digital security challenges facing CSOs in West Africa, and to provide recommendations on how they can better protect themselves against digital security threats. By examining the most common threats, the exposure of CSOs to these threats, their preparedness to respond, and the effectiveness of national and organisational level policies, the study provides an in-depth analysis of the digital security landscape in West Africa
Recommended from our members
Adapting U.S. electronic surveillance laws, policies, and practices to reflect impending technological developments
Intelligence collection must always evolve to meet technological developments. While the collection programs under Section 702 of the FISA Amendments Act of 2008 have produced a great deal of valuable intelligence over the last decade, the U.S. must begin to think about foreseeable technological developments and strategically consider how to conduct signals intelligence (SIGINT) collection in the future. This article identifies four technological trends that could significantly impact the way the U.S. conducts SIGINT. Individuals now have access to sophisticated technologies that formerly only governments seemed capable of creating, and this decentralization of capabilities will likely only increase in the future. The increased prevalence of anonymity and location-spoofing technologies offer benefits to individual users, but may create significant difficulties for the Intelligence Community in determining the location of targets, which is a fundamental aspect of the current legal regime governing SIGINT activities. Also, the U.S.’s “home field” advantage is receding. This trend means that the U.S. will have a smaller share of the world’s communications traffic transit its physical infrastructure, which will reduce the Intelligence Community’s ability to acquire precise and intact communications by serving directives on U.S. companies. The push towards data localization laws may further reduce the U.S.’s home field advantage. Finally, technology companies have begun to innovate in a manner that reduces their capability to respond to lawful government orders. Technology companies are increasingly adopting encryption technologies and may shift data overseas to try to avoid complying with lawful surveillance orders. Decisions by major private sector technology companies have the ability to shift how SIGINT is collected. If a person’s true location becomes increasingly more difficult to ascertain, the law should adapt to the uncertainty of location. In addition to legislative reforms, it may be prudent to create more forward leaning procedures to ease some of the difficulties that could be caused by increased uncertainty of the location of targets. Finally, as Section 702 becomes less useful in the future, the Intelligence Community must improve collection under Executive Order 12333 to ensure that the government continues to acquire vital intelligence to protect U.S. national security interestsLawPublic Affair
Recommended from our members
The online stolen data market: disruption and intervention approaches
This article brings a new taxonomy and collation of intervention and disruption methods that can be applied to the online stolen data market. These online market-places are used to buy and sell identity and financial information, as well as the products and services that enable this economy. This article combines research findings from computer science with criminology to provide a multidisciplinary approach to crimes committed with the use of technology.This work was supported by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHSS&T/CSD) Broad Agency Announcement 11.02, the Government of Australia and SPAWAR Systems Center Pacific under contract number N66001-13-C-0131, to A.H.; and the National Institute of Justice, Office of Justice Programs, U.S. Department of Justice under grant number 2010-IJ-CX-1676, 2010, to T. H.This is the author accepted manuscript. The final version is available from Taylor & Francis via http://dx.doi.org/10.1080/17440572.2016.119712
Building Programmable Wireless Networks: An Architectural Survey
In recent times, there have been a lot of efforts for improving the ossified
Internet architecture in a bid to sustain unstinted growth and innovation. A
major reason for the perceived architectural ossification is the lack of
ability to program the network as a system. This situation has resulted partly
from historical decisions in the original Internet design which emphasized
decentralized network operations through co-located data and control planes on
each network device. The situation for wireless networks is no different
resulting in a lot of complexity and a plethora of largely incompatible
wireless technologies. The emergence of "programmable wireless networks", that
allow greater flexibility, ease of management and configurability, is a step in
the right direction to overcome the aforementioned shortcomings of the wireless
networks. In this paper, we provide a broad overview of the architectures
proposed in literature for building programmable wireless networks focusing
primarily on three popular techniques, i.e., software defined networks,
cognitive radio networks, and virtualized networks. This survey is a
self-contained tutorial on these techniques and its applications. We also
discuss the opportunities and challenges in building next-generation
programmable wireless networks and identify open research issues and future
research directions.Comment: 19 page
Tell All The Truth But Tell It Slant
Tell All The Truth But Tell It Slant is an exhibition of sculpture and drawings that focuses attention on the socio-political turmoil brought about by the ruling system in Iran. It also speaks to a shared melancholia in those who self-identify as Iranian. In Iran the oppressive regime continually and deliberately controls its citizens through enforcement of restrictive religious ideology. As a female artist of Iranian descent, using Karen Barad’s notion of agential realism, I seek to address power structures, and hegemonic systems of domination, while questioning dualisms and the sharp boundaries they produce that further impact power relations. Addressing life and politics in contemporary Iran, I purposely layer and fuse cultural and historical imagery from Persian and Islamic art and architecture along with contemporary images, ideas, and mass media stories. My practice accentuates the importance of materiality in relation to this political content by questioning subject-object relationships, and by revealing the agency that materials and spaces have
- …