| |
| Current Topic: Cryptography |
|
Cryptography's Role in Securing the Information Society |
|
|
|---|
| Topic: Cryptography |
1:05 am EDT, Apr 14, 2004 |
Former FBI Director Louis Freeh is back in the saddle of his hobbyhorse, complaining about key escrow/recovery. I thought we'd already covered this, back in 1996, but for those who may need a refresher, this book is the one stop shop. For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, US businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. This book addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users. Cryptography's Role in Securing the Information Society |
|
Louis Freeh - Statement to 9-11 Commission |
|
|
|---|
| Topic: Cryptography |
12:48 am EDT, Apr 14, 2004 |
CALEA simply permits the FBI to maintain court-approved access to digital communications and stored data. Another technical challenge called encryption then and now threatens to make court-authorized interception orders a nullity. Robust and commercially available encryption products are proliferating and no legal means has been provided to law enforcement to deal with this problem, as was done by Parliament in the United Kingdom. Terrorists have been able to exploit this huge vulnerability in our public safety matrix. In 1998, HPSCI adopted a substitute bill to S.909 which effectively addressed all of law enforcementÂ’s public safety and terrorism-related concerns regarding encryption products. Unfortunately, this needed counter-terrorism assistance was not enacted. As we know from Ramzi Yousef's encrypted computer files found in Manila, terrorists are exploiting this technology to defeat our most sophisticated methods to prevent their attacks. I have long said that this unaddressed problem creates a huge vulnerability in our nation's counter-terrorism program. Neither the Patriot Act nor any other likely-to-be-enacted statute even attempts to close this gap. Resolving this issue is critical to homeland security. #1 Recommendation: Provide legal authority and significant new funding to enable the FBI to manage information technology and deal with encryption. Louis Freeh - Statement to 9-11 Commission |
|
Dining Cryptographers Revisited |
|
|
|---|
| Topic: Cryptography |
1:29 am EDT, Apr 13, 2004 |
Dining cryptographers networks (or DC-nets) are a privacy-preserving primitive devised by Chaum for anonymous message publication. A very attractive feature of the basic DC-net is its non-interactivity -- no player-to-player communication. A drawback to DC-nets, however, is that malicious players can easily jam them. We present new DC-net constructions that simultaneously achieve non-interactivity and high-probability detection and identification of cheating players. I've always been intrigued by the dining cryptographers problem. Dining Cryptographers Revisited |
|
The Reader of Gentlemen's Mail |
|
|
|---|
| Topic: Cryptography |
11:20 am EST, Mar 28, 2004 |
David Kahn has written a first-rate biography of Herbert O. Yardley, the celebrated (and notorious) codebreaker and poker player, the cryptographic whiz who was, in Kahn's judgment, "the most colorful and controversial figure in American intelligence." As one of the most distinguished scholars of military intelligence, he is ideally suited to tell the tale. Why didn't the United States have "an agency of its own to solve and read foreign messages"? "As I asked myself this question I knew that I had the answer to my eager young mind which was searching for a purpose in life. I would devote my life to cryptography." All in all Yardley was a pretty weird guy. The Reader of Gentlemen's Mail |
|
Press Release: The Cyrillic Projector Code Has Been Solved |
|
|
|---|
| Topic: Cryptography |
11:34 pm EDT, Sep 22, 2003 |
] An international group of cryptographers, the Kryptos
] Group, announced this week that the decade-old Cyrillic
] Projector Code has been cracked, and that it deciphers to
] some classified KGB instructions and correspondence.
]
] The Cyrillic Projector is an encrypted sculpture at the
] University of North Carolina in Charlotte, that was
] created by Washington DC artist James Sanborn in the
] early 1990s. It was inspired by the encrypted Kryptos
] sculpture that Sanborn created two years earlier for CIA
] Headquarters.
]
] The message on the Cyrillic Projector has turned out to
] be in two parts. The decrypted first part is a Russian
] text encouraging secret agents to psychologically control
] potential sources of information. The second part appears
] to be a partial quote from classified KGB correspondence
] about the Soviet dissident Sakharov, with concerns that
] his report to the Pugwash conference was being used by
] the Americans for an anti-Soviet agenda. Kudos to Elonka and crew! Press Release: The Cyrillic Projector Code Has Been Solved |
|
Policy Says AES OK for National Security Info |
|
|
|---|
| Topic: Cryptography |
10:50 am EDT, Jun 21, 2003 |
The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. Policy Says AES OK for National Security Info |
|
Information-Theoretic Analysis of Information Hiding |
|
|
|---|
| Topic: Cryptography |
12:04 am EST, Mar 27, 2003 |
Pierre Moulin has a paper entitled "Information-Theoretic Analysis of Information Hiding" in the March 2003 issue of IEEE Transactions on Information Theory. You can find this paper online here, along with his other related work. Excerpts from the abstract of the paper: An information-theoretic analysis of information hiding is presented, forming the theoretical basis for design of information-hiding systems. ... The host data set is intentionally corrupted, but in a covert way, designed to be imperceptible to a casual analysis. We formalize and evaluate the hiding capacity ... [which] is the value of a game between the information hider and the attacker. It is shown that many existing information-hiding systems in the literature operate far below capacity. Information-Theoretic Analysis of Information Hiding |
|
Decimalisation Table Attacks for PIN Cracking [PDF] |
|
|
|---|
| Topic: Cryptography |
1:26 pm EST, Feb 22, 2003 |
We present an attack on hardware security modules used by retail banks for the secure storage and verification of customer PINs in ATM (cash machine) infrastructures. By using adaptive decimalisation tables and guesses, the maximum amount of information is learnt about the true PIN upon each guess. It takes an average of 15 guesses to determine a four digit PIN using this technique, instead of the 5000 guesses intended. In a single 30 minute lunch-break, an attacker can thus discover approximately 7000 PINs rather than 24 with the brute force method. With a $300 withdrawal limit per card, the potential bounty is raised from $7200 to $2.1 million and a single motivated attacker could withdraw $30-50 thousand of this each day. This attack thus presents a serious threat to bank security. Ross Anderson's students are getting into the act. (You can also find a mirror copy of this paper, with slightly different formatting, at http://cryptome.org/dtapc.pdf ) Decimalisation Table Attacks for PIN Cracking [PDF] |
|
The Code War | Beyond Discovery |
|
|
|---|
| Topic: Cryptography |
12:14 am EST, Feb 15, 2003 |
The newest release in the Beyond Discovery series, "The Code War," explores the trail of developments in the branch of mathematics known as number theory that led to modern-day encryption techniques. Learn about historical ciphers, Fermat's "little theorem" and why mathematics is vital for encryption today. The Code War | Beyond Discovery |
|
Master-Keyed Lock Vulnerability |
|
|
|---|
| Topic: Cryptography |
4:40 pm EST, Jan 23, 2003 |
We describe weaknesses in most master-keyed lock systems, such as those used by offices, schools, and businesses as well as by some residential facilities (particularly apartment complexes, dormitories, and condominiums). These weaknesses allow anyone with access to the key to a single lock to create easily the "master" key that opens every lock in the entire system. Creating such a key requires no special skill, leaves behind no evidence, and does not require engaging in recognizably suspicious behavior. The only materials required are a metal file and a small number of blank keys, which are often easy to obtain. Needless to say, the ability for any keyholder to obtain system-wide access represents a serious potential threat to the security of master-keyed installations. Individuals and institutions that depend on such locks to protect their safety and property should be aware of these risks and consider alternatives to eliminate or reduce their exposure to this threat. Matt Blaze is at it again ... this paper has a Markus Kuhn / Ross Anderson flavor to it. (There is a news article in today's NYT about this paper.) Master-Keyed Lock Vulnerability |
|
