An Introduction to Cryptography
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
NSA's Efforts to Secure Private-Sector Telecommunications Infrastructure
Under the Radar: NSA’s Efforts to Secure Private-Sector Telecommunications Infrastructure Susan Landau* INTRODUCTION When Google discovered that intruders were accessing certain Gmail ac- counts and stealing intellectual property,1 the company turned to the National Security Agency (NSA) for help in securing its systems. For a company that had faced accusations of violating user privacy, to ask for help from the agency that had been wiretapping Americans without warrants appeared decidedly odd, and Google came under a great deal of criticism. Google had approached a number of federal agencies for help on its problem; press reports focused on the company’s approach to the NSA. Google’s was the sensible approach. Not only was NSA the sole government agency with the necessary expertise to aid the company after its systems had been exploited, it was also the right agency to be doing so. That seems especially ironic in light of the recent revelations by Edward Snowden over the extent of NSA surveillance, including, apparently, Google inter-data-center communications.2 The NSA has always had two functions: the well-known one of signals intelligence, known in the trade as SIGINT, and the lesser known one of communications security or COMSEC. The former became the subject of novels, histories of the agency, and legend. The latter has garnered much less attention. One example of the myriad one could pick is David Kahn’s seminal book on cryptography, The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet.3 It devotes fifty pages to NSA and SIGINT and only ten pages to NSA and COMSEC. -
A History of End-To-End Encryption and the Death of PGP
25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment". -
Special Operations Executive - Wikipedia
12/23/2018 Special Operations Executive - Wikipedia Special Operations Executive The Special Operations Executive (SOE) was a British World War II Special Operations Executive organisation. It was officially formed on 22 July 1940 under Minister of Economic Warfare Hugh Dalton, from the amalgamation of three existing Active 22 July 1940 – 15 secret organisations. Its purpose was to conduct espionage, sabotage and January 1946 reconnaissance in occupied Europe (and later, also in occupied Southeast Asia) Country United against the Axis powers, and to aid local resistance movements. Kingdom Allegiance Allies One of the organisations from which SOE was created was also involved in the formation of the Auxiliary Units, a top secret "stay-behind" resistance Role Espionage; organisation, which would have been activated in the event of a German irregular warfare invasion of Britain. (especially sabotage and Few people were aware of SOE's existence. Those who were part of it or liaised raiding operations); with it are sometimes referred to as the "Baker Street Irregulars", after the special location of its London headquarters. It was also known as "Churchill's Secret reconnaissance. Army" or the "Ministry of Ungentlemanly Warfare". Its various branches, and Size Approximately sometimes the organisation as a whole, were concealed for security purposes 13,000 behind names such as the "Joint Technical Board" or the "Inter-Service Nickname(s) The Baker Street Research Bureau", or fictitious branches of the Air Ministry, Admiralty or War Irregulars Office. Churchill's Secret SOE operated in all territories occupied or attacked by the Axis forces, except Army where demarcation lines were agreed with Britain's principal Allies (the United Ministry of States and the Soviet Union). -
Battle of the Clipper Chip - the New York Times
Battle of the Clipper Chip - The New York Times https://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipp... https://nyti.ms/298zenN Battle of the Clipper Chip By Steven Levy June 12, 1994 See the article in its original context from June 12, 1994, Section 6, Page 46 Buy Reprints VIEW ON TIMESMACHINE TimesMachine is an exclusive benefit for home delivery and digital subscribers. About the Archive This is a digitized version of an article from The Times’s print archive, before the start of online publication in 1996. To preserve these articles as they originally appeared, The Times does not alter, edit or update them. Occasionally the digitization process introduces transcription errors or other problems; we are continuing to work to improve these archived versions. On a sunny spring day in Mountain View, Calif., 50 angry activists are plotting against the United States Government. They may not look subversive sitting around a conference table dressed in T-shirts and jeans and eating burritos, but they are self-proclaimed saboteurs. They are the Cypherpunks, a loose confederation of computer hackers, hardware engineers and high-tech rabble-rousers. The precise object of their rage is the Clipper chip, offically known as the MYK-78 and not much bigger than a tooth. Just another tiny square of plastic covering a silicon thicket. A computer chip, from the outside indistinguishable from thousands of others. It seems 1 of 19 11/29/20, 6:16 PM Battle of the Clipper Chip - The New York Times https://www.nytimes.com/1994/06/12/magazine/battle-of-the-clipp.. -
Zfone: a New Approach for Securing Voip Communication
Zfone: A New Approach for Securing VoIP Communication Samuel Sotillo [email protected] ICTN 4040 Spring 2006 Abstract This paper reviews some security challenges currently faced by VoIP systems as well as their potential solutions. Particularly, it focuses on Zfone, a vendor-neutral security solution developed by PGP’s creator, Phil Zimmermann. Zfone is based on the Z Real-time Transport Protocol (ZRTP), which is an extension of the Real-time Transport Protocol (RTP). ZRTP offers a very simple and robust approach to providing protection against the most common type of VoIP threats. Basically, the protocol offers a mechanism to guarantee high entropy in a Diffie- Hellman key exchange by using a session key that is computed through the hashing several secrets, including a short authentication string that is read aloud by callers. The common shared secret is calculated and used only for one session at a time. However, the protocol allows for a part of the shared secret to be cached for future sessions. The mechanism provides for protection for man-in-the-middle, call hijack, spoofing, and other common types of attacks. Also, this paper explores the fact that VoIP security is a very complicated issue and that the technology is far from being inherently insecure as many people usually claim. Introduction Voice over IP (VoIP) is transforming the telecommunication industry. It offers multiple opportunities such as lower call fees, convergence of voice and data networks, simplification of deployment, and greater integration with multiple applications that offer enhanced multimedia functionality [1]. However, notwithstanding all these technological and economic opportunities, VoIP also brings up new challenges. -
Jataka Tales: Layers of Meaning from the Universal to the Personal
Jataka Tales: Layers of Meaning from the Universal to the Personal Grade Level or Course Type: English, Social Studies, adaptable for grades 6 through 10 Overview of the Lesson Jataka Tales: Birth Stories of the Buddha are among the world’s oldest collection of stories. Many, about endearing animals who misbehave – and then learn to behave better – are appealing to children throughout the world. In this lesson students compare an Aesop’s fable to a Jataka Tale to see what they share in common. Students then learn about the Buddhist context of the tales, through which they deepen their appreciation of what makes a Jataka Tale unique. Finally, students approach a Jataka Tale through the meaning it held in the life of Noor Inayat Khan (1914-1944), whose classic collection Twenty Jataka Tales is still in print. She was a Muslim who worked as a covert agent for the British in Occupied France. She died at Dachau in 1944. In all three activities, students gain insight into what makes stories important in our lives. Learning Outcomes: • Identify stories by genre as fable, parable, folktale and fairy tale. • Decipher the moral of a story. • Understand Buddhist concepts (Ten Perfections, cycle of death and rebirth) • Learn about the life and appreciate the artistry of Noor Inayat Khan. Materials Needed • This lesson and the handouts included with it. They include: Handout 1. Life of Noor Inayat Khan with photos and scrapbook activity Handout 2. The Monkey and the Dolphin credited to Aesop and genre definitions Handout 3. The Patient Buffalo, a Jataka Tale Handout 4. -
A Matter of Security, Privacy and Trust
A matter of security, privacy and trust: A study of the principles and values of encryption in New Zealand Michael Dizon Ryan Ko Wayne Rumbles Patricia Gonzalez Philip McHugh Anthony Meehan Acknowledgements This study was funded by grants from the New Zealand Law Foundation and the University of Waikato. We would like to express our gratitude to our project collaborators and members of the Advisory Board – Prof Bert-Jaap Koops (Tilburg University), Prof Lyria Bennett Moses (UNSW Sydney), Prof Alana Maurushat (Western Sydney University), and Associate Professor Alex Sims (University of Auckland) – for their support as well as feedback on specific parts of this report. We would also like to thank Patricia Gonzalez, Joseph Graddy, Philip McHugh, Anthony Meehan, Jean Murray and Peter Upson for their valuable research assistance and other contributions to this study. Michael Dizon, Ryan Ko and Wayne Rumbles Principal investigators December 2019 Executive summary Cybersecurity is crucial for ensuring the safety and well-being of the general public, businesses, government, and the country as a whole. New Zealand has a reasonably comprehensive and well-grounded legal regime and strategy for dealing with cybersecurity matters. However, there is one area that deserves further attention and discussion – encryption. Encryption is at the heart of and underpins many of the technologies and technical processes used for computer and network security, but current laws and policies do not expressly cover this significant technology. The principal objective of this study is to identify the principles and values of encryption in New Zealand with a view to informing future developments of encryption- related laws and policies. -
State of the Art in Lightweight Symmetric Cryptography
State of the Art in Lightweight Symmetric Cryptography Alex Biryukov1 and Léo Perrin2 1 SnT, CSC, University of Luxembourg, [email protected] 2 SnT, University of Luxembourg, [email protected] Abstract. Lightweight cryptography has been one of the “hot topics” in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products. In this paper, we discuss the different implementation constraints that a “lightweight” algorithm is usually designed to satisfy. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (nist...) and international (iso/iec...) standards are listed. We then discuss some trends we identified in the design of lightweight algorithms, namely the designers’ preference for arx-based and bitsliced-S-Box-based designs and simple key schedules. Finally, we argue that lightweight cryptography is too large a field and that it should be split into two related but distinct areas: ultra-lightweight and IoT cryptography. The former deals only with the smallest of devices for which a lower security level may be justified by the very harsh design constraints. The latter corresponds to low-power embedded processors for which the Aes and modern hash function are costly but which have to provide a high level security due to their greater connectivity. Keywords: Lightweight cryptography · Ultra-Lightweight · IoT · Internet of Things · SoK · Survey · Standards · Industry 1 Introduction The Internet of Things (IoT) is one of the foremost buzzwords in computer science and information technology at the time of writing. -
Cryptography
Cryptography From Wikipedia, the free encyclopedia Jump to: navigation, search "Secret code" redirects here. For the Aya Kamiki album, see Secret Code. German Lorenz cipher machine, used in World War II to encrypt very-high-level general staff messages Cryptography (or cryptology; from Greek κρυπτός, kryptos, "hidden, secret"; and γράφ, gráph, "writing", or -λογία, -logia, respectively)[1] is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce. Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information from a readable state to nonsense. The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read it. Since WWI and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and its application more widespread. Alongside the advancement in cryptology-related technology, the practice has raised a number of legal issues, some of which remain unresolved. Contents [hide] • 1 Terminology • 2 History of cryptography and cryptanalysis o 2.1 Classic cryptography o 2.2 The computer era • 3 Modern cryptography o 3.1 Symmetric-key cryptography o 3.2 Public-key cryptography o 3.3 Cryptanalysis o 3.4 Cryptographic primitives o 3.5 Cryptosystems • 4 Legal issues o 4.1 Prohibitions o 4.2 Export controls o 4.3 NSA involvement o 4.4 Digital rights management • 5 See also • 6 References • 7 Further reading • 8 External links [edit] Terminology Until modern times cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (plaintext) into unintelligible gibberish (i.e., ciphertext).[2] Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. -
An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext
An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext By Isaac Quinn DuPont A thesis submitted in conformity with the requirements for the degree of Doctor of Philosophy Faculty of Information University of Toronto © Copyright by Isaac Quinn DuPont 2017 ii An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext Isaac Quinn DuPont Doctor of Philosophy Faculty of Information University of Toronto 2017 Abstract Tis dissertation is an archeological study of cryptography. It questions the validity of thinking about cryptography in familiar, instrumentalist terms, and instead reveals the ways that cryptography can been understood as writing, media, and computation. In this dissertation, I ofer a critique of the prevailing views of cryptography by tracing a number of long overlooked themes in its history, including the development of artifcial languages, machine translation, media, code, notation, silence, and order. Using an archeological method, I detail historical conditions of possibility and the technical a priori of cryptography. Te conditions of possibility are explored in three parts, where I rhetorically rewrite the conventional terms of art, namely, plaintext, encryption, and ciphertext. I argue that plaintext has historically been understood as kind of inscription or form of writing, and has been associated with the development of artifcial languages, and used to analyze and investigate the natural world. I argue that the technical a priori of plaintext, encryption, and ciphertext is constitutive of the syntactic iii and semantic properties detailed in Nelson Goodman’s theory of notation, as described in his Languages of Art. I argue that encryption (and its reverse, decryption) are deterministic modes of transcription, which have historically been thought of as the medium between plaintext and ciphertext. -
The Science of Cryptology
Page 1 of 5 The Science of Cryptology A section from the book UMTS Security by Valtteri Niemi and Kaisa Nyberg, to appear in November 2003, published by Wiley@Co. Cryptographic systems Cryptology is the science of information security and privacy. Mathematical techniques are investigated and developed to provide authenticity confidentiality, integrity and other security services for information that is communicated, stored or processed in an information system. Also the strength of cryptographic designs and protocols are evaluated from the point of view of mathematics, systems theory and complexity theory. The design part of the science is called cryptography, while the security investigations and analysis is known as cryptanalysis. The naming convention reflects the two sides of the science of cryptology. This division is also apparent in the practical cryptographic development work, where the best practise has become to split the development resources into two teams. The team of cryptographers make proposals for cryptographic designs, which the team of cryptanalysts try to break. A cryptographic system in its basic form is often depicted as a communication system involving three entities. Two of the entities are exchanging messages over an insecure communication channel. It has become customary to call these entities Alice and Bob. The third entity has access to the communication channel. She is called Carol, as the third letter to the alphabet, or Eve, as the eavesdropper. But Eve is allowed to perform all kind of malicious actions on the communicated messages, not just passive eavesdropping. All parties are also assumed to have certain computation resources. Different theoretical models vary a lot with respect to the amount computation resources the entities have and what kind of tampering Eve is performing on the communication channel. -
FYS 146 Cryptography Fall 2010 What Next? December 13Th
FYS 146 Cryptography Fall 2010 What next? December 13th Congratulations! You have made it to the end of the course on cryptography. We have talked about many different ideas this semester, but we have only scratched the surface and there are many many more topics related to secrecy. I have compiled below a list of books, some serious and some not-so-serious, that I recommend you check out. Fiction • Cryptonomicon by Neal Stephenson. Probably the quintessential crypto novel. Alternates between a storyline in WWII and a storyline in current day, with parallels and discussion of the cryptosystems used all along. A great story and very well-written. But long. HIGHLY Recommended. • The Company by Robert Littell. This is a fictionalized account of a group of spies working for the CIA and KGB through the coldwar. The story spans 50 or so years, and has a wonderful cast of characters. This was also made into a decent miniseries last summer which is now out on DVD starring Chris O'Donnell and Michael Keaton. Littell has several other novels about spies, but this is the best of the ones that I have read. • Enigma by Robert Harris. This novel tells the story of some of the codebreakers at Bletchley Park. The movie, starring Kate Winslet and Dougray Scott, is above average as well. • Good News, Bad News by David Wolstencroft. I don't actually think there is any crypto in this novel, but it is one of my favorite spy novels. Set in contemporary London, it deals with two coworkers who are both undercover spies and are ordered to kill each other.