Tuesday, June 24, 2014
Tuesday, April 15, 2014
Poster of Lattice-based Cryptography Workshop
Wednesday, March 19, 2014
Scott Alexander Vanstone passed away
Condolences to international cryptography community
http://www.iacr.org/people/Vanstone.html
He was a co-authors of, the well-known book, "Applied Cryptography".
http://www.iacr.org/people/Vanstone.html
He was a co-authors of, the well-known book, "Applied Cryptography".
Wednesday, January 29, 2014
Acoustic cryptanalysis
Check this out.
Maybe the most interesting part of this paper is the attack using just a mobile phone in 30 centimeter distance of victim laptop. This side channel attacks are one the most near to spying stuff things in cryptography. In the fifteenth question of the page, two documented real world acoustic attacks carried out by MI5 and some-not-mentioned-organisation in USA has been exampled.
There is also a wiki page for this attack.
Maybe the most interesting part of this paper is the attack using just a mobile phone in 30 centimeter distance of victim laptop. This side channel attacks are one the most near to spying stuff things in cryptography. In the fifteenth question of the page, two documented real world acoustic attacks carried out by MI5 and some-not-mentioned-organisation in USA has been exampled.
There is also a wiki page for this attack.
Tuesday, January 28, 2014
Users assumption about what security a system provides
On Bruce Schneier blog there was a post about arresting of a student who has sent email bomb threat to Harvard for skipping a final exam. Although he has used Tor network for anonymization, FBI has identified and arrested him by going through a list of Harvard users who has accessed Tor.
In cryptography, we believe that usually the weakest parts of the whole security system are users. Additionally, I believe that the problem mostly arises when users have some false assumptions about what sort of security the system provides. In this case, the user, the cheating student, supposed that Tor can anonymize him among the whole users of the internet or at list whole users of Harvard, contrary to his expectations Tor network just anonymize the user among users of its own network and in this case the users of its own network that are behind the University's gateway. The rest is just some police mechanisms.
In my opinion, there should be enough clarifications for users about what type and level of security the system provides. This clarification is a hard process as the users are not experts. Besides, this clarification is mostly a duty of system designers.
In cryptography, we believe that usually the weakest parts of the whole security system are users. Additionally, I believe that the problem mostly arises when users have some false assumptions about what sort of security the system provides. In this case, the user, the cheating student, supposed that Tor can anonymize him among the whole users of the internet or at list whole users of Harvard, contrary to his expectations Tor network just anonymize the user among users of its own network and in this case the users of its own network that are behind the University's gateway. The rest is just some police mechanisms.
In my opinion, there should be enough clarifications for users about what type and level of security the system provides. This clarification is a hard process as the users are not experts. Besides, this clarification is mostly a duty of system designers.
Subscribe to:
Posts (Atom)