Category Archives: Cryptography

Attack on classical cryptography system raises security questions

Posted on by

Dec 17, 2014 by Lisa Zyga In the Kish key distribution (KKD) system, the two resistance values represent the states of an information bit. A cryptographic key is transmitted along the wire by randomly switching between the two resistance values, which can be detected by the sender and receiver via their thermal noise on the line. Since no net power flows through the line, the only way that an eavesdropper can measure the resistance values is by injecting current into the wire and measuring the voltage and current changes in each direction, but the extra current would be quickly noticed. Credit: Gunn, et al. 2014 Nature Scientific Reports

(Phys.org)How secure is completely secure? In the world of secure communication, a scheme may be completely secure until it's notthat is, until an attack is proposed that reveals a weak spot in the scheme. This is what's currently going on for Kish key distribution (KKD), which claims to derive total and unconditional security using classical rather than quantum techniques, thus avoiding the complexity and expense of quantum cryptographic schemes. But now a new paper has uncovered a vulnerability in KKD that enables an eavesdropper to correctly determine more than 99.9% of the transmitted bits. Fortunately, countermeasures may exist to protect against this attack and regain the system's security.

"The worthiness of a cryptographic scheme is measured by the number of papers that try to attack it," Derek Abbott, Professor at The University of Adelaide in Australia and coauthor of the new paper, told Phys.org. Abbott and coauthors Lachlan J. Gunn and Andrew Allison have published their paper in a recent issue of Nature's Scientific Reports.

By Abbott's measure, KKD has proven to be very appealing (as many people have tried to attack it) since it was first proposed in 2005. Notably, KKD has stood up to attacks from Amnon Yariv (2009 winner of the National Medal of Science) from Caltech, as well as Charles H. Bennett of IBM. Bennett co-developed the first ever quantum cryptography protocol in 1984 (he is the first "B" in the so-called BB84 protocol).

Security from thermal noise

In the 2005 paper that first introduced KKD, Laszlo B. Kish, Professor at Texas A&M University, described a system that promises unconditional security from the second law of thermodynamics. The scheme transmits a cryptographic key along a wire by randomly switching between two resistor values, which represent the states of an information bit, at the two ends of the line. The sender and receiver passively detect each other's resistance values via the thermal noise on the line. Each time the two parties determine each other's resistance values, they secretly share one bit of information.

Because the second law prohibits net power from flowing from one resistor to another when the system is at equilibrium, a potential eavesdropper cannot determine the resistance values. The only way an eavesdropper could intercept the bits is by injecting current into the wire and measuring the voltage and current changes in each direction to determine the resistance values, but the extra current would be quickly noticed.

The design of the KKD system relies on a thorough understanding of the physics of waves traveling through a transmission line. One debatable requirement for unconditional security in KKD is that transmission lines prohibit the propagation of waves that are below a certain frequency, v/(2L), where L is the transmission line length and v the signal propagation velocity. This restriction is claimed to arise from the fact that wave modes do not propagate below this frequency.

In the new paper, the researchers show in simulations and experiments that waves with frequencies below this critical value do actually propagate along the transmission line. The reason, they explain, is that at low frequencies a coaxial cable supports TEM (Transverse Electromagnetic) modes, which have no low frequency cutoff.

The researchers detected the existence of propagating TEM waves on a coaxial cable by constructing a directional wave measurement device, which they then used to successfully eavesdrop. They showed that, merely by measuring the TEM waves traveling along the transmission line, an eavesdropper can determine both resistor values, allowing them to correctly intercept more than 99.9% of the bits without being caught.

Continue reading here:
Attack on classical cryptography system raises security questions

Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin

Posted on by

Cybercrooks have brewed a strain of ransomware that uses elliptic curve cryptography for file encryption, and Tor for communication.

The malware, dubbed OphionLocker, is spreading using a malicious advertising (malvertising) campaign featuring the RIG exploit kit.

The ransomware encrypts files of particular types on infected systems before using Tor2web URL as a conduit for instructions on how to send the payment and obtain the decryptor tool. The extortionists are asking for a payoff of 1 BTC ($352 at current rates of exchange).

F-Secure reports that if the infection happens on a virtual environment NO ransom payment is requested for a "decryptor tool", which (perhaps unsurprisingly) doesn't work. Virtual environments are commonly used by anti-malware researchers.

The tactic of treating them differently appeared geared towards making analysis that bit more difficult, something ultimately aimed at prolonging the longevity of the scam.

Despite the high profile CryptoLocker takedown, ransomware scams remain an all-too-real threat. Crooks are developing more sophisticated encryption schemes to support their fraud. The use of Tor and elliptic curve cryptography places OphionLocker in the top tier of such scams, but is not unprecedented.

A previous strain of ransomware, CTB-Locker, pioneered the use of elliptic curve cryptography for file encryption and Tor for communication with a command and control server.

OphionLocker was first spotted by Trojan7Malware.

Elliptic curve cryptography (ECC) is a form of encryption based on solving the discrete logarithm of a random elliptic curve element. This, like the more familiar idea of factoring the product of two very large prime numbers, offer a one-way function to underpin the security of public-key cryptography systems.

ECC offers equivalent levels of security with lower key sizes, a particular advantage on systems with limited computing power, such as smartphones.

Visit link:
Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin

GCHQ spy agency releases code-breaking app on Android

Posted on by

The UKs history ofcryptography is fascinating, with famous cryptanalysts like Alan Turing, Dillwyn Knox, and W. T. Tutte deciphering different code machines used in World War I and II.

To celebrate the achievements of the past and reinvigorate students on cryptography, the GCHQ (Government Communications Headquarters) has released a code-breaking app on Android, named Cryptoy. An iOS versionis set to see a2015 release.

Cryptoy currently focused on four methods of encryption: Shift, Substitution, Vigenre and Enigma. The app makes it especially hard at higher levels, testing students who have the ability to crack code.

The GCHQ is interested in finding the next batch of code-breakers for the future. It is unclear how the GCHQ will get in contact with the potential candidates, or how the GCHQ will be able to identify actual codebreakers from cheaters.

Thisis not the first time the GCHQ has used public routes to employ new code-breakers, the Daily Telegraph ran a cryptic crossword and those who solved itreceived a chance to work at the GCHQ.

Encryption has moved from a wartime function designed to hide messages, to a way for Internet services to provide security against surveillance. This has blackened the GCHQs reputation when it comes to codebreaking, and now the next generation will most likely be cracking Facebook or Apple code.

New encryption techniques are on the rise, as more people worry about who is reading their private messages. Apple and Google recently announced new encryption on mobile devices, set to stop the FBI from accessing the devices without a warrant.

Terrorist organizations still use some encryption techniques when messaging, but some have been caught chatting on Facebook about potential attacks. The attack on UK soldier Lee Rigby was reportedly plannedon Facebook a year beforehand the incident.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Read the rest here:
GCHQ spy agency releases code-breaking app on Android

GCHQ has made an Android app — but it won’t spy on you

Posted on by

Cryptoy

GCHQ has released its own "fun, free, educational" Android app to teach secondary school students about cryptography.

The Cryptoy app, which has no permissions to access confidential information on Android devices, helps children understand basic encryption techniques and create their own encoded messages.

The government hopes the app could help find the next generation of cyber-spies. Minister for the cabinet office Francis Maude said that it was a "creative solution in the hunt for expertise, but with a 21st century spin".

Cryptoy is only available on Android at the moment, but an iOS version for iPads will be available in 2015, GCHQ said. It is aimed at Key Stage 4 students and covers both the theory and practice of cryptography as well its history.

The idea was first developed by GCHQ's industrial placement students as a test project for the Cheltenham Science Festival but growing interest from teachers to use the app in schools persuaded GCHQ to make it publicly available. The spy-agency said examples of cryptography used in the app are from an "earlier era" but were still relevant to today's techniques.

"Building maths and cyber skills in the younger generation is essential for maintaining the cyber security of the UK and growing a vibrant digital economy," said GCHQ director Robert Hannigan.

He described Cryptoy as a "colourful, interactive way" for students and teachers to explore cryptography. The app is compatible with Android 4.1 and up and is available to download now.

Visit link:
GCHQ has made an Android app -- but it won't spy on you

UK spy agency makes an Android app—but it won’t spy on you

Posted on by

GCHQ

GCHQ has released its own "fun, free, educational" Android app to teach secondary school students about cryptography.

The Cryptoy app, which has no permissions to access confidential information on Android devices, helps children understand basic encryption techniques and create their own encoded messages.

The government hopes the app could help find the next generation of cyber-spies. Minister for the cabinet office Francis Maude said that it was a "creative solution in the hunt for expertise, but with a 21st century spin."

Cryptoy is only available on Android at the moment, but an iOS version for iPads will be available in 2015, GCHQ said. It is aimed at Key Stage 4 students and covers both the theory and practice of cryptography as well its history.

The idea was first developed by GCHQ's industrial placement students as a test project for the Cheltenham Science Festival, but growing interest from teachers to use the app in schools persuaded GCHQ to make it publicly available. The spy agency said examples of cryptography used in the app are from an "earlier era" but were still relevant to today's techniques.

"Building maths and cyber skills in the younger generation is essential for maintaining the cyber security of the UK and growing a vibrant digital economy," said GCHQDirector Robert Hannigan.

He described Cryptoy as a "colorful, interactive way" for students and teachers to explore cryptography. The app is compatible with Android 4.1 and up and is available to download now.

See the rest here:
UK spy agency makes an Android app—but it won’t spy on you

Fun cryptography app pleases students and teachers

Posted on by

12 hours ago by Nancy Owano

Up on Google Play this week is Cryptoy...something that you might want to check out if you or someone you know wishes entry into the world of cryptography via an educational and fun app. You learn more about ciphers and keys; you learn techniques, including their history, of Shift, Substitution, Vigenre and Enigma. You learn to create encrypted messages to share with friends.

Who created Cryptoy? Not one person but Science, Technology, Engineering and Mathematics (STEM) students sponsored by GCHQ, which stands for Government Communication Headquarters, the UK intelligence agency. The app was tested on versions 4.1.2 through 4.4.2 of Android and was trialled at a number of science fairs. The video shows how the app works, complete with letter sliders and bars showing original message and encrypted message. The BBC said the app marks the agency's first computer tablet app. The BBC said the students are three "industrial placement" students. Specifically, the students who designed the app were on an industrial-year placement at GCHQ. They created the app as part of a project to show encryption techniques at the Cheltenham Science Festival, and then the app was used at other outreach events. According to GCHQ, "The app was a hit, and GCHQ received interest from teachers who wanted to use it as a teaching aid. Therefore it was decided to make it publicly available."

The announcement from the agency said it was "critical that the UK builds a knowledge base of cyber security skills." The app was designed in such a way that it also offers an interactive experience, for students and their teachers, to explore cryptography.

According to the BBC, a GCHQ spokesperson said the app was a "fun teaching aid" to help students ages 14 to 16 "studying at the Key Stage 4 level" to learn about code making and code breaking.(The National Curriculum is divided into four Key Stages that children are taken through during their school life. Key Stage 4 refers to the two years of school education when pupils are between 14 and 16.)

This video is not supported by your browser at this time.

Robert Hannigan, GCHQ's director, said, "Building maths and cyber skills in the younger generation is essential for maintaining the cyber security of the UK and growing a vibrant digital economy."

Ever wondered how to send a secret message? Although Cryptoy is mainly directed at Key Stage 4 student, the app can be used by anyone with an interest in learning about or teaching cryptography, said the agency.

"The Cryptoy app is currently available for download free-of-charge to Android tablets only," said the GCHQ. "It is hoped that an iOS version for iPads will be available in 2015."

Explore further: Vermont students rally against cyberbullying

Follow this link:
Fun cryptography app pleases students and teachers

Quantum Theory, Lecture 25: Quantum Computing. Quantum Cryptography. Deutsch’s Algorithm. – Video

Posted on by


Quantum Theory, Lecture 25: Quantum Computing. Quantum Cryptography. Deutsch #39;s Algorithm.
Lecture 25 of my Quantum Theory course at McGill University, Fall 2012. Quantum Computing. Quantum Cryptography. Deutsch #39;s Algorithm. The course webpage, inc...

By: Alexander Maloney

More here:
Quantum Theory, Lecture 25: Quantum Computing. Quantum Cryptography. Deutsch's Algorithm. - Video