Category Archives: Cryptography

$kernel.infect(): Creating a cryptovirus for Symfony2 apps [FrOSCon14] – Video

Posted on by


$kernel.infect(): Creating a cryptovirus for Symfony2 apps [FrOSCon14]
kernelinfect(): Creating a cryptovirus for Symfony2 apps Cryptovirology studies how to use cryptography to design malicious software, given that public-key cryptography can be used to...

By: CCCen

Read the original here:
$kernel.infect(): Creating a cryptovirus for Symfony2 apps [FrOSCon14] - Video

Cryptography | Stanford Online

Posted on by

Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption, digital signatures, and authentication protocols. Towards the end of the course we will cover more advanced topics such as zero-knowledge, distributed protocols such as secure auctions, and a number of privacy mechanisms. Throughout the course students will be exposed to many exciting open problems in the field.

The course will include written homeworks and programming labs. The course is self-contained, however it will be helpful to have a basic understanding of discrete probability theory.

Yes. Students who successfully complete the class will receive a statement of accomplishment signed by the instructor.

The class will consist of lecture videos, which are broken into small chunks, usually between eight and twelve minutes each. Some of these may contain integrated quiz questions. There will also be standalone quizzes that are not part of video lectures, and programming assignments. There will be approximately two hours worth of video content per week.

The course includes programming assignments and some programming background will be helpful. However, we will hand out lots of starter code that will help students complete the assignments. We will also point to online resources that can help students find the necessary background.

The course is mostly self contained, however some knowledge of discrete probability will be helpful. Thewikibooks articleon discrete probability should give sufficient background.

See the rest here:
Cryptography | Stanford Online

Open Surveillance

Posted on by

Cryptography could keep electronic investigations under control.

Bryan Ford

Democracy rests on the principle that legal processes must be open and public. Laws are created through open deliberation; anyone can read or challenge them; and in enforcing them the government must get a warrant before searching a persons private property. For our increasingly electronic society to remain democratic, this principle of open process must follow us into cyberspace. Unfortunately, it appears to have been lost in translation.

The National Security Agency, formed after World War II to spy on wartime adversaries, has clung to military-grade secrecy while turning its signalsintelligence weapons on us and our allies. While nominally still a foreign intelligence agency, the NSA has become a de facto law enforcement agency by collecting bulk surveillance data within the United States and feeding the data to law enforcement agencies. Other agencies also have secret-surveillance fever. The FBI secretly uses warrantless subpoenas to obtain bulk cell-tower records affecting hundreds of thousands of users at once, whether investigating bank robberies or harmless urban pranks. Police spy on entire neighborhoods with fake cellular base stations known as StingRays and have deliberately obfuscated warrants to conceal their use of the technology.

All this secrecy harms our democracy. But effective surveillance does not require total secrecy. It can follow an openness principle: any surveillance process that collects or handles bulk data or metadata about people who are not specifically targeted by a warrant must be subject to public review and should use strong encryption to safeguard the privacy of the innocent. To gain access to unencrypted surveillance data, law enforcement agencies must identify people whose actions justify closer investigation and then demonstrate probable cause. The details of an investigation need not be public, but the data collection process should bewhat was collected, from whom, and how it was decrypted. This is no different from the way the police traditionally use an open process to obtain physical search warrants without publicly revealing details of their investigation.

Technology that my colleague Joan Feigenbaum and I and our research group have developed could allow law enforcement officials to enact this approach without hampering their work. In fact, it could even enhance it. Modern cryptography could let agencies surgically extract warrant-authorized data about people of interest while guarding the privacy of innocent users. In the case of bank robbers known as the High Country Bandits, the FBI intercepted cell-tower records of 150,000 people to find one criminal who had carried a cell phone to three robbery sites. Using our encrypted search system, the FBI could have found the bandits number without obtaining data on about 149,999 innocent bystanders.

Its better to risk that a few criminals will be slightly better informed than to risk the privacy and trust of everyone.

Bryan Ford is an associate professor of computer science at Yale University.

Read the original post:
Open Surveillance