Visa, PayPal, bitcoin. The last, it seems,is not like the others.

You might be thinking, well, of course. It's unique compared to olderinstitutions, ones that first madedigital currency possible by storing payment data in centralized databases.

But, that might be only one way of looking at it.

Computer scientists and developers are quick to note that the reason bitcoin has succeeded at decentralizing its monetary system is because it improves onpast computer consensus protocols, a point that Cornell associate professor Elaine Shi stressedin her presentation at the recent Stanford blockchain security conference.

Even after 30 years of research, Shi explained, classical consensus protocols fail under certain conditions. But she believes bitcoin is different because it's more "robust".

However, defining and mathematically spelling out these differences isn't so easy to do.

Shitold CoinDesk:

"The protocol's success is kind of ahead of the scientific understanding."

Despite the challenge, the academicseems determined to catch up.

Sitting in the cold after a long day of security presentations, she chatted excitedly about bitcoin's unique properties.

She noted that other recent research has sought to develop a formal security proof for bitcoin, and that thinkers from IC3 and elsewhere are now looking to help flag potential vulnerabilities and to inform future researchinto the protocol.

Shi's curiosity was first piqued in 2010 or 2011 while she was working for the technology company Xerox PARC in Palo Alto.

It was then that her friend, a hobbyist and miner, showed her the bitcoin white paper. They read through it together,fascinated.

"We tried to understand why bitcoin took off," she said.

From her point of view, it was a big deal that the currency saw so much use compared to ecash, a technology put into the worldby long-time cryptographer David Chaum in the mid-1990s.

"At that time, they adopted more sophisticated crypto. But there wasnt so much traction," she said.

She added that she was impressed that bitcoin, in contrast, saw more rapid adoption and uses simple cryptography public key encryption, signatures and hash functions.

"One big thing for bitcoin was that it made the incentives right. It gave incentives to early adopters. There are various other aspects that maybe it did right in terms of incentives and possibly helped with adoption and how it gained popularity," she added.

Later on, Shi moved to University of Maryland, where she continued her bitcoin research, and then to Cornells Initiative For CryptoCurrencies & Contracts (IC3), the university's center for study on all things blockchain.

Her presentation at Stanford, "Rethinking Large-Scale Consensus," discussed her new research, aimed at rethinking how bitcoin might work differently, but retain its unique properties. The result is her proposed 'sleepy'model of consensus.

She noted that when she asked why people were exploring the use of a blockchain rather than a long-studied classical protocol, such as PBFT, people would typically respond "because its more robust".

This is the common wisdom. But, she noted that from an academic perspective, its been difficult to even define what 'robust' means exactly.

In this light, 'sleepy consensus' explores a specific piece of bitcoin's robustness: sporadic participation, where nodes can leave and enter the system as they please. It further examines whether a system can be as robust without proof-of-work, the algorithmthat leads to one agreed-upon transaction history

In Shi's model, there are 'sleepy' nodes (that are offline) and 'awake' nodes (that are online and active).

Shi displayed images of Snow White to show each state, and to demonstrate that that nodes can shift between these two states.

"For example, when the prince kisses Snow White, she wakes up and continues to participate," she said. "Snow White is a very robust princess."

One way to test the robustness of the system is to seewhether itcan come to agreement when 51% of the online nodes are 'honest' (and therefore will not accept an invalid transaction), even with this property of sporadic participation.

Classical models fail here. In fact, Shi went as far as to say that no classical protocol, whether synchronous or asynchronous, holds up. Not even when 99% of the online nodes are honest.

She concluded that bitcoin, as conventional wisdom says, is indeed robust. Its a system thats been up and running for eight years, and that continues to work as long as 51% of nodes are honest.

'Sleepy' consensus builds on that robustness, but rearranges the protocol in a way that ditchesbitcoins proof-of-work.

The research team found that the tweaked systemwas more robust in some ways, but with the new construction, new security problems also sprung up.

Work is ongoing here, and Shi said that, for now, the protocol is suitable for consortium blockchains along the lines of those released by the Linux-led Hyperledger.

Though, again, there are perhaps other elements to bitcoin's 'robustness'.

Another project from Shi and IC3,FruitChains, explores bitcoins game theoretical component, or how it incentivizes participants to act in a way that ultimately benefits everyone.

The result of the research is a proposal for a 'fair blockchain', where block rewards and transaction fees are evenly distributed and there's less variance in rewards.

Analyzingeach piece on its own could lead to something bigger.

"In general, we need a new scientific foundation for all of this," Shi said.

Yet, Shiemphasized that this research is not about defining things just for the sake of academic curiosity.

Once people understand the protocols better, there are different, perhaps unexpected, directions togo. Broadly, researchers will have a better understanding of how public blockchains can be improved.

Proof-of-work is expensive, for example, as powerful computers from around the world are currently hashing puzzles at dizzying rates to secure blockchains like bitcoin and ethereum. Many researchers, such as those working on proof-of-stakefor ethereum, are trying to develop a way around these massiveelectricity demands.

Moreresearch couldhelp determinewhether or not those efforts are in vain.

Furthermore, Shi argues that its important to work on understanding the security of the protocol, and writing up mathematical proofs that could potentially bring to light hidden protocol flaws.

People have somehow developed these very nice intuitions, but its still very, very difficult to like design a provably correct protocol. Thats very, very important when youre dealing with something like cryptocurrency, because if the protocol is broken then your money is at stake, she said.

A 'provably correct' protocol, on the other hand, is one that satisfies certain mathematical requirements.

She mentioned that such a protocolcould help ward off future situations along the lines of The DAO the ethereum project that ended in failure.

Its very easy to make a mistake unless you go through this whole process, she said. I think that both in academia and in industry theres this huge need for these protocols, including both consensus and cryptography.

She also argued that smart contracts require more advanced cryptography protocols.

IC3 would like to help make these secure by constructing protocols. And deploy them in the real world, she added.

Beyond all that, Shi has other research ideas.

One potential project is to design a programming language that would let coders with little knowledge of cryptography create more secure apps. Programmers could state vaguely what security properties they need, and the programming language itself would decide what consensus protocol would be best used under the hood.

To Shi, the ability to combine disciplines in such a way is partly what's so exciting. And, bitcoin is a rich area to experiment with cryptography in particular, she said.

She concluded:

"This is like the goldmine of problems."

Bitcoin maze image via Shutterstock

Academic ResearchBitcoin ProtocolCryptographySecurity

Link:
What Makes Bitcoin Great? One Scientist is On a Quest to Find Out - CoinDesk

Talk of calamity befalling corporate Britain as we negotiate our EU exit is typically overblown.

Nevertheless there is a potentially serious conflict in the making between the UK governments stated desire to maintain access to certain online data for reasons of national security and the continental European determination to institute a modern system of information rights. This divergence, which lies at the heart of the Investigatory Powers Act, has the potential to inflict damage on Londons standing as a global financial centre post-Brexit.

In her final Home Office legislative initiative before entering Downing Street, Theresa May sought to weaken the global communication service providers stranglehold over strong cryptography. This came at precisely the time that the EU was moving towards enacting a General Data Protection Regulation (GDPR), an EU-wide protocol allowing individuals to control their data that depends implicitly on strong cryptography.

On the continent, the example of what happened in Estonia in 2007 still looms large. Following a Russian cyber-offensive that year, the Estonians created a much-admired national system of identity where individuals control their data and the state can only request access to it for transactions. Indeed, under the Estonian protocol, the state is only permitted to ask once for the recording of a particular data item and must request access to individuals data on a case-by-case basis.

Read more: An eye for an eye, a hack for a hack: The cyber arms race is heating up

The Estonian system was an early variant of distributed ledger technology (aka blockchain) the fintech innovation that is designed to increase the security of financial and other security-conscious transactions. Indeed the UK Office of the Government Scientist recently praised the Estonian system for providing secure, cost-effective technological protection, and this approach is the model many EU technology specialists have in mind when they consider how to implement GDPR.

No one doubts that the field of secure technology is one of the most exciting in the fintech boom underway in London right now. Some commentators believe the financial technology revolution will have as transformative an impact on the City of London as Big Bang after 1986.

Yet London-based businesses, particularly international banks, are beginning to take the potential impact of the EU-wide GDPR extremely seriously. Established firms or startups naturally seek to serve not just the UK market but also the entire European continent, and are increasingly aware of the financial and legal costs of security violations.

Read more: Few businesses are ready for the biggest ever overhaul of data regulation

While the Data Protection Act 1998 allows the UK Information Commissioner to impose a monetary penalty on any firm breaching data rules, that fine is capped at a maximum of 500,000. The potential amount that can be fined under the GDPR, on the other hand, is now set at up to 20m or 4 per cent of total worldwide annual turnover of the preceding financial year whichever is higher for specified infringements.

Naturally any company handling money or requiring confidentiality online takes cryptography seriously since their entire business model and market reputation depends on it. The recent high-profile controversy between the FBI and Apple over iPhone security immediately resulted in some US technology firms relocating their data centres to Europe, most notably to Germany which has become known for its strong data protection laws and enforcement.

So to summarise the dilemma facing tech firms in dealing with these issues, one technologist recently advised Wired magazine, the British Prime Minister wants to break crypto while my bosses tell me the gargantuan risk to our business is losing our customers faith through a data breach or being seen to pander to governments by handing over their personal data.

Read more: Yahoo would be liable to pay a $198m fine were GDPR already enforced

Modern finance depends on cryptography, without which online services from credit card payments to derivatives trading would not function. The advent of GDPR is moving technologists across the EU to use blockchains much more widely, especially when it comes to establishing identity.

The claim by the UK government that cryptography can be compromised by the state without impairing commercial security and usability is simply not believed by technologists or businesses in this sector. If we continue to weaken encryption, or make it subject to greater scrutiny by law enforcement authorities, the simple and uncomfortable truth is that the UK will be risking the future of financial services businesses domiciled here.

This is the dilemma that faces the UK government as it rightly seeks to carve a dominant niche in the booming fintech industry. The public demands that government keeps a watchful eye on those seeking to use the web for altogether darker motivations. Yet citizens and businesses also expect the internet to be a secure place for day-to-day financial and social transactions.

The UK risks finding itself in the perverse situation of successfully negotiating a Brexit equivalence deal on financial services, but being unable to sell the products of our burgeoning tech industry into the EU by failing to qualify as an identity-and-data responsible country.

See the article here:
The UK government's crackdown on encryption threatens to undermine London's fintech boom - City A.M.

Signal, the encrypted chatapplication praised by Edward Snowden, is looking to move beyond messaging and into video. A new beta version of the app, now in testing, has enabled next generation voice and video calling features, according to the apps changelog. Beta users are able to try the new features with others who also have the setting enabled.

The changes were first spotted by the blog Android Police, which tracks a number of beta applications across the Google Play Store.

However, it appears that Signals new voice and video calling test isnt limited to Android. The apps release notes also stated that the upcoming Signal iPhone beta release will include the same functionality. (Its available now, were told.)

Signal calls; image credit: Android Police

The feature arrives at a time when Open Whisper System, the not-for-profit software group behind the app and its Signal Protocol cryptography it uses, faced some criticism for spending developer resources working on things like GIF search and stickers, rather than more serious features. Thats a bit unfair, though, because these sort of fun features are what draw in mainstream users.

Of course, support for video calling would be considered a major advance for the Signal app, not a fluffy addition.

According to a report from testers, thefeature can be enabled in the apps Settings screen. Here youll see a toggle for Video calling beta. Users are then able to place encrypted calls to anyone else who adjusted their beta settings in the same way, the changelog on Google Play explains. Though the message also references next generation voice calling as well, no further details on that are provided.

During the call, small voice, video and mute icons appear at the top of the screen.

Though aimed at the privacy-minded, Signal competes more broadly with apps like Facebook Messenger, WhatsApp and Google Duo, all of which support video calling. These feature is now considered table stakes for those entering the messaging app space with their own alternative clients.

Signal may be catchingup with the rest of the market, in terms of feature set, but the app struggles with adoption because itlacks the network effects of other, more social apps. This, of course, is by design. Because of its security and privacy focus, Signaldoesnt pull in your contacts from other social networks, upload your address book, or offer fun tools like Snapchats Snapcodes to make adding new friends easier.

That said,making private video calls possible is something that could attract more users over time, as the feature rolls out more broadly.

Reached for comment, Open Whisper Systems founder Moxie Marlinspike declined to discuss the additions in detail, saying only that theyll have more to say once the features are publicly available.

(Post updated to clarify how Signal referred to thevoice calling changes, with the addition of video.)

Excerpt from:
Encrypted chat app Signal tests next generation voice and video calling - TechCrunch

Slide: 1 / of 1. Caption: Getty Images

On a clear night last September, at a little Ontario airport, two pilots, two scientists, and an engineer took off in a small plane. Theyd pulled the left-side door off its hinges, and a telescope poked out of the portalnot at the night sky, but at the ground below. The team was about to play a very difficult, very windy game of catch.

A couple miles away, their colleagues gathered in a trailer to lob the tiny baseballs: infrared photons, beamed from a laser that tracked the plane along its mile-high trajectory. In the craft cruising above, physics graduate student Chris Pugh and the others pivoted their telescope to catch the photons, one by one. On their best run, they caught over 800,000 photons in just a few minutes, but it wasnt easy. Out of every 10,000 photons they sent, wed get one, says Pugh, who studies at the University of Waterloo. One to a hundred of them.

The point of this high-altitude game was to test a technology known as quantum cryptography. For decades, experts have claimed that if executed properly, quantum cryptography will be more secure than any encryption technique used today. They also say it will be one of the lines of defense when quantum computers crack every existing algorithm. But its hard to pull off; quantum cryptography requires precise control of individual photons over a long distance. Pughs group was the first to successfully test the technology from ground to airplane.

It works like this: The sender transmits carefully prepared photons, over optical fiber or through the air, to a recipient. The recipient reads the photons like Morse code, with physical signals corresponding to a letter or a number. Instead of listening for long and short beeps, Pugh and his colleagues measured how the photons are orientedwhat physicists call polarization. In their setup, photons could be polarized in four directions, and the team translated that polarization into 1s and 0s: a binary message known as a cryptographic key. Using that key, a sender can encrypt their information, and only a recipient with the key can unscramble the message.

Quantum cryptography is so powerful because its physically impossible for a hacker to steal a key encoded using quantum particles. In the quantum world, when you measure or observe a particle, you change it. Its like Schrodingers cat, which is both dead and alive when youre not looking, but immediately becomes one or the other when you look. If you try to measure a quantum key, you immediately change itand by design, the sender will know and throw the key out. Its secure by the laws of nature, says physicist Thomas Jennewein, who led the work at the University of Waterloo.

Commercial quantum cryptography products have been around for over 15 years, but they have limited range. You can guarantee security between the White House and the Pentagon, or from the corner of one military base to another, says Caleb Christensen, the chief scientist at MagiQ Technologies, a Boston-area company that makes commercial quantum cryptography systems. In the telecom business, thats way too short. So far people have been able to send quantum keys just 250 miles.

This tech will be important when computers become too powerful for current encryption algorithms. It takes todays computers far longer than the age of the universe to decode an encrypted message, but itll be a cinch for quantum computers. It might take hours or days as opposed to age of the universe, says Pugh.

Still, quantum cryptography wont be techs security savior. Most hacks today are due to simple human error. Most times when a corporation gets hacked, its not necessarily because someone went in and spliced into their telephone line, says Christensen. If you lose all your secrets because someone phishes the e-mail of your middle management, youre not going to spend millions of dollars installing a quantum cryptography backbone.

For those with higher security standards, the eventual goal is to deliver quantum keys to a satellite, which could make it possible to send quantum-secured messages across the globe. Last August, the Chinese Academy of Sciences, collaborating with Austrian physicists, launched a satellite called Quantum Experiments at Space Scale, although they havent successfully sent it a key.

Jenneweins team has been rehearsing for a satellite mission for over three years. In 2013, they started by sending quantum keys to a moving truck. Now that theyve shown they can transmit enough quantum signal through a mile of Earths atmosphere, Jennewein wants to beam a key 300 miles into the air, to a satellite in low-Earth orbit. With proper funding, Jennewein thinks his team could do it in two or three years. Hes optimistic: The airplane experiment is, in some respects, harder than an actual satellite, he says. A satellite has much smoother and more predictable motion than an aircraft. Just ask Pugh.

Read more here:
Physicists, Lasers, and an Airplane: Taking Aim at Quantum Cryptography - WIRED

An Israeli computer scientist was among three winners of the 2017 Japan Prize, an award honoring achievement in science and technology, for his work in the field of cryptography.

Adi Shamir, a professor at the Weizmann Institute in Rehovot, was recognized for his [c]ontribution to information security through pioneering research on cryptography, according to the prizes website. The Japan Prize Foundation announced the awards Thursday.

Shamir, 64, is the second Israeli to win the prize. Ephraim Katzir, a biophysicist and former Israeli president, was honored in 1985, the inaugural year of the award.

In 2002 Shamir, with Ronald Rivest and Leonard Adleman, won the Turing Award, widely considered to be the worlds most prestigious computer science prize.

My main area of research is cryptography making and breaking codes, Shamir explains on the Weizmann website. It is motivated by the explosive growth of computer networks and wireless communication. Without cryptographic protection, confidential information can be exposed to eavesdroppers, modified by hackers, or forged by criminals.

The Japan Prize Foundation selected Shamir and the other two winners Emmanuelle Carpentier, director of the Max Planck Institute for Infection Biology in Berlin, and Jennifer Doudna, professor at the University of California, Berkeley, for their research in gene editing from 13,000 nominations.

The winners will each receive the yen equivalent of approximately $443,000. They will be honored in Tokyo on April 19.

More:
Israeli scientist wins Japan Prize for cryptography work | The Times ... - The Times of Israel

TOKYO, Feb. 1, 2017 /PRNewswire/ --Central to its deep commitment to honor the most innovative and meaningful advances worldwide, The Japan Prize Foundation today announced the laureates of the 2017 Japan Prize, who have pushed the envelope in their respective fields of Life Sciences and Electronics, Information and Communication. Three scientists are being recognized with the 2017 Japan Prize for original and outstanding achievements that not only contribute to the advancement of science and technology, but also promote peace and prosperity for all mankind.

Emmanuelle Charpentier, Director at the Max Planck Institute for Infection Biology in Berlin, Germany, and visiting professor at Ume University, Sweden, and Jennifer Doudna, Professor of Chemistry and of Molecular and Cell Biology at the University of California, Berkeley, are being honored for deciphering the molecular details of the type II bacterial immune system CRISPR (Clustered Regularly Interspaced Short Palindromic Repeats)-Cas and the creation of the CRISPR-Cas9 genome editing system, a truly revolutionary technique in genetic engineering, far more economical and faster than those previously available.

This overwhelmingly simple technique enables scientists to cut the DNA of any organism at arbitrary locations and edit freely by means of removing, replacing or insertion. It was adopted at an explosive pace as a research tool in the life sciences, and is now being applied to research in a wide range of fields, such as agriculture, biofuels, drug development and medicine, and in the future, may make it possible to correct mutations at precise locations in the human genome to treat and cure genetic causes of disease.

Together, Charpentier and Doudna received the 2015 Breakthrough Prize in Life Sciences; the 2015 Gruber Foundation International Prize in Genetics; the 2015 Princess of Asturias Award for Technical and Scientific Research; and the L'Oreal Unesco for Women in Science Award 2016.

The advent of open digital networks, namely the Internet, has enabled us to lead infinitely more convenient lives. The ease and comfort which we take for granted today has been made possible due to security measures that prevent the theft and manipulation of valuable data. It is Dr. Adi Shamir who proposed many of the these underlying concepts in information security and developed a series of practical solutions.

Dr. Shamir is the Borman Professor of Computer Science at the Weizmann Institute in Israel and an internationally-recognized cryptographer. His achievements range from the development of the "RSA cryptosystem," an innovative encryption technique utilizing mathematical methodology, to the proposal of the "secret sharing scheme," which ensures secrecy by breaking up classified information into parts and dispersing it among several individuals; the "identification and signature schemes" through which individuals can be identified without revealing secret information; and the generic "differential cryptanalysis," which deciphers common key cryptosystems.

Dr. Shamir has also made significant breakthroughs in the research of side-channel attacks, which decipher code by monitoring the physical information of the computer carrying out the encryption, such as power consumption and noise. By developing cryptosystems which form the basis of information security, Dr. Shamir has paved the way to the fast and convenient open digital network environment that we take for granted today. These remarkable achievements have transformed cryptography into the modern academic discipline of cryptology.

To honor Professor Charpentier, Dr. Doudna, and Dr. Shamir, the Japan Prize Foundation will host an award ceremony on April 19, 2017 in Tokyo. Each laureate will receive a certificate of recognition and a commemorative gold medal. A cash award of 50 million Japanese yen (approximately US $420,000) will also be given to each laureate. The Japan Prize is highly competitive: the nomination process ends in February, and, every year from March to November, the Foundation considers the nominations of 13,000 prominent scientists and researchers from around the world.

About the Japan Prize FoundationThe Japan Prize is awarded to scientists and researchers, regardless of nationality, who have made significant contributions to the progress of science and technology, as well as society, to further the peace and prosperity of mankind. While the prize encompasses all fields of science, two fields are designated for the Japan Prize each year. Since its inception in 1985, the Japan Prize Foundation has awarded the Japan Prize to 86 laureates from 13 countries. For additional details about the Japan Prize Foundation and its activities, please visithttp://www.japanprize.jp/en.

CONTACT: Sakura Amend, 212-715-1611, sakura.amend@finnpartners.com

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/2017-japan-prize-honors-trailblazers-in-life-science-and-cryptography-300400344.html

SOURCE The Japan Prize Foundation

http://www.japanprize.jp/en

View post:
2017 Japan Prize Honors Trailblazers in Life Science and ... - PR Newswire (press release)

Securing IoT devices from within

Security experts have long fretted about the rapidly expanding number of internet of things devices. While most such tools may not contain data that should be protected, many connect to the cloud and represent easy targets for hackers to gain access -- not only to that device, but to all other devices connected to an IoT mesh.

To address this issue, AWS in 2015 released its IoT platform, which includes provisions for mutual authentication which is intended to verify the integrity of all devices connecting to the AWS IoT cloud.

Connecting devices can use the AWS SigV4 method of authentication or follow the traditional approach of using X.509 certificates to manage public-key encryption. IoT managers can map roles and/or policies to each certificate so that devices or applications can be authorized (or de-authorized) without ever touching the device.

As might be expected, an organization with thousands of IoT-enabled devices might find it too difficult to provision and manage all those certificates and keys. One solution is the AWS the Use Your Own Certificate program, which allows original equipment manufacturers to register digital certificates signed by a third-party authorities with the AWS IoT platform using an application programming interface, according to Embedded Computing.

That means unique cryptographic keys can be generated for each device during production, signed by a certificate authority and then loaded into the AWS IoT platform to await a service request from systems containing the corresponding key pairs, the site said.

A hardware solution that offers built-in end-to-end security between the device and cloud servers has been developed by Microchip Technology Inc. and AWS.

It uses a small chip that is preloaded with the unique cryptographic codes to allow data to be transmitted more securely from an IoT device to the cloud.

According to Eustace Asanghanwa, strategic marketing manager for Microchip Technology, the AWS-ECC508 chip eliminates the need for IoT device manufacturers to go through a multistep process of preregistering their device with AWS servers and generating encryption keys for communications. Instead, the AWS-ECC508, a 3mm by 2mm, 60-cent device (in quantities of 10,000 or more) handles the connection and encryption automatically.

The device can be soldered onto a circuit board and connected to the host microcontroller that configures the chip for the AWS IoT. Because the AWS-ECC508 is preconfigured to be recognized by AWS without any intervention, there is no need to load unique keys and certificates because the information is contained in a small, easy to deploy crypto companion device, the company said.

Unlike the RSA encryption algorithm in widespread use, the Microchip Technology processor employs a more efficient elliptic curve cryptography algorithm that does require as big a key and is, therefore, faster and calls for less hardware.

According to Asanghanwa, IoT device manufacturers have often not paid sufficient attention to building security into their devices because of an overriding focus on keeping costs down.

Looking at the product holistically, the AWS-ECC508 actually reduces overall cost, he said. If you consider not just hardware but also implementation, such as the capital and operational costs of securely injecting keys and managing them in a supply chain, the AWS-ECC508 actually creates a significant cost-reduction for any given product.

While the AWS-ECC508 will only work with Amazon Cloud Services, the underlying ECC508 technology can be configured to work with any storage or cloud vendors services.

Posted by Patrick Marshall on Feb 06, 2017 at 12:57 PM

Original post:
Securing IoT devices from within - GCN.com (blog)

Cryptography is a cornerstone of the modern electronic security technologies used today to protect valuable information resources on intranets, extranets, and the Internet. Microsoft Windows2000 includes a wide range of distributed security technologies that you can deploy to provide cryptography-based network and information security. Understanding the basic concepts, components, and risks of cryptography-based security is important in choosing and planning appropriate network and information security systems for your organization.

What Is Cryptography?

Basic Components of Modern Cryptography

Basic Components of a Public Key Infrastructure

Risk Factors for Cryptography Systems

Cryptography Export Restrictions

For information about security solutions that use public key technology, see "Choosing Security Solutions That Use Public Key Technology" in this book.

For more information about the Windows2000 public key infrastructure and Certificate Services, see "Windows2000 Certificate Services and Public Key Infrastructure" in this book.

For more information about designing, testing, and deploying a public key infrastructure, see "Planning Your Public Key Infrastructure" in the Microsoft Windows 2000 Server Resource Kit Deployment Planning Guide .

See the original post here:
Cryptography for Network and Information Security

The earliest form of cryptography was the simple writing of a message, as most people could not read (New World, 2007). In fact, the very word cryptography comes from the Greek words kryptos and graphein, which mean hidden and writing, respectively (Pawlan, 1998).

Above: The Enigma Machine, the German cipher machine utilzed during WWII.

Below: Comanche code-talkers used words from their Native American language to help send secret messages for U.S. forces in the European theatre during WWII.

Early cryptography was solely concerned with converting messages into unreadable groups of figures to protect the messages content during the time the message was being carried from one place to another. In the modern era, cryptography has grown from basic message confidentiality to include some phases of message integrity checking, sender/receiver identity authentication, and digital signatures, among other things (New World, 2007).

The need to conceal messages has been with us since we moved out of caves, started living in groups and decided to take this civilization idea seriously. As soon as there were different groups or tribes, the idea that we had to work against each other surfaced and was proliferated, along with rank violence, secrecy, and crowd manipulation. The earliest forms of cryptography were found in the cradle of civilization, which comes as no surprise, including the regions currently encompassed by Egypt, Greece and Rome.

As early as 1900 B.C., Egyptian scribes used hieroglyphs in a non-standard fashion, presumably to hide the meaning from those who did not know the meaning (Whitman, 2005). The Greeks idea was to wrap a tape around a stick, and then write the message on the wound tape. When the tape was unwound, the writing would be meaningless. The receiver of the message would of course have a stick of the same diameter and use it to decipher the message. The Roman method of cryptography was known as the Caesar Shift Cipher. It utilized the idea of shifting letters by an agreed upon number (three was a common historical choice), and thus writing the message using the letter-shift. The receiving group would then shift the letters back by the same number and decipher the message (Taylor, 2002).

The Caesar Shift Cipher is an example of a Monoalphabetic Cipher. It is easy to see why this method of encryption is simple to break. All a person has to do is to go down the alphabet, juxtapositioning the start of the alphabet to each succeeding letter. At each iteration, the message is decrypted to see if it makes sense. When it does appear as a readable message, the code has been broken. Another way to break Monoalphabetic ciphers is by the use of what is known as frequency analysis, attributed to the Arabs circa 1000 C.E. (New World, 2007). This method utilizes the idea that certain letters, in English the letter "e," for instance, are repeated more often than others. Armed with this knowledge, a person could go over a message and look for the repeated use, or frequency of use, of a particular letter and try to substitute known frequently used letters (Taylor, 2002).

As for the Greek method of using a stick, once the method was known, it was a simple matter of trying out sticks of different diameters until the message became readable.

The art and science of cryptography showed no major changes or advancements until the Middle Ages. By that time, all of the western European governments were utilizing cryptography in one form or another. Keeping in touch with ambassadors was the major use of cryptography. One Leon Battista Alberti was known as The Father of Western Cryptology, most notably due to his development of polyalphabetic substitution. His method was to use two copper disks that fit together. Each one of them had the alphabet inscribed on it. After every few words, the disks were rotated to change the encryption logic, thereby limiting the use of frequency analysis to crack the cipher (Cohen, 1990). Polyalphabetic substitution went through a variety of changes and is most notably attributed to Vigenere, although Rubin claims that he in fact had nothing to do with its creation. Rubin further points out that the use of the cipher disks continued in the Civil War, with the South using brass cipher disks, although the North regularly cracked the messages (2008).

Gilbert Vernam worked to improve the broken cipher, creating the Vernam-Vigenere cipher in 1918, but was unable to create one of significantly greater strength. His work did lead to the one time pad, which uses a key word only once, and it proved to be near unbreakable (Rubin, 2008). Whitman reports that criminals used cryptography during prohibition to communicate with each other.

Additionally, it is important to mention the recently popularized "windtalkers." The Navajos used their own language as a basis for cryptography (2005). The code was never broken and was instrumental in the victory in the Pacific Theatre during WWII. An argument could be made that the spoken language was not technically cryptography, but it should be noted that at every communication, the message was written down as a matter of procedure.

In modern times, the public key method of cryptography has seen wide adoption. The use of a common public key and a private key held only by the sender is in use today as a form of asymmetric encryption; one of the uses of this method is for the sender to use the private key to encrypt the message and then anyone who receives the message uses the public key to decipher it. In this way, the receiver knows who the message had to come from.

This method makes up the backbone of the Digital Signature. Problems arise when communications between multiple organizations require the use of many public keys and knowing when to use which one. No matter which method is used, a combination of methods applied one after the other will give the best result (Whitman, 2005).

In conclusion, it is somewhat surprising how limited the history of this very important topic is. No doubt cryptography and in a greater sense, cryptology, has played an enormous role in the shaping and development of many societies and cultures. While history may paint a different picture, the fact that the winners often write history is worth noting. If an army has a strong weapon that was instrumental in providing information that led to success, how apt are they to reveal it in the records of the wars? Instead, it may seem better to have idolized heroes than to reveal the cloak and dagger methods that actually led to success. Crpytography, by its very nature, suggests secrecy and misdirection; therefore, the fact that the history of this topic is short and somewhat inaccessible is of no great surprise. Perhaps it is itself coded in what is has already been written.

Cohen, F (1990). A short history of cryptography. Retrieved May 4, 2009, from http://www.all.net/books/ip/Chap2-1.html New World Encyclopedia (2007).

Cryptography. Retrieved May 4, 2009, from http://www.newworldencyclopedia.org/entry/Cryptography

Pawlan, M. (1998, February). Cryptography: the ancient art of secret messages. Retrieved May 4, 2009, from http://www.pawlan.com/Monica/crypto/

Rubin, J. (2008). Vigenere Cipher. Retrieved May 4, 2009, from http://www.juliantrubin.com/encyclopedia/mathematics/vigenere_cipher.html

Taylor, K. (2002, July 31). Number theory 1. Retrieved May 4, 2009, from http://math.usask.ca/encryption/lessons/lesson00/page1.html

Whitman, M. & Mattord, H. (2005). Principles of information security. [University of Phoenix Custom Edition e-text]. Canada, Thomson Learning, Inc. Retrieved May 4, 2009, from University of Phoenix, rEsource, CMGT/432

Cohen, F (1990). A short history of cryptography. Retrieved May 4, 2009, from http://www.all.net/books/ip/Chap2-1.html New World Encyclopedia (2007).

Cryptography. Retrieved May 4, 2009, from http://www.newworldencyclopedia.org/entry/Cryptography

Pawlan, M. (1998, February). Cryptography: the ancient art of secret messages. Retrieved May 4, 2009, from http://www.pawlan.com/Monica/crypto/

Rubin, J. (2008). Vigenere Cipher. Retrieved May 4, 2009, from http://www.juliantrubin.com/encyclopedia/mathematics/vigenere_cipher.html

Taylor, K. (2002, July 31). Number theory 1. Retrieved May 4, 2009, from http://math.usask.ca/encryption/lessons/lesson00/page1.html

Whitman, M. & Mattord, H. (2005). Principles of information security. [University of Phoenix Custom Edition e-text]. Canada, Thomson Learning, Inc. Retrieved May 4, 2009, from University of Phoenix, rEsource, CMGT/432

See the article here:
A Brief History of Cryptography - Inquiries Journal

If you're seeing this message, it means we're having trouble loading external resources for Khan Academy.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

To log in and use all the features of Khan Academy, please enable JavaScript in your browser.

Learn select topics from computer science - algorithms (how we solve common problems in computer science and measure the efficiency of our solutions), cryptography (how we protect secret information), and information theory (how we encode and compress information).

We've partnered with Dartmouth college professors Tom Cormen and Devin Balkcom to teach introductory computer science algorithms, including searching, sorting, recursion, and graph theory. Learn with a combination of articles, visualizations, quizzes, and coding challenges.

How have humans protected their secret messages through history? What has changed today?

We've always been communicating.... as we moved from signal fires, to alphabets & electricity the problems remained the same.

How have humans protected their secret messages through history? What has changed today?

Explore how we have hidden secret messages through history.

Assess your understanding of the code breaking presented in the ancient cryptography lesson. This series of articles and exercises will prepare you for the upcoming challenge!

A new problem emerges in the 20th century. What happens if Alice and Bob can never meet to share a key in the first place?

Ready to try your hand at real-world code breaking? This adventure contains a beginner, intermediate and super-advanced level. See how far you can go!

This is a system of arithmetic for integers. These lessons provide a foundation for the mathematics presented in the Modern Cryptography tutorial.

Why do primes make some problems fundamentally hard? To find out we need to explore primality tests in more detail.

Would access to coin flips speed up a primality test? How would this work?

Read this article:
Journey into cryptography | Computer science | Khan Academy