About the position

The Department of Information Security and Communication Technology (IIK) has a vacancy for a position as a PhD Candidate at the Faculty of Information Technology and Electrical Engineering (IE), in the cross-disciplinary field of cyber security. This is a researcher training position aimed at providing promising researcher recruits the opportunity of academic development in the form of a doctoral degree.

The position is a part of a national effort to develop the Norwegian knowledge base in cyber security according to the directions given in the newly announced Norwegian strategy for digital security (https://www.regjeringen.no/no/dokumenter/nasjonal-strategi-for-digital-sikkerhet/id2627177/

The positions working place is at the NTNU campus in Trondheim and reports to the Head of Department

Main duties and responsibilities

The appointment is for a term of 3 years, or 4 years including 25% duty work.

The position will be concerned with design and analysis of cryptographic protocols using either formal reductionist techniques or sound software analysis tools, or a combination of both. Techniques used may be experimental or theoretical, but the emphasis will be on real-world protocols. Depending on the skills of the candidate, different aspects may be emphasized, for instance by focusing on:

The research will be carried out as an integrated member of the very active NTNU Applied Cryptology Laboratory and under the guidance of Prof. Colin Boyd.

Qualification requirements

The PhD-position's main objective is to qualify for work in research positions. The qualification requirement is completion of a masters degree or second degree (equivalent to 120 credits) with a strong academic background in one or more of:

or equivalent education with a grade of B or better in terms of NTNUs grading scale. Applicants with no letter grades from previous studies must have an equally good academic foundation. Applicants who are unable to meet these criteria may be considered only if they can document that they are particularly suitable candidates for education leading to a PhD degree.

The position is also open for applicants currently studying for a Master degree at NTNU and entering their final year during 2020. Such applicants will be considered for the Integrated PhD program.

The appointment is to be made in accordance with the regulations in force concerning State Employees and Civil Servants and national guidelines for appointment as PhD, post doctor and research assistant. NTNU is committed to following evaluation criteria for research quality according to The San Francisco Declaration on Research Assessment - DORA.

Other desirable qualifications

Personal characteristics

We are searching applicants who are:

In the evaluation of which candidate is best qualified, emphasis will be placed on education, experience and personal suitability, in terms of the qualification requirements specified in the advertisement.

We offer

Salary and conditions

PhD candidates are remunerated in code 1017, and are normally remunerated at gross from NOK 479 600 per annum. From the salary, 2% is deducted as a contribution to the Norwegian Public Service Pension Fund.

The appointment is for a term of 3 years, or 4 years including 25% duty work.

Appointment to a PhD position requires admission to the PhD programme in Information Security and Communication Technology.As a PhD candidate, you undertake to participate in an organized PhD programme during the employment period. A condition of appointment is that you are in fact qualified for admission to the PhD programme within three months.

Appointment takes place on the terms that apply to State employees at any time, and after the appointment you must assume that there may be changes in the area of work.

The engagement is to be made in accordance with the regulations in force concerning State Employees and Civil Servants, and the acts relating to Control of the Export of Strategic Goods, Services and Technology. Candidates who by assessment of the application and attachment are seen to conflict with the criterias in the latter law will be prohibited from recruitment to NTNU. After the appointment you must assume that there may be changes in the area of work.

General information

A good work environment is characterized by diversity. We encourage qualified candidates to apply, regardless of their gender, functional capacity or cultural background. Under the Freedom of Information Act (offentleglova), information about the applicant may be made public even if the applicant has requested not to have their name entered on the list of applicants.

Questions about the position can be directed to Professor Colin Boyd, e-mail: colin.boyd@ntnu.no.

About the application:

Incomplete applications will be rejected.

Application deadline: 15.12.2019

NTNU - knowledge for a better world

The Norwegian University of Science and Technology (NTNU) creates knowledge for a better world and solutions that can change everyday life.

Department of Information Security and Communication Technology

Research is vital to the security of our society. We teach and conduct research in cyber security, information security, communications networks and networked services. Our areas of expertise include biometrics, cyber defence, cryptography, digital forensics, security in e-health and welfare technology, intelligent transportation systems and malware. The Department of Information Security and Communication Technology is one of seven departments in the Faculty of Information Technology and Electrical Engineering .

Deadline 15th December 2019Employer NTNU - Norwegian University of Science and TechnologyMunicipality TrondheimScope FulltimeDuration TemporaryPlace of service NTNU Campus Glshaugen

Read this article:
PhD Position in Formal Analysis of Cryptographic Protocols job with NORWEGIAN UNIVERSITY OF SCIENCE & TECHNOLOGY -NTNU | 186075 - Times Higher...

Worcester Polytechnic Institute (WPI) security researchers Berk Sunar and Daniel Moghimi led an international team of researchers that discovered serious security vulnerabilities in computer chips made by Intel Corp. and STMicroelectronics. The flaws affect billions of laptop, server, tablet, and desktop users around the world. The proof-of-concept attack is dubbed TPM-Fail

The two newly found vulnerabilities, which have been addressed, would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the chips. The recovered keys could be used to compromise a computers operating system, forge digital signatures on documents, and steal or alter encrypted information.

If hackers had taken advantage of these flaws, the most fundamental security services inside the operating system would have been compromised, said Sunar, professor of electrical and computer engineering and leader of WPIs Vernam Lab, which focuses on applied cryptography and computer security research. This chip is meant to be the root of trust. If a hacker gains control of that, theyve got the keys to the castle.

The flaws announced today are located in TPMs, or trusted platform modules, which are specialized, tamper-resistant chips that computer manufacturers have been deploying in nearly all laptops, smart phones, and tablets for the past 10 years. Following an international security standard, TPMs are used to secure encryption keys for hardware authentication and cryptographic keys, including signature keys and smart card certificates. Pushing the security down to the hardware level offers more protection than a software-only solution and is required by some core security services.

One of the flaws the WPI team discovered is in Intels TPM firmware, or fTPMsoftware that runs in the Security and Management Engine in processors the company has produced since it launched its Haswell processor microarchitecture in 2013. Haswell CPUs are used in the popular Core i3, i5, and i7 family of processors. The vulnerability is in the chip that supports trusted execution serviceswhat should be a secure area of the processor. These small crypto chips are the basis of the root of trust for a large portion of the computers used today. The idea is that if the TPM is secure, so is the rest of the computer.

The second flaw is in STMicroelectronics TPM. Notably, the STMicroelectronics vulnerability is in a chip that has received a strong industry-recognized security certification from Common Criteriaa highly acknowledged security stamp of approval based on international specifications designed to ensure technology meets high security standards preferred in industrial and government deployments.

The WPI researchers worked with Thomas Eisenbarth, a professor of IT security at the University of Lbeck, and Nadia Heninger, an associate professor of computer science and engineering at the University of California, San Diego.

Once discovered, the flaws were reported to the chip makers by the WPI researchers, who also have described the flaws, how they were discovered, and how they could have been exploited in a paper that will be presented at the 29th USENIX Security Symposium in Boston next August. It also will be presented at the Real World Crypto Symposium in New York City in January.

Researchers like Sunar and Moghimi routinely search for security flaws in software, hardware, and networks, and ethically report them to the companies so the problems can be patched before malicious hackers exploit them. No technology is bug free, so researchers help companies find and fix security flaws that could otherwise lead to massive hacking attacks, malware infections and zombie systems.

We provided our analysis tools and results to Intel and STMicroelectronics and both companies worked with us to create a patch or make sure a security patch will be provided for the next generation of these devices, said Moghimi, a PhD candidate in WPIs electrical and computer engineering department.

Sunar and Moghimi were members of a multi-university research team that found the series of security flaws behind the Fallout and ZombieLoad attacks reported last spring, as well as another vulnerability known as Spoiler, which exploits side effects of speculative execution.

Broadly, these vulnerabilities are categorized as side-channel attacks, which hackers use to surreptitiously grab information about how a computer behaves while performing sensitive operations and then using that information to access internal data.

Using their own analysis tool, the researchers conducted black-box timing analysis of TPM devices to discover timing leakages that allow an attacker to apply lattice techniques to recover 256-bit private keys for and ECSchnorr cryptography signatures. The leakages make the TPMs vulnerable to remote attacks that reveal cryptographic keys and make applications that use them less secure than they would be without the TPM.

Flaw in Intel fTPM

One of the security flaws Intel patched today is in a cryptographic libraryin the fTPM set inside the Intel Management Engine processor. With this vulnerability, researchers used the timing leakage to recover the signature key in less than two minutes. Intel is patching the security flaw with an update to the library.

Intels fTPM is a widely used TPM product that runs in a dedicated microprocessor for carrying out cryptographic operations, like making sure data has not been maliciously altered, ensuring data remains confidential, and proving the identity of both the sender and recipient of the data. The microprocessor is embedded with multiple physical security measures, designed to make it tamper resistant.

WPIs Moghimi explained that if hackers gained access to the fTPM, they could forge digital signatures, enabling them to alter, delete, or steal information.

STMicroelectronics Flaw

The research team discovered a flaw in the STMicroelectronics TPM, which is based on the companys popular ST33 chip, an embedded security platform used in many SIM modules, using integrated circuits designed to securely store authentication information. The chip maker announced earlier this year that more than 1 billion ST33 chips have been sold.

The vulnerability in STMicroelectronics TPM basically leaks the signature key, which should remain safely inside the hardware. It is designed to enhance the systems security. With the key, a hacker could access, steal or alter encrypted electronic documents. Using the flaw in the STMicroelectronics chip, researchers extracted the private ECDSA key from the hardware after less than one and a half hours of data collection.

STMicroelectronics developed a new ST33 chip with vulnerability countermeasures in the firmware, said Moghimi. We verified the new chip. It is not vulnerable to TPM-Fail.

The vulnerable chip has received a CC4+ rating from Common Criteria, which ranks security levels from one (lowest) to seven (highest).

The certification has failed, said Sunar. Such certifications are intended to ensure protection against a wide range of attacks, including physical and side-channel attacks against its cryptographic capabilities. This clearly underlines the need to reevaluate the CC process.

See original here:
WPI researchers discover vulnerabilities affecting billions of computer... - ScienceBlog.com

"The xx coin and xx network will serve smartphone users and dApp developers by harnessing both the metadata-shredding anonymity and privacy of Elixxir and the security, speed and scalability of Praxxis," said Chaum. "By successfully bringing the projects together, the xx network resolves the tension between speed/scale and privacy/security."

Early supporters (but not US persons) who download the xx collective smartphone app prior to the release of the xx network whitepaper will be eligible for certain benefits entitling them to greater participation in the xx network. Details for eligible participants can be found at xx-coin.io.

The xx network was designed in response to growing public concern for user privacy as well as the emerging threat of quantum computing. The Elixxir cMix network layer provides groundbreaking privacy and security by shredding user metadata. Praxxis provides a denominated coin structure that breaks payments into individual coins to provide privacy, and distinctive hash-based cryptography, which is secure against attacks from current nation-state adversaries and future quantum computers.

The staged launch of the xx network has begun. The xx network public alpha currently supports the xx messenger, an Elixxir dApp that provides unprecedented user privacy by preventing observers from collecting metadata. The xx network beta, scheduled for release in early 2020, will provide deeper integration between Elixxir and Praxxis and run on 600 independent nodes that were selected earlier this year.

"For all of us to feel comfortable online with the more important and sometimes sensitive parts of our lives, we need money with financial privacy and security to conduct our affairs," said William Carter, COO of Praxxis. "And to support users worldwide we need low-latency, high-speed performance at scale. The xx coin provides a way for Praxxis and Elixxir software to achieve these goals running on the decentralized xx network. Next step is beta!"

To access more information on xx coin distribution and the xx network, and to use the xx messenger, download the xx collective smartphone app at xxcollective.io.

About Praxxis:

Praxxisis a digital currency and a consensus protocol underpinning a full-stack blockchain. Praxxis has been designed and developed by WBM Corp. Led by William Carter, WBM Corp. is one of the first companies officed in the Cayman Enterprise City in the Cayman Islands. Carter is a computer scientist with an extensive systems design background gained working in the blockchain space, in optics R&D, and earlier at JPL in Pasadena. The WBM team is made up of cryptographers, developers, operational personnel, and marketing professionals. Early work on the Praxxis chain was conducted at Privategrity Corporation in the Los Angeles area.

About the xx collective:

The xx collective is the global community supporting David Chaum's projects and includes over 4,500 community members who have joined to secure early access to the xx messenger and other xx network information and features. The xx collective app is available on iOS and Android to support participation in the xx network on the way to MainNet. Information is also available at http://www.xxcollective.io.

About Elixxir:

Elixxiris a privacy-protecting transaction platform supported by nodes running Elixxir cMix software. Elixxir obscures metadata generated by a user's daily activities. The platform is designed to support secure messaging, payments, and decentralized application (dApp) data transfer. Elixxir is capable of supporting high volumes with extremely fast processing to support global consumer adoption of the decentralized blockchain.

About David Chaum

David Chaumis widely known for inventing the first digital currency, e-Cash, in the early 1980s, which he later deployed in the 1990s at his company DigiCash. He has also recently been credited with proposing the first decentralized blockchain as his PhD dissertation at Berkeley in 1982.

Contact: media@praxxis.ioand elixxir@wachsman.com

Photo - https://mma.prnewswire.com/media/1028649/Praxxis_Explaining_xx_network.jpg

https://praxxis.io

SOURCE Praxxis

See original here:
David Chaum Announces the xx coin, Supporting Decentralized Messaging, Payments and dApps on the xx network - PR Newswire UK

Quantum Cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. The best-known example of quantum cryptography is quantum key distribution which offers an information-theoretically secure solution to the key exchange problem. The rising investment towards cybersecurity solutions is a key catalyzer for quantum cryptography market. The global quantum cryptography market growing with a compound annual growth rate (CAGR) of +30% during the forecast period 2019-2024.

Market Research Inc has as of late apportioned another market appraisal report titled Worldwide Quantum Cryptography Market Growth, Future Scenarios, and Competitive Analysis, 2019 2025. The market concentrate gives a broad comprehension of the present-day and inevitable phases of the business market dependent on variables, for example, major looked for after occasions, inquire about creativities, the executives stratagems, showcase drivers, difficulties and dreams and widely inclusive industry subdivision and local appropriation.

Request a Sample of this Report and Analysis of Key Players at https://www.marketresearchinc.com/request-sample.php?id=31016

Major Key player:

Market Segment by Regions Quantum Cryptography regional analysis covers

Get upto 40% Discount at https://www.marketresearchinc.com/ask-for-discount.php?id=31016

For product type segment

For end use/application segment

Ask Your Queries or Requirements at https://www.marketresearchinc.com/enquiry-before-buying.php?id=31016

Key Benefits for Quantum Cryptography Market:

About Us

Market Research Inc is farsighted in its view and covers massive ground in global research. Local or global, we keep a close check on both markets. Trends and concurrent assessments sometimes overlap and influence the other. When we say market intelligence, we mean a deep and well-informed insight into your products, market, marketing, competitors and customers. Market research companies are leading the way in nurturing global thought leadership. We help your product/service become the best they can with our informed approach.

Contact Us

Market Research Inc

Kevin

51 Yerba Buena Lane, Ground Suite,

Inner Sunset San Francisco, CA 94103Quantum Cryptography USA

Call Us: +1 (628) 225-1818

Write Us@ sales@marketresearchinc.com

Go here to see the original:
Growth in the Quantum Cryptography Market with Trends, Forecast, and Opportunity ID Quantique, QuintessenceLabs, NuCrypt, Qasky - Market Expert

Dr. Leemon Baird, the Founder of Hedera Hashgraph (HBAR) which is a relatively new cryptocurrency that boasts 10,000 transactions per second, has claimed that quantum computing is no threat to cryptocurrency at the Web Summit 2019.

The debate over quantum computing is popping up due to Google and NASA researchers creating the first computer that has achieved quantum supremacy, meaning it can perform a specific but non-useful task faster than the worlds top supercomputer. Specifically, the quantum computer performed a task in 200 seconds that would take the worlds top supercomputer 10,000 years to perform.

This has re-ignited fears that one day quantum computers will be strong enough to break through top encryption algorithms, which could theoretically cause all cryptocurrencies to be compromised.

Dr. Baird compares this situation to Y2K, saying like Y2K; yes, we had to make some changes to software at Y2K. Was it the end of the world? Actually, no. Dr. Baird goes on to describe how quantum computers may take over a decade to become powerful enough to crack Bitcoins (BTC) cryptography, and at that point Bitcoin (BTC) and all other cryptocurrencies could switch to a new encryption algorithm.

Indeed, as Dr. Baird points out, the National Institute for Standards and Technology (NIST) is holding a contest to find the best new encryption algorithm, and Dr. Baird thinks that cryptocurrencies could easily switch to that algorithm when quantum computing becomes a real threat.

However, it is debatable as to whether quantum computing is no threat at all. Even Dr. Baird admits quantum computing will one day be strong enough to crack the cryptography of cryptocurrencies, just that they could easily switch algorithms by then.

It remains to be seen if any classical computing algorithm will be strong enough to withstand quantum computers, since there may come a point where quantum computers are becoming exponentially more powerful. Ultimately, quantum cryptography may be the only long term answer, and that would require everyone to have quantum computers.

The question then becomes, how long will it take for the public to have quantum computers and therefore access to quantum cryptography, after the first quantum computers are made which can crack top classical encryption algorithms?

See the article here:
Hedera Hashgraph (HBAR) Founder Says Quantum Computing Is Not a Threat to Cryptocurrency, Although That Claim Is Debatable Crypto.IQ | Bitcoin and...

Kadan Stadelmann is a blockchain developer, operations security expert, and Komodo platforms chief technology officer (CTO). He started life writing code before he started school, before going on to work in operations security in the government sector in Austria and eventually working in the cryptography business. In this interview he explores his journey into blockchain, and why markets aren't a good measure of projects with the most promise.

I first came across decentralized technologies when I was in high school, a time when I was actively coding a lot. Bitcoin wasnt around back then but we used file-sharing clients, which utilized similar technologies. From 2011 to 2012, I spent some time traveling on the African continent and went through a period of personal deliberation.

I came to realize that my true passion was actively engaging with technologies that could make our world a more liberal, fair, and peaceful place. One of these technologies was Bitcoin and its underlying blockchain technology, as it has the power to offer a secure, borderless and non-inflationary form of currency, to provide global financial services to those without access to traditional banking services, and to create the foundation of a decentralized global economy thats more equitable to all people.

I started GPU mining the same year just as a non-lucrative hobby and, later, in 2013 and 2014, I started actively contributing to various crypto-related projects while keeping my main focus on security and vulnerability detection and analysis.

Be the first to get Decrypt Members. A new type of account built on blockchain.

The Komodo project was publicly announced by the team in September 2016. The ICO was held in October and November of the same year. We raised 2,639 BTC, or a little less than $2 Million USD at the market price of BTC at the time, which is still a pretty modest raise compared to most blockchain projects that hold ICOs. The KMD coins bought in the ICO were distributed in January 2017 and the mainnet went live that same month.

Did you know?

I dont have a main residence so I am largely nomadic. I travel around the world and work from wherever I am. Usually, I spend between one to three months in the same spot. Sometimes, I fall in love with a place and stay for six to 12 months or keep going back to certain places on a regular basis like Spain and Africa, for example.

When we first started Komodo, it was an enhanced fork of the privacy project Zcash. In fact, in the early days, Komodos first value proposition was Protecting Your Privacy With Bitcoins Hashrate, but since then we have evolved and challenged the larger issues of blockchain sovereignty and scalability. The Komodo vision is to provide an easy set of tools that developers, startups, and enterprise businesses can all use to launch customized, application-specific blockchains, each of which is protected with the hash rate of the Bitcoin network.

Currently, some of the barriers stopping businesses from integrating blockchain technology are the cost of hiring blockchain developers, lack of advanced coding experience, or challenges with forking existing blockchains such as Ethereum or EOS. Blockchain developers are few and far between so we aim to provide business-friendly solutions where anyone can create their own custom and autonomous blockchain, regardless of blockchain development experience. Komodos real purpose is to provide an adaptable framework for blockchain development, from customizing and launching the chain itself to programming applications and software that run directly on ones own independent chain.

Blockchains killer app is going to be a decentralized client that runs on all operating systems and devices.

Prior to Komodo, I launched an IT company in the operations security space with former university colleagues. The company was successful and we were able to sell the company for a profit but, unfortunately, Im not able to discuss this in detail, as Im still under a non-disclosure agreement. I moved away from traditional IT entrepreneurship when I began getting involved with blockchain technology.

My passion for information and electronic technologies appeared at a very young age. I was raised in Northern Africa as the son of an Austrian diplomat and an African school teacher, so I received a multilingual education. I actually coded my first simple applications, like a calculator and a text-manipulation app, before entering primary school. Later, I studied IT and economics at universities in Germany and Vienna.

After my formal education was complete, I gained deep practical experience in IT security and network development while working in operations security in the government sector in Austria. Then, my career in the crypto industry began with penetration testing and bug-hunting various blockchain projects, codebases, apps and web platforms. This was also how I first got in touch with James jl777 Lee, who is now the lead developer of Komodo.

At first, no one takes you seriouslybanks, lawyers, accounting firms and even friends or relatives. Everyone just said, What is this? Why arent you doing something real? Of course, everyone has now seen how important blockchain technology has become around the world, so their attitudes have changed since I first got involved in the industry.

Forming a cohesive team was also a pretty tough task. The initial Komodo team was basically a dozen crypto enthusiasts and the first community members, many of whom were anonymous. Over time, we became a bit more formalized, such as requiring employees to sign contracts and non-disclosure agreements, while still remaining globally distributed and fully decentralized. The team has really evolved into a group of talented, hardworking, and extremely professional crypto experts.

There are a lot of times when you know the odds are against you and there is a high chance that what you are doing or creating will not succeed or take off immediately. In those times, its important to accept the challenge and take the risk. Deliver more than what is expected and prove your potential to yourself! There is nothing more satisfying that delivering on your promises and showing everyone what you are capable of.

You need to believe in yourself and your project. Youll also need to invest a great deal of time in forming the initial team. Only with a solid team will you be able to achieve big things.

Do not look at crypto markets and financial capitalization of the various blockchain projects. The markets arent always a true reflection of which projects show the most promise. Only by distinguishing between the technology and the market will you be able to experience the true potential of blockchain technology. Money is the wrong motivation in this industry.

Be the first to get Decrypt Members. A new type of account built on blockchain.

In the beginning, Komodo didnt have the ecosystem layers we see today, which include third-party service providers, as well as many independent developers with different backgrounds and areas of expertise. So if I were to go back and do things over again, I would likely try to bring third-party projects and devs into the Komodo ecosystem earlier on.

I am really excited about new technologies that aim to bring decentralized governance to the industry, like what Tezos is doing, for example. Recently, I have also been following VerusCoin closely, a project that solved the two biggest proof-of-stake issues, the nothing at stake problem and the weak subjectivity problem.

Blockchains killer app is going to be a decentralized client that runs on all operating systems and devices (PC, smartphones, IoT, etc.) and interconnects all blockchain networks and even other p2p networks/technologies to build a base foundation layer for a trustless and meritocratic society. It would be an app that enables anyone from anywhere at any time to participate in this virtual world to communicate, earn money and/or respect and to build a reputation. Essentially, a software-collage of social networks, blockchain, fintech/banking, freedom of speech, economic systems, and meritocracy. This is something that Komodo looks to build in the long-term so not something on our immediate roadmap, but a goal that we have in the back of our minds as we continue to develop and innovate new technologies.

The biggest difference is in the people you will work with but also the structure and organizational aspects. Most blockchain companies arent just technically decentralized but also work in a decentralized manner meaning working remotely, in different timezones, and sometimes without ever meeting each other in real life. Instead of a traditional office building, encrypted channels and chat-rooms are our workspaces.

Its a decentralized and distributed network that allows different people to exchange data and value without having to trust one another. These peer-to-peer exchanges are completely secure, based on advanced cryptographic and mathematical techniques, and once a transaction is complete, no one can delete, shut down, spoof or edit.

Continue reading here:
Komodo CTO Kadan Stadelmann: Markets arent a true reflection of projects with the most promise - Decrypt