Reality tunnels » security

Halberd screencast

jmbr — Tue, 13 Oct 2009 23:19:49 +0000

Vivek Ramachandran has created a screencast demonstrating the use of my program Halberd. Do watch it if you want to see Halberd in action!

Mathematics, cryptography, and the real world

jmbr — Thu, 06 Sep 2007 20:28:33 +0000

Among the many reactions to Neil Koblitz’ article on modern cryptography in the Notices of the AMS the most interesting reply I’ve read is this one by Steven Bellovin:

Mathematicians have known since Euclid that axioms are important.
Security, though, is math embedded in the real world, and that
matters. Put another way, Euclidean geometry is completely valid as a
pure mathematical system. But that doesn’t mean it applies in a
relativistic universe. Sure, we live far from any space-warping
masses, so we can pretend that the angles in our triangles add up to
180 degrees. In the security world, though, the attacker will toss a
black hole at us to warp the space around our provably-secure
triangular encryptor. Was that proof of security flawed? Ask Riemann
or Lobachevsky.

Internet topology modeling

jmbr — Tue, 16 Aug 2005 20:29:06 +0000

In this lecture, Walter Willinger goes into the difficulties of Internet topology modeling (on the IP level).

Accurate models of how the Internet works give insight into where its weakest links are located and how to simulate the network’s behavior under certain circumstances.

Part of the lecture’s data was acquired using traceroute and thorny technical details like detecting aliased IPs and load balancers were skipped.

Some highlights of the talk are:

Usage of economic models and current technological constraints to model the network (the resulting topology should be efficient).
Pitfalls of paying too much attention to power laws.
Differences between the real Internet and scale-free networks.

I believe some of the points the author makes could be applied as well to overlay (P2P) networks.

Further links:

Keyboard eavesdropping

jmbr — Thu, 13 May 2004 08:02:36 +0000

Funny thing. A technique for eavesdropping keyboards based on the sound they produce has been published:

Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper entitled “Keyboard Acoustic Emanations” presented Monday by IBM research scientist Dmitri Asonov. All that is needed is about $200 worth of microphones and sound processing and PC neural networking software. Today’s keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys. “This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher,” said Asonov.

Computational linguistics help uncover government secrets

jmbr — Tue, 11 May 2004 08:02:35 +0000

This article from yesterday’s news talks about a program for revealing blacked-out words in documents. They used it against a memorandum from the USA Dept. of Defense yielding interesting results:

They said that although the name of a country had been blacked out in that memorandum, their software showed that it was highly likely the document named South Korea as having helped the Iraqis.

Adi Shamir’s three laws of security

jmbr — Tue, 11 May 2004 08:02:35 +0000

Computerworld informs about the on-line availability of the lectures given by Rivest, Shamir and Adleman when they received the 2002 ACM Turing Award.

I want to highlight Shamir’s three laws of security:

Absolutely secure systems do not exist
To halve your vulnerability, you have to double your expenditure
Cryptography is typically bypassed, not penetrated

The first two points show the importance of effective risk assessment while the third one emphasizes the fact that implementation flaws (opposed to algorithm design flaws) are usually the reason why systems using cryptography are subject to security breaches.