Fully Device Independent Quantum Key Distribution

Communications of the ACM, April 2019
Research Highlights : "Technical Perspective: Was Edgar Allan Poe Wrong After All?"
By Gilles Brassard

Research Highlights : "Fully Device Independent Quantum Key Distribution"
By U­mesh Vazirani, Thomas Vidick

“Artur Ekert realized as early as 1991 that a different kind of quantum cryptography was possible by harnessing entanglement, which is arguably the most nonclassical manifestation of quantum theory. Even though Ekert's original protocol did not offer any security above and beyond my earlier invention with Bennett, he had planted the seed for a revolution. It was realized by several researchers in the mid-2000s that entanglement-based protocols could lead to unconditional security even if they are imperfectly implemented—even if the QKD apparatus is built by the eavesdropper, some argued. For a decade, these purely theoretical ideas remained elusive and seemed to require unreasonable hardware, such as an apparatus the size of the galaxy! Vazirani and Vidick's paper provides an unexpectedly simple and elegant solution, indeed one that is almost within reach of current technology. Once it becomes reality, codemakers will have won the definitive battle, Poe's prophecy notwithstanding.”

Read More
Cyber Security in the Quantum Era

Communications of the ACM, April 2019
By Petros Wallden, Elham Kashefi

“The ability to communicate securely and compute efficiently is more important than ever to society. The Internet and increasingly the Internet of Things, has had a revolutionary impact on our world. Over the next 5-10 years, we will see a flux of new possibilities, as quantum technologies become part of this mainstream computing and communicating landscape. Future networks will certainly consist of both classical and quantum devices and links, some of which are expected to be dishonest, with functionalities of various sophistication, ranging from simple routers to servers executing universal quantum algorithms. The realization of such a complex network of classical and quantum communication must rely on a solid novel foundation that, nevertheless, is able to foresee and handle the intricacies of real-life implementations and novel applications.”

Read More
DoD Cyber Strategy - 2018

Cyber Strategy: Summary, 2018
U.S. Department of Defense

“American prosperity, liberty, and security depend upon open and reliable access to information.  The Internet empowers us and enriches our lives by providing ever-greater access to new knowledge, businesses, and services.  Computers and network technologies underpin U.S. military warfighting superiority by enabling the Joint Force to gain the information advantage, strike at long distance, and exercise global command and control.”

Read More
Security Engineering, 2nd Ed.

Published by Wiley. November, 2010
By Ross J. Anderson

“The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.”

Read More
An Interview with William Hugh Murray - A discussion of the rapidly evolving realm of practical cyber security

Communications of the ACM, March 2019
By Peter J. Denning

“What has changed over those years is not the need for security, but the risks and costs of insecurity. It should be clear to a casual reader of the news, let alone those with access to intelligence sources, that what we are doing is not working. It is both costly and dangerous… Most of the resistance to using these practices comes from loss of convenience. Good security is not convenient. But it is absolutely necessary for the security of our assets and the reliability of the many critical systems on which we all depend.”

Read More
New Girl Scout badges focus on cyber crime, not cookie sales

Reuters, June 21, 2017
Reporting by Barbara Goldberg

“Palo Alto Networks and Girl Scouts of the USA Announce Collaboration for First-Ever National Cybersecurity Badges: With the introduction of 18 new Cybersecurity badges, Girls Scouts of all ages will be able to explore opportunities in STEM while developing problem-solving and leadership skills.”

Read More
Protecting Against Ransomware

DHS, Cybersecurity and Infrastructure Security Agency
CISA Security Tip ST19-001, April 11, 2019

What is ransomware? – How does ransomware work? – How is ransomware delivered? – What can I do to protect my data and networks? – What can I do to prevent ransomware infections? – How do I respond to a ransomware infection? – What do I do if my computer is infected with ransomware?

Read More
The Big Picture

Communications of the ACM, November 2018
By Steven M. Bellovin, Peter G. Neumann

"Cryptography is an enormously useful concept for achieving trustworthy systems and networks; unfortunately, its effectiveness can be severely limited if it is not implemented in systems with sufficient trustworthiness.

It is time to get serious about the dearth of trustworthy systems and the lack of deeper understanding of the risks that result from continuing on a business-as-usual course.”

Read More
Deception, Identity, and Security: The Game Theory of Sybil Attacks

Communications of the ACM, January 2019
By William Casey, Ansgar Kellner, et al.

"Along with the low cost of minting and maintaining identities, a lack of constraints on using identities is a primary factor that facilitates adversarial innovations that rely on deception. With these factors in mind, we study the following problem: Will it be possible to engineer a decentralized system that can enforce honest usage of identity via mutual challenges and costly consequences when challenges fail?"

Read More
The End of Encryption? NSA & FBI Seek New Backdoors Against Advice from Leading Security Experts

Democracy Now!, July 8, 2015
By Juan González & Amy Goodman
Guest: Bruce Schneier

"FBI Director James Comey is set to testify against encryption before the Senate Intelligence Committee today, as the United States and Britain push for “exceptional access” to encrypted communications. Encryption refers to the scrambling of communications so they cannot be read without the correct key or password. The FBI and GCHQ have said they need access to encrypted communications to track criminals and terrorists. Fourteen of the world’s pre-eminent cryptographers, computer scientists and security specialists have issued a paper arguing there is no way to allow the government such access without endangering all confidential data, as well as the broader communications infrastructure. We speak with one of the authors of the paper, leading security technologist Bruce Schneier.."

Read More