Posts in Articles
DoD Cyber Strategy - 2018

Cyber Strategy: Summary, 2018
U.S. Department of Defense

“American prosperity, liberty, and security depend upon open and reliable access to information.  The Internet empowers us and enriches our lives by providing ever-greater access to new knowledge, businesses, and services.  Computers and network technologies underpin U.S. military warfighting superiority by enabling the Joint Force to gain the information advantage, strike at long distance, and exercise global command and control.”

Read More
An Interview with William Hugh Murray - A discussion of the rapidly evolving realm of practical cyber security

Communications of the ACM, March 2019
By Peter J. Denning

“What has changed over those years is not the need for security, but the risks and costs of insecurity. It should be clear to a casual reader of the news, let alone those with access to intelligence sources, that what we are doing is not working. It is both costly and dangerous… Most of the resistance to using these practices comes from loss of convenience. Good security is not convenient. But it is absolutely necessary for the security of our assets and the reliability of the many critical systems on which we all depend.”

Read More
New Girl Scout badges focus on cyber crime, not cookie sales

Reuters, June 21, 2017
Reporting by Barbara Goldberg

“Palo Alto Networks and Girl Scouts of the USA Announce Collaboration for First-Ever National Cybersecurity Badges: With the introduction of 18 new Cybersecurity badges, Girls Scouts of all ages will be able to explore opportunities in STEM while developing problem-solving and leadership skills.”

Read More
The Big Picture

Communications of the ACM, November 2018
By Steven M. Bellovin, Peter G. Neumann

"Cryptography is an enormously useful concept for achieving trustworthy systems and networks; unfortunately, its effectiveness can be severely limited if it is not implemented in systems with sufficient trustworthiness.

It is time to get serious about the dearth of trustworthy systems and the lack of deeper understanding of the risks that result from continuing on a business-as-usual course.”

Read More
Deception, Identity, and Security: The Game Theory of Sybil Attacks

Communications of the ACM, January 2019
By William Casey, Ansgar Kellner, et al.

"Along with the low cost of minting and maintaining identities, a lack of constraints on using identities is a primary factor that facilitates adversarial innovations that rely on deception. With these factors in mind, we study the following problem: Will it be possible to engineer a decentralized system that can enforce honest usage of identity via mutual challenges and costly consequences when challenges fail?"

Read More
The End of Encryption? NSA & FBI Seek New Backdoors Against Advice from Leading Security Experts

Democracy Now!, July 8, 2015
By Juan González & Amy Goodman
Guest: Bruce Schneier

"FBI Director James Comey is set to testify against encryption before the Senate Intelligence Committee today, as the United States and Britain push for “exceptional access” to encrypted communications. Encryption refers to the scrambling of communications so they cannot be read without the correct key or password. The FBI and GCHQ have said they need access to encrypted communications to track criminals and terrorists. Fourteen of the world’s pre-eminent cryptographers, computer scientists and security specialists have issued a paper arguing there is no way to allow the government such access without endangering all confidential data, as well as the broader communications infrastructure. We speak with one of the authors of the paper, leading security technologist Bruce Schneier.."

Read More
Thou Shalt Not Depend on Me

Communications of the ACM, June 2018
By Tobias Lauinger, Abdelberi Chaabane, Christo B. Wilson

“Many websites use third-party components such as JavaScript libraries, which bundle useful functionality so that developers can avoid reinventing the wheel. jQuery is arguably the most popular open source JavaScript library at the moment; it is found on 84% of the most popular websites as determined by Amazon's Alexa. But what happens when libraries have security issues? Chances are that websites using such libraries inherit these issues and become vulnerable to attacks.”

Read More
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Communications of the ACM, January 2019, Vol. 62 No. 1, Pages 106-114
Research Highlights: “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”
By David Adrian, Karthikeyan Bhargavan, et al.

"We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed."

Read More