Definition of Cryptology
What is Cryptology?
Cryptology is the art developing a secret code and/or the using code in an encryption system converting information from its normal, comprehensible form into an incomprehensible format, rendering it unreadable without secret knowledge.
|
|
Cryptology
Why bother about BIOS security?
Security is always only as strong as its weakest link. While there do exist many guidelines to secure various operating systems, there is considerably less material available on how to secure the low-level components of a PC, although these can equally be compromised in order to obtain full control over a machine. First this paper gives an overview of the BIOS and its functions. Then known threats to the BIOS and the hardware of a PC are discussed in detail and how they could be exploited. Finally countermeasures are given that can mitigate the risks.
Read the Article
|
Echlon: The Dangers of Communicating in the 21st Century
In years past, information was normally considered secure if an individual whispered it to another, or wrote something down on paper. In today's reality, a whisper can be monitored, and your e-mail, even though encrypted, can be intercepted and read. In order to fully explain what ECHELON is and how it came about, we will need to start our journey by going back at least six decades.
Read the Article
|
SECURITY ALERT : Fraudulent Digital Certificates
In March 2001, VeriSign Inc. discovered through its routine fraud-screening audit that it had inadvertently issued two VeriSign Class 3 code-signing digital certificates on 29th and 30th January 2001 to an impostor who fraudulently claimed to be an employee of Microsoft Corporation. Microsoft Corporation immediately issued a Security Bulletin MS01-017 describing the security threat created by these software certificates falsely identified as Microsoft certificates. The bulletin stated that the vulnerability could affect all customers using Microsoft products. Microsoft also made it clear that this was not a security problem with any Microsoft product nor did it indicate that any of Microsofts official certificates had been compromised. Digital certificates are critical for businesses and customers who download patches, updates and various other forms of software from the Internet, because they allow software developers to digitally sign their software for secure delivery.
Read the Article
|
Using GPL Software For Email and File Encryption
Because privacy is important, the security of information is sometimes legally required, and internet communication often does not provide this necessary security inherently. Email encryption and file encryption can provide a higher level of security for internet communication, but too often providers of proprietary encryption technology and related services like the PGP Corporation's PGP encryption software are too expensive to fit the budgets of people or organizations involved.
Read the Article
|
Cryptanalysis of RSA: A Survey
In this paper we give a survey of the main methods used in attacks against the RSA cryptosystem. We describe the main factoring methods, attacks on the underlying mathematical function, as well as attacks that exploit details in implementations of the algorithm. While many attacks exist, the system has proven to be very secure, and most problems arise as a result of misuse of the system, bad choice of parameters or flaws in implementations. To conclude, we list a couple of countermeasures that can be used to prevent many of the attacks described.
Read the Article
|
A Review of Chaffing and Winnowing
This paper presents an overview of Chaffing and Winnowing as described by Ronald Rivest. This leads onto a review of a secure Chaffing and Winnowing scheme called Chaffinch. Chaffing and Winnowing introduces a novel new concept that does not use encryption keys, and as such would not be subject to import and export restrictions. Chaffing and Winnowing achieves privacy and confidentiality by using authentication keys, however, these are not to be confused with encryption keys. Authentication keys/digital signatures are not controlled by governments and most have chosen that the disclosure of these signatures is not allowed. They have taken this stance over authentication keys because of the danger of unscrupulous people being able to use someone else's personal authenticator to take over that person's identity!
Read the Article
|
Prime Numbers in Public Key Cryptography
The use of public-key cryptography is pervasive in the information protection and privacy arenas. Public key crypto algorithms utilize prime numbers extensively; indeed, prime numbers are an essential part of the major public key systems. This paper provides an introduction to prime numbers and how they are chosen, identified and used in public key systems. The content of this paper is specifically targeted at an audience that has only basic mathematical knowledge. A reader who has taken a high school or college algebra class should be able to follow the math herein. The objective of this paper is to inform the mainstream information security professional - who does not necessarily possess an extensive knowledge of mathematics - about the nature of prime numbers and how they are used in contemporary public key systems, thereby increasing his/her overall understanding of contemporary asymmetric encryption algorithms.
Read the Article
|
Randomness and Entropy - An Introduction
This paper will attempt to bring together information pertaining to concepts and definitions of randomness and entropy. Through definition and example both the implications and applications within the Information Security industry will be shown, bringing a complex topic to light in a concise and understandable form. This paper focuses on one of the vital components used in various security related technologies. This component is by nature complex and easily misunderstood. One may say that randomness plays a "key" part in most cryptosystems today, however, generally speaking it is very difficult to appreciate how many systems and technologies rely on the randomness of data.
Read the Article
|
Quantum Encryption - A Means to Perfect Security?
There is controversy about how secure quantum messages are. It is possible to prove that the probability of message interception by an adversary is arbitrarily small, under ideal conditions. People and machines, however, can never be perfect, so there are many approaches to defeating quantum encryption. Some computer security experts have wondered why making the strongest link in a system even stronger will improve security overall. Since public key cryptography is so hard to decipher now, why spend so much time and money on an even more secure quantum encryption scheme? If deciphering is nearly impossible, why not use other techniques, such as social engineering, to eavesdrop? This paper will attempt to answer those questions.
Read the Article
|
Applied Encryption: Ensuring Integrity of Tactical Data
Currently, there is a security risk involved with the transference of data through the CST software. While the SECRET Internet Protocol Router Network (SIPRNet) provides a circuit encryption to all data traveling along its path, there is no encryption applied directly through CST. If the data leaving CST were to be intercepted by unauthorized personnel on the local network, this would expose the confidentiality of the data and could potentially destroy its integrity. This paper will provide the reader with a low-level understanding of the Global Command and Control System-Maritime (GCCS-M), CST, Track Database Manager (Tdbm) and SIPRNet. It will detail how data transmission is accomplished from server to server via CST highlighting the need for additional encryption of the CST data stream.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7 8 9 10
Members currently browsing this category:
|
|
