Page 1 of 7
The Hewlett Foundation just announced its top five ideas in its Cybersecurity Visuals Challenge. The problem Hewlett is trying to solve is the dearth of good visuals for cybersecurity. A Google Images Search demonstrates the problem: locks, fingerprints, hands on laptops, scary looking hackers in black hoodies. Hewlett wanted to go beyond those tropes.
I really liked the idea, but find the results underwhelming. It’s a hard problem.
Hewlett press release.
Back in July, NIST selected third-round algorithms for its post-quantum cryptography standard.
Recently, Daniel Apon of NIST gave a talk detailing the selection criteria. Interesting stuff.
NOTE: We’re in the process of moving this blog to WordPress. Comments will be disabled until the move is complete. The management thanks you for your cooperation and support.
NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. (Details of the NIST efforts are here. A timeline for the new algorithms is here.)
Every year, the NSA has a competition for the best cybersecurity paper. Winners get to go to the NSA to pick up the award. (Warning: you will almost certainly be fingerprinted while you’re there.)
Submission guidelines and nomination page.
Last year, the NSA announced its plans for transitioning to cryptography that is resistant to a quantum computer. Now, it’s NIST’s turn. Its just-released report talks about the importance of algorithm agility and quantum resistance. Sometime soon, it’s going to have a competition for quantum-resistant public-key algorithms:
Creating those newer, safer algorithms is the longer-term goal, Moody says. A key part of this effort will be an open collaboration with the public, which will be invited to devise and vet cryptographic methods that—to the best of experts’ knowledge—will be resistant to quantum attack. NIST plans to launch this collaboration formally sometime in the next few months, but in general, Moody says it will resemble past competitions such as the one for developing the SHA-3 hash algorithm, used in part for authenticating digital messages.
“It will be a long process involving public vetting of quantum-resistant algorithms,” Moody said. “And we’re not expecting to have just one winner. There are several systems in use that could be broken by a quantum computer—public-key encryption and digital signatures, to take two examples—and we will need different solutions for each of those systems.”
The report rightly states that we’re okay in the symmetric cryptography world; the key lengths are long enough.
This is an excellent development. NIST has done an excellent job with their previous cryptographic standards, giving us a couple of good, strong, well-reviewed, and patent-free algorithms. I have no doubt this process will be equally excellent. (If NIST is keeping a list, aside from post-quantum public-key algorithms, I would like to see competitions for a larger-block-size block cipher and a super-fast stream cipher as well.)
It’s Iaido, not sword fighting, but still.
Of course, the two didn’t battle each other, but competed in Iaido tests like cutting mats and flowers in various cross-sectional directions. A highlight was when the robot horizontally sliced string beans measuring just 1cm in thickness! At the end, the ultimate test unfolds: the famous 1,000 iaido sword cut challenge. Ultimately, both man and machine end up victorious, leaving behind a litter of straw and sweat as testament to the very first “Senbongiri battle between the pinnacle of robotics and the peak of humanity.”
On April 1, I announced the Eighth Movie Plot Threat Contest: demonstrate the evils of encryption.
Not a whole lot of good submissions this year. Possibly this contest has run its course, and there’s not a whole lot of interest left. On the other hand, it’s heartening to know that there aren’t a lot of encryption movie-plot threats out there.
Anyway, here are the semifinalists.
Cast your vote by number here; voting closes at the end of the month.
On April 1, I announced the Seventh Mostly Annual Movie-Plot Threat Contest:
The NSA has won, but how did it do it? How did it use its ability to conduct ubiquitous surveillance, its massive data centers, and its advanced data analytics capabilities to come out on top? Did it take over the world overtly, or is it just pulling the strings behind everyone’s backs? Did it have to force companies to build surveillance into its products, or could it just piggy-back on market trends? How does it deal with liberal democracies and ruthless totalitarian dictatorships at the same time? Is it blackmailing Congress? How does the money flow? What’s the story?
On May 15, I announced the five semifinalists. The votes are in, and the winner is Doubleplusunlol:
The NSA, GCHQ et al actually don’t have the ability to conduct the mass surveillance that we now believe they do. Edward Snowden was in fact groomed, without his knowledge, to become a whistleblower, and the leaked documents were elaborately falsified by the NSA and GCHQ.
The encryption and security systems that ‘private’ companies are launching in the wake of theses ‘revelations’, however, are in fact being covertly funded by the NSA/GCHQ—the aim being to encourage criminals and terrorists to use these systems, which the security agencies have built massive backdoors into.
The laws that Obama is now about to pass will in fact be the laws that the NSA will abide by—and will entrench mass surveillance as a legitimate government tool before the NSA even has the capability to perform it. That the online populace believes that they are already being watched will become a self-fulfilling prophecy; the people have built their own panopticon, wherein the belief that the Government is omniscient is sufficient for the Government to control them.
“He who is subjected to a field of visibility, and who knows it, assumes responsibility for the constraints of power; he makes them play spontaneously upon himself; he inscribes in himself the power relation in which he simultaneously plays both roles; he becomes the principle of his own subjection.” Michel Foucault, Surveiller et punir, 1975
For the record, Guy Macon was a close runner-up.
Congratulations, Doubleplusunlol. Contact me by e-mail, and I’ll send you your fabulous prizes.
On April 1, I announced the Seventh Movie Plot Threat Contest:
The NSA has won, but how did it do it? How did it use its ability to conduct ubiquitous surveillance, its massive data centers, and its advanced data analytics capabilities to come out on top? Did it take over the world overtly, or is it just pulling the strings behind everyone’s backs? Did it have to force companies to build surveillance into its products, or could it just piggy-back on market trends? How does it deal with liberal democracies and ruthless totalitarian dictatorships at the same time? Is it blackmailing Congress? How does the money flow? What’s the story?
Submissions are in, and here are the semifinalists.
Cast your vote by number; voting closes at the end of the month.
Sidebar photo of Bruce Schneier by Joe MacInnis.