Entries Tagged "cryptography"

Page 50 of 50

Academic Freedom and Security

Cryptography is the science of secret codes, and it is a primary Internet security tool to fight hackers, cyber crime, and cyber terrorism. CRYPTO is the world’s premier cryptography conference. It’s held every August in Santa Barbara.

This year, 400 people from 30 countries came to listen to dozens of talks. Lu Yi was not one of them. Her paper was accepted at the conference. But because she is a Chinese Ph.D. student in Switzerland, she was not able to get a visa in time to attend the conference.

In the three years since 9/11, the U.S. government has instituted a series of security measures at our borders, all designed to keep terrorists out. One of those measures was to tighten up the rules for foreign visas. Certainly this has hurt the tourism industry in the U.S., but the damage done to academic research is more profound and longer-lasting.

According to a survey by the Association of American Universities, many universities reported a drop of more than 10 percent in foreign student applications from last year. During the 2003 academic year, student visas were down 9 percent. Foreign applications to graduate schools were down 32 percent, according to another study by the Council of Graduate Schools.

There is an increasing trend for academic conferences, meetings and seminars to move outside of the United States simply to avoid visa hassles.

This affects all of high-tech, but ironically it particularly affects the very technologies that are critical in our fight against terrorism.

Also in August, on the other side of the country, the University of Connecticut held the second International Conference on Advanced Technologies for Homeland Security. The attendees came from a variety of disciplines — chemical trace detection, communications compatibility, X-ray scanning, sensors of various types, data mining, HAZMAT clothing, network intrusion detection, bomb diffusion, remote-controlled drones — and illustrate the enormous breadth of scientific know-how that can usefully be applied to counterterrorism.

It’s wrong to believe that the U.S. can conduct the research we need alone. At the Connecticut conference, the researchers presenting results included many foreigners studying at U.S. universities. Only 30 percent of the papers at CRYPTO had only U.S. authors. The most important discovery of the conference, a weakness in a mathematical function that protects the integrity of much of the critical information on the Internet, was made by four researchers from China.

Every time a foreign scientist can’t attend a U.S. technology conference, our security suffers. Every time we turn away a qualified technology graduate student, our security suffers. Technology is one of our most potent weapons in the war on terrorism, and we’re not fostering the international cooperation and development that is crucial for U.S. security.

Security is always a trade-off, and specific security countermeasures affect everyone, both the bad guys and the good guys. The new U.S. immigration rules may affect the few terrorists trying to enter the United States on visas, but they also affect honest people trying to do the same.

All scientific disciplines are international, and free and open information exchange — both in conferences and in academic programs at universities — will result in the maximum advance in the technologies vital to homeland security. The Soviet Union tried to restrict academic freedom along national lines, and it didn’t do the country any good. We should try not to follow in those footsteps.

This essay was originally published in the San Jose Mercury News

Posted on October 1, 2004 at 9:44 PMView Comments

Academic Freedom and Security

Cryptography is the science of secret codes, and it is a primary Internet security tool to fight hackers, cyber crime, and cyber terrorism. CRYPTO is the world’s premier cryptography conference. It’s held every August in Santa Barbara.

This year, 400 people from 30 countries came to listen to dozens of talks. Lu Yi was not one of them. Her paper was accepted at the conference. But because she is a Chinese Ph.D. student in Switzerland, she was not able to get a visa in time to attend the conference.

In the three years since 9/11, the U.S. government has instituted a series of security measures at our borders, all designed to keep terrorists out. One of those measures was to tighten up the rules for foreign visas. Certainly this has hurt the tourism industry in the U.S., but the damage done to academic research is more profound and longer-lasting.

According to a survey by the Association of American Universities, many universities reported a drop of more than 10 percent in foreign student applications from last year. During the 2003 academic year, student visas were down 9 percent. Foreign applications to graduate schools were down 32 percent, according to another study by the Council of Graduate Schools.

There is an increasing trend for academic conferences, meetings and seminars to move outside of the United States simply to avoid visa hassles.

This affects all of high-tech, but ironically it particularly affects the very technologies that are critical in our fight against terrorism.

Also in August, on the other side of the country, the University of Connecticut held the second International Conference on Advanced Technologies for Homeland Security. The attendees came from a variety of disciplines — chemical trace detection, communications compatibility, X-ray scanning, sensors of various types, data mining, HAZMAT clothing, network intrusion detection, bomb diffusion, remote-controlled drones — and illustrate the enormous breadth of scientific know-how that can usefully be applied to counterterrorism.

It’s wrong to believe that the U.S. can conduct the research we need alone. At the Connecticut conference, the researchers presenting results included many foreigners studying at U.S. universities. Only 30 percent of the papers at CRYPTO had only U.S. authors. The most important discovery of the conference, a weakness in a mathematical function that protects the integrity of much of the critical information on the Internet, was made by four researchers from China.

Every time a foreign scientist can’t attend a U.S. technology conference, our security suffers. Every time we turn away a qualified technology graduate student, our security suffers. Technology is one of our most potent weapons in the war on terrorism, and we’re not fostering the international cooperation and development that is crucial for U.S. security.

Security is always a trade-off, and specific security countermeasures affect everyone, both the bad guys and the good guys. The new U.S. immigration rules may affect the few terrorists trying to enter the United States on visas, but they also affect honest people trying to do the same.

All scientific disciplines are international, and free and open information exchange — both in conferences and in academic programs at universities — will result in the maximum advance in the technologies vital to homeland security. The Soviet Union tried to restrict academic freedom along national lines, and it didn’t do the country any good. We should try not to follow in those footsteps.

This essay was originally published in the San Jose Mercury News

Posted on October 1, 2004 at 9:44 PMView Comments

News

Last month I wrote: “Long and interesting review of Windows XP SP2, including a list of missed opportunities for increased security. Worth reading: The Register.” Be sure you read this follow-up as well:
The Register

The author of the Sasser worm has been arrested:
Computerworld
The Register
And been offered a job:
Australian IT

Interesting essay on the psychology of terrorist alerts:
Philip Zimbardo

Encrypted e-mail client for the Treo:
Treo Central

The Honeynet Project is publishing a bi-annual CD-ROM and newsletter. If you’re involved in honeynets, it’s definitely worth getting. And even if you’re not, it’s worth supporting this endeavor.
Honeynet

CIO Magazine has published a survey of corporate information security. I have some issues with the survey, but it’s worth reading.
IT Security

At the Illinois State Capitol, someone shot an unarmed security guard and fled. The security upgrade after the incident is — get ready — to change the building admittance policy from a “check IDs” procedure to a “sign in” procedure. First off, identity checking does not increase security. And secondly, why do they think that an attacker would be willing to forge/steal an identification card, but would be unwilling to sign their name on a clipboard?
The Guardian

Neat research: a quantum-encrypted TCP/IP network:
MetroWest Daily News
Slashdot
And NEC has its own quantum cryptography research results:
InfoWorld

Security story about the U.S. embassy in New Zealand. It’s a good lesson about the pitfalls of not thinking beyond the immediate problem.
The Dominion

The future of worms:
Computerworld

Teacher arrested after a bookmark is called a concealed weapon:
St. Petersburg Times
Remember all those other things you can bring on an aircraft that can knock people unconscious: handbags, laptop computers, hardcover books. And that dental floss can be used as a garrote. And, and, oh…you get the idea.

Seems you can open Kryptonite bicycle locks with the cap from a plastic pen. The attack works on what locksmiths call the “impressioning” principle. Tubular locks are especially vulnerable to this because all the pins are exposed, and tools that require little skill to use can be relatively unsophisticated. There have been commercial locksmithing products to do this to circular locks for a long time. Once you get the feel for how to do it, it’s pretty easy. I find Kryptonite’s proposed solution — swapping for a smaller diameter lock so a particular brand of pen won’t work — to be especially amusing.
Indystar.com
Wired
Bikeforums

I often talk about how most firewalls are ineffective because they’re not configured properly. Here’s some research on firewall configuration:
IEEE Computer

Reading RFID tags from three feet away:
Computerworld

AOL is offering two-factor authentication services. It’s not free: $10 plus $2 per month. It’s an RSA Security token, with a number that changes every 60 seconds.
PC World

Counter-terrorism has its own snake oil:
Quantum Sleeper

Posted on October 1, 2004 at 9:40 PMView Comments

News

Last month I wrote: “Long and interesting review of Windows XP SP2, including a list of missed opportunities for increased security. Worth reading: The Register.” Be sure you read this follow-up as well:
The Register

The author of the Sasser worm has been arrested:
Computerworld
The Register
And been offered a job:
Australian IT

Interesting essay on the psychology of terrorist alerts:
Philip Zimbardo

Encrypted e-mail client for the Treo:
Treo Central

The Honeynet Project is publishing a bi-annual CD-ROM and newsletter. If you’re involved in honeynets, it’s definitely worth getting. And even if you’re not, it’s worth supporting this endeavor.
Honeynet

CIO Magazine has published a survey of corporate information security. I have some issues with the survey, but it’s worth reading.
IT Security

At the Illinois State Capitol, someone shot an unarmed security guard and fled. The security upgrade after the incident is — get ready — to change the building admittance policy from a “check IDs” procedure to a “sign in” procedure. First off, identity checking does not increase security. And secondly, why do they think that an attacker would be willing to forge/steal an identification card, but would be unwilling to sign their name on a clipboard?
The Guardian

Neat research: a quantum-encrypted TCP/IP network:
MetroWest Daily News
Slashdot
And NEC has its own quantum cryptography research results:
InfoWorld

Security story about the U.S. embassy in New Zealand. It’s a good lesson about the pitfalls of not thinking beyond the immediate problem.
The Dominion

The future of worms:
Computerworld

Teacher arrested after a bookmark is called a concealed weapon:
St. Petersburg Times
Remember all those other things you can bring on an aircraft that can knock people unconscious: handbags, laptop computers, hardcover books. And that dental floss can be used as a garrote. And, and, oh…you get the idea.

Seems you can open Kryptonite bicycle locks with the cap from a plastic pen. The attack works on what locksmiths call the “impressioning” principle. Tubular locks are especially vulnerable to this because all the pins are exposed, and tools that require little skill to use can be relatively unsophisticated. There have been commercial locksmithing products to do this to circular locks for a long time. Once you get the feel for how to do it, it’s pretty easy. I find Kryptonite’s proposed solution — swapping for a smaller diameter lock so a particular brand of pen won’t work — to be especially amusing.
Indystar.com
Wired
Bikeforums

I often talk about how most firewalls are ineffective because they’re not configured properly. Here’s some research on firewall configuration:
IEEE Computer

Reading RFID tags from three feet away:
Computerworld

AOL is offering two-factor authentication services. It’s not free: $10 plus $2 per month. It’s an RSA Security token, with a number that changes every 60 seconds.
PC World

Counter-terrorism has its own snake oil:
Quantum Sleeper

Posted on October 1, 2004 at 9:40 PMView Comments

1 48 49 50

Sidebar photo of Bruce Schneier by Joe MacInnis.