Blog: https://medium.com/asecuritysite-when-bob-met-alice/lesson-1-in-secure-programming-dont-reuse-your-ivs-5666ddfa9a1c I wrote up an article on a recent Samsung vulnerability [ here ], and one comment said … “it’s an old bug, reuse of IV (Initialisation Vectors) seem a very basic problem”. On the face of it, the comment perhaps doesn’t go into enough detail, so I’ll try and explain the “bug” and hopefully show that it is shockingly bad coding … almost negligent in terms of protection, and cou...
Aug 06, 2023•7 min•Season 2Ep. 23
Blog: https://medium.com/asecuritysite-when-bob-met-alice/the-art-of-the-backdoor-e39f001ea8b9 Do you ever worry that your locksmith may take a copy of your key when they fit a new lock? Or that your locksmith has defined a lock which they know they have a skeleton key for? Or that your locksmith modifies the lock so that they can compromise it? And so we trust those that create locks to design them so that they cannot be broken easily, and that lock standard agencies around the world to set sta...
Aug 06, 2023•19 min•Season 2Ep. 21
I often get asked about what makes a successful university spin-out, so here are my observation for any budding academic team looking to spin out: You need a solid academic base . A PhD programme is often an excellent base for a spin-out, as it involves three or more years of extensive study into every aspect of a given field. This involves both a macro and micro viewpoint of a problem, and it develops the skills that support the articulation of new knowledge and new discoveries. A great team, t...
Aug 05, 2023•11 min•Season 2Ep. 20
There’s one little program that I could not do my work without … Git. And, so, our digital world needs to say a great thanks to the wonderful Linus Torvalds. In fact, without him, our digital world would be a whole lot more locked-down and controlled by large and faceless companies. Without Linus, we would probably now be dominated by Microsoft Windows, and your car and your mobile phone would probably be running Windows for its interface (yuk!). And if the software in your car crashed — as it w...
Aug 05, 2023•8 min
Chris Were is the CEO of the Verdia network. More details here . YouTube video: here .
Aug 02, 2023•1 hr 21 min•Season 4Ep. 1
Blog: https://medium.com/asecuritysite-when-bob-met-alice/tetra-burst-42773a490b35 Introduction Anyone can create a cipher. Basically, Bob and Alice do some modulo maths and could encrypt their secret messages into ciphertext by multiplying by 10 and adding 5, and then to decrypt back into plaintext, they would just subtract the ciphertext by 5 and divide by 10. The maths involved could then be defined by a Galois Field (GF)— and which is named after Évariste Galois. Bob and Alice could then kee...
Aug 01, 2023•11 min•Season 2Ep. 21
Blog: https://billatnapier.medium.com/cryptography-fundamentals-elgamal-encryption-and-signature-2de5f16b1127 ElGamal methods: https://asecuritysite.com/elgamal Introduction In research, we build on the shoulders of giants, and Taher Elgamal is one of the giants of cybersecurity. His work on Netscape led to the creation of SSL, and for which much of our Web security is still built on. Along with this, he published this paper in 1985 [ here ]: It was true classic, and has been reference over 12,5...
Aug 01, 2023•10 min•Season 3Ep. 10
Blog: https://medium.com/asecuritysite-when-bob-met-alice/passion-leadership-and-responsibility-ded697c73c76 Introduction I have been involved in enterprise and innovation for quite a while. I love it, and where I have had the opportunity to think and dream and kick-start things that flourish in the future. Some things have worked, and other things have not. And, we have been so lucky to have spun out three highly successful cybersecurity companies, and each of which has come from a seed of an i...
Aug 01, 2023•7 min•Season 2Ep. 16
Related blog: https://medium.com/asecuritysite-when-bob-met-alice/tokens-jwt-and-google-tink-c6b915d387e8 And: https://billatnapier.medium.com/hmac-or-public-key-signing-of-jwts-64084aff10ef Introduction My Top 20 important things about JWTs: JWT is a JSON Web Token and is pronounced “jot”. JSON objects support human-readable text and are used in many applications, such as with NoSQL databases. You should not trust a JWT unless it is cryptographically signed. For authorization, a captured JWT ca...
Jul 31, 2023•16 min•Season 2Ep. 19
Blog post: https://medium.com/asecuritysite-when-bob-met-alice/noyce-moore-and-grove-a-template-for-spin-out-start-up-success-b67d9795154a Introduction So, is there a formula for a successful start-up/spin-out — and if you followed it, you would be guaranteed success? For this, many people approach me and say, “I want to have a spin-out. What should I do?”. To me, this is a little like saying, “I want to fly, can you give me wings?”. So, let me lay out a few things that I have learned over the p...
Jul 31, 2023•15 min•Season 2Ep. 16
Blog: https://medium.com/asecuritysite-when-bob-met-alice/a-soft-target-are-higher-education-infrastructures-at-risk-4ff323fd73c5 They helped build the Internet Academia was one of the first infrastructures to build and use the Internet — in fact, they built ARPANET and which morphed into the Internet. And so, you will find that they often have privileged IP address ranges, such as for Class A or Class B. With this, when IPv4 address ranges were initially given out, universities and research org...
Jul 30, 2023•12 min•Season 3Ep. 16
Related blog post: https://billatnapier.medium.com/cryptography-fundamentals-commutative-encryption-19ba4c4c2173 Introduction What’s at the core of cryptography? Well, the simple EX-OR holds a special place, as we can do not lose any information when we apply it. For a bitwise operation of 0 EXOR 0 gives 0, 0 EXOR 1 gives 1, 1 EXOR 0 gives 1, and 1 EXOR 1 gives 0. And, so, cryptographers dream of the perfect cipher. And that cipher is a one-time pad. Basically, we generate a one-time use key for...
Jul 30, 2023•16 min
Blog: https://medium.com/asecuritysite-when-bob-met-alice/can-privacy-and-traceability-exist-together-tracing-keys-and-jurisdictions-bfc395d502a Introduction Privacy and traceability are two sides of the same coin, and where the coin will never land on its side. If you want privacy in a transaction, you have to hide the payer and payee and the transaction value. All that needs to happen is that there is proof that the payer has enough currency to pay the payee. We can do this with a range proof ...
Jul 30, 2023•15 min•Season 2Ep. 16
Blog: https://medium.com/asecuritysite-when-bob-met-alice/did-you-buy-a-ring-doorbell-from-2015-to-2019-then-you-could-get-compensation-c8434916b2da I know the title sounds like one of those adverts that say, “Did you buy a car between 1890 and 2023, then you can get compensation, because they didn’t tell you that you needed to put fuel in your car! In fact, you don’t even have to have bought a car or bought anything; you just have to show that you are still breathing, and you might still also g...
Jul 30, 2023•5 min•Season 2Ep. 15
A guest talk on Quantum Computing and Impact On Public Key Encryption by Professor Alan Woodward.
Jul 24, 2023•55 min
Related blog: https://medium.com/asecuritysite-when-bob-met-alice/mathematics-in-the-blood-the-lenstra-family-bf188c686e74 Introduction I know it’s a strange question to pose, but which family has most advanced the Internet and Cybersecurity? Well, the Lenstra family has a strong claim to that title. From their Dutch roots, they have contributed so much to our modern world — both from a theoretical and a practical point of view. I suppose there’s something in the nature of the Dutch that not onl...
Jul 24, 2023•10 min•Season 4Ep. 2
Related page: https://medium.com/asecuritysite-when-bob-met-alice/clocks-latex-byzantine-generals-and-post-quantum-crypto-meet-the-amazing-leslie-b-lamport-b2ade4b590d7 Demo: https://asecuritysite.com/hashsig/lamport Introduction I write this article in Medium and with its limited text editor, but I really would love to write it in LaTeX. Before the monopoly of Microsoft Word, there were document mark-up systems such as Lotus Manuscript, and where we had a basic editor to produce publishing-read...
Jul 24, 2023•16 min•Season 4Ep. 1
Related material Main page: https://billatnapier.medium.com/cryptography-fundamentals-8-rsa-rivest-shamir-and-adleman-445b91932bd0 RSA: https://asecuritysite.com/rsa Introduction In August 1977, The Stranglers were in the music charts with “Something Better Change” and something really was changing, and it was something that would change the world forever. This was the month that Martin Gardner in his Scientific American column, posted a challenge of a method that has stood the test of time: RSA...
Jul 23, 2023•22 min•Season 3Ep. 8
Cybersecurity Cloud Lesson 1 rule book in key management for companies: Your encryption keys are the keys to your castle. So protect them with your life! Your enemy is you! The main threat is insiders, so beware of yourself and others in your company. Beware of those that you trust and who you partner with. They can be your enemies, too. For sensitive data, try not to let Amazon or Microsoft manage your keys. Put your private keys in an HSM (Hardware Security Module). A shared HSM is fine, but i...
Jul 23, 2023•22 min•Season 2Ep. 15
Demos These are: Quadratic residues: https://asecuritysite.com/primes/q_res Jacobi symbol: https://asecuritysite.com/primes/jac Jacobi and Legendre symbol: https://asecuritysite.com/primes/jacobi Introduction Remember at school that class where the teacher taught you about how to square something? It was great, and where we loved to take the square of 3 and get 9, and the square of 5 gave us 25. But, in the next lesson, we came back to earth with a bump, as it was time for the nasty little squar...
Jul 23, 2023•9 min•Season 3Ep. 7
Please note, I slippled up a little in the podcast, and where the army size if 187,000. I have updated below. Web page: https://billatnapier.medium.com/cryptography-fundamentals-6-chinese-remainder-theory-ctr-2d1874943f15 And so a large army met. The general asks the collected troops to arrange themselves into groups of 50. He counts that there are four troops left without a group. He then asks for groups of 60, and there are 14 left, and finally, he asks for groups of 70, and there are 24 left....
Jul 22, 2023•6 min•Season 3Ep. 6
Cryptography Fundamentals 5: GCD, Extended GCD and Group Generators This podcast will outline a few building blocks of cryptography: GCD (Greatest common divisor), extended GCD and group generators. These you will find in many related cryptography papers, and any weaknesses in these can cause significant problems to the overall security of a method. Greatest common divisor— GCD A fairly simple concept that is used within public key encryption is the greatest common divisor (GCD). With this, we t...
Jul 22, 2023•7 min•Season 3Ep. 5
We live in a legacy world of money. Our transactions are often still based on moving paper money around, and we have basically scaled this into a digital world. At the core of this is the lack of any real cryptographic trust in digitally signing transactions. For this, the Bank of England is now discussing a CBDC (Central Bank Digital Currency) [2]: And before you reach for Ethereum smart contracts and ERC tokens, there’s a catch. This is not actually a cryptocurrency , but an electronic payment...
Jul 22, 2023•16 min•Season 2Ep. 15
Scott Helme is a Security Researcher, Entrepreneur and International Speaker. He is the creator of the Report URI and Security Headers Web site. More details: https://scotthelme.co.uk/
Jul 21, 2023•58 min•Season 2Ep. 15
I will bet you, that you have a memory of school where you had the “pleasure” or, most likely, the “nightmare” of performing long addition or long subtraction, and where you had carry overs between columns. The units carried over in the tens, the tens into the hundreds, and so on. And, then, you encountered long multiplication with those ever growing list of numbers. And, please forgive me, you progressed to long division, and you had that divisor dividing into your number and with the bar along...
Jul 21, 2023•20 min•Season 3Ep. 4
In previous podcasts, I outlined the usage of discrete logarithms in the form of a=g^x (mod p). Unfortunately, we now need a relatively large prime number to make sure it is now possible to discover x from a, g and p. This slows down the creation of the discrete log value. One method which has been used to replace them in some applications is to use elliptic curve points. Later in this series, I will explain how elliptic curve cryptography actually works, but in this one, we will just look at th...
Jul 20, 2023•16 min•Season 3Ep. 3
A fundamental element in cryptography is the mapping of one group to another and then being able to map back again. In this, there should be no confusion about the mapping and where it should be deterministic in the mapping — that is, no matter how many times we do it, we will always create the same mapping. Obviously, we can add some randomisation into the process, but with the same randomization, we always get the same mappings. In the previous podcast, I showed how a group of A={1,2,3,4} will...
Jul 20, 2023•16 min•Season 3Ep. 2
The problem with cryptography is that many miss some fundamental knowledge that will allow them to fully understand the key operations that are used. So, in this series of blogs, I try and explain some of the core concepts that secure our online world. Every single time that you connect to the Internet, the privacy and trustworthiness of your connection are dependent on some magical cryptographic operations. In our world of numbers, we have N (natural numbers — positive or negative integer value...
Jul 20, 2023•9 min•Season 3Ep. 1
How did you get started in this industry? What are the three key tech/software tools that you depend on the most? What is your favouriate book or podcast? What is the most important thing you have learned in your career? What advice would you give your younger self? Who inspires you?
Jul 19, 2023•16 min•Season 2Ep. 12
Steve is a Professor of Cyber Security in the School of Computer Science at the University of Nottingham , as well as an Adjunct Professor at Edith Cowan University in Western Australia and an Honorary Professor at Nelson Mandela University in South Africa. He is also the Chair of Technical Committee 11 (Security and Privacy Protection) within the International Federation for Information Processing, as well as a board member of the Chartered Institute of Information Security and chair of the aca...
Jul 19, 2023•16 min•Season 2Ep. 12
