I do what I do because of one company … IBM. Why? Because in the 1970s, I got into computers, with a ZX81 (1KB of RAM) and a Dragon 32 (32 KB of RAM). They were very much home computers, and where you would rush out and buy the latest computer magazine, and then spend a happy evening entering some BASIC code that made a cursor move across the screen using the IJLM keys. If you were very lucky you would manage to save it to a cassette — that could take over ten minutes to save a simple program — ...
Feb 15, 2024•22 min•Season 5Ep. 4
I have been lucky enough to speak to some of the most amazing people who have built the core of security on the Internet, and a person near the top of my list is … Torben P. Pedersen . The Pedersen Commitment So how do we create a world where we can store our secrets in a trusted and then reveal them when required? Let’s say I predict the outcome of an election, but I don’t want to reveal my prediction until after the election. Well, I could store a commitment to my prediction, and then at some ...
Feb 11, 2024•37 min•Season 5Ep. 5
Video: https://www.youtube.com/watch?v=O_kMmbvu9VM
Feb 11, 2024•1 hr 27 min•Season 5Ep. 3
There short podcast on Just Magic, Be A Teacher, And The King and Queen of Cybersecurity Magic: https://medium.com/asecuritysite-when-bob-met-alice/magic-from-heaven-to-earth-1837a1a1206e The Silly World of Cybersecurity https://medium.com/asecuritysite-when-bob-met-alice/the-silly-world-of-cybersecurity-a1143b90d3f0 Giving Back What Others Have Given You … https://medium.com/asecuritysite-when-bob-met-alice/giving-back-what-others-have-given-you-725a1e99923e King and Queen: https://medium.com/@...
Feb 11, 2024•16 min•Season 5Ep. 2
This seminar series runs for students in the Applied Cryptography and Trust module but invites guests from students from across the university. This seminar series runs for students on the Applied Cryptography and Trust module but invites guests from students from across the university. He has created a wide range of cryptographic methods, including Skein (hash function), Helix (stream cipher), Fortuna (random number generator), and Blowfish/Twofish/Threefish (block ciphers). Bruce has published...
Feb 06, 2024•57 min•Season 5Ep. 1
I’m going to show a full timeline of a Cyber Crime to show the steps that a scammer will take in order to gain funds from their target. Overall I’m interested in seeing how a scamming crime evolves to the point of profit for the scammer. https://medium.com/asecuritysite-when-bob-met-alice/a-full-diary-of-a-cyber-crime-from-phishing-to-profit-23ab53f5f58b
Dec 19, 2023•15 min•Season 4Ep. 23
I’m going to show a full timeline of a Cyber Crime to show the steps that a scammer will take in order to gain funds from their target. Overall, I’m interested in seeing how a scamming crime evolves to the point of profit for the scammer. https://medium.com/asecuritysite-when-bob-met-alice/a-full-diary-of-a-cyber-crime-from-phishing-to-profit-23ab53f5f58b...
Dec 19, 2023•10 min•Season 4Ep. 22
Professor Peter Andras is the Dean of the School of Computing, Engineering & the Built Environment. Previously, Peter was the Head of the School of Computing and Mathematics (2017 – 2021) and Professor of Computer Science and Informatics at Keele University from 2014 – 2021. Prior to this he worked at Newcastle University in the School of Computing (2002 – 2014) and the Department of Psychology (2000 – 2002). He has a PhD in Mathematical Analysis of Artificial Neural Networks (2000), MSc in ...
Sep 07, 2023•1 hr 34 min•Season 4Ep. 1
And, so, if you could pick one or two people who have contributed most to our online security, who would it be? Ron Rivest? Shafi Goldwasser? Ralph Merkle? Marty Hellman? Whitfield Diffie? Neal Koblitz? Well, in terms of the number of data bytes protected, that prize is likely to go to Joan Daemen and Vincent Rijmen, and who created the Rijndael method that became standardized by NIST as AES (Advanced Encryption Standard). If you are interested, Rijndael (“rain-doll”) comes from the names of its...
Sep 03, 2023•8 min•Season 3Ep. 29
In research, the publishing of high-quality papers is often critical for the development of a research career: “I am an academic. It’s publish or perish.” Daniel J Bernstien. But often we measure the work in terms of quality rather than quantity. One high-quality research paper is probably worth more than the millions of papers published in predatory journals. A great researcher should be able to measure the quality of their work by the known impact and contribution of their research papers, and...
Sep 03, 2023•9 min•Season 3Ep. 20
And, so, we are moving into one of the greatest changes that we ever see on the Internet, and where we will translate from our existing public key infrastructures towards Post Quantum Cryptography (PQC) methods. At the present time, NIST has approved one key exchange/public key encryption method (Kyber) and three digital signature methods (Dilithium, Falcon and SPHINCS+). The focus will now be on seamless integration, and where we will likely use hybrid methods initially and where we include our...
Aug 29, 2023•8 min•Season 3Ep. 12
Please excuse me for using IBM in the title — I have the greatest of respect for a company that has continued to lead and innovate over the past six decades (and who have existed for over a century). The point of this article is to showcase where you, your team or your company have a deep passion for doing something great. For this, we go back to the roots of one of the greatest inventions in the history of humankind: The Internet. In fact, we would probably not have the Internet without one mag...
Aug 25, 2023•8 min•Season 3Ep. 13
In cybersecurity, the teaching of Cloud security is often weak. So, here are my Top 100 things about encryption in the Cloud. I’ve focused on AWS, but Azure is likely to also be applicable. Keys are created in the AWS KMS (Key Management Store). In Azure, this is named KeyVault . The cost of using a key in KMS is around $1/month (prorated hourly). When a key is disabled, it is not charged. With AWS K MS, we use a shared customer HSM (Hardware Security Module), and with AWS CloudHSM it is dedidat...
Aug 21, 2023•21 min•Season 3Ep. 12
Well, here are a few tips for PhD students and ECR (Early Career Researchers): Enjoy doing research. It is fun and one of the few times in your career when it is solely your work. To do a PhD is a privilege and not a chore. You will likely look back on it as one of the most useful things you did in your whole career. You will always hit a dip in your research . Know when that is happening, and find ways out of it. Change something in your approach. Re-ignite yourself with new topics or methods. ...
Aug 18, 2023•19 min•Season 3Ep. 12
Here are my 100 interesting things to learn about cryptography: For a 128-bit encryption key, there are 340 billion billion billion billion possible keys. [Calc: 2**128/(1e9**4)] For a 256-bit encryption key, there are 115,792 billion billion billion billion billion billion billion billion possible keys. [Calc: 2**256/(1e9**8)] To crack a 128-bit encryption with brute force using a cracker running at 1 Teracracks/second, will take — on average — 5 million million million years to crack. Tera is ...
Aug 17, 2023•31 min•Season 3Ep. 12
Interview here: https://podcasts.apple.com/us/podcast/talking-with-tech-leaders/id1533642699 https://open.spotify.com/episode/11PmWm0mlGQNAhVn8wYnIn
Aug 16, 2023•1 hr 9 min•Season 3Ep. 10
Your organisation needs a vision. Without it, you will never be great. You will never advance. You will keep doing the same old things and without any real purpose. A vision gives you a purpose and a focus. But, it needs to have a plan which takes you there. But, without it, how can you ever plan? For any great organisation, you start with a vision. So, what about a vision for the NHS? I appreciate that I am only a technologist, but I am also a citizen, and I care about the health and well-being...
Aug 15, 2023•6 min•Season 2Ep. 31
I remember attending a talk many years ago, and the presenter said, “I’ve got this amazing tool called Lotus 123”, and he gave a practical demo of doing some calculations. People in the audience were stunned by the simplicity of its operation. It was the birth of the thing that drives many businesses … spreadsheets. They are just so simple to use, and we all love them. And so, in the PSNI (Police Service of Northern Ireland) data breach, it is a simple Excel spreadsheet that is being pin-pointed...
Aug 15, 2023•5 min•Season 3Ep. 10
So, here’s my Top 100 snippets of knowledge for blockchain: Blockchains use public key methods to integrate digital trust. Bob signs for a transaction with his private key, and Alice proves this with Bob's public key. The first usable public key method was RSA — and created by Rivest, Shamir and Adleman. It was first published in 1979 and defined in the RSA patent entitled “Cryptographic Communications System and Method”. Blockchains can either be permissioned (requiring rights to access the blo...
Aug 13, 2023•27 min•Season 2Ep. 35
Blog: here . You can just imagine the movie trailer … “Your worst enemy has taken over all your flights, and you cannot remove them from your network. They demand a $1 billion ransom, or else they will bring every flight down. Bob accidentally removes one of the controllers — you now only have 25 minutes to save the lives of those in the air!” We have all seen movies with a dead man switch — and where an elaborate mechanism is created for someone to be killed if a random is not paid. But, anyone...
Aug 13, 2023•9 min•Season 2Ep. 32
Kerckhoff’s principle defines that “a Cryptographic system should be designed to be secure, even if all its details, except for the key, are publicly known”, but there aren’t too many other rules defined. So here are my 100 Basic Rules of Cryptography (and Secure Programming). First, my Top 10: Cryptography is both an art and a science. Cryptography needs to be both theoretical and practical — one without the other leaves gaps. The maths is not actually that difficult — it is just the way that r...
Aug 10, 2023•15 min•Season 3Ep. 6
A team of developers at Distrust and others has discovered a weakness in the cryptographic methods of creating a random seed for the Libbitcoin Explorer wallet. This is allegedly behind a number of cryptocurrency thefts on 12 July 2023, and on November 2022. The vulnerability has been given the CVE identifier of CVE-2023–39910 and dubbed Milk Sad [ here ]: Basically, the wallet uses the bx seed program and which uses a Mersenne Twister [ here ] for its random generator. Overall it is a secure me...
Aug 09, 2023•4 min•Season 2Ep. 32
As humans we are driven by risks and threats, and where we are continually weighing-up costs and benefits. A threat is an actual thing that could actually cause harm, loss or damage, whereas a risk is the likelihood of a specific threat happening. In our lives, too, we expose ourselves through vulnerabilities , and which are our weaknesses and which could be exploited by others. Within Cyber intelligence we must thus need to continually understand our threats and vulnerabilities and weigh up the...
Aug 09, 2023•21 min•Season 2Ep. 31
Digital signatures are the foundation of our digital trust. With this, Bob has a key pair: a private key and a public key. In order to provide his identity, he signs a hash of a message with his private key, and then Alice proves this with his public key. Currently, we mainly use RSA, ECDSA and EdDSA for our signature methods, and where DSA signatures (which use discrete logs) have been dropped for their creation. For example, ECDSA is used with Bitcoin and Ethereum, and RSA is often used to ide...
Aug 09, 2023•9 min•Season 2Ep. 30
Lessons from the cybersecurity rule book for government: Lesson 1: If you have PII (Personally Identifiable Information), you should encrypt it. Lesson 2: Lock down access to encrypted data and require multifactor authentication for access. Lesson 3: All communications with citizens should be stored in an encrypted form. Lesson 4: The transmission of data between systems should be encrypted and authenticated. Lesson 5: All accesses to data should be logged, and restrict queries based on a policy...
Aug 09, 2023•6 min•Season 2Ep. 25
Blog: https://medium.com/asecuritysite-when-bob-met-alice/one-of-the-greatest-protocols-and-one-of-the-greatest-weaknesses-of-the-internet-meet-the-d8201a1e6e80 So the Internet isn’t the large-scale distributed network that DARPA tried to create, and which could withstand a nuclear strike on any part of it. At its core is a centralised infrastructure of routing devices and of centralised Internet services. The protocols its uses are basically just the ones that were drafted when we connected to ...
Aug 07, 2023•17 min•Season 2Ep. 26
Blog: https://medium.com/asecuritysite-when-bob-met-alice/my-five-favouriate-least-favouriate-computer-programming-languages-dd8a560c27a I love programming and think that every child should be taught it at school at an early age — and, for me, coding is for everyone. As an artist uses paint and a canvas, programming allows me to practice my art — cryptography. I can then re-enforce my learning of theoretical methods into practice — and where the learning comes alive. It also allows me to script ...
Aug 07, 2023•11 min•Season 2Ep. 26
Blog: https://medium.com/asecuritysite-when-bob-met-alice/the-wacky-world-of-javascript-and-npm-protecting-the-software-supply-chain-not-25662cfd1b66 JavaScript is the best and the worst of computer programming. It is able to exist in both the front end (the browser) and in the back end (with Node.js). It basically saved the Web as we moved from static Web pages to delivering dynamic content. With JavaScript, we could then enable direct interaction with the user but also capture and process data...
Aug 07, 2023•6 min•Season 2Ep. 26
Blog post: https://medium.com/asecuritysite-when-bob-met-alice/only-51-have-been-found-heres-mersenne-primes-4c296a3d8091 And, so what’s the next number in the sequence 3, 7, 31, and 127? Well, it’s 8,191, and I will explain why in a little minute. If you need to test with prime numbers — such as with public key encryption — how do you remember some large ones that you can test with? Well, one of the easiest ways is to remember the Mersenne prime numbers. Mersenne prime numbers were first define...
Aug 06, 2023•10 min•Season 2Ep. 23
Blog: https://medium.com/asecuritysite-when-bob-met-alice/a-bluffers-guide-to-symmetric-key-encryption-modes-f7882881f6d Symmetric key encryption involves a single key to encrypt and decrypt and where Bob and Alice can use the same encryption key. The two most popular symmetric key methods are AES — Advanced Encryption Standard — and ChaCha20. Along with this, we either have a block cipher or a stream cipher. With a block cipher, we process a number of bytes at a time with our ciphering process....
Aug 06, 2023•9 min•Season 2Ep. 25
