Notes from my notebook

Here are pictures from my notebook of notes I have taken throughout the term

Case Studies

Deepwater Horizon

Houdini

Self-Driving Cars

Physical Security

Cyber War

Privacy

Other Notes

RSA

co-incidence index

Hashing Attacks

other

Type I/Type II errors - Public Transport

After getting on a train on my way to Uni, I have often found myself worrying about if I tapped on (my station does not have gates), even though I did, because I have always tapped on, but that got me thinking about type I and type II errors and how common they must be when it comes to people (particularly people with important jobs) remembering if they have done something or checked something.

Table

think I tapped on, did tap on - true positive

think I tapped on, did not tap on - type 1 error (false positive)

think I didn’t tap on, did tap on - type 2 error (false negative)

think I didn’t tap on, did not top on - true negative

The impact of a type 1 error is quite severe (for my anyway), max fare cost at central or a $200 fine if I get caught, where as there the impact of a type 2 error is nothing (besides the stress it causes me), unless I decide to do something stupid to avoid transit officers. However, if I had a job like a pilot, a type 1 error, where they think they refuelled and they didn’t, can be and has been catastrophic.

The most common antidote to this problem are checklists. This works well as a solution because it focuses a person’s attention to one item at a time to ensure they check any information they not sure about. This of course is still open to type 1 and type 2 errors but makes it less likely. Another flaw with checklists is if the checklist is incomplete and may not contain an item that needs to be checked, however most have been critiqued by many experts so it is highly unlikely anything that important is missing. A third problem with checklists is that if a type 1 error occurs, a person may lead to overconfidence in believing the checklist and so will not consider that checklist is wrong.

RSA

RSA is a Public key (asymmetric) encryption system. It is widely used to encrypt keys for a symmetric cipher (like AES) because symmetric encryption is less computationally expensive and quicker to both encrypt and decrypt. When used, RSA generally produces a 1024, 2048 or 4096-bit keys depending on its implementation.

Method

To generate the Public Key (n, e) and Private key (n, d), RSA uses this method:

Generate 2 prime numbers - p and q

Compute n - n = p * q

Calculate Euler totient φ(n) - φ(n) = (p-1)(q-1)

Chose exponent e that is less than φ(n) as well as co-prime  to φ(n) (shares no factors / gcd(e,φ(n) = 1)

Calculate d using the Extended Euclidian Algorithm - d * e ≡ 1 mod φ(n). Note: there is more than one possible value for d.

To encrypt a message m to cipher text c, c = m^e mod(n) and to decrypt a message, m = c^d mod(n).

p and q are both large prime numbers, usually half the size of the key length, so for the 2048-bit key version, p and q would be 1024-bit prime numbers.

RSA Problem

The RSA is trying to find a way to efficiently compute the plain text (p) given the Public Key (n, e) and the cipher text(c), where c ≡ p^e mod (n). 

The most efficient way so far to solve this is by factoring n into its prime components, p and q. If you know p and q then it you can calculate φ(n) and thus as e in given in the public key, it is possible to calculate a value for d that would work (as d is calculate from e*d ≡ 1 mod φ(n)). So know you have the Private Key (n, d) that is able to decrypt all messages encrypted with the original Public Key.

At the moment is is currently there is no practical method of factorising a 1024-bit semi-prime (a number whose components are 2 primes). The longest semi-prime factorised so far was 768-bits long, it also took the equivalent of 2000 years for an average laptop.

Weaknesses

Chosen Plain Text attack

An attacker can crack RSA with no padding by guessing the plain text and encrypting it with the public key, and checking to see if the resulting cipher text matches the intercepted cipher text.

Chosen cipher-text attack

This attacks essentially tricks a target into decrypting a message for you. If you intercept a message already encrypted using the targets Public Key (n, e). So you have the cipher text as c ≡ p^e mod n, where p is the plain text. You can then make a cipher text c’ ≡ cr^e mod n , where r is some value you have chosen, therefore you actually sent them c’≡ (p^e * r^e) mod n. You then have to trick the target into using their Private Key (n, d) to decrypt c’ and send the result back to you. When they use d to try and decrypt c’, 

c’^d mod n ≡ (c^e * r^e)^d mod n ≡ (p^e)^d * (r^e)^d mod n

As you know for any plain text m, (m^e)^d ≡ m mod n, therefore

c’^d = pr mod n, and as you know what r is, you can divide by r to get the original plain text.

A weakness of this attack is that you need the target to send you back information after they have tried decrypting your chosen cipher text, so one way to defend against this attack is to destroy any information that you have tried to decrypt using using your private key, because an attacker requires the result of c’^d mod n.

RSA Padding

When encrypting a message, RSA will pad the original plain text although it changes the original plain text as well as extending it to be the required bits long. It is still called padding from when it did just extend the plain text message to fit a certain size. Modern padding schemes like (OAEP/PKCS#1) randomly change the entire plain text message before using the public key to encrypt it. It changes the whole plain text because RSA would otherwise be deterministic (given an input, the output is always the same for that input), so these padding schemes add a random component to RSA and stop chosen plain text and chosen cipher text attacks.

Common Uses

Usually used to encrypt a key for a symmetric cipher like AES which is at most 256 bits and can be encrypted with RSA quickly

Used for Authentication as well

encrypting a message with your private key, can only be decrypted with your public key

The Chinese Remainder Theorem is commonly used to make decryption easier

Sources

https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Padding_schemes

https://en.wikipedia.org/wiki/RSA_problem

https://crypto.stackexchange.com/questions/1448/definition-of-textbook-rsa

https://www.openlearning.com/courses/securityengineering19t2/modules/3/rsa/

https://web.archive.org/web/20170602054430/https://www.cs.virginia.edu/~kam6zx/rsa/a-worked-example/

https://crypto.stackexchange.com/questions/3608/why-is-padding-used-for-rsa-encryption-given-that-it-is-not-a-block-cipher

https://crypto.stackexchange.com/questions/1448/definition-of-textbook-rsa

https://crypto.stackexchange.com/questions/2323/how-does-a-chosen-plaintext-attack-on-rsa-work

Advanced Encryption Standard (AES)

AES is also known as by is original name Rijndael after its developers Vincent Rijmen and John Daemen. AES is a block cipher that uses a 128-bit block known as the state. The state is organised as a 32*32 bit array (or a 4*4 bytes). It goes through 10 rounds of encryption. The key for AES has multiple key lengths for greater security but worse performance. The key lengths are 128, 192 and 256-bits. Most computers and specialised hardware to use AES.

Method

Key Expansion - derives the round keys from the using Rijndael’s key schedule from the main key, so each round has a 128 bit round key. This is done at the beginning and not every round.

Substitute Bytes - Each byte in the state is substituted by using a look-up table of a Rijndael s-box. This create confusion in the algorithm relationships.

Shift Rows - each element in the state is shifted down a number (of its row) index of column. This is the first step in creating diffusion

Mix Columns - Each byte in a column of the state is mixed up using a function created by Rijndael. This is the second step of diffusion and means that the output from a round depends on output from the previous round. This step is not done in the final round.

Add Round Key - each byte of the state is XORed with its corresponding byte in the round key

click here for an easy to follow description of how AES enciphers a block.

The Key Expansion is the most important step of the cipher because it is the only part of the algorithm that has unknown information to an attacker. The round keys all derive from the main secret key and so are also unknown to an attacker where as the rest of the steps are completely known to an attacker.

Add Round Key

The other functions are still necessary though, because just doing the Add Round  is essentially a substitution and XORing more than once would also be redundant and it would be a weak cipher. This is because every byte in a block does not move from its position, so an attacker just has to crack each byte. There are 2^8 possible combinations for a byte of plaintext and 2^8 possible bytes for the plaintext too and 16 (i.e. 2^4) bytes in a block, therefore to brute force 1 block it would take 19 bits of work ( 2^8 * 2^8 * 2^4 /2 = 2^19) on average. As the average desktop computer can do 31-bits of work a second, so it could crack the average e-mail (75KB or 2^12 blocks) encrypted like this in a second.

Mix Columns and Shift Rows

The Mix Columns function creates makes each byte in a column dependent on each other so an attacker cannot treat the 128-bit block as 16 independent bytes but rather as 4 32-bit blocks. 

The Shift Rows function mixes the bytes of each column so an attacker cannot treat a 128-bit block as 4 32-bit blocks as each byte of a column would only depend on the other bytes in its column. So instead of needed to brute force a 128-bit key, an attacker would just need to brute-force 4 (i.e. 2^2) 32-bit keys, which is only 33-bits of work (2^32 * 2^2 / 2 = 2^33). An average desktop would be able to crack a block in a few seconds.

So these two functions working together ensure that to brute force AES, an attacker needs to do 127-bits of work (128-bit key).

Substitute Bytes

Having this function ensure the cipher is no longer a linear/Affine transformation. If the cipher was affine then it could be represented in the form c = Ap + k, where c = cipher text (128 size vector), p = plain text (128 size vector), A = 128*128 matrix and k is a constant that depends on the key. The matrix A is dependent on the shift rows and mix columns functions, both of which are known to everyone and can therefore be pre-calculated. If an attacker can then crack one cipher text block by guessing the plaintext then k can be calculated because k = c - Ap. (e.g. the cipher text is an email and the sender’s has the same sign-off like “sent from my iphone” and the attacker can estimate the location of that plaintext in the cipher text, then the attacker has a matching plaintext block and cipher text block)

The Number of Rounds

Increasing the number of rounds AES goes through increases the amount of confusion and diffusion because it goes through more substitution and more shifting and mixing. The 128-bit key uses 10 rounds because there are ways to crack 6 round versions of AES so Rijdael said “We added 4 rounds as a security margin”. The extra 4 rounds also means that the technique used to crack the 6 round version, increasingly expensive.

The reason the 192-bit and 256-bit keys use more rounds is because techniques that can crack the cipher in less than brute force can afford to be less efficient with longer keys. If a technique that can crack the 128-bit key in 100 bits of work (quicker than brute force) and that same technique can crack 10 round 192-bit key in 155-bits of work as well as cracking 10 round 256-bit key in 215 bits of work, although is less efficient at cracking the longer keys, it still increases bits of worked not needed compared to brute force.

Weaknesses

As AES is a symmetric key cipher, it does not scale well as the size of the network increases as n^2 keys are needed to be shared and kept by everyone in the network. This problem can be overcome by using a cipher that uses public-private keys like RSA to encrypt the small key for the AES, reducing the number of keys needed in a network to 2n

There have been some theoretical attacks have been published but they do not reduce the work enough to make it feasible. Some also are not that practical, like needing to know the plaintext to crack the cipher-text, which could be useful if you want prove that some else received the same file or two users repeatedly use the same key and you had the plain text of one of the messages.

Considering there have been a number of theoretical break, it is probably a good idea to start looking for a new algorithm to encrypt and decrypt now, because it is uncertain how quickly more advances will be discovered.

Common Uses

It was chosen by the NIST as the new standard for encryption after DES. It is therefore used by all US federal government departments. The NSA has approved the 128, 192 or 256-bit keys for “secret” level information but only the 192 or 256-bit keys for “top secret” level information. The reason for using the longer keys for top secret seems to be to protect against a partially known key. 

As the longer the key is, the more work an attacker still has to do to crack the rest of the key because if an attacker knew 64-bits of the key, they would still have to over 127-bits of work for the 192-bit and 256-bit keys.

Sources

https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf

https://www.openlearning.com/courses/securityengineering19t2/modules/7/aes/

https://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard

https://www.eetimes.com/document.asp?doc_id=1279619

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

https://eprint.iacr.org/2011/449.pdf

https://www.nist.gov/publications/advanced-encryption-standard-aes

http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

https://medium.com/@weblab_tech/encrypted-client-server-communication-protection-of-privacy-and-integrity-with-aes-and-rsa-in-c7b180fe614e

https://www.quora.com/What-is-todays-average-computer-processing-speed

https://crypto.stackexchange.com/questions/20228/consequences-of-aes-without-any-one-of-its-operations

https://en.wikipedia.org/wiki/Rijndael_key_schedule

https://en.wikipedia.org/wiki/Rijndael_S-box

https://en.wikipedia.org/wiki/Rijndael_MixColumns

https://crypto.stackexchange.com/questions/2648/how-were-the-number-of-rounds-for-different-key-sizes-of-aes-selected

https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf

Paywalls - Security through Obscurity

Paywalls on news websites have always been annoying, as when someone links you can article you want to read, you cannot. However, last night I made the realisation that most paywalls rely on peoples ignorance on how internet browsers and html works. 

Quite a few news sites simply add an overlay, obstructing the view of the text of the body of the article. So if you were to simply right click and select view page source, after a bit a scrolling, you eventually find the text of the body of the article that the overly was trying to obstruct you from seeing.

The defence against people you are not subscribers is basically security through obscurity, as they send you all the information you want then try to hide it. The problem of this system is down to the fact they only check if you are a subscriber after sending you the entire article in its entirety. Some websites do, then retroactively delete the text from the page source after confirming that you are not a subscriber, but that again is not a very good defence system because it is reactive when it could easily be proactive and someone with better javascript skills then my could easily write a widget (if one does not already exist) that could block the script that creates the overlay and deletes the text from running.

Instead of these news sites confirming subscriber status after sending you everything, they should check it before sending you everything because once you send all the information, it is impossible to recover it. Though an attacker might be able to trick the website into thinking they were a subscriber when they were not, this is much harder to do and probably easier to detect, as they would have to send the news site information that could hopefully be verified using another source. As a lot of news sites are currently, it is very hard to detect, as once the information has been received, you can block outgoing packets back so it would be very difficult to impossible to detect someone deciding to view page source or block their paywall scripts from running.

Case Study - Privacy

Note: This was typed up from the notes I took from the tutorial on the day

In my lab this week, we talked about privacy and how much surveillance should the government be able to do in certain circumstances. My group was tasked with arguing for government surveillance and for the government to have access to more of the citizens private data. This was the harder argument, given in one of the first things Richard Buckland instructed us to do in lectures was to give out your personal data as little as possible.

We came up with a few situations in which having the government have private data would be useful, such as an health records that could be accessed by any doctor and is opt in. This means older people with deteriorating health do not have to remember everything they have been treated with. It would also be useful for people who have allergies to common drugs like penicillin and so even if they are incapacitated, a doctor will be able access that information. The opt in system would also mean that have the choice to give the government their data, because they have judged the benefits to them outweigh the risks of their health information being public. One big risk of storing a lot of data in one place, with many people able to access it, would be it being stolen or a doctor unethically accessing someone's health records who they just do not like.

We also argued for more surveillance cameras in public places, particularly in places with more crime so law enforcement investigate potential crimes quicker and easier than trying to deduce what happened on witness accounts alone. This would also make the trails quicker  as video evidence is very convincing. This can be abused however because security cameras can have poor resolution and could be used to trick people into framing another person. Security cameras could also be used to track people unlawfully if someone with access to the network wanted to do so.

The last main point we argued for was the government having records on the finances of companies and individuals. This would help stop tax evasion and tax fraud. However knowing what people have bought can be very dangerous, because people may buy something that would be embarrassing to them if made public and could be used to blackmail people or discrediting them.

One of the more cynical arguments of governments having more private data was so they could sell it for additional revenue (they would probably argue if they can sell your data, they can reduce taxes).

Case Study - Cyber War

Note: This was typed up from the notes I took from the tutorial on the day

In my tutorial this week, we discussed what cyber war might look like. We found this case study quite hard because of how many unknown factors there are and what is defined as a cyber act of war. Our task was to act as the Australian Signals Directorate (ASD) and make recommendations to the government in the event of a war with a foreign power.

Invest in offensive capabilities, like the ability to shut down enemy power networks, this will, besides causing general chaos, reduce the ability to communicate and co-ordinate. If the enemy has elections using electronic voting machines, try and hack them so change the result to someone less belligerent or undermine confidence in the trust of the results, causing disunity in the country. Also develop the ability to distribute our propaganda among the enemy. 

To protect against cyber attacks we would recommend trying to decentralise power networks, so if an attack can cause one to fail, it would only affect a small percentage of the population. Also making sure all critical buildings like hospitals, police stations and military buildings have back-up power generators the can last a week (or however long it is estimated to fix disabled power networks).

We would also have a system in place where we could monitor communications in and out of the country, so block signals that are not on approved wavelengths and monitor the internet exchanges into and out the country (there are not too many cables connecting Australia). Also protect some of the underwater cable so it is hard for the enemy to cut us off from the rest of the world.

Case Study: Physical Security

Note: This was typed up from the notes I took from the tutorial on the day

In my Lab this week, my group had to answer a proactive exam question. We were put in charge of the physical security of a tech company new building where they would work on a secret project. Our objective was to discern the main assets that need protecting and list the key features.

Main Assets

We decided that our main assets were:

the employees - we need to protect the people so they can focus on their work free from fear and be more productive

servers/database - we need to protect the work this company wants to keep secret and try and ensure its safety

Security Features

One of our first ideas was to make all employees have passes that restrict their access to only parts of the building they need to access, to limit the number of people with access to vulnerable areas like computer ports. We would also advise that computers be separated from monitors, keyboards and mouses, so only employees who needed physical access to the computers would have it.

Another idea was to have strong walls and doors, so someone that does not have permission to enter an area would need heavy/loud tools to break through (unless of course they can trick he lock). This would mean that someone would notice loud tools in the building. This bring us to our next point, which is, a security guard would be a needed so they could detain people before the police get there.

One point that nobody though about until Ash (the tutor) mentioned was how we would keep people in the building. We all focused on keeping people out instead of also thinking about how to keep people in the building. Keeping people in the building would be useful if we can detect unauthorised access to an area or computer and want keep everyone from leaving until people that person has been caught. To do this we would probably locate the security guard desk near the entrance of the building and have a lockdown button on that anyone can hit. I would also only have one exit and entrance. Of course this would make a fire hazard but this is a trade off I would be will to make.

Case Study - Self Driving Car

Note: This was typed up from the notes I took from the tutorial on the day

In this weeks tutorial we talked about how the introduction of self driving cars would make manufactures and governments think. My group was to act as a manufacturer and identify our most important assets and plan how to protect them.

Assets

- Car - People (customers) - software in the car - stock/shareholders - Research and Development

Risk and Risk management

Hardware malfunction - Have multiple sensors so all measurements can be verified with others, removing a single point of failure. If an instrument is giving irregular readings then a warning light is signalled. The likelihood of having multiple instruments malfunction at the same time is significantly less than having one fail at any one time.

Software bug, Have a manual stop button that brings the car to a stop by connecting it directly to the braking system and overrides any other instructions the software wants to do. This means if a passenger notices the car driving erratically or thinks something is wrong, they can bring the car to a stop stop quickly and safely.

Modifications to the car, State that in the terms and conditions that any modifications to the car have to be done by a party authorised by the company and that any modifications not done by an authorised party waives any liability for any damages caused by the car. My group would also recommend working with lawyers to make the terms and conditions of use as hard as possible to follow to ensure the company to never liable for any damage caused by any of their cars.

Recommendations

After identifying these assets and risks and as well ways to manage the risk, we would recommend the company proceed to manufacturing self-driving cars because the benefits (mainly potential profit) would outweigh the risks of selling self driving cars

Separation of Power

The Roman Republic relied and tradition and precedent as a Constitution, with no official written version.

The Roman Republic (509 BCE - 27 BCE)

The Roman Republic relied and tradition and precedent as a Constitution, with no official written version. There were 3 main parts of the republican government: the Senate (house of patricians), the assemblies (house of commoners) and the Magistrates (executives).

The Senate

The role of the Senate was to “advise” (direct) the magistrates, so when the senate passed a senatus colsultum it was usually followed by the magistrate. The Senate oversaw foreign policy (which meant they effectively had control of the military), the treasury (all state spending had to be authorised by the Senate) and the administration of Rome.

The Senate had members appointed by Consuls or Censors (depending on the time period) and all senators in the early republic had to be from the patrician class (a hereditary title that you had to be born with), although this criteria was relaxed as rich Plebeians attained political equality after the Conflict of Orders.

The Assemblies

The Assembly of the Centuries

Only this assembly had the power to declare war and ratify census results

It elected the Consuls, Praetors and Censors

All members were in the Roman military, divided into 3 classes (by wealth)

Had the power to pass laws, but rarely did

The Assembly of the Tribes

Comprised of 35 tribes divided by geography (like House of Reps). This was very unique, that geography be how people were divided up, not class or race.

Elects Qaestors and Curule Aedile

Had the power to pass laws but rarely did so

The Plebeian Council

Passed laws called Plebiscites that plebeians (and later everyone) had to follow (usually passed laws that affected plebeians)

Elected the Plebeian Magistrates

All members had to no plebeians (commoners)

Was independent of the Senate and acted as a check on the Senate and Magistrates

Magistrates

All Magistrates were elected (see diagram below for which body elected them). Any magistrate could veto a decision by a magistrate of equal or lesser rank. Magistrates in the early republic were all from the the Patrician class, however all citizens were allowed to for election after the Conflict of Orders.

Consul - effective Head of State. Had power to appoint and remove senators until 319 BCE when it was transferred to the Censors.

Praetor - administered civil law and acted as Chief Judges over the courts. If no Consul was in Rome, the senior Praetor would effectively become acting Consul. Praetors also acted as Governors of provinces

Censor - Highest Rank officially, only Plebeian Tribune could veto him. He was responsible for senators adhering to a code of conduct 

Qaestor - roles and responsibilities of each were decided by lot. They acted like secretaries doing a lot of the admin and managed the treasury (made sure everyone was being paid)

Curule Aedile - conducts domestic affairs and maintains public order

the Plebeian Magistrates

Plebeian Tribunes

Power came from his sacrosanctity (basically you could not touch them, even to defend yourself from them. This is how they enforced their veto)

Could veto any act by any magistrate (including Consul), the senate or the assemblies but had to be in Rome for it to be in effect. He also could not veto the measure though, so had to be physically present to prevent the act itself.

Usually had close ties to Senators and Magistrates and would be influenced by them to stop Plebiscites

Plebeian Aediles (assistant to the Tribunes)

The Balance of Power

The patrician class and later the wealthy landowners had the most power in this government as they controlled the Senate and Magistrates, however the Plebeian Council acted as a check on this power as they could use the Plebeian Tribune to veto any act of the Senate or Magistrate. There were usually two of each magistrates, designed to check each others power

Block Cipher Modes

Block ciphers have different methods of encrypting blocks depending on the situation. Some ways are faster to encrypt and decrypt but others provide more security. Some of the methods or are Electronic Codebook (ECB) and Cyber Block Chaining (CBC)

Electronic Codebook - ECB

This is the most simple mode. A message is separated into 128-bit blocks, which are then encrypted using a key. This means each block can be encrypted in parallel making it very quick. However because the encryption treats each block separately, which means given the same plaintext, the same cipher text will result. This is a major weakness because it allows an attacker to check it two messages contain the same plaintext or an attacker could check if there is repetitive information, such as long runs of null bytes.

From this example on wikipedia, we can see how the white background pixels are all transformed to the same stripped pattern demonstrating how in ECB can leak information as the same plaintext creates the same cipher text. This mode is generally not used today.

Cyber Block Chaining - CBC

This mode get a bit more complex. This time before encrypting the first block of plaintext, you first XOR it with an initialisation vector, then for the subsequent blocks, you XOR the previous blocks cipher text before encrypting them. This means that encryption cannot be parallel making take longer to encrypt a message. This does however removes the weakness of leaking information of repeated information in the plain text, which is why this is the most used mode today.

Apartment Fail

From the top parking level (p1) of an apartment building, to hail the lift to up you need to use a key that only the apartment residents would have. To hail the lift to go down from p1 you do not need a key however and once you are in the lift, you can go to any level. This flaw in the system effectively makes having a key obsolete because if you don't have a key you can just hail the lift by pressing the down button, get in the lift and go to any floor you wish, gaining access to inside. Of course this does not help you get into any of the apartments because you still need a key to unlock the units (assuming no one left their door unlocked. This is a major flaw in this security system that renders the first layer of defence (the lock on the entrance or lift) useless.

UNSW Blackout

There was a power outages in some building at UNSW including the Library. When I arrived, what sounded like the fire alarm was going off and wardens had taped off the walkway in front of the library entrance after evacuating everyone from the building. I would think they evacuate the library for a number of reasons but I thought the two main reason would be people's safety and to secure the books.

People’s Safety

It would become dangerous to walk around the library with no power as all the lights would be off causing the centre of the library to be very dark, as well as the stairways as they receive no natural light. Someone being injured because of the darkness is a low probability event but has a high risk as a serious injury could occur which UNSW may be liable for and cost a lot of money.

Book Security

If there is now power then the scanners at the entrance/exit of the library a probably not  working so it would be easy to steal a book as any security cameras would likely be off as well because of the blackout. So the main defence from people stealing a book (scanners at the exit) would be inactive allowing anyone just to put a book they wanted in their bag and walk out with it. This is a high probability event (as it would be easy to do) but is low risk to UNSW as a book would not cost that much considering the high budget of the uni.

Human Weakness: Corruptible

In the lectures this week, we discussed how most security systems are designed with a large amount of trust that the people in the system can be trusted. We discussed famous double agents like Aldrich Ames and Robert Hanssen. The main thing I learnt was that to find people who are corrupt, the most effective way is by corrupting someone working for the people corrupting them. (i.e. If the CIA want to find agents, who are giving information to the FSB, then corrupting an FSB agent is the most effective way of do so)

This is because it is very hard to find a mole when the mole can know everything about the investigation into them. Robert Hanssen is a good example of this because after he gave the KGB names of corrupt KGB officers, the FBI launched an investigation into who leaked that information and put Hanssen on the team investigating. So he was essentially trying to find himself. This is an inherent problem with all internal investigations, you cannot know who to trust, but you have to trust someone otherwise there is no chance of finding the corrupt person, so you may end up with the corrupt person on the investigation where they can wreak havoc by abusing the trust they have.

Case Study: Cockpit Safety

Recommendations to make cockpits and planes more secure assuming companies and governments are willing to devout a large amount of resources:

Buttons that puts makes auto-pilot take control and lands at closest possible airport.

Buttons are in cabin and cockpit and either pilot or head of flight crew has a code to activate it

If current auto-pilot cannot land planes yet, develop ones that can

Put a toilet in the cockpit (this would actually prevent half of the examples given in the case study as a pilot would get locked out after going to the toilet)

https://www.independent.co.uk/news/world/europe/germanwings-captain-patrick-sondenheimer-tried-to-break-into-locked-cockpit-door-with-an-axe-as-10138492.html

Tighter airport security

Something Awesome Proposal

Motivation

I am very interested in cryptography and it has influenced the world. I want to learn more about how it is used in the modern world. I am keen to challenge myself and learn about ciphers strengths and weaknesses.

My Plan

My plan is to research and analyse different types of ciphers and how they are implemented and broken (in they were) with a focus on modern asymmetric ciphers (like RSA) used today. I plan to write a weekly blog post on this as well.

I plan to write a program that can determine what type of symmetric cipher has been used to encipher text and extend it to also cracking the cipher once it has figured it out.

Marking Criteria

Credit:

Research

1 big blog post (500+ words) explaining cryptographies uses and what makes a cipher strong

2-4 big blog posts on modern cryptography analysing one technique used today (its uses, strengths and weaknesses)

1-2 big blog posts on the patterns in symmetric ciphers

Program

Can determine if cipher used is a transposition, mono-alphabetic or a simple poly-alphabetic (like Vigenere square) with 80-90% accuracy.

Distinction:

Research

1 massive blog post (1000+ words) explaining cryptographies uses and what makes a cipher strong

2-4 massive blog posts on modern cryptography analysing its uses, strengths and weaknesses

2-4 big blog posts analysing different symmetric ciphers

Program

Can determine if cipher used is transposition, mono-alphabetic, poly-alphabetic, or even a mix of two of them with 90% accuracy.

Be able to crack a transposition or mono-alphabetic cipher.

High Distinction:

Research

1 massive blog post (1000+ words) explaining cryptographies uses and what makes a cipher strong

4-5 massive blog posts on modern cryptography analysing its uses, strengths and weaknesses

2-4 big blog posts analysing different symmetric ciphers

Program

Can determine if cipher used is transposition, mono-alphabetic, poly-alphabetic or enigma, or even a mix of two of them with 95% accuracy and then crack the cipher.

Be able to crack the ciphers.

Case Study: Houdini Protocol

This weeks case study was on the protocol Harry Houdini with his wife put in place for after his death to debunk mediums, who would claim they are contacting him. We saw authentication as the main principle we needed to consider.

We came up with a few ideas for how to achieve this like:

secret handshake

we thought it would be too hard to remember accurately and while attempting it, you would give away some of the moves so after a number of attempts you would probably be able to figure it out

repeat a phrase that only his wife knows (this is what they did)

simple and easy to remember, but it would have to be a memorable phrase and therefore, probably something of significance to Houdini and his wife, which would make it guessable

write a book of sentences that his wife has keeps secret from everyone

basically the same as above but someone could steal the book of gain access to it and then it would be useless

Our best idea involved burying personal items in a secret place and getting a medium that is “in contact” with Houdini’s spirit to find the buried items. These items could be chosen in advanced but would have to kept secret, so people would not be able to create forgeries. We also thought that the buried items should contain a personalised message signed by Houdini that only his wife knew. We think this would be more secure because a “medium” would have to know that Houdini was going to bury items before they announced it. Houdini’s wife could also just announce that there was a message that the would confirm that a medium is in contact with Houdini, leaving out the part about buried items to add an extra layer of defence, as anyone actually in contact with Houdini’s spirit would know about the buried items as well.