From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Handbook of Applied Cryptography

PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

https://apps.dtic.mil/dtic/tr/fulltext/u2/a423264.pdf

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

We will review some of the major results in random graphs and some of the more challenging open problems. We will cover algorithmic and structural questions. We will touch on newer models, including those related to the WWW.

Random graphs

Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. This paper examines specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. We also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.

/pdf/differential-power-analysis-4t7fjmuc7b.pdf

Differential Power Analysis

We study two families of error-correcting codes defined in terms of very sparse matrices "MN" (MacKay-Neal (1995)) codes are recently invented, and "Gallager codes" were first investigated in 1962, but appear to have been largely forgotten, in spite of their excellent properties The decoding of both codes can be tackled with a practical sum-product algorithm We prove that these codes are "very good", in that sequences of codes exist which, when optimally decoded, achieve information rates up to the Shannon limit This result holds not only for the binary-symmetric channel but also for any channel with symmetric stationary ergodic noise We give experimental results for binary-symmetric channels and Gaussian channels demonstrating that practical performance substantially better than that of standard convolutional and concatenated codes can be achieved; indeed, the performance of Gallager codes is almost as close to the Shannon limit as that of turbo codes

/pdf/good-error-correcting-codes-based-on-very-sparse-matrices-3kdz0lhhm4.pdf

Good error-correcting codes based on very sparse matrices

https://www.cl.cam.ac.uk/~rja14/Papers/centrality-prediction-draft.pdf

Centrality prediction in dynamic human contact networks

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into ‘security’ topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems—one that is both principled and effective.

Information security: where computer science, economics and psychology meet

Smart grids are a hot topic, with the US administration devoting billions of dollars to modernising the electricity infrastructure Significant action is likely in metering, where the largest and most radical change may come in the European Union The EU is strongly encouraging its 27 Member States to replace utility meters with ‘smart meters’ by 2022 This will be a massive project: the UK, for example, looks set to replace 47m meters at a cost of perhaps £350 each Yet it is not at all clear what it means for a meter to be secure The utility wants to cut energy theft, so it wants the ability to disable any meter remotely; but a prudent nation state might be wary of a facility that could let an attacker turn off the lights Again, the utility may want to monitor its customers’ consumption by the half hour, so it can price discriminate more effectively; the competition authorities may find this abhorrent Other parts of government might find it convenient to have access to fine-grained consumption data, but might find themselves up against privacy law There are at least half-a-dozen different stakeholders with different views on security – which can refer to information, to money, or to the supply of electricity And it’s not even true that more security is always better: some customers may opt for an interruptible supply to save money In short, energy metering is ripe for a security-economics analysis, and in this paper we attempt a first cut We end up with five recommendations for the regulation of a future smart meter infrastructure

/pdf/on-the-security-economics-of-electricity-metering-34muhorbgu.pdf

On the Security Economics of Electricity Metering.

We present some properties of trust establishment in mobile, ad-hoc networks and illustrate how they differ from those of trust establishment in the Internet. We motivate these differences by providing an example of ad-hoc network use in battlefield scenarios, yet equally practical examples can be found in non-military environments. We argue that peer-to-peer networks are especially suitable to solve the problems of generation, distribution, and discovery of trust evidence in mobile ad-hoc networks, and illustrate the importance of evaluation metrics in trust establishment.

On trust establishment in mobile ad-hoc networks

The conventional wisdom is that security priorities should be set by risk analysis. However, reality is subtly different: many computer security systems are at least as much about shedding liability as about minimising risk. Banks use computer security mechanisms to transfer liability to their customers; companies use them to transfer liability to their insurers, or (via the public prosecutor) to the taxpayer; and they are also used to shift the blame to other departments (“we did everything that GCHQ/the internal auditors told us to”). We derive nine principles which might help designers avoid the most common pitfalls.

/pdf/liability-and-computer-security-nine-principles-22j79z2833.pdf

Ross Anderson

Papers

Centrality prediction in dynamic human contact networks

Information security: where computer science, economics and psychology meet

On the Security Economics of Electricity Metering.

On trust establishment in mobile ad-hoc networks

Liability and Computer Security: Nine Principles