From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Handbook of Applied Cryptography

PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

https://apps.dtic.mil/dtic/tr/fulltext/u2/a423264.pdf

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

We will review some of the major results in random graphs and some of the more challenging open problems. We will cover algorithmic and structural questions. We will touch on newer models, including those related to the WWW.

Random graphs

Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. This paper examines specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. We also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.

/pdf/differential-power-analysis-4t7fjmuc7b.pdf

Differential Power Analysis

We study two families of error-correcting codes defined in terms of very sparse matrices "MN" (MacKay-Neal (1995)) codes are recently invented, and "Gallager codes" were first investigated in 1962, but appear to have been largely forgotten, in spite of their excellent properties The decoding of both codes can be tackled with a practical sum-product algorithm We prove that these codes are "very good", in that sequences of codes exist which, when optimally decoded, achieve information rates up to the Shannon limit This result holds not only for the binary-symmetric channel but also for any channel with symmetric stationary ergodic noise We give experimental results for binary-symmetric channels and Gaussian channels demonstrating that practical performance substantially better than that of standard convolutional and concatenated codes can be achieved; indeed, the performance of Gallager codes is almost as close to the Shannon limit as that of turbo codes

/pdf/good-error-correcting-codes-based-on-very-sparse-matrices-3kdz0lhhm4.pdf

Good error-correcting codes based on very sparse matrices

The protection of personal health information has become a live issue in a number of countries, including the USA, Canada, Britain and Germany. The debate has shown that there is widespread confusion about what should be protected, and why. Designers of military and banking systems can refer to Bell & LaPadula (1973) and Clark & Wilson (1987) respectively, but there is no comparable security policy model that spells out clear and concise access rules for clinical information systems. In this article, we present just such a model. It was commissioned by doctors and is driven by medical ethics; it is informed by the actual threats to privacy, and reflects current best clinical practice. Its effect is to restrict both the number of users who can access any record and the maximum number of records accessed by any user. This entails controlling information flows across rather than down and enforcing a strong notification property. We discuss its relationship with existing security policy models, and its possible use in other applications where information exposure must be localised; these range from private banking to the management of intelligence data.

http://www.computer.org/csdl/proceedings/sp/1996/7417/00/74170030.pdf

A security policy model for clinical information systems

In 2012 we presented the rst systematic study of the costs of cybercrime. In this paper,
we report what has changed in the seven years since. The period has seen major platform
evolution, with the mobile phone replacing the PC and laptop as the consumer terminal
of choice, with Android replacing Windows, and with many services moving to the cloud.
The use of social networks has become extremely widespread. The executive summary is
that about half of all property crime, by volume and by value, is now online. We hypothesised
in 2012 that this might be so; it is now established by multiple victimisation studies.
Many cybercrime patterns appear to be fairly stable, but there are some interesting changes.
Payment fraud, for example, has more than doubled in value but has fallen slightly as a
proportion of payment value; the payment system has simply become bigger, and slightly
more ecient. Several new cybercrimes are signicant enough to mention, including business
email compromise and crimes involving cryptocurrencies. The move to the cloud means that
system misconguration may now be responsible for as many breaches as phishing. Some
companies have suered large losses as a side-eect of denial-of-service worms released by
state actors, such as NotPetya; we have to take a view on whether they count as cybercrime.
The infrastructure supporting cybercrime, such as botnets, continues to evolve, and specic
crimes such as premium-rate phone scams have evolved some interesting variants. The overall
picture is the same as in 2012: traditional oences that are now technically `computer
crimes' such as tax and welfare fraud cost the typical citizen in the low hundreds of Euros/
dollars a year; payment frauds and similar oences, where the modus operandi has been
completely changed by computers, cost in the tens; while the new computer crimes cost in
the tens of cents. Defending against the platforms used to support the latter two types of
crime cost citizens in the tens of dollars. Our conclusions remain broadly the same as in 2012:
it would be economically rational to spend less in anticipation of cybercrime (on antivirus,
rewalls, etc.) and more on response. We are particularly bad at prosecuting criminals who
operate infrastructure that other wrongdoers exploit. Given the growing realisation among
policymakers that crime hasn't been falling over the past decade, merely moving online, we
might reasonably hope for better funded and coordinated law-enforcement action.

/pdf/measuring-the-changing-cost-of-cybercrime-1m15e66ehw.pdf

Measuring the changing cost of cybercrime

Vehicular networks, in which cars communicate wirelessly to exchange information on traffic conditions, offer a promising way to improve road safety. Yet ensuring the correct functioning of such a system is essential: malicious or faulty devices transmitting inaccurate messages could trigger accidents. Therefore, any errant device, along with the messages it generates, must be identified and ignored as quickly as possible. This task is especially challenging because traditional approaches to revoking credentials use a central authority, causing long delays during which the network is vulnerable. To eliminate this window of vulnerability, we propose that vehicles locally decide whether to exclude errant devices. We describe two ways of doing so: first, LEAVE, an existing protocol which allows devices to vote by exchanging signed claims of impropriety, and second, Stinger, a new protocol where a device unilaterally removes a misbehaving neighbor by agreeing to limit its own participation. We provide detailed simulations that offer insight into the protocols' operations in the context of vehicular networks and enable a powerful comparison between the strategies. We compare the security and performance properties of LEAVE and Stinger while varying attacker capabilities, traffic conditions, and the accuracy of the misbehavior detection mechanisms. We identify several interesting trade-offs: Stinger is significantly faster than LEAVE at removing errant devices, but LEAVE excludes fewer good devices when the attacker has compromised several devices simultaneously; LEAVE is better at handling false positives, but Stinger scales better when the traffic density increases. As a result, we conclude by outlining a combined protocol that balances the security and performance characteristics of both strategies.

/pdf/fast-exclusion-of-errant-devices-from-vehicular-networks-1budgw5bf7.pdf

Fast Exclusion of Errant Devices from Vehicular Networks

The BMA asked Ross Anderson to draw up interim guidelines on maintaining security in computerised patient information systems. We publish them here together with the principles on which they are based. The guidelines are designed to help clinicians avoid the most common serious mistakes in computer security and are being published to stimulate discussion of the issues. The principles are discussed fully in “Security in Clinical Information Systems,” which is available from the BMA (Dr Fleur Fisher, Department of Ethics, Science, and Information).

Recent articles have illustrated several threats to the confidentiality of personal health information. Many medical records can be easily obtained by private detectives, who typically telephone a general practice, family health services authority, or hospital and pretend to be the secretary of a doctor giving emergency treatment to the person who is the subject of the investigation. One article found that most patients' personal health information could be compromised in this way and was routinely sold by agencies for as little as pounds sterling150.1 2 Nationwide health networking is also seen as a further threat to confidentiality because health records will be available to many more people. These interim guidelines have therefore been drawn up to help tackle the pressing short term concerns; they are supplementary to existing documentation such as The Handbook of Information Security.3

The main threat to the confidentiality of clinical records is carelessness about telephone inquiries of the kind described above. This threat may be largely eliminated if staff follow a number of common sense rules that the best practices have used for years and that are now agreed by the NHS Executive. Whether records are computerised or not, these rules of best practice can be summed up as: clinician-consent-call back-care-commit:

/pdf/clinical-system-security-interim-guidelines-1rhux4sru2.pdf

Clinical system security: interim guidelines

Responding to misbehavior in ad-hoc and sensor networks is difficult. We propose new techniques for deciding when to remove nodes in a decentralized manner. Rather than blackballing nodes that misbehave, a more efficient approach turns out to be reelection - requiring nodes to secure a majority or plurality of approval from their neighbors at regular intervals. This can be implemented in a standard model of voting in which the nodes form a club, or in a lightweight scheme where each node periodically broadcasts a 'buddy list' of neighbors it trusts. This allows much greater flexibility of trust strategies than a predetermined voting mechanism. We then consider an even more radical strategy still - suicide attacks - in which a node on perceiving another node to be misbehaving simply declares both of them to be dead. Other nodes thereafter ignore them both. Suicide attacks, found in a number of contexts in nature from bees to helper T-cells, turn out to be more efficient still for an interesting range of system parameters.

/pdf/new-strategies-for-revocation-in-ad-hoc-networks-3y1dl1enbx.pdf

Ross Anderson

Papers

A security policy model for clinical information systems

Measuring the changing cost of cybercrime

Fast Exclusion of Errant Devices from Vehicular Networks

Clinical system security: interim guidelines

New strategies for revocation in ad-hoc networks