Category: Privacy & Security
-
Bitcoin is a game within a game
In this series on Bitcoin and game theory, I’ve argued that Bitcoin’s stability is fundamentally a game-theoretic proposition and shown how we’ve had blind spots for years in our theoretical understanding of mining strategy. In this post, I’ll get to the question of the discrepancy between theory and practice. As I pointed out, even though…
-
Scan This or Scan Me? User Privacy & Barcode-Scanning Applications
[Please welcome guest bloggers Eric Smith and Nina Kollars. Eric Smith serves as the Chief Information Security Officer (CISO) for a higher ed consortium with membership consisting of Bucknell University, Franklin & Marshall College and Susquehanna University. Nina Kollars is assistant professor of government at Franklin & Marshall college, where her scholarship examines the ways…
-
Bitcoin and game theory: we’re still scratching the surface
In an earlier post I argued why Bitcoin’s stability is fundamentally a game-theoretic proposition, and ended with some questions: Can we effectively model the system with all its interacting components in the language of strategies and payoff-maximization? Is the resulting model tractable — can we analyze it mathematically or using simulations? And most importantly, do…
-
Be wary of one-time pads and other crypto unicorns
Yesterday, a new messaging app called Zendo got some very favorable coverage from Tech Crunch. At the core of their sales pitch is the fact that they use one-time pads for encryption. With a few strong assumptions, namely that the pads are truly random and are only used once, it’s true that this scheme is “unbreakable”…
-
Security flaw in New South Wales puts thousands of online votes at risk
Update April 26: The technical paper is now available Update Mar. 23 1:30 PM AEDT: Our response to the NSWEC’s response New South Wales, Australia, is holding state elections this month, and they’re offering a new Internet voting system developed by e-voting vendor Scytl and the NSW Electoral Commission. The iVote system, which its creators…
-
What should we do about re-identification? A precautionary approach to big data privacy
Computer science research on re-identification has repeatedly demonstrated that sensitive information can be inferred even from de-identified data in a wide variety of domains. This has posed a vexing problem for practitioners and policy makers. If the absence of “personally identifying information” cannot be relied on for privacy protection, what are the alternatives? Joanna Huey,…
-
On compromising app developers to go after their users
In a recent article by Scahill and Begley, we learned that the CIA is interested in targeting Apple products. I largely agree with the quote from Steve Bellovin, that “spies gonna spy”, so of course they’re interested in targeting the platform that rides in the pockets of many of their intelligence collection targets. What could…
-
Threshold signatures for Bitcoin wallets are finally here
Today we are pleased to release our paper presenting a new ECDSA threshold signature scheme that is particularly well-suited for securing Bitcoin wallets. We teamed up with cryptographer Rosario Gennaro to build this scheme. Threshold signatures can be thought of as “stealth multi-signatures.”
-
FREAK Attack: The Chickens of ‘90s Crypto Restriction Come Home to Roost
Today researchers disclosed a new security flaw in TLS/SSL, the protocol used to secure web connections. The flaw is significant in itself, but it is also a good example of what can go wrong when government asks to build weaknesses into security systems. Back in the early 1990s, it was illegal to export most products…
-
A clear line between offense and defense
The New York Times, in an editorial today entitled “Arms Control for a Cyberage“, writes, The problem is that unlike conventional weapons, with cyberweapons “there’s no clear line between offense and defense,” as President Obama noted this month in an interview with Re/code, a technology news publication. Defense in cyberwarfare consists of pre-emptively locating the…