UW Computer Security Research and Course Blog

All of us feel a certain kind of safety when we are dealing with credit cards, online banking and any other transaction or process which should be secure because we know that our personal information is protected by cryptographic systems. Yes there are occasions where these security measures are circumvented by exploiting other weaknesses in the system or by just stealing private information. However we take comfort in the idea that these cryptographic systems are unbreakable given feasible computing time and resources. However, a recent article talks about the threat of ‘Quantum Computers’ which could potentially compromise the security of these systems used by businesses and banks around the world.

The laws of Quantum Physics say that a subatomic particle can exist in two states at the same time before you look at it. Similarly in a Quantum computer, a bit can be both zero and one at the same time. A string of eight bits can therefore represent all numbers between 0 to 255 at the same time. Scientists say that a Quantum computer can solve a problem in months that would take conventional computers millions of years. For example, public key encryption which is widely used on the Internet creates codes by multiplying two prime numbers together. What makes the code hard to break is that working backward from the product of the two primes is extremely hard. A Quantum computer would be able to solve this problem in a feasible amount of time because it will be able to look at multiple solutions at the same time.

In the article, Professor Oded Regev of the Tel Aviv University’s school of Computer Science stresses the importance of the development of a new cryptographic system that will be able to maintain its integrity even when Quantum Computers will be available. Several reasons for this are the security of bank and financial information, medical records, and digital signatures that would become visible if an attacker hacked into this RSA encrypted data. The article predicts that Quantum computers will be a reality in the coming decade which would make it easy to crack the RSA cryptosystem. Hence the article emphasizes the need to start thinking of systems that could replace RSA.

http://www.sciencedaily.com/releases/2009/02/090205110609.htm

The Air Force Institute of Technology recently announced a new technique for “detecting and tracking illegal content transferred using the BitTorrent file-trading protocol.” The authors claim their technique differs from previous attempts, because it is does not change any of the traffic going over the network.

The tool examines the first 32 bits of the file’s header to identify BitTorrent traffic on the network. Once a connection has been identified as a BitTorrent transfer, the file’s hash is compared against a blacklist of known “contraband files.” These blacklisted files are described as “pirated movies, music, or software, and even child pornography.” Rather than disrupting the transfer, this tool simply logs the network addresses involved, presumably for later prosecution.
(Read on …)

A game of poker can be played for fun or money. The game itself uses low tech equipments, and the two main ones are a standard deck of cards and playing chips of different colors to represent different amounts of money. Depends on the type of poker game, the dealer usually shuffles the card and deals out the cards to the players. Then the players would bet chips to play against each other. The goal is to garner as much money (in chips) as you can. I’m going to use the terms chips and money interchangeably.

(Read on …)

According to a recent article, Mexico plans to start fingerprinting all cell phone users. A new law will give Mexico cell phone providers a year to create a database with their customer’s information including fingerprints. Providers would also have to store information such as text and voice messages and logs of a customer for one year. Currently, anyone can purchase a prepaid cell phone with a certain amount of minutes without any identification. This would change as new and existing cell phone users would have to be fingerprinted and entered into a database that would allow officials to match cell phones and messages to a customer.
(Read on …)

BitTorrent has been popularly used for transferring files illegally because it reduces a vast amount of networking bandwidth that would have been required. The way it works is that users can connect to each other directly to send and receive files. The tracker generally does not have any information about the contents of file being transferred because the users directly connect one-to-one. There’s no one server that serve all users. Also, the uploading and downloading process happen at the same time, allowing it to use the bandwidth efficiently.

Because of the speed and no cost transfer, BitTorrent protocol has been used by people to transfer files, such as movies, music, and softwares illegally.

It is hard to prevent the development of such smart protocol. People have all sort of things in mind to develop. The creator of BitTorrent apparently has a creative mind to create such protocol that use bandwidth efficiently, and allow people to share files with one another, rather than downloading from a central server.

Illegal file sharing can negatively affect a lot of people. The entertainment industry will be at lost because people wouldn’t go out to the store to buy a CD. The consumers will download those files almost instantly and for free, without caring about the consequences of their illegal download. As a result entertainment industries are losing profits, and soon, they would collapse. In the long run, the companies will lose incentive to create/improve new products and, in the worst case, the consumers may not be able to enjoy such entertainment anymore.

To prevent the illegal file sharing issues, the government can enforce copyright laws stringently. The consequences of illegal downloads may be enforced through campaigns. A more recent technique is found, that is to sniff illegal file transfers . This tool can detect such transfers and keeps a record of the transfer as an evidence. The nice thing is that the tool works silently; it will not slow down the network traffic.