Tanya Khovanova has a fascinating and illuminating story about the blind-spots that can leave security systems vulnerable. She describes a clever one-way function using real-world tools:
Silvio Micali taught me cryptography. To explain one-way functions, he gave the following example of encryption. Alice and Bob procure the same edition of the white pages book for a particular town, say Cambridge. For each letter Alice wants to encrypt, she finds a person in the book whose last name starts with this letter and uses his/her phone number as the encryption of that letter.
To decrypt the message Bob has to read through the whole book to find all the numbers. The decryption will take a lot more time than the encryption. If the book increases in size the time it takes Alice to do the encryption almost doesn’t increase, but the decryption process becomes more and more draining.
This example is very good for teaching one-way functions to non-mathematicians. Unfortunately, the technology changes and the example that Micali taught me fifteen years ago isn’t so cute anymore. Indeed you can do a reverse look-up online of every phone number in the white pages.
Then she explains how a student pointed out her own blind-spot that made the system trivial to defeat:
I still use this example, with an assumption that there is no reverse look-up. I recently taught it to my AMSA students. And one of my 8th graders said, “If I were Bob, I would just call all the phone numbers and ask their last names.”
In the fifteen years since I’ve been using this example, this idea never occurred to me. I am very shy so it would never enter my mind to call a stranger and ask for their last name. My student made me realize that my own personality affected my mathematical inventiveness.
As Bruce Schneier points out, the young student is demonstrating "security mindset," imagining an attack on a security system that works on the weakest flank.
For $170, Motherboard’s Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target’s phone (the software’s manufacturer sells passcode-defeating apps that help you do this); once it’s loaded, you activate it with an SMS and then you can covertly operate the phone’s mic, steal its photos, and […]
Some employees with the U.S. Department of Homeland Security who work in the Washington, D.C. area and in Philadelphia, PA were unable to access the DHS computer network on Tuesday, reports Reuters, citing “three sources familiar with the matter.”
A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly’s remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America […]
Making people aware of goods and services in the digital age requires an array of new strategies from social media and email to number-crunching tools like Google Analytics. To get a handle on the techniques used to capture attention and convert traffic into dollars in a crowded online environment, the Full-Stack Marketer Bundle offers 22 hours of training to get […]
Having a luxurious bed isn’t just a fairy tale from a catalog; it is a real, affordable possibility with offerings like this Olive+Owen bedroom set. If you’re thinking of doing some “spring cleaning”, this bed set is an easy way to completely upgrade your room in one purchase.This 20-piece collection has all of the expected slumberland elements, […]
Python is immensely popular in the data science world for the same reason it is in most other areas of computing—it has highly readable syntax and is suitable for anything from short scripts to massive web services. One of its most exciting, newest applications, however, is in machine learning. You can dive into this booming […]