CRYPTOGRAPHY: THE STRONGEST LINK IN THE SECURITY CHAIN – HAKIN9 EXTRA 1/2012

From the Theory of Prime Numbers to Quantum Cryptography
by Roberto Saia
The typical ‘modus operandi’ of the computer science community is certainly more oriented to pragmatism than to fully understanding what underlies the techniques and tools used. This article will try to fill one of these gaps by showing the close connection between the mathematics and modern cryptographic systems. Without claiming to achieve full completeness, the goal here is to expose some of the most important mathematical theories that regulate the operation of modern cryptography.

Cryptography: The Strongest Link in the Security Chain
by Levente Buttyán and Boldizsár Bencsáth
While cryptography is important, it must be clear that it is not a magic wand that solves all the security problems in IT systems. In other words, cryptographic algorithms are not used in isolation, but instead, they are usually part of a more complex system such as a communication protocol, an authorization scheme, or an identity management infrastructure.

Securing Your Vital Communications
by Paul Baker
Almost every application written today uses network communication services to transfer data. Most of these transfers are performed over insecure and untrusted networks, such as the Internet. This article will show you how to add secure channels (and basic cryptography) to your application in a portable, light-weight and readable fashion. You will learn the basics about SSL/TLS communication and about integrating it into your application.

Web App Cryptology: A Study in Failure
by Travis H.
This article will be a review of how web applications have used cryptography improperly in the past, which led to the compromise of a security property. By reading this, web application developers should learn certain mistakes to avoid, penetration testers may learn common mistake patterns for which they can test, and those not familiar with cryptology may gain a new appreciation for the subtlety and attention to detail required.

Combining Intrusion Detection and Recovery for Building Resilient and Cost-Effective Cyber Defense Systems
by Zsolt Nemeth and Arun Sood
We can easily agree that current cyber defenses are reactive and cannot protect against customized malware and other zero day attacks which we face today. So we infer that not only the Intrusion Detection System / Intrusion Prevention System (IDS/IPS) failed to prevent the adversary, but current systems were not able to detect the presence of the intruder long after the compromise.

The Hash Function Crisis and its Solutions
by Bart Preneel
Since the early 1990s, hash functions are the workhorses of modern cryptography. Many of the most widely used hash functions have been badly broken, which means that they do not deliver the security properties claimed. One can be confident that the new SHA-3 algorithm will have a solid security margin and a good performance, even if it may be slower in some environments than SHA-2.

Quantum Key Distribution for Next Generation Networks
by Solange Ghernaouti-Hélie and Thomas Länger
To reduce the complexity of the management task, managers have to depend upon reliable technical tools. Quantum key distribution (QKD) can provide a partial answer, particularly with respect to the confidentiality constraint. QKD could be seen as a point of departure for changing security paradigms: as small challenges in the overall process are met by the application of such technologies, resources can be directed to newer and wider strategic challenges.

SSL/TLS PKI Issues
by Martin Rublik
The most common network protocol for protecting the internet communications is SSL/TLS. SSL/TLS is used for protecting the web communications (HTTP/SSL), email communications (SMTP/SSL, IMAP/SSL, POP3/SSL) and also for protecting other kind of network communications like LDAP, FTP, RDP, XMPP/Jabber.

A Toolkit for SAT-based Cryptanalysis
by Paweł Morawiecki
In this article we would like to briefly describe a SAT-based attack a method of attacking cryptographic primitives such as ciphers or hash functions. We also present key features of a toolkit developed by Paweł Morawiecki, Marian Srebrny and Mateusz Srebrny. The toolkit helps a cryptanalyst to mount the attack and automate some tedious work usually linked with this kind of attack.

An Interview with Vadim Makarov
by Nick Baronian
“…In normal operation of quantum cryptography, the detectors in the receiver Bob are sensitive to single photons. This is critical for the security. We found that most detector types can be blinded by shining bright light at them. They stop seeing single photons, just as your eyes stop seeing stars
on the clear sky in daylight, even though all the stars are still there…”