IEEE Security and Privacy

Subscribe to IEEE Security and Privacy feed IEEE Security and Privacy
IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community — ranging from academic researchers to industry practitioners.
Updated: 31 min 12 sec ago

When the Crypto in Cryptocurrencies Breaks: Bitcoin Security under Broken Primitives

Thu, 11/15/2018 - 20:01
Digital currencies such as Bitcoin rely on cryptographic primitives to operate. However, past experience shows that cryptographic primitives do not last forever: increased computational power and advanced cryptanalysis cause primitives to break and motivate the development of new ones. It is therefore crucial for maintaining trust in a cryptocurrency to anticipate such breakage. We present the first systematic analysis of the effect of broken primitives on Bitcoin. We analyze the ways in which Bitcoin’s core cryptographic building blocks can break and the subsequent effect on the main Bitcoin security guarantees. Our analysis reveals a wide range of possible effects depending on the primitive and type of breakage, ranging from minor privacy violations to a complete breakdown of the currency. Our results lead to several suggestions for the Bitcoin migration plans and insights for other cryptocurrencies in case of broken or weakened cryptographic primitives.

Cryptography after the Aliens Land

Fri, 10/12/2018 - 18:05
Maybe the whole idea of number theory–based encryption, which is what our modern public-key systems are, is a temporary detour based on our incomplete model of computing. Now that our model has expanded to include quantum computing, we might end up back to where we were in the late 1970s and early 1980s: symmetric cryptography, code-based cryptography, Merkle hash signatures. That would be both amusing and ironic.

Internet of Things Security: Is Anything New?

Thu, 10/11/2018 - 18:06
Trends and fads seem to dominate security, and high-tech more generally. Is the Internet of Things (IoT) different? Does it provide anything new, of special interest to security researchers and practitioners? I argue a strong yes.

Privacy and Civilian Drone Use: The Need for Further Regulation

Thu, 10/11/2018 - 18:06
Current US regulation is not equipped to provide explicit privacy protection for drone use in an era of sophisticated audio/video and social media. In 2016, the National Telecommunications and Information Association recognized this deficit by releasing a set of best practices, which we examine in light of the current privacy concerns with drone use in the US.

Silver Bullet Talks with Tanya Janca

Thu, 10/11/2018 - 18:05
Gary McGraw interviews Tanya Janca, senior cloud developer advocate for Microsoft, specializing in software security.

Postquantum Cryptography, Part 2

Thu, 10/11/2018 - 18:05
This is part 2 of IEEE Security & Privacy magazine’s special issue on Postquantum Cryptography. As explained in the introduction to part 1, public-key cryptography is indispensable for the security of open computer networks, particularly the Internet. Because of public-key cryptography’s relevance and quantum computers’ increasingly realistic threat to this technology, it’s necessary to come up with practical and secure postquantum cryptography—that is, public-key cryptography that can be expected to resist quantum computer attacks.

Quantum Cryptanalysis: Shor, Grover, and Beyond

Thu, 10/11/2018 - 18:05
Some recently discovered quantum algorithms have resulted in complete breaks of cryptosystems previously expected to be secure against quantum attack. Although several strong candidates for postquantum cryptography remain standing, continued attention to quantum algorithms for cryptanalysis is warranted. Here we survey these recent developments, focusing on those most likely to be of relevance to cryptanalysis.

Quantum Computing: Codebreaking and Beyond

Thu, 10/11/2018 - 18:05
We survey recent developments in quantum algorithms, focusing on resource estimates for breaking cryptographic protocols on a quantum computer, which in turn can be used to derive quantum security parameters for various schemes. We contrast these cryptographic applications with applications based on a quantum computer’s supreme ability to efficiently simulate other quantum mechanical systems.

Cybersecurity in an Era with Quantum Computers: Will We Be Ready?

Thu, 10/11/2018 - 18:05
Organizations must understand their specific risks and plan for their systems to be resilient to quantum attacks. Assessment is based on three quantities: the security shelf life of the information assets, the migration time to systems designed to resist quantum attacks, and the time remaining before quantum computers break the security.

Quantum Key Distribution and Its Applications

Thu, 10/11/2018 - 18:05
Quantum key distribution (QKD) provides a means to share a secret key between two distant parties securely against an eavesdropper with unlimited computational ability. QKD networks are now deployed in metropolitan areas, and continental-scale QKD networks have been constructed. This article gives an overview of the recent status of QKD.

Fingerprinting for Cyber-Physical System Security: Device Physics Matters Too

Thu, 10/11/2018 - 18:05
Due to the increasing attacks against cyber-physical systems, it is important to develop novel solutions to secure these critical systems. System security can be improved by using the physics of process actuators (that is, devices). Device physics can be used to generate device fingerprints to increase the integrity of responses from process actuators.

Teaching Authentication as a Life Skill

Thu, 10/11/2018 - 18:05
As more and more of the activities of daily living move into the digital realm, the importance of securing those activities grows. Where once an understanding of password security might have been considered a useful bonus, it is now becoming an integral life skill. Users of all ages need to be aware of what information is shared online and how to secure it. It is crucially important that security be taught at an early age, before users are faced with the full magnitude of security management tasks. In this article, we present our work developing security curriculum modules for teenagers, and discuss our attempt to teach life skills for security to Swiss high schoolers.

The KISS Principle in Software-Defined Networking: A Framework for Secure Communications

Thu, 10/11/2018 - 18:04
The pace of adoption of secure mechanisms in software-defined networking (SDN) has been slow, largely due to traditional solutions’ performance overhead and their support infrastructure’s complexity. To address these challenges, we propose KISS, a secure SDN control plane communications architecture that includes innovative solutions in the context of key distribution and secure channel support.