Whitepapers
PQC as It Stands in Industry
2024-03-01| The timeframe for quantum computers capable of breaking standard cryptography is uncertain. IBM aims for a quantum computing inflection point by 2029, while QuEra plans a 10,000-qubit system by 2026. Despite this, bad actors are already harvesting encrypted data for future decryption, known as HNDL attacks, without relying on quantum computers. Read the whitepaper: PDF
GNSS as Critical Global Infrastructure
2024-02-08| The primary time synchronization sources for critical infrastructure systems are signals broadcast by GNSS, such as GPS satellites. This WP provides an overview of how timing systems work discusses the GNSS timing dependencies of critical infrastructure systems operating in the financial, telecommunications, and electric power sectors. Read the whitepaper: PDF
How to do Risk Assessments?
2024-02-07| Risk assessment is not about avoiding risks, but about managing them. Root cause analysis is not about blaming others, but about learning from mistakes. Risk assessment is not a one-time event, but a continuous process. Read the whitepaper: PDF
When the Stars Fall: Starlink’s Apocalypse
2024-02-02| If the Starlink constellation were to be compromised and fall into the hands of rogue elements, the repercussions would be far-reaching. Imagine a network of thousands of interconnected satellites, designed to provide global internet coverage, suddenly under the control of malicious actors. Here’s what might unfold: PDF
Understand the Cyber Warfare (CW) Concepts
2024-01-31| Cyber Warfare (CW) refers to the strategic use of cyber tools and techniques by state or non-state actors to achieve specific objectives, often with the intent to cause harm or disruption to critical infrastructure, systems, or individuals, potentially impacting national security, economy, or society. Read the whitepaper: PDF
Speed Optimization of AES Function
2024-01-25| AES is a widely used symmetric encryption algorithm standardized by NIST. Algorithmic optimization involves refining the mathematical operations and structures of the AES algorithm to enhance its speed and resource efficiency. Focusing more on algorithmic aspects (cf. hardware-specific optimizations), we can ensure consistent performance across diverse computing environments, ranging from embedded systems to high-performance computing clusters. Read the whitepaper: PDF
Aging of AES (Encryption Standard)
2024-01-18| AES encryption is one of the most widely trusted methods of protecting data. It was adopted by the U.S. Gov in 2001. AES is a symmetric-key algorithm that uses the same key (up to 256-bit) for both encryption and decryption. But how secure is AES encryption in practice? Can it withstand attacks from hackers and adversaries who want to break into our systems and steal our secrets? Read the whitepaper: PDF
Trust on Electronic Voting Machine
2024-01-17| Electronic voting machines (EVMs) are devices that allow voters to cast their ballots electronically, without the need for paper ballots or manual counting. EVMs have been widely adopted in many countries, especially in India. EVMs have several advantages, such as faster results, reduced human errors, and improved accessibility. However, EVMs also pose significant risks that could compromise the integrity of the electoral process. PDF
The StarShield Program
2024-01-04| StarShield represents a paradigm shift in space-based communication, offering unbreakable security, unparalleled resilience, and critical advantages for US defense. PDF
Zero Knowledge: Proof without Privacy Panic
2024-01-02| Imagine proving you’re over 21 without flashing your ID. Sounds impossible, right? But with zero-knowledge, magic isn’t required: just ingenious cryptography. This revolutionary concept is transforming how we prove things online, safeguarding our privacy while ensuring security. PDF
Dark Side of Mega-constellations
2023-12-30| Mega constellations, like Starlink, pose significant risks. They can obstruct clear sky views, leaving bright streaks that interfere with astronomical observations. The congestion in Low Earth Orbit (LEO) increases collision risks, exacerbating space debris issues. This could hinder space exploration. Additionally, the proliferation of satellites raises privacy concerns, potentially enabling widespread eavesdropping and tracking. Despite the benefits of global connectivity, the adverse impacts on our skies and privacy are considerable. PDF
Absolute Security does not Exist
2023-12-29| Some people believe that absolute security is possible, using advanced technologies such as embedded solutions, one-time pad, or quantum tech. However, such a view is unrealistic and ignores the human factor, the complexity of systems, and the unpredictability of threats. Absolute security does not exist, because there is always a trade-off between security and usability, a possibility of human error or malicious insider, and a risk of unknown vulnerabilities or zero-day attacks. Security is continuous process, not a final state. PDF
High Cost of Availability in C.I.A.
2023-12-29| Achieving availability in CIA is indeed costly due to the need for redundancy, jam resistance, and sophisticated technologies. Unlike confidentiality and integrity, which can be managed with encryption and algorithms respectively, availability requires continuous access to data. This necessitates robust infrastructure, including backup systems, and careful planning to avoid system failures. The cost escalates with different accessibility needs of workers and clients. Ensuring availability is a complex, resource-intensive task, making it the most expensive component of CIA triad. PDF
Confidentiality vs Integrity vs Availability: How to Priortize?
2023-12-28| The CIA triad is crucial for secure digital world. Confidentiality ensures that data is accessible only to authorized parties, Integrity guarantees that data remains unaltered during storage and transfer, and Availability ensures data is accessible when needed. The importance of each property varies based on context, leading to debates among experts. For example, Availability becomes paramount in critical systems like healthcare, where any downtime can have severe consequences. In a hospital, unavailability of patient data could delay life-saving treatments. PDF
Entity Authentication: Most Elusive Security Goal
2023-12-27| Entity authentication is crucial in ensuring the security of user and machine interactions. It establishes trust by confirming the identity of entities involved. Fine-level properties, including liveliness (active participation), identification (accurate recognition), willingness (voluntary engagement), and two-way ness (bidirectional verification), enhance the robustness of authentication. PDF
The Spy Game That Shook the World
2023-12-24| In an audacious secret operation “Rubicon”, the CIA and West German intelligence turned the tables on over 120 countries. They covertly owned Crypto AG, a Swiss firm that sold encryption devices worldwide. Unbeknownst to these countries, their most secret communications were being intercepted and decoded. This was not a mere breach of trust, but a monumental intelligence coup. The agencies exploited the devices to decipher the codes of their customers, including nations like Iran, India, Pakistan, and even the Vatican. This operation was also a glaring spotlight on the incompetence of decision makers in the customer countries. Their inability to detect or halt this spying operation raises serious questions about their judgment and capabilities. PDF
What is a Digital Certificate ?
2023-12-23| A digital certificate serves as a definitive proof of information authenticity through the application of a digital signature. Typically, this certificate comprises the public key of a party, be it a website or user, along with a digital signature from a Certification Authority (CA). Anyone who trusts in CA can verify the signature, thereby validating the public key to the respective party. When you access a website with an HTTPS in its URL, the browser tries to ascertain whether the site possesses a valid digital certificate issued by one of the CAs trusted by your browser. PDF
Quest for Quantum Supremacy
2023-12-22| Quantum computer cannot be built in 100 years: This view assumes that quantum technology is complex and may take time before reaching the level of performance and functionality that can pose a serious threat to traditional cryptography. Quantum computer is just around the corner, due to breakthroughs in improving qubit quality and coherence. Therefore, it may take less than a decade before quantum computers can break encryption methods such as RSA or ECC. Probably reality lies somewhere in between these two extremes. PDF
What is Digital Trust ?
2023-12-21| Digital trust is a myth: This view argues that digital trust is impossible to achieve because digital technologies and services are inherently insecure, unreliable, and unethical. However, digital trust is a necessity and essential for the development and adoption of technologies and services. Consumers have a right to expect that their data will be treated with respect, their safety will be ensured, and their privacy will be protected. PDF
Password vs Passphrase
2023-12-20| Passwords and passphrases represent two schools of thought in cybersecurity. Passwords, often a mix of characters and symbols, are traditionally used but can be hard to remember and vulnerable to attacks. Passphrases, longer and composed of words, offer increased security due to their complexity and length. They are also more user-friendly, making them an increasingly favored choice in the digital security landscape. PDF