Workshop on Economics and Information Security, May 13-14, Minneapolis

2004-04-20 Thread Andrew Odlyzko
The 3rd Annual Workshop on Economics and Information Security
will be held Thursday and Friday, May 13-14 (right after the
Oakland conference) on the campus of the University of Minnesota
in Minneapolis.  General information, including a tentative
schedule, is available at

  http://www.dtc.umn.edu/weis2004

Early registration with reduced fees closes on April 25.

Andrew Odlyzko

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: voting

2004-04-20 Thread Matt Crawford
On Apr 15, 2004, at 8:58 PM, Ed Gerck wrote:

Currently, voter privacy is absolute in the US and does not depend
even on the will of the courts. For example,  there is no way for a
judge to assure that a voter under oath is telling the truth about how
they voted, or not.
For many years in the 90's there was (maybe still is) a resident of 
Cook County, Illinois, who refused to vote because she was the only 
voter in her precinct, and the precinct totals would consist purely of 
her vote.  (She lived in a forest preserve.  There's probably some 
latter-day Brothers Grimm tale in this.)

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Cryptography Research Granted Patents for Safer Smart Cards

2004-04-20 Thread R. A. Hettinga
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109STORY=/www/story/04-19-2004/0002153896EDATE=

Cryptography Research Granted Patents for Safer Smart Cards

  Technology Prevents DPA Attacks to Combat Fraud and Piracy

SAN FRANCISCO, April 19 /PRNewswire/ -- Cryptography Research, Inc., a
leader in advanced security research and engineering, today announced it has
been granted several broad patents on technology that reduces fraud and piracy
by protecting smart cards and other systems from Differential Power Analysis
(DPA) attacks.  The company developed the technology to help cryptographic
device manufacturers, systems integrators, and smart card issuers develop
secure, DPA-resistant implementations for use in financial, pay television,
mass transit, secure identification and wireless industries.
Differential Power Analysis involves measuring the electrical power
consumption of smart cards and other cryptographic devices.  Statistical
methods are then used to extract cryptographic keys and other secrets.
Vulnerable devices are at risk for compromises including fraud, cloning,
impersonation, counterfeiting, and piracy.  Although DPA attacks typically
require technical skill to implement, they can be repeated with a few thousand
dollars of standard equipment, and can often break a device in a few minutes.
DPA and related attacks were originally discovered at Cryptography Research in
the 1990s.
We are proud to have our work recognized by the United State Patent and
Trademark Office, said Paul Kocher, president of Cryptography Research.  As
a research-focused company, we rely on patents to help us commercialize our
results and make our ongoing RD efforts possible.

The Cryptography Research DPA patents broadly cover countermeasures to DPA
attacks, and include:
-- U.S. Patent #6,654,884:  Hardware-level mitigation and DPA
countermeasures for cryptographic devices;
-- U.S. Patent #6,539,092:  Leak-resistant cryptographic indexed key
update;
-- U.S. Patent #6,510,518:  Balanced cryptographic computational method
and apparatus for leak minimization in smartcards and other cryptosystems;
-- U.S. Patent #6,381,699:  Leak-resistant cryptographic method and
apparatus;
-- U.S. Patent #6,327,661:  Using unpredictable information to minimize
leakage from smartcards and other cryptosystems;
-- U.S. Patent #6,304,658:  Leak-resistant cryptographic method and
apparatus;
-- U.S. Patent #6,298,442:  Secure modular exponentiation with leak
minimization for smartcards and other cryptosystems; and
-- U.S. Patent #6,278,783:  DES and other cryptographic, processes with
leak minimization for smartcards and other cryptosystems.

Other Cryptography Research patents are issued and pending in the United
States, Europe, Japan, Canada and other countries.
According to the Smart Card Alliance, an industry trade group, the United
States became the third largest market for microprocessor smart cards in 2003,
and more than 70 million smart cards shipped to the United States and Canada.
The Card Industry Directory reported over 1.9 billion worldwide smart card
shipments in 2003.

About Cryptography Research, Inc.
Cryptography Research, Inc. provides consulting services and technology to
solve complex security problems.  In addition to security evaluation and
applied engineering work, CRI is actively involved in long-term research in
areas including tamper resistance, content protection, network security, and
financial services.  The company also produces the DPA Workstation(TM) to help
qualified organizations analyze DPA-related security vulnerabilities and
improve their use of licensed DPA countermeasures.  This year, security
systems designed by Cryptography Research engineers will protect more than
$60 billion of commerce for wireless, telecommunications, financial, digital
television, and Internet industries.  For additional information or to arrange
a consultation with a member of the technical staff, please contact Jennifer
Craft at 415-397-0123 or visit http://www.cryptography.com.


 SOURCE Cryptography Research, Inc.
 Web Site: http://www.cryptography.com

More news from PR Newswire...

Issuers of news releases and not PR Newswire are solely responsible for the
accuracy of the content.
Terms and conditions, including restrictions on redistribution, apply.
 Copyright © 1996-2004 PR Newswire Association LLC. All Rights Reserved.
 A United Business Media company.

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending 

Cryptography Expert Paul Kocher Warns: Future DVDs Prime Target for Piracy, Pay TV Foreshadows Challenges

2004-04-20 Thread R. A. Hettinga
http://biz.yahoo.com/prnews/040420/sftu117_1.html

Yahoo!




Press Release
Source: Cryptography Research, Inc.

Cryptography Expert Paul Kocher Warns: Future DVDs Prime Target for Piracy,
Pay TV Foreshadows Challenges
Tuesday April 20, 12:07 pm ET

LAS VEGAS, NAB 2004, April 20 /PRNewswire/ -- Movie piracy today is still
immature in the United States, but as available storage space and bandwidth
increase, so will the motivation and sophistication of movie pirates, warns
security expert Paul Kocher, president and chief scientist of Cryptography
Research, Inc. Kocher believes that future optical media formats -- the
successors to today's DVD -- will require dramatically advanced content
protection technology and enforcement measures just to keep up with the
better-funded and more-determined adversary of tomorrow.

ADVERTISEMENT

Kocher believes the current pay television piracy can be seen as a
harbinger of things to come for optical media. Movies are still difficult
enough to copy, so that for most people, it isn't worth the hassle, he
said. In the United States today, the movie industry is primarily chasing
mischievous college students, internal leakage and low-quality analog
recordings as the sources of piracy, according to Kocher. By contrast, in
the pay television industry, we routinely face well-funded, technically
sophisticated pirates, many of whom are closely connected with organized
crime networks. It's ultimately a question of whether people perceive
piracy to be worthwhile, he said.

Kocher believes the very thing that makes successors to DVD more attractive
to consumers -- high-definition content -- will also make them more
attractive to pirates. Although the larger file size of new high-quality
optical media formats like Blu-ray or HD-DVD movies will slow many pirate
efforts by perhaps two years, high-definition content is a much more
attractive target for attackers because, in many cases, it represents the
best quality studios have to offer.

While it's unfortunate that security on the current DVD format is broken
and can't be reprogrammed, HD is what really matters. Once studios release
high-definition content, there will be little or no distinction between
studio-quality and consumer-quality, said Kocher. This means that HD is
probably Hollywood's one and only chance to get security right.

According to Kocher, Hollywood is following a path common to other
industries facing similar problems. Typically, first-generation security
systems fail irrecoverably, but later generations are designed to recover
from failures, Kocher said. As an example, he cites K-band (big dish)
satellite TV systems, which suffered from devastating piracy because
security flaws could not be corrected. Having learned this lesson, modern
pay TV systems place critical security components in smart cards or
security modules that can be replaced. While this approach is not optimal
because hardware upgrades are expensive, it has enabled the industry to
keep piracy at survivable levels.

For movie studios, optical media has so far followed a parallel path. The
content protection system for DVDs was designed without renewable security,
and has now been broken irrecoverably. Just as the transition to digital
broadcasts provided satellite providers with the opportunity to change to a
better approach for security, new format initiatives such as Blu-ray and
HD-DVD present an opportunity for the optical media industry to correct its
dysfunctional security architecture, Kocher said.

The problem is urgent because it takes several years for security efforts
to pay off. Everybody's worst fear is that Hollywood will follow in the
music industry's steps and fail to make progress due to political
maneuvering and a lack of technical leadership, said Kocher. On the other
hand, if security decisions reflect a disciplined analysis of the long-term
business requirements, I still think it is possible to keep piracy at a
manageable level. Even in the best case, though, things are going to get
much worse before they get better.

About Paul Kocher

Paul Kocher has gained an international reputation for his work in the
field of cryptography. Kocher has designed and co-authored many
cryptographic applications and protocols, including SSL v3.0. At
Cryptography Research, he leads a team of scientists and engineers who
specialize in developing technology to help solve real-world data security
problems. Research efforts he directed include successfully building the
record-breaking DES Key Search machine, discovering Differential Power
Analysis, and developing technologies that are used widely to secure pay
television systems and smart cards against attack.

About Cryptography Research, Inc.

Cryptography Research, Inc. provides technology and services to solve
complex security problems. In addition to security evaluation and applied
engineering work, CRI is actively involved in long-term research in areas
including tamper resistance, content