Cryptographers and U.S. Immigration

[R. A. Hettinga]

--- begin forwarded text


Date: Fri, 23 Jul 2004 00:08:30 -0400 (EDT)
From: Atom 'Smasher' <[EMAIL PROTECTED]>
To: undisclosed-recipients: ;
Subject: Cryptographers and U.S. Immigration
List-Id: GnuPG development 
List-Help: 
List-Post: 
List-Subscribe: ,

List-Archive: 
Sender: [EMAIL PROTECTED]



...atom

  _
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -

"When the government fears the people, you have liberty.
 When the people fear the government, you have tyranny."
--Thomas Jefferson


<<

http://www.schneier.com/crypto-gram-0407.html#3

Cryptographers and U.S. Immigration

Seems like cryptographers are being questioned when they enter the U.S.
these days. Recently I received this (anonymous) comment: "It seems that
the U.S. State Department has a keen interest in foreign cryptographers:
Yesterday I tried to renew my visa to the States, and after standing in
line and getting fingerprinted, my interviewer, upon hearing that my
company sells [a cryptography product], informed me that "due to new
regulations," Washington needs to approve my visa application, and that to
do so, they need to know exactly which companies I plan to visit in the
States, points of contact, etc. etc. Quite a change from my last visa
application, for which I didn't even have to show up."

I'm curious if any of my foreign readers have similar stories. There are
international cryptography conferences held in the United States all the
time. It would be a shame if they lost much of their value because of visa
regulations.



___
Gnupg-devel mailing list
[EMAIL PROTECTED]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

U. of Tokyo, Fujitsu advance towards quantum cryptography

[R. A. Hettinga]

InfoWorld


  

U. of Tokyo, Fujitsu advance towards quantum cryptography
Project succeeds in generating single photo needed for securely sharing
keys across telecom networks
 
 

By Martyn Williams, IDG News Service
July 23, 2004 


TOKYO -- A joint research project of Fujitsu Ltd. and The University of
Tokyo has made progress towards realizing a viable quantum cryptography
system. Such a system allows parties to share encryption keys via
telecommunication networks with full confidence that they have not been
compromised en route.


The team has succeeded in generating and detecting a single photon at
wavelengths useful for telecommunications, said Yasuhiko Arakawa, director
of the Nanoelectronics Collaborative Research Center at The University of
Tokyo and leader of the research project, in an interview on Tuesday.

 The reliable generation and detection of single photons is vital if
quantum cryptography systems are to leave the laboratory and enter
practical use and the team has managed this through the development of a
new photon generator.

 Quantum cryptography is based on the physical properties of photons.

If two parties want to exchange encrypted data they need to share the
electronic key that will be used to encode the data. The data is encoded
with a corresponding private key, so using the genuine public key is vital.
Should a fake key be substituted for the real one the data could be read by
a third party rather than the intended recipient. Sharing of keys across
telecommunication networks can expose the key to tampering so many users
exchange keys offline via physical media, such as a floppy disk or CD-ROM.

 Under public key infrastructure (PKI) schemes, public keys are certified
as being genuine by a certificate authority.

Quantum cryptography systems allow users to exchange keys across networks
with the knowledge that they haven't been tampered with during transmission.

 This is because each data bit of the key is encoded onto individual
photons of light. A photon cannot be split so it can only end up in one
place: with the intended receiver or with an eavesdropper. Should a key be
completely received the recipient can be sure it hasn't been compromised
and should it be incorrectly received there's a chance that it has been
intercepted and so a new key can be issued.

 Thus, for a viable quantum cryptography system it must be possible to
reliably generate a single photon. If two or more photons are generated the
key's security is gone.

 "We have to avoid the key being received by other people," Arakawa said.
"It's not easy to avoid but if we use single photons it's possible. So its
very important to develop a single photon source."

 Until now most experiments involving quantum cryptography have used lasers
as their photon source and these haven't proven to be completely reliable
generators of single photons.

 "By reducing the output power of the laser we can create one photon
sometimes, however it is impossible to control accurately the number of
photons," Arakawa said. Reducing the laser power also means the overall
transmission speed is slowed.

 Arakawa's team has developed a new generator based on materials developed
by Fujitsu and Japan's National Institute for Materials Science. The
material is embedded with quantum dots, which are like tiny holes into
which individual electrons can enter and a photon be produced.

 "They are almost comparable to the wavelength of the electron so electron
motion is almost zero and the electron cannot move," Arakawa said. "The
energy state is fixed. So if we can control the energy of the electron, we
can control the number of photons that are emitted."

 The wavelength of the photons that are emitted can be controlled by
adjusting the size and shape of the quantum dots. Doing so very accurately
is difficult so additional filtering is employed to ensure that only those
with a wavelength suitable for transmission down commercial optical fiber
networks are let through, said Tatsuya Usuki, a researcher at Fujitsu
Laboratories Ltd., who also worked on the technology.

 Because the accurate generation of single photons is possible and there is
no need to throttle back the power, the transmission speed can be increased
from a few hundred bits per second to around 400 times that speed, Arakawa
said. He estimated a commercial system might be possible to transmit data
at up to 100k bps (bits per second).

 The group has also made progress on the detection end of the system. Light
coming out of the fiber is split into two and sent to two detectors. By
measuring the time at which photons arrive researchers can determine
whether one or two photons were generated. In the case photons arrive at
the same time at each detector, it means two were generated which was not
the case with the new system, Arakawa said.

 At present the team has succeeded in generating photons at both 1.3 micron
and 1.55

E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

[Anne & Lynn Wheeler]

E-commerce attack imminent; Sudden increase in port scanning for SSL
doesn't look good.
http://www.techworld.com/security/news/index.cfm?NewsID=1975

... aka not necessarily an attack on SSL itself ... but identifying
end-points with open SSL ports as attack targets i.e. end-points with
open SSL ports are likely to be somewhat higher value targets than
machines w/o SSL ports  since the operators possibly feel they have
something to protect.



-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

[Matt Crawford]

E-commerce attack imminent; Sudden increase in port scanning for SSL
doesn't look good.
http://www.techworld.com/security/news/index.cfm?NewsID=1975
... aka not necessarily an attack on SSL itself ... but identifying
end-points with open SSL ports as attack targets i.e. end-points with
open SSL ports are likely to be somewhat higher value targets than
machines w/o SSL ports  since the operators possibly feel they have
something to protect.

I can't see any reasonable way to derive your conclusion from the cited 
article.

   "The surge began on 15 July, the day before the public disclosure
of a critical flaw in a server module called mod_ssl.
   "The last time Netcraft observed similar activity was in April,
shortly before a wave of attacks on SSL servers that included the
compromise of some major e-commerce sites. Attackers used a flaw
in Microsoft's implementation of SSL to install malicious code..."
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

[Anne & Lynn Wheeler]

At 11:09 AM 7/23/2004, Matt Crawford wrote:
I can't see any reasonable way to derive your conclusion from the cited 
article.

   "The surge began on 15 July, the day before the public disclosure
of a critical flaw in a server module called mod_ssl.
   "The last time Netcraft observed similar activity was in April,
shortly before a wave of attacks on SSL servers that included the
compromise of some major e-commerce sites. Attackers used a flaw
in Microsoft's implementation of SSL to install malicious code..."

i just mentioned that it could possible be (another kind of)
attack/threat model (other than the obvious referenced
in the article).
i wasn't aware that this mailing list would preclude mention
of other possible attack/thread models   other than the
obvious ones mentioned.
--
Anne & Lynn Wheelerhttp://www.garlic.com/~lynn/ 

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: E-commerce attack imminent; Sudden increase in port scanning for SSL doesn't look good

[Anne & Lynn Wheeler]

slightly more topic drift w/respect to potential/possible threat models ...
i have put quite a bit of work into security taxonomy as part of the merged 
securitity glossary and taxonomy
http://www.garlic.com/~lynn/index.html#glosnote

i've relatively recently taken a pass at the cve database ...
http://cve.mitre.org/cve/index.html
http://www.osvdb.org/
but what I found was very little structure. i have done word frequency 
analysis on the descriptions ... but even that isn't really conclusive 
(since effectvely random people are generating quite random word 
descriptions). I was hoping to find more structure for expanding taxonomy 
for threat models, vulnerabilities, and exploits.


--
Anne & Lynn Wheelerhttp://www.garlic.com/~lynn/ 

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]