Cryptography Expert Paul Kocher Warns: Future DVDs Prime Target for Piracy, Pay TV Foreshadows Challenges

2004-04-20 Thread R. A. Hettinga 


Yahoo!




Press Release
Source: Cryptography Research, Inc.

Cryptography Expert Paul Kocher Warns: Future DVDs Prime Target for Piracy,
Pay TV Foreshadows Challenges
Tuesday April 20, 12:07 pm ET

LAS VEGAS, NAB 2004, April 20 /PRNewswire/ -- Movie piracy today is still
immature in the United States, but as available storage space and bandwidth
increase, so will the motivation and sophistication of movie pirates, warns
security expert Paul Kocher, president and chief scientist of Cryptography
Research, Inc. Kocher believes that future optical media formats -- the
successors to today's DVD -- will require dramatically advanced content
protection technology and enforcement measures just to keep up with the
better-funded and more-determined adversary of tomorrow.

ADVERTISEMENT

Kocher believes the current pay television piracy can be seen as a
harbinger of things to come for optical media. "Movies are still difficult
enough to copy, so that for most people, it isn't worth the hassle," he
said. In the United States today, the movie industry is primarily chasing
mischievous college students, internal leakage and low-quality analog
recordings as the sources of piracy, according to Kocher. "By contrast, in
the pay television industry, we routinely face well-funded, technically
sophisticated pirates, many of whom are closely connected with organized
crime networks. It's ultimately a question of whether people perceive
piracy to be worthwhile," he said.

Kocher believes the very thing that makes successors to DVD more attractive
to consumers -- high-definition content -- will also make them more
attractive to pirates. Although the larger file size of new high-quality
optical media formats like Blu-ray or HD-DVD movies will slow many pirate
efforts by perhaps two years, high-definition content is a much more
attractive target for attackers because, in many cases, it represents the
best quality studios have to offer.

"While it's unfortunate that security on the current DVD format is broken
and can't be reprogrammed, HD is what really matters. Once studios release
high-definition content, there will be little or no distinction between
studio-quality and consumer-quality," said Kocher. "This means that HD is
probably Hollywood's one and only chance to get security right."

According to Kocher, Hollywood is following a path common to other
industries facing similar problems. "Typically, first-generation security
systems fail irrecoverably, but later generations are designed to recover
from failures," Kocher said. As an example, he cites K-band ("big dish")
satellite TV systems, which suffered from devastating piracy because
security flaws could not be corrected. Having learned this lesson, modern
pay TV systems place critical security components in smart cards or
security modules that can be replaced. While this approach is not optimal
because hardware upgrades are expensive, it has enabled the industry to
keep piracy at survivable levels.

For movie studios, optical media has so far followed a parallel path. The
content protection system for DVDs was designed without renewable security,
and has now been broken irrecoverably. "Just as the transition to digital
broadcasts provided satellite providers with the opportunity to change to a
better approach for security, new format initiatives such as Blu-ray and
HD-DVD present an opportunity for the optical media industry to correct its
dysfunctional security architecture," Kocher said.

"The problem is urgent because it takes several years for security efforts
to pay off. Everybody's worst fear is that Hollywood will follow in the
music industry's steps and fail to make progress due to political
maneuvering and a lack of technical leadership," said Kocher. "On the other
hand, if security decisions reflect a disciplined analysis of the long-term
business requirements, I still think it is possible to keep piracy at a
manageable level. Even in the best case, though, things are going to get
much worse before they get better."

About Paul Kocher

Paul Kocher has gained an international reputation for his work in the
field of cryptography. Kocher has designed and co-authored many
cryptographic applications and protocols, including SSL v3.0. At
Cryptography Research, he leads a team of scientists and engineers who
specialize in developing technology to help solve real-world data security
problems. Research efforts he directed include successfully building the
record-breaking DES Key Search machine, discovering Differential Power
Analysis, and developing technologies that are used widely to secure pay
television systems and smart cards against attack.

About Cryptography Research, Inc.

Cryptography Research, Inc. provides technology and services to solve
complex security problems. In addition to security evaluation and applied
engineering work, CRI is actively involved in long-term research in areas
including tamper resis

ECC'04 -- Second announcement

2004-04-20 Thread R. A. Hettinga 

--- begin forwarded text


From: ECC 2004 <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: ECC'04 -- Second announcement
Date: Mon, 19 Apr 2004 22:50:41 +0200
To: [EMAIL PROTECTED]


THE 8TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2004)

Ruhr-University Bochum, Germany

September 20, 21 & 22, 2004

SECOND ANNOUNCEMENTApril 19, 2004


ECC 2004 is the eighth in a series of annual workshops dedicated
to the study of elliptic curve cryptography and related areas.
The main themes of ECC 2004 will be:
- The discrete logarithm problem.
- Efficient parameter generation and point counting.
- Provably secure cryptographic protocols.
- Efficient software and hardware implementation.
- Side-channel attacks.
- Deployment of elliptic curve cryptography.

It is hoped that the meeting will continue to encourage
and stimulate further research on the security and implementation
of elliptic curve cryptosystems and related areas, and encourage
collaboration between mathematicians, computer scientists and
engineers in the academic, industry and government sectors.

There will be approximately 15 invited lectures (and no contributed
talks), with the remaining time used for informal discussions.
There will be both survey lectures as well as lectures on latest
research developments.


SPONSORS:
  BSI - Bundesamt für Sicherheit in der Informationstechnik
  DFG-Graduate School on Cryptography
  ECRYPT - European Network of Excellence in Cryptography
  Ruhr-University Bochum
  University of Waterloo


ORGANIZERS:
  Gerhard Frey (University of Duisburg-Essen)
  Tanja Lange  (Ruhr-University Bochum)
  Alfred Menezes   (University of Waterloo)
  Christof Paar(Ruhr-University Bochum)
  Scott Vanstone   (University of Waterloo)


CONFIRMED SPEAKERS:
  Roberto Avanzi   (University of Duisburg-Essen, Germany)
  Paulo Barreto(Scopus Tecnologia, Brazil)
  Pierrick Gaudry  (LIX Paris, France)
  Marc Joye(Gemplus, France)
  Norbert Luetkenhaus  (University of Erlangen, Germany)
  Kim Nguyen   (Bundesdruckerei, Germany)
  Alexander May(University of Paderborn, Germany)
  Matt Robshaw (Royal Holloway University of London, UK)
  Werner Schindler (BSI, Germany)
  Jasper Scholten  (KU Leuven, Belgium)
  Hovav Shacham(Stanford University, USA)
  Igor Shparlinski (Macquarie University, Australia)
  Nigel Smart  (University of Bristol, UK)
  Thomas Wollinger (Ruhr-University Bochum, Germany)


LOCAL ARRANGEMENTS AND REGISTRATION:

Bochum is situated approximately 50 km from Dusseldorf International
Airport and about 300 km from Frankfurt Airport. Participants should
plan to arrive on September 19 to be able to attend the lectures on
Monday morning.

If you did not receive this announcement by email and would like to be
added to the mailing list for the third announcement, please send a
brief email to [EMAIL PROTECTED] The announcements are also
available from the web site
www.cacr.math.uwaterloo.ca/conferences/2004/ecc2004/announcement.html
---


REGISTRATION & ACCOMMODATIONS:

Details on registration and accomodation will follow in the next
announcement.

==


FURTHER INFORMATION:

For further information, please contact:

Tanja Lange
Information Security and Cryptography
Ruhr-University Bochum

e-mail:   [EMAIL PROTECTED]
Fax:  +49 234 32 14430
Tel:  +49 234 32 23260

==

ECC 2004 - Bochum
www.cacr.math.uwaterloo.ca/conferences/2004/ecc2004/announcement.html

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Cryptography Research Granted Patents for Safer Smart Cards

2004-04-20 Thread R. A. Hettinga 


Cryptography Research Granted Patents for Safer Smart Cards

  Technology Prevents DPA Attacks to Combat Fraud and Piracy

SAN FRANCISCO, April 19 /PRNewswire/ -- Cryptography Research, Inc., a
leader in advanced security research and engineering, today announced it has
been granted several broad patents on technology that reduces fraud and piracy
by protecting smart cards and other systems from Differential Power Analysis
(DPA) attacks.  The company developed the technology to help cryptographic
device manufacturers, systems integrators, and smart card issuers develop
secure, DPA-resistant implementations for use in financial, pay television,
mass transit, secure identification and wireless industries.
Differential Power Analysis involves measuring the electrical power
consumption of smart cards and other cryptographic devices.  Statistical
methods are then used to extract cryptographic keys and other secrets.
Vulnerable devices are at risk for compromises including fraud, cloning,
impersonation, counterfeiting, and piracy.  Although DPA attacks typically
require technical skill to implement, they can be repeated with a few thousand
dollars of standard equipment, and can often break a device in a few minutes.
DPA and related attacks were originally discovered at Cryptography Research in
the 1990s.
"We are proud to have our work recognized by the United State Patent and
Trademark Office," said Paul Kocher, president of Cryptography Research.  "As
a research-focused company, we rely on patents to help us commercialize our
results and make our ongoing R&D efforts possible."

The Cryptography Research DPA patents broadly cover countermeasures to DPA
attacks, and include:
-- U.S. Patent #6,654,884:  Hardware-level mitigation and DPA
countermeasures for cryptographic devices;
-- U.S. Patent #6,539,092:  Leak-resistant cryptographic indexed key
update;
-- U.S. Patent #6,510,518:  Balanced cryptographic computational method
and apparatus for leak minimization in smartcards and other cryptosystems;
-- U.S. Patent #6,381,699:  Leak-resistant cryptographic method and
apparatus;
-- U.S. Patent #6,327,661:  Using unpredictable information to minimize
leakage from smartcards and other cryptosystems;
-- U.S. Patent #6,304,658:  Leak-resistant cryptographic method and
apparatus;
-- U.S. Patent #6,298,442:  Secure modular exponentiation with leak
minimization for smartcards and other cryptosystems; and
-- U.S. Patent #6,278,783:  DES and other cryptographic, processes with
leak minimization for smartcards and other cryptosystems.

Other Cryptography Research patents are issued and pending in the United
States, Europe, Japan, Canada and other countries.
According to the Smart Card Alliance, an industry trade group, the United
States became the third largest market for microprocessor smart cards in 2003,
and more than 70 million smart cards shipped to the United States and Canada.
The Card Industry Directory reported over 1.9 billion worldwide smart card
shipments in 2003.

About Cryptography Research, Inc.
Cryptography Research, Inc. provides consulting services and technology to
solve complex security problems.  In addition to security evaluation and
applied engineering work, CRI is actively involved in long-term research in
areas including tamper resistance, content protection, network security, and
financial services.  The company also produces the DPA Workstation(TM) to help
qualified organizations analyze DPA-related security vulnerabilities and
improve their use of licensed DPA countermeasures.  This year, security
systems designed by Cryptography Research engineers will protect more than
$60 billion of commerce for wireless, telecommunications, financial, digital
television, and Internet industries.  For additional information or to arrange
a consultation with a member of the technical staff, please contact Jennifer
Craft at 415-397-0123 or visit http://www.cryptography.com.


 SOURCE Cryptography Research, Inc.
 Web Site: http://www.cryptography.com

More news from PR Newswire...

Issuers of news releases and not PR Newswire are solely responsible for the
accuracy of the content.
Terms and conditions, including restrictions on redistribution, apply.
 Copyright © 1996-2004 PR Newswire Association LLC. All Rights Reserved.
 A United Business Media company.

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptog

Re: voting

2004-04-20 Thread Matt Crawford 
On Apr 15, 2004, at 8:58 PM, Ed Gerck wrote:

Currently, voter privacy is absolute in the US and does not depend
even on the will of the courts. For example,  there is no way for a
judge to assure that a voter under oath is telling the truth about how
they voted, or not.
For many years in the 90's there was (maybe still is) a resident of 
Cook County, Illinois, who refused to vote because she was the only 
voter in her precinct, and the precinct totals would consist purely of 
her vote.  (She lived in a forest preserve.  There's probably some 
latter-day Brothers Grimm tale in this.)

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Workshop on Economics and Information Security, May 13-14, Minneapolis

2004-04-20 Thread Andrew Odlyzko 
The 3rd Annual Workshop on Economics and Information Security
will be held Thursday and Friday, May 13-14 (right after the
Oakland conference) on the campus of the University of Minnesota
in Minneapolis.  General information, including a tentative
schedule, is available at

  http://www.dtc.umn.edu/weis2004

Early registration with reduced fees closes on April 25.

Andrew Odlyzko

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]