Friday, November 14, 2014

Suggested Naming Conventions of Attackers

I would like to introduce a set of conventional terms to label different security systems attackers according to their strength. Nick P initially brought up in the Schneier Blog.

I would like to encourage the application of these terms inside papers written regarding secure systems and protocols.

High Strength Attacker (HSA): An attacker with high capabilities and resources to attack a secure system. Intrusive or passive methodologies and techniques are achievable with presumed insider access into the secure system.

Medium Strength Attacker (MSA): An attacker with moderate capabilities and resources to attack a secure system but the capabilities to gain insider access to a secure system may not always be successful.

Low Strength Attacker (LSA): An attacker with low capabilities and resources to attack a secure system. Such an attacker may have a lower chance than the two other types of attacker to gain insider access into the secure system or may not even have access into the internals of the secure system but may manipulate or listen into the communication interactions between the secure system and it's environment.

Wednesday, November 12, 2014


Cryptography is a Science that makes hidding of information viable by using Maths and a little foresight. It's concepts can be really easy at one end and very complex on the other.
We are at a crossroad between practical cryptography that is both sound and usable and cryptography that is plausible but overly esoteric. We have known that High Strength Attacker (HSA) have the ability to compromise cryptography by tampering with industry standards and products that we expect to be secure (SSL/TLS, RNG...). 

Making practical cryptography and secure systems easy to access by the normal users as well as academics and not letting the esoteric looks of cryptography scare away interested parties and people is the main goal of this blog as well as educating people on the proper use of cryptography and removing the "silver bullet" aura around cryptography and putting it into a practical context.

Cryptography and secure systems are not built miraculously or are some sort of Gandalf Wand that wave away all the nasties of digital security, but a Science that explains how secure systems are built in the correct mindset without the superstitions or esoteric nature of what they are .

While writing this first post, I submitted a paper to IACR regarding a construct of making stream-based cryptography stronger (posting in the next post) with the intention of making the paper as simple and easily accessible without the mathematical mambo jumbo that have plague many good papers describing interesting security systems and the quick response from the assigned editors were the following:

The paper does not appear to be of a sufficient scientific quality to merit publication in the archive. Please examine other publications in our archive to understand the level of detail and mathematical rigour required.

Security of individuals and organizations hinges on accessible and practical secure systems that explains their steps concisely and with precision.

IACR may entertain the complex and esoteric mathematics but this archive will entertain even a simple idea that have been explained in a concise manner and also the esoteric and highly advanced mathematics of cryptography, kleptograhpy and secure systems are welcomed as well.

All submissions of cryptography, kleptograhpy and secure setups are welcomed as long as the following criterias are met:
  • This blog (Simple Cryptographic Archive) is granted the rights of publications and the rights of readers to distribute freely the publications with proper attributions of the published materials.
  • Clear and concise explanation of methods and techniques in the material (not just mathematical formulas).
  • Scientific discussion in papers without the misconduct of slandering.
  • Files maybe in PDF, RTF, OpenOffice/LibreOffice, DJVU format.
  • Proving of claims should exist.
May knowledge empower you.