Riemann surface
matlab

毫无疑问,我们的密码学专家团队将以专业的方式解决您在密码学学习中遇到的所有挑战。我们拥有深厚的专业知识和丰富的经验,能够帮助您完成高质量的作业和论文,保证您的学习过程顺利进行。

以下是一些我们可以为您解决的问题:

密码学基础理论:包括各种常用密码学概念的定义、性质和分类,如对称加密、公钥加密等。

密码学算法:研究和应用于哈希函数、数字签名、密钥交换等密码学算法。

证明与安全性分析:包括常见的证明技巧和安全性分析方法,如归纳证明、反证法等。

密码学实践应用:在现实中的应用,包括网络安全、数据保护、身份验证等。

概率论与复杂性理论:介绍密码学中的概率和复杂性理论概念与方法,如随机算法、P/NP问题等。

密码学优化:研究如何提升密码学算法的效率和安全性。

密码学与计算机科学:探讨密码学在计算机科学中的应用,例如网络安全、系统安全、量子计算等。

无论您遇到的密码学问题是什么,我们都将竭尽全力为您提供专业的帮助,确保您的学习之旅顺利无阻!

问题 1.


Problem 2: Exceptional Access
Law enforcement agencies have been lobbying for exceptional access to encrypted communications. However, many cybersecurity experts have argued that enabling exceptional access would have untenable security consequences. Two cryptographers from GCHQ (the UK’s equivalent of the NSA) have proposed a method of exceptional access that they believe does not compromise the integrity of encryption in the following article:
https://www. lawfareblog.com/principles-more-informed-exceptional-access-debate. Please read over this article and then consider the following questions.
For another example, this (optional) article describes a Cisco Webex vulnerability which unintentionally allows “ghost access” to meetings:
https://www.securityweek. com/cisco-webex-vulnerability-allows-ghost-access-meetings
These are open questions and will be graded for completeness or your responses and justification of your claims. Please reference and/or quote specific arguments from the readings in your answers.
Question a) The first article discusses several principles that can be used to evaluate exceptional access methods. What standards would need to be followed for you to find an exceptional access reasonable ( 3 standards max)? If you believe that exceptional access is never acceptable, please justify why. How does your answer differ from the GCHQ principles, if at all?

.


Sample TA Solution
(a) There are two approaches that can be taken by students: arguing that exceptional access is never justified, and listing principles that they believe would make an exceptional access method acceptable.
Typically, arguing exceptional access is never justified would be done by claiming that any method that allows unintended recipients to access encrypted data necessarily constitutes a cybersecurity vulnerability, and that vulnerabilities have worse consequences (i.e., potential for significant cyberattacks, espionage, loss of trust in software services, potential compromise of journalists’ ability to communicate with sources) than an inability to access encrypted data (failure to prevent and prosecute crimes).
Seehttps://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026. pdf for a justification of why exceptional access mechanisms necessarily create vulnerabilities, https: //www. washingtonpost. com/world/national-security/former-national-security-officials-urg 2015/12/15/3164eae6-a27d-11e5-9c4e-be37f66848bb_story.htm for background on national security vs. law enforcement disagreements on exceptional access, and https://www . thirdway . org/report/weakened-encryption-the-threat-to-americas-national-security for a pure national security argument against exceptional access.

For the second approach, below are three examples of standards that might be suggested, although there are many more that students could reasonably suggest. For additional examples, see pages 13-14 of https://carnegieendowment.org/files/EWG_Encryption_Policy.pdf (intended for ondevice key escrow but nonetheless broadly applicable).

Software providers cannot be required to design their systems in preparation for exceptional access.While one-off exceptional access assistance can create temporary vulnerabilities, designing systems in a way that compromises confidentiality or integrity upfront creates persistent vulnerabilities. Additionally, this is antithetical to security by design. Although this may lead to firms redesigning their systems to make exceptional access methods impossible (i.e., by allowing the client to verify whether any keys have been changed or added, which the ghost proposal requires), these decisions would necessarily improve the overall security of these systems. For context, system redesigns to enable persistent methods of exceptional access can be required by Australia’s exceptional access legislation (the Telecommunications and Other Legislation Amendment (Assistance and Access) Act) through Technical Capability Notices. This standard is in conflict with the view expressed by former FBI Director James Comey, who argued that “it makes more sense to address any security risks by developing intercept solutions during the design phase, rather than resorting to a patchwork solution when law enforcement comes knocking after the fact” ${ }^{\prime \prime}$ https://www.fbi.gov/news/speeches/ going-dark-are-technology-privacy-and-public-safety-on-a-collision-course.

问题 2.

Question b) Do you believe that the GCHQ authors” fifth principle-that “any exceptional access solution should not fundamentally change the trust relationship between a service provider and its users” – is met by their proposed exceptional access mechanism? Why or why not? (4-6 sentences)

(b) Argument against:
Even if, as the GCHQ authors claim, “you don’t even have to touch the encryption” in their proposed system, ghost access nonetheless constitutes a significant change in the trust relationship between a service provider and its users. That is because, as discussed in lecture 3 , encryption is only half of the equation: users need to trust that their messages are not just encrypted, but also that their messages are only sent to the intended recipients. Additionally, this proposal requires the ability to suppress notifications that users have elected to receive, thus preventing the user from trusting the integrity of

the notification system.
Arguments for are difficult when using “trust” in a theoretical cybersecurity sense, but possible if viewing it through the same lens as the GCHQ cryptographers: if the risk of exploitation is minimal, and you believe that the government is not interested in your communications, then the trust relationship between user and service provider is not fundamentally changed. Arguments along these lines are valid, and are interesting in that they highlight a key point of contention in the exceptional access debate.

E-mail: help-assignment@gmail.com  微信:shuxuejun

help-assignment™是一个服务全球中国留学生的专业代写公司
专注提供稳定可靠的北美、澳洲、英国代写服务
专注于数学,统计,金融,经济,计算机科学,物理的作业代写服务

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注