Read more about the article Bayes Vulnerability: Introduction to QIF

Bayes Vulnerability: Introduction to QIF

Here I introduce an introductory overview of quantitative information flow (QIF), a mathematical framework used to precisely discuss leakage. We start with a system that takes some sensitive information as input, processes it, and produces some publicly observable output. We want to determine how the system affected the sensitive information. This overview will focus on the often relevant and intuitive measure of Bayes vulnerability, which addresses when the adversary must guess the value of the…

Continue ReadingBayes Vulnerability: Introduction to QIF
Read more about the article Takeaways from Why Cryptosystems Fail

Takeaways from Why Cryptosystems Fail

Ross Anderson presents a survey of ATM failures in Why Cryptosystems Fail (1993). Here are some major takeaways: If the deployment environment changes, your assumptions may stop holding. Revisit the goals of your system after deployment. Build with your adversary's real abilities in mind. Do a postmortem study to determine why the cryptosystem failed. (Aside: share the results.) Having good cryptographic building blocks does not mean that what you build with them will be secure.…

Continue ReadingTakeaways from Why Cryptosystems Fail