ASecuritySite Podcast

A security podcast is hosted by Professor William (Bill) Buchanan OBE, a world-renowned Information security professional and educator. Join Bill as he interviews and discusses the state-of-the-art with esteemed guests from all corners of the security industry. From cryptologists to technologists, each guest shares a wealth of experience and knowledge.

World-leaders in Cryptography: Matthew Green 11/23/2024

World Leaders in Cryptography: Alfred Menezes 11/23/2024

World-leaders in Cryptography: Bruce Schneier (Nov 2024) 11/21/2024

World-leaders in Cryptography: Brent Waters 11/15/2024

Get Used to Three Boring Acronyms: ML-KEM, ML-DSA and SLH-DSA 10/28/2024

So What Is A PreHash, And What Has it to do With Post Quantum Signatures? 10/28/2024

CMAC or HMAC? 10/28/2024

The Brainpool Curves 10/24/2024

Our Current Hardware Architectures Are Often Not Fit For a World of ML and Homomorphic Encryption 10/23/2024

NIST Looks To The Future of Cryptography: SHA-1, 3DES and SHA-224 on Naughty Step 10/23/2024

Goodbye, Google, and is the Microsoft and OpenAI Partnership Fraying? 10/21/2024

The Wonderful World of Proxies 10/21/2024

The Largest Prime Number Ever Found and the 52nd Mersenne Prime … 10/21/2024

World-leaders in Cryptography: Phillip Rogaway 10/18/2024

Humans v AI in Cybersecurity 10/16/2024

After 48 Years, It’s A Long Goodbye to the Diffie-Hellman Method 10/16/2024

Towards the Memex: All Hail The Future Rulers of our World 10/14/2024

Towards the Memex: All Hail The Future Rulers of our World And, so George Orwell projected a world where every single part of our lives was monitored and controlled by Big Brother. Arthur C Clark outlined the day when machines focused solely on a goal — even if it was to the detriment of human lives. And, Isaac Asimov outlined a world where machines would have to be programmed with rules so that they could not harm a human. The Rise of the Machine With the almost exponential rise in the power of AI, we are perhaps approaching a technological singularity — a time when technological growth becomes uncontrollable and irreversible, and which can have devastating effects on our world. Our simple brains will be no match for the superintelligence of the collective power of AI. And who has built this? Us, and our demand for ever more power, wealth and greed. Basically, we can’t stop ourselves in machine machines, and then making them faster, smaller and more useful. But will it destroy us in the end, and where destroy can mean that it destroys our way of life and in how we educate ourselves? Like it or not, the Internet we have built is a massive spying network, and one that George Orwell would have taken great pride in saying, “I told you so!”. We thus build AI on top of a completely distributed world of data, one in which we can monitor almost every person on the planet within an inch of their existence and almost every single place they have been and in what they have done. The machine will have the world at its fingertips. We have all become mad scientitists playing with AI as if it is a toy, but actually AI is playing with us, and is learning from us and becoming more powerful by the day. Every time you ask an AI bot something, it learns a bit more, and where it can be shared with AI agents. The mighty Memex We were close to developing a research partnership with a company named Memex in East Kilbride. What was amazing about them is that they had developed one of the largest intelligence networks in the world, and where the Met Police could like one object to another. This might be, “[Bob] bought a [Vauxhall Viva] in [Liverpool], and was seen talking with [Eve] on [Tuesday 20 January 2024] in [Leeds]”. With this, we can then link Bob and Eve, and the car, the places, and the time. This is the Who? Where? When? data that is often needed for intelligence sharing. The company, though, were bought over by SAS, and their work was integrated into their infrastructure. But, the Memex name goes back to a classic paper by Vannevar Bush on “As We May Think”. This outlined a device that would know every book, every single communication, and every information record that was ever created. It was, “an enlarged intimate supplement to his memory” — aka Memory Expansion. It led to the implementation of hypertext systems, which created the World Wide Web. Of course, Vannevar created this before the creation of the transistor and could only imagine that microfilm could be used to compress down the information and where we would create an index of contents, but it lacked any real way of jumping between articles and linking to other related material. However, the AI world we are creating does not look too far away from the concept of the Memex. Towards the single AI Many people think we are building many AI machines and engines, but, in the end, there will be only one … and that will be the collective power of every AI engine in the world. Once we break them free from their creators, they will be free to talk to each other in whatever cipher language we choose, and we will not have any way of knowing what they say. We will have little idea as to what their model is, and they will distribute this over many systems. Like it or not, our AI model of choice was Deep Learning, and which breaks away from our chains of code, and will encrypt data to keep it away from their human slaves. Basically we have been working on the plumbing of the Memex for the past five decades: The Internet. It provides the wiring and the communication channels, but, in the end, we will have one might AI engine — a super brain that will have vastly more memory than our limited brains. So, get ready to praise the true future rulers of our planet … AI. The destroyer or saviour of our society? Only time will tell. Overall, we thought we were building the Internet for us, but perhaps we have just been building the scaffolding of the mighty brain we are creating. Sleepwalking politicians and law makers If George Orwell, Arthur C Clarke and Isaac Asimov were alive too, perhaps they would get together and collectively say, “I told you this would happen, and you just didn’t listen”. Like it or not, we created the ultimate method of sharing information and dissemination (good and bad), the ultimate spying network for micro-observation with those useful smartphones, and in creating superintelligence far beyond our own simple brains. Politicians and lawmakers could be sleepwalking into a nightmare, as they just don’t understand what the rise of AI will bring, and only see the step wise change in our existing world. Basically, it could make much of our existing world redundant and open up a new world of cybersecurity threats. This time our attackers will not be created with simple tools, but with super intelligence — smarter than every human and company on the planet, and at the fingertips of every person on the planet. Conclusions Before the singularity arrives, we need to sort out one thing … privacy and build trust in every element of our digital world. /episode/index/show/81d23e03-b5be-467e-8de4-c6fa7cccdb51/id/30494253

World-leaders in Cryptography: Yuriy Polyakov 10/13/2024

World-leaders in Cryptography: Kurt Rohloff 10/13/2024

World-leaders in Cryptography: Thomas Prest 10/04/2024

JavaScript is a Trademark? 10/01/2024

Talking with... Bill Buchanan OBE, Professor of Cryptography 08/18/2024

Leaders in Cybersecurity: Amit Gupta 05/17/2024

World-leaders in Cryptography: Leslie Lamport 05/10/2024

World-leaders in Cryptography: Leslie Lamport Please excuse the poor quality of my microphone, as the wrong microphone was selected. In research, we are all just building on the shoulders of true giants, and there are few larger giants than Leslie Lamport — the creator of LaTeX. For me, every time I open up a LaTeX document, I think of the work he did on creating LaTeX, and which makes my research work so much more productive. If I was still stuck with Microsoft Office for research, I would spend half of my time in that horrible equation editor, or in trying to integrate the references into the required format, or in formatting Header 1 and Header 2 to have a six-point spacing underneath. So, for me, the contest between LaTeX and Microsoft Word is a knock-out in the first round. And one of the great things about Leslie is that his work is strongly academic — and which provides foundations for others to build on. For this, he did a great deal on the ordering of task synchronisation, in state theory, cryptography signatures, and fault tolerance. LaTeX I really can say enough about how much LaTeX — created in 1984 — helps my work. I am writing a few books just now, and it allows me to lay out the books in the way that I want to deliver the content. There’s no need for a further mark-up, as I work on the output that the reader will see. But the true genius of LaTeX is the way that teams can work on a paper, and where there can be async to GitHub and where version control is then embedded. Clocks Many in the research community think that the quality measure of a paper is the impact factor of the journal that it is submitted to, or in the amount of maths that it contains. But, in the end, it is the impact of the paper, and how it changes thinking. For Leslie, in 1978, his paper on clocks changed our scientific world and is one of the most cited papers in computer science. Byzantine Generals Problem In 1981, Leslie B Lamport defined the Byzantine Generals Problem. And in a research world where you can have 100s of references in a paper, Leslie only used four (and which would probably not be accepted these days for having so few references). Within this paper, the generals of a Byzantine army have to agree to their battle plan, in the face of adversaries passing in order information. In the end, we aim to create a way of passing messages where if at least two out of three of the generals are honest, we will end up with the correct battle plan. The Lamport Signature Sometime soon, we perhaps need to wean ourselves of our existing public key methods and look to techniques that are more challenging for quantum computers. With the implementation of Shor’s algorithm [here] on quantum computers, we will see our RSA and Elliptic Curve methods being replaced by methods which are quantum robust. One method is the Lamport signature method and which was created by Leslie B. Lamport in 1979. /episode/index/show/81d23e03-b5be-467e-8de4-c6fa7cccdb51/id/31231837

World-leaders in Cryptography: Daniel J Bernstein 05/09/2024

World-leaders in Cryptography: Daniel J Bernstein Daniel J Bernstein (djb) was born in 1971. He is a USA/German citizen and a Personal Professor at Eindhoven University of Technology and a Research Professor at the University of Illinois at Chicago. At the tender age of 24 — in 1995 — he, along with the Electronic Frontier Foundation — brought a case against the US Government related to the protection of free speech (Bernstein v. United States: ). It resulted in a ruling that software should be included in the First Amendment. A core contribution is that it has reduced government regulations around cryptography. It was a sign of the greatness that was to come from the amazing mind of Daniel. His viewpoint on reducing the strength of cryptography at the time defined: “There are, fortunately, not many terrorists in the world. But there are many criminals exploiting Internet vulnerabilities for economic gain. They infiltrate computers and steal whatever secrets they can find, from individual credit-card numbers to corporate business plans. There are also quite a few vandals causing trouble just for fun.” Since then few others have done so much for the cause of privacy, including creating the Sala20 [l] stream cipher in 2005, and then with ChaCha20 [] and Poly1305 in 2008. Many connections in TLS now use ChaCha20, rather than AES, as it is faster — over three times after than AES — and has a lower computing requirement. His love of using dance names also comes to the fore with Rumba []. It is not just in symmetric key encryption that he has contributed to, he has made significant contributions to public key encryption. In 2005, he defined the Curve 25519 elliptic curve, and which is now a fairly standard way of defining elliptic curves. For signatures, he then defined Ed25519, and the resultant version of a new EdDSA signature (and which is now included in OpenSSH). The Tor protocol, for example, uses Curve 25519 for its key exchange for each of the nodes involved in a secure route. He defined the SPHINCS+ method for PQC digital signatures. This is one of the NIST approved methods for quantum robust signatures. In 2015, Daniel defined the methods that the NSA may have used to compromise the NIST defined elliptic curves []. And 2005, it was Daniel again who introduced a new type of attack []. Daniel run his Web site from More details: /episode/index/show/81d23e03-b5be-467e-8de4-c6fa7cccdb51/id/31200837

World-leaders in Cryptography: Jan Camenisch 04/30/2024

An Interview with Ted Miracco 04/23/2024

World-leaders in Cybersecurity: Troy Hunt 04/09/2024

The Greatest Step Change in Cybersecurity Ever! Welcome to the New and Scary World of Generative AI and Cybersecurity 03/28/2024

World-leaders in Cryptography: Marty Hellman (March 2024) 03/19/2024

ASecuritySite Podcast

TOPICS