Cryptography

The History and Mathematics of Codes and Code Breaking

Month: August 2018 (Page 1 of 3)

Mining Student Data - To protect students or invade students' life

In his essay, Michael Morris states that through mining student data, threat-assessment teams of universities have a great chance and plausible accuracy to predict possible violent behaviors with mining algorithms. As a result, it is responsible for every university to monitor students' academic record and prevent every possible tragedy.

Undoubtedly, in no way are we supposed to turn blind eyes to the fact that as the development of statistics and computer science, the mining algorithms is remarkable in this Internet era. Like the way Amazon know what productions we are interested in and may purchase and recommend them in our app,  threat-assessment teams are probably detected most of possible violent behaviors before they come true. So mining student data can be a effective way to prevent those terrible issues like suicide or criminal behaviors. 

However, the accuracy of the mining algorithms is not 100 percent, or even far less than 100 percent. As Micheal Morris said in his essay, I have had my credit-card transaction declined for many times since I created in China but lived in America now. The bank monitored my transaction record and defined it as an unusual pattern of spending America dollars with my credit card. My life was heavily infected during the time my card was freezing. The protection that bank provided actually based on the inaccurate result of the mining algorithm and it took the unnecessary action. The same as my bank, Amazon usually makes inaccurate prediction and recommendation as well, that's why our app often shows productions unrelated to our interests.

Similarly, the mining algorithms can lead threat-assessment teams to wrong direction and judge some nonviolent academic record as possible threat to campus safety. If a university take action according to that prediction and ask an innocent student to have a conversation, that will definitely affect the student's daily life. The feeling of being monitored and offended will come to the student and prevent them from concentrating on their career. In that case, the university just invade the student's life let alone by a way that even though the university does not take any action, it has already pried the student's privacy.

Under the situation that the algorithm can not reach 100 percent accuracy, universities which use the data-mining technology may invaded normal students' daily life. As a result, I disagree with the statement of Micheal Morris and consider that it is not time for universities to abuse the data-mining technology.

 

 

Mining Student Data Could Save Lives - or Make Life Harder

In his essay, "Mining Student Data Could Save Lives", Michael Morris argues that universities should implement data mining algorithms to detect patterns in student activities on their networks (e.g. any activity occurring on the WiFi network, school computers, or communications through university email accounts). According to Morris, the implementation of these algorithms could potentially prevent violent acts from occurring on campus; after all, almost every large-scale act of campus violence has been preceded by warning signs which, if recognized before the incident, would have indicated that an act of violence was imminent and could have been prevented.

Indeed, there is something compelling about Morris' argument. A student who purchased high-powered firearms on the school network sending emails on a clearly detailing plans to perpetrate an act of violence  clearly warrants a breach of individual privacy to ensure the safety of the campus community. However, very few scenarios are this clear cut since most evidence would not be as damning as an explicit description of a violent act sent on a university email.

This raises the issue of false positives, one that is inherent in all data mining algorithms. In the article, Morris specifically cites the example of banks using data mining to detect stolen credit cards. And while these algorithms are good at detecting stolen cards, they are equally adept at generating false positives, deactivating cards after valid transactions that were deemed suspicious. Similarly, algorithms designed to monitor communications on university networks would need to be extremely sensitive even to small red flags in order to effectively prevent violent acts. However, designing the algorithm in this way would lead to false positives being regularly detected, incriminating students who had no violent intentions simply for their normal browsing activities and communications with others. If even one student is called in to "have a conversation" because of something the algorithm detected, it has already failed to do its job at the cost of individual freedom and privacy.

In principle, Morris' idea is persuasive. The perfect data mining algorithm would be ideal for stopping campus violence without the need for extreme invasion of privacy or the generation of false positives. However, the implementation of a data mining algorithm in our complex world would require sacrificing students' digital privacy for little to no benefit.

Blog Assignment #3

For your third blog assignment, write a post between 200 and 400 words in which you (briefly) summarize and react to a passage in Little Brother that caught your attention. You might address why it interests you, connections you see between the passage and other ideas we've discussed this semester, or your opinion on arguments made in the passage.

Please (1) give your post a descriptive title, (2) assign it to the "Student Posts" category, and (3) give it at least three useful tags. Your post is due by 9:00 a.m. on Monday, September 10th.

Problem Set #1

Here's your first problem set, in both Word and PDF formats. It's due on paper at the start of class on Wednesday, September 5th.

In case they're helpful, here are some Excel files I've used in class.

The Encryption That Revealed More Than It Hid

“A false sense of security is the only kind there is”

-Michael Meade

In the epoch of technology and the internet, this particular quote rings painfully true. We read about black hat hacking being ubiquitous yet we don’t think twice before entering privileged information into a website whilst being connected to the free, unprotected airport wifi. Until recently, for years, we’ve utilized WhatsApp and Facebook to text people and have felt safe by adding a passcode to our phones while all that information ran through servers with no signs of encryption whatsoever. I believe the sense of security we felt doing all those perfunctory actions was not a great digression from that felt by Mary Queen of Scots when she decided to be party to the assassination.

When Singh says that “weak encryption can be worse than no encryption at all”, I believe he refers to the fundamental idea that when we encrypt something, we do it under the premise that the information stays protected and confidential and that feeling of safety brings its own set of privileges. However, violation of that safety can cause catastrophic repercussions which would not have occurred had there been no sense of safety in the first place. Coming to our example, Mary Queen of Scots was negligent in her parlance because she had faith in her encryption. If we were to hypothesize, for the sake of discussion, that there had been no encryption, she would have exercised far more caution and might have not said something damning enough to incriminate her in court. Her weak encryption, in a way, did more damage to her case than what would have occurred had there been none.

Coming to the implication of that statement, I believe there is more to it than what meets the eye. Mathematically, the transitive property dictates that if better encryption equals more safety and confidence, and more safety and confidence equals better language and more information, therefore, better encryption equals more information. However, by some disparity in the aforementioned, if that encryption turns out to be weak, the final quantity of the above equation might turn from your best ally to your worst foe. Thus, it is important to realize that cryptography will only work well if the there is a time factor involved and it is safest to always presume that in time, your code will be broken and to contemplate the consequences of that situation.

Blog Assignment #2

For your second blog assignment, read the 2011 essay "Mining Student Data Could Save Lives" by Michael Morris of California State University at Channel Islands and write a post between 200 and 400 words that responds to the following prompt.

What is the central argument Morris makes in his essay? Do you agree with it? Why or why not?

This is a chance to practice your summarizing skills and to construct a (brief) response to an author's thesis. Feel free to draw on personal experiences in your response, if that's relevant.

Please give your post a descriptive title, and use the "Student Posts" category for your post. Also, give your post at least three tags, where each tag is a word or very short phrase (no more than three words) that describe the post's content. You're encouraged to use tags already in the system if they apply to your post.

Your post is due by 9:00 a.m. on Monday, September 3rd. If you have any technical problems using WordPress, don't hesitate to ask.

Bookmark Assignment #1

For your first bookmarking assignment, you're invited to bookmark anything you like that's related to cryptography. Look for a news article or resource on cryptography that's interesting to you. Be sure that you're bookmarking a credible source. If you're not sure where to go with this, look for inspiration in Singh Chapter 1. Save your bookmark to our Diigo group, and give your bookmark at least two useful tags.

Your bookmark is due by 9:00 a.m. on Friday, August 31st. We'll take a little time in class to share your finds. If you have any questions about using Diigo, don't hesitate to ask.

Image: "Interesting Pin," by me, Flickr (CC)

Different Applications of Cryptography Over Time

The only records we have of cryptography used in the past come from people with the resources and technical skills to encrypt and decrypt messages, whether they were World War II spies, Arab scholars, or Greek military leaders. Although not all of the encryption methods mentioned by Singh in Chapter 1 required exceptional resources (the Spartan scytale method used only a staff and parchment), they all required an understanding of the concept of encryption, which was a largely unused technique prior to the development of each cultures' breakthrough cryptography methods. Additionally, it's a reasonable assumption that cryptographers would have wanted to keep their methods secret from the general public, as knowledge of the code would have weakened the encryption. Therefore, I believe that the reason so few records of cryptography exist outside of well-resourced people is because they closely guarded the secrets to their specific codes after development, which, once revealed, often turned out to be simple and did not require exceptional resources.

However, this only applies to encryption and the building of ciphers. The techniques the Arabs developed for the decryption of substitution ciphers required extensive knowledge on linguistics and math, as frequency analysis only works if the cryptanalyst is familiar with the mechanics of a language.

Over time, techniques for encryption and decryption have been constantly improved in an arms race to create more secure codes and ways to break them. Nowadays, the most secure encryptions are created using supercomputers and unique encryption keys, which arguably requires more exceptional resources than simply deciding on a certain substitution cipher. However, the most significant difference between cryptography now and then is that very secure encryption is available to the general public, while people in the past who weren't involved in the encryption and decryption process had very limited access to effective cryptography. Although only the developers of specific encryptions know the specific mechanics, they are made available for anyone to use.

 

The Problem with Weak Encryption

In Chapter 1 of The Code Book, author Simon Singh states, "The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all."  What this essentially means is that overconfidence with a cipher, especially a relatively weak one, can be dangerous in that it creates an illusion of privacy that may lead to careless communication.  This was problematic for Mary and continues to be problematic today.

The encryption method used by Mary and Babington was called nomenclator, in which both letters and common words are replaced with corresponding symbols in the ciphertext.  In their minds, that system was more than effective, but they were unaware of the advancements in cryptanalysis that were being made at the time which allowed Walsingham and Phelippes to decipher it.  As a result, Mary and Babington had the false impression that they could say anything to each other without their messages being understood if intercepted.  This ended up proving worse for them than if they had no encryption method at all.  Had that been the case, they would have consciously made efforts to be vague and discreet when discussing sensitive information because there would be an obvious threat of self-incrimination.  However, their blind confidence in the encryption masked that threat and led them to speak directly and openly about their plans to assassinate Queen Elizabeth.  When it turned out that Walsingham was able to decipher their messages, they were caught completely off guard.

The issue of reliance on weak encryption methods is arguably even more prevalent today in the digital age.  The internet allows more information than ever before to be accessible to more people than ever before, so weak encryption can pose extreme privacy and security risks.  That is why it is important to be careful what information you put online, even if it is protected by a password.  There is always a possibility that hackers can gain access to your personal info.  For that reason, it is important to utilize the best encryption methods, and even then, to avoid putting out sensitive information when possible.

 

The Dangers of Weak Cryptography

For one who is not well-versed in “cryptography,” hearing the word might simply bring to mind the language game Pig Latin. However, Singh is trying to convey, in layman’s terms, that cryptography is not a child’s game for all; in Mary Queen of Scots’ case, it was literally an instance of life or death. The issue at hand is that while encryption is meant to show that one's guard is up, it actually creates a false sense of security when utilized poorly.

For instance, there has been a time in every person’s life when he or she whispered something to a neighbor in the hopes of keeping the message a secret. Unbeknownst to them, spectators who speak the same language were either able to eavesdrop and hear the secret or possibly even lipread bits and pieces. Yet, to the two that were whispering in their own world, it was as if they had been speaking a foreign language. Babington and Mary were in this same little world, where they had a false sense of reality and security. As Singh stated, this was honestly an unfortunate time for Mary to be communicating through cryptography because the first true cryptanalysts were emerging. The two did little to alter their patterns and believed that only they could read what was intended for one another. The problem is, in an ever-changing world, it is naive to think that one should not have to adapt to remain undiscovered. Like two people whispering, Babington and Mary let their guard down at a critical point of their mission

By trusting her basic encoding system at an essential turning point in the history of cryptanalysis, Mary left herself vulnerable to decryption and was caught openly aligning with the rebels attempting to free her. Had she been writing without encryption, she would not have directly given her blessing for the assassination. Singh wants other cryptographers to be aware that they cannot expect to simply lay encryption over their messages like some form of a safety blanket. If a message is truly meant to be a secret, cryptographers should work to ensure that their ciphers are unbreakable.

Page 1 of 3

Powered by WordPress & Theme by Anders Norén