I have struggled to find a lot of information about my topic. There is not a problem in finding sources of information: I have 10 sources that are very good. Sifting through and combining them into relevant and on topic information is not a problem either. Most of the information can be condensed from how the sources presented it. I have researched all aspects of it from the stages to developing the chips, how they actually work, how security elements work within them, the present applications and the future applications. I have even extended to as far as to comparing the uses of NFC chips with QR codes and as to why one would be better than the other. I have also examined the possible security risks and benefits to the present uses of near field communication chips as well as to the future uses of the near field communication chips. The most challenging part is making sure I meet the word count requirements. I do understand that there has to be some substance there but I also believe that saying something simply is better than being too wordy. The most enjoyable part of my project is researching current and future uses of the NFC chips. This is because I realize how technology is going to advance and converge in the future, it is rather exciting.
For this project, I chose to write about the Internet of Things (IoT) and smart devices. My system was to first create an outline of how I wanted to structure my paper. Here I got into detail about what specific questions needed to be researched. It should start with a general explanation of what the Internet of Things actually is and how it affects our lives now and how it will do so in the future. Since I will also be talking about smart devices, I will discuss how our smart devices already communicate with each other and what types of new devices are being developed that will further increase and improve this machine to machine communication. I also wrote out a clear thesis so I can focus on what I am actually arguing and avoid getting side tracked. Now that I have the structure I just need to write out the paper. What I still need to do is finalize my research so I can organize the rest of my argument. The most challenging part was finding scholarly papers on my topic, it was much easier to find informative articles on blogs instead. The best part was doing all the research and learning a lot more about the Internet of Things.
Option 1 - What connections do you see between the documentary Citizenfour and your practical cryptography paper topic? In what ways, if any, do you plan to approach your final paper differently, given what you saw in Citizenfour?
Option 2 - Describe and reflect on your process for writing your practical cryptography paper. What steps have you taken? What's left to do? Which parts of the process have been most challenging and why? Which parts have been more enjoyable and why?
Please (1) give your post a descriptive title, (2) assign it to the "Student Posts" category, and (3) give it at least three useful tags. Your post is due by 8 a.m. on Wednesday, December 3rd.
Here's a nearly final version of the rubric I'll use to grade your practical cryptography papers: Paper #3 Rubric [PDF]. I say "nearly" because I reserve the right to tweak the rubric once I start grading your papers. This version should, however, give you a good sense of what I'm looking for in these final papers. If you have any questions about the rubric, please feel free to ask.
As a reminder, here's what I said about your final paper in the syllabus. All of this is still relevant to the assignment.
For your final assignment, you will contribute a chapter to an online guide to practical cryptography written by our class. Each chapter will focus on one way that cryptography is (or could be) relevant to the digital life of a college student in 2014. You might address one of the ways that cryptography is embedded in the computer systems we already use (e.g. how credit card information is encrypted by websites) or explain how to better protect one’s online privacy by adopting new practices (e.g. sending and receiving encrypted emails). Your chapter will have an expository component, in which you explain cryptographic and/or mathematical processes in ways a fellow student can understand, and an argumentative component, in which you make the case for why a fellow student should care about the topic you’ve chosen.
Your chapter should be between 2500 and 3000 words in length, and it will be graded on the strength and clarity of your arguments as well as the effectiveness of your technical explanations.
Just before Thanksgiving break, I asked you to spend some time reflecting on lessons you've learned this semester about keeping secrets, given all the examples of cryptography and cryptanalysis we've seen this fall. Here's what you came up with:
Here's the same list, without all the nonlinear connections:
- You can't keep secrets forever.
- Someone will break your cipher.
- You don't know how clever the enemy is.
- Change ciphers frequently.
- One of your allies will screw up / betray you.
- Minimize errors through simple systems.
- Keep your circle of allies small. (Trust
- Persistence / computing power will defeat you.
- Assume the worst. Double check.
- Use discretion in your plaintext.
- Kerckhoff's Principle: The strength of your system shouldn't depend on keeping its mechanics secret.
- Schneier's Principle: Use a system lots of people have tried to break.
- Prioritize your secrets. Which secrets? From whom?
- Minimize ciphertext.
Be sure to draw on these lessons learned in your final papers on practical cryptography!
As I mentioned in class, you'll want to use reputable and scholarly resources for your final paper. I've listed several categories of resources below, along with examples of each.
- Security experts, like Bruce Schneier
- Journalists that cover security and privacy, like Kashmir Hill and Nicole Perlroth
- News organizations with security coverage, like WIRED's Threat Level blog
- Interest groups, like the Electronic Frontier Foundation, with the caveat that such groups have natural biases
- Official statements from companies, like Apple's policy on government information requests
For more scholarly sources, check Google Scholar or the Vanderbilt Library's Database Search. For the latter, I recommend selecting a subject (e.g. Business) and leaving the search field blank. For most subjects, you'll receive a list of key databases for that subject. Open the database to search by keyword for articles relevant to your paper.
From last week's brainstorming sessions for the Practical Cryptography class project...
What topics might we include in this guide? What do you want to learn about? What might your fellow students be interested in learning? What should they know about cryptography?
- Deep Web and privacy
- University censorship
- Online shopping security
- Phishing: VUIT, sports
- School tech policies
- Take advantage of / not get taken advantage of
- University data mining
- Online / cell phone tracking
- Twitter hacking
What tools might we use to produce this guide? Diigo, WordPress, Twitter, others? Consider both production and distribution phases.
- Twitter: for publicity, mention @vanderbiltu
- WordPress: Dedicated site and URL
- Diigo: topic ideas, shared references
Related: How should we tell Vanderbilt students about the guide? How can we get the word out, either during or after production?
- Pyramid scheme
- Some kind of event re: 1 or more topics
- Email all students?
- Tree posters with QR codes
- Commons email
- VU Facebook / VU News
What timetable should we follow to produce this guide? Notable dates: 11/24-28 is Thanksgiving Break. 12/3 is the last day of classes. 12/6 is the date of our “final exam.”
- Topics by Monday, November 17th
- Spring: (more) publicity
How might we use class time productively over the next few weeks?
- Discuss / brainstorm topics
Writing days (e.g. “Can you read this?”)
You're writing a guide to practical cryptography. Let's hear some possible chapter titles.
|A torr way of life|
|The Cloud is Leaking|
|The Darkness of the Deep Web|
|How to be nowhere|
|Is your password strong enough?|
|How to wear an invisibility cloak online|
|What does the government know about you?|
|How secure are your passwords?|
|Hacking into Emails 101|
|Rebooting Your iPhone Just Might Save you Jail Time|
|Navigating the Dark Web|
|Censorship: What you can and can't say on campus|
|Hacking Emails 102|
|RSA: How does it really work?|
|How To Be Nowhere: Avoiding Government Tracking|
|Who's watching you?|
|Leave No Trace: Avoid Being Tracked|
|Instead of "The Cloud is Leaking," why not say "raining"?|
|Don't Lose Your Life Savings Trying to Get a Discount: Staying Safe When Shopping Online|
|Cookies are not to eat|
|Don't Take the Bait: Preventing Phishing Attacks|
|Cookies are not all bad.|
|Cookies are not to eat.|
|Thinking a cookie is chocolate chip when it's actually oatmeal raisin leads to sadness|
|Phishing: trying to get any type of personal information about someone over the internet by pretending to be a reliable source|
|Axciom: The Next Frontier of Privacy Invasion|
|XKeyscore: The previous frontier of privacy invasion|
|Canadian Netflix Has Downton Abbey: A Beginner's Guide to Using Proxy Servers|
|Avoiding Online Price Discrimination: Trash your Cookies|
Here's a digital copy of the study guide for Friday's math exam: Math Exam Study Guide (PDF). Included is a list of learning objectives addressed by the math exam, along with a dozen practice problems. And here are solutions to those practice problems: Solutions to Practice Problems (PDF).
Update: Hey, look, More Practice Problems!
During class last week, we held a debate on the following proposition:
The US government should be given wide latitude to use electronic surveillance in the interests of national security, even if that means citizens' privacy is not always respected.
We've discussed this proposition several times during the course, notably on the first day of class, when we discussed Edward Snowden's revelations about the NSA, and then a few weeks ago, during our class sessions on Cory Doctorow's novel Little Brother. Last week, we read Simon Singh's treatment of the issue in his book, The Code Book, and so it was time for a proper debate.
Before class, students were asked to make arguments for or against the statement in blog posts. You can read all of those blog posts here.
During class, six students volunteered to debate. Three were randomly assigned to the "PRO" side (security), three to the "CON" side (privacy). Each side had ten minutes to prepare opening arguments, then five minutes each to present opening arguments. Then the jury, consisting of three other students, evaluated the strength of the arguments made and gave each team of debaters feedback. That lead into round two, during which each side responded to the arguments made by the other side during the first round.
How did the debate play out? See this Google Doc capturing the main points of the debate, with notes taken by two of our three notetakers. The third notetaker live-tweeted the debate using the course Twitter account, @practicalcrypto. Below, you'll find a collection of those tweets, which were more entertaining than expected.
As I said at the end of the debate, if we had a bit more class time, we could have brainstormed some compromise solutions that responded to concerns of both sides. We might still come back to that, depending on how the last few weeks of the class go.
The US government should be given some latitude to infringe on citizen's privacy when it comes to national security. The reason I say some latitude is because this should only pertain to national security, not to daily breaking of laws.
Singh identified on page 293 that privacy for ordinary people has never entailed cryptography until recently. That is because exchanges between people have not been in a public space (the internet) until the internet was available to everyone. Singh also said on page 250 that the government weakened the encryption so that the average person cannot hack it and only they can. There has to be a sense of privacy for the citizens while maintaining security for the country.
The government should be able to computer based algorithms to intercept certain keywords on electronic media that may indicate a national threat. This process should be done by a computer with no human interaction, however, once a threat has been flagged it would allow someone to evaluate whether intervention is necessary. The government employees should not be allowed to individually eavesdrop on standard communications without a warrant, but if it is computer automated it should be allowed. If the infraction is anything that is not a national security issue, it should be ignored, no matter how severe the law being broken. This discrepancy should keep a balance between security and privacy.
At the end of the day we all have to trust our government; As long as the government is out to protect our national security and not to prosecute the citizenry, the balance will work.