Essays on Coercion and Signaling in Cyberspace

Jun, Dahsol

January 2024

This dissertation explores how coercive diplomacy works in cyberspace through three interrelated papers, each titled, Coercion in Cyberspace: A Model of Encryption Via Extortion, Variation in Coercion: Costly Signals That Also Undermine Attack Effectiveness, and Seeking Clarity In A Domain of Deception: Signaling and Indices in Cyberspace. As more strategic actors seek to employ cyber weapons as an important part of their military arsenal, refining the theory of cyber coercion is becoming more important in understanding coercive diplomacy and crisis dynamics in cyberspace. Although existing cyber conflict literature argues that cyber weapons make poor tools of coercion, the current theory does not necessarily match important empirical instances of successful coercion using cyber means, such as the ransomware and data extortion. This dissertation seeks to close this gap between theory and practice by specifying the conditions under which cyber coercion works. Relatedly, the dissertation also explores the conditions under which costly signaling works in conveying such coercive threats. The first paper presents a formal model of cyber coercion that relies on data encryption, as a means of explaining why cyber weapons often rely on a different coercive logic. Coercion in International Relations is often conceptualized as the threat to hurt used in reserve, applied in settings such as the use of nuclear weapons or strategic bombing. However, history is ripe with instances of a different logic of coercion that relies on the application of costs up front, followedby a promise to stop. Application of such a coercive logic can be seen in instances such as sanctions, hostage-taking, and sieges. Existing literature argues that cyber weapons make poor tools of coercion, however this only examines cyber weapons under the first logic. However, cyber weapons, when examined under the second logic, are often quite successful, as the prevalence of the ransomware threat demonstrates. This paper specifies the conditions under which coercion using data encryption works in light of the second logic, and what unique commitment problems can undermine coercion in this situation. By applying costs up front, some cyber weapons resolve a key strategic dilemma in which conveying specific information regarding how the attack will unfold can allow the defender to take mitigations that render the planned attack useless. The second paper complements the first paper by presenting a formal model that explores the first logic, and specifies the conditions under which cyber coercion relying on the threat to hurt used in reserve works. A key theory in the existing cyber conflict literature argues that cyber weapons make poor tools of coercion due to the “cyber commitment problem," in which a coercer faces a tradeoff between the need to credibly demonstrate specific capability to follow through with a threat, versus the propensity of the defender to use such information to adopt countermeasures. This tradeoff is not necessarily unique to cyberspace, but applicable to technologies that rely on degrees of deception for attack effectiveness, such as submarine warfare. I present a formal model motivated by cyber weapons but applicable to a broad range of technologies in International Relations, showing that the severity of this tradeoff is not constant but varies depending on exogenous factors, such as the probability that a defensive countermeasure can successfully neutralize a threatened attack. When the probability is high, this shrinks the range of costly signals that a coercer can send to maintain a separating equilibrium, however it does not necessarily mean that costly signaling is not possible. This paper formalizes and expands the logic behind the “cyber commitment problem" and shows that coercion can sometimes work even under the first logic. The third paper examines the role of indices – or observations that are believed to be hard to deceive as opposed to overt signals of intent – in coercive diplomacy and crisis communications in cyberspace. Because actors acting in and through cyberspace have yet to come to a clear shared meaning as to what certain actions in cyberspace conveys in terms of intent and/or resolve, the tendency to instead rely on independent observation and assessment of “indices” to interpret these actions are more pronounced in cyber conflict. This paper uses cybersecurity advisories routinely published by the Cybersecurity and Infrastructure Security Agency (CISA) to examine what kinds of indices were used by the U.S. government to make assessments about an attacker’s intent regarding restraint or escalation. Interestingly, the same kind of cyber attack, for example the malicious compromise of a water utilities facility, is interpreted differently as escalatory or accommodative depending on consideration of “situational indices" such as the larger geopolitical context and attribution to a particular state actor, beyond the technical facts. This paper assesses that indices are being used too broadly, even when they can be manipulated easily or are linked to perceptions and biases instead of facts. Such practices can lead to situations where the same costly signal sent by the sender in the context of coercive diplomacy or crisis communications can be interpreted differently by the receiver depending on the suite of indices they are relying on, raising the risk of misperception and crisis escalation in cyberspace.

International relations

Cyberspace

Cyberterrorism

Data encryption (Computer science)

Computer security

The security of quantum cryptography

Miller, Justin C.

01 January 2004

A common desire in today's world is that of security. Whether it is keeping your e-mail private or stopping the government from hacking into your computer, the idea behind cryptography is to communicate between two parties in different locations, and to secure this information from outsiders. During the last half century there have been numerous advances in encryption schemes and also in the machines that process such information. Modern encryption algorithms have become increasingly more complex with advances in computers and technology, and encryption algorithms such as RSA and DES have been presented as algorithms that have remained secure for decades. These recent advances in encryption schemes will be examined in the first part of this paper. On the other hand, because the security of classical ciphers relies on the secrecy of a key, advances in research and computing may begin to compromise the security of these cryptosystems, as quantum computers would be capable of mathematical calculations that could break many modern encryption algorithms. Unlike classical cryptosystems, quantum cryptography obeys the laws of quantum physics, resulting in a much stronger, provable security. Many great advances have come in recent decades, and the latter part of this paper deals with these advances as well as the phenomena of quantum physics, the evolution of quantum computing, and the study of quantum cryptography.

Mathematics

Network and system security in an information age

Scully, Michael N. B.

01 January 2000

In a time when networks are so readily interconnected around the world, computer security is a paramount concern for information technology professionals. As users, we regularly log onto terminals that are configured and maintained by others, running software developed by others, using operating systems with publicly known flaws, over networks connected by others, using protocols that were never constructed with security in mind. We rely on systems that we are forced to trust, connecting to remote systems we do not know, and only a finite minority of users has even the slightest conception of how these systems handle their information. Availability is the ultimate goal in providing usefulness and utility with an information system, but availability is also a detriment to system security. Avenues of availability are also avenues of potential data attack from malicious users or hackers. A certain level of confidentiality within data systems is necessary to assure the privacy of personal information as well as the secrecy of proprietary data. Users and information systems must be able to authenticate one another's identification while insuring transmissions between them remain unaltered in transit. This thesis is a discussion of network security considerations and network attack methodologies with respect to availability, confidentiality, and reliability. Network administrators must consider balancing these aspects in securing information systems.

Management Information Systems

High-performance advanced encryption standard (AES) security co-processor design

Tandon, Prateek

01 December 2003

see PDF

Data encryption (Computer science)

Data encryption (Computer science)

Designing authenication scheme for wireless sensor networks

Wang, Ke, 黃岢

January 2009

published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy

Data encryption (Computer science)

Sensor networks - Security measures.

Secure distribution of open source information

Rogers, Jason Lee

12 1900

Approved for public release, distribution is unlimited / Cryptographic protocols provide security services through the application of cryptography. When designing a cryptographic protocol, the requirements are, often, specified informally. Informal specification can lead to incorrect protocols from misinterpreting the security requirements and environmental assumptions. Formal tools have been shown to reduce ambiguity. In this paper, a cryptographic protocol, called the Secure Open Distribution Protocol (SODP), is developed to provide authentication services for open source information. A formal development process is proposed to aid in the design of the SODP. The Strand Space method has been selected as the formal mechanism for specifying requirements, architecting a protocol design, and assuring the correctness of the protocol. First, the informal authentication requirements are modeled as agreement properties. Next, Authentication Tests, a Strand Space concept, are introduced to aid in the design of the SODP. Finally, a formal proof is constructed to assure that the SODP has satisfied all requirements. The result of the development process proposed in this paper is a cryptographic protocol that can be used to securely distribute open source information. Also, the Strand Space method is demonstrated as a viable option for the formal development of a cryptographic protocol. / Civilian, Federal Cyber Corps

Cryptography

Data encryption (Computer science)

Computer security

Data protection

Formal methods

Protocol analysis

Cryptography

Best practice strategy framework for developing countries to secure cyberspace

12 November 2015

M.Com. (Informatics) / Cyber issues are global phenomena in a world of inter-related systems, and as such, the discussion on cybersecurity frameworks, policies and strategies inevitably requires reference to, and benchmarking with regional, continental and global trends and solutions. This, in the context of the effects of globalisation on developing countries, with specific reference to areas such as Africa as a developing continent with regard to the protection of its cyberspace. More drastic measures, such as the utilization of cyber warfare techniques and pre-emptive cyber strike-teams in addition to traditional cybersecurity mechanisms as an essential part of a national security effort to protect cyberspace has become more prevalent within the developed worlds. Likewise, developing nations need to gear themselves in a structured, coordinated and responsible way in order to do their part to secure their own environments. Cyberspace is a dynamic global environment with cyber related issues being a global concern. Although countries generally regulate their own cyber environment through policy; cross-border cyber issues are difficult to resolve and the lack of international cyber laws impede cybersecurity efforts. Cybercrime and the management of cross-border cyber incidents are becoming a growing national security concern as the lack of effective controls leave critical infrastructure and the cyber-connected environment vulnerable to attack. Some developing countries are on track with the maturity of their cybersecurity initiatives, but appropriate cybersecurity frameworks for many developing countries require careful consideration, especially due to the lack of resources, infrastructure and local technology development capabilities.

Computer networks - Security measures

Data encryption (Computer science)

Cyberspace - Security measures

Cyberterrorism - Prevention

Information warfare - Prevention

Design and analysis of key establishment protocols

Unknown Date

Consider a scenario where a server S shares a symmetric key kU with each user U. Building on a 2-party solution of Bohli et al., we describe an authenticated 3-party key establishment which remains secure if a computational Bilinear Diffie Hellman problem is hard or the server is uncorrupted. If the BDH assumption holds during a protocol execution, but is invalidated later, entity authentication and integrity of the protocol are still guaranteed. Key establishment protocols based on hardness assumptions, such as discrete logarithm problem (DLP) and integer factorization problem (IFP) are vulnerable to quantum computer attacks, whereas the protocols based on other hardness assumptions, such as conjugacy search problem and decomposition search problem can resist such attacks. The existing protocols based on the hardness assumptions which can resist quantum computer attacks are only passively secure. Compilers are used to convert a passively secure protocol to an actively secure protoc ol. Compilers involve some tools such as, signature scheme and a collision-resistant hash function. If there are only passively secure protocols but not a signature scheme based on same assumption then the application of existing compilers requires the use of such tools based on different assumptions. But the introduction of new tools, based on different assumptions, makes the new actively secure protocol rely on more than one hardness assumptions. We offer an approach to derive an actively secure two-party protocol from a passively secure two-party protocol without introducing further hardness assumptions. This serves as a useful formal tool to transform any basic algebric method of public key cryptography to the real world applicaticable cryptographic scheme. In a recent preprint, Vivek et al. propose a compiler to transform a passively secure 3-party key establishment to a passively secure group key establishment. To achieve active security, they apply this compiler to Joux's / protoc ol and apply a construction by Katz and Yung, resulting in a 3-round group key establishment. In this reserach, we show how Joux's protocol can be extended to an actively secure group key establishment with two rounds. The resulting solution is in the standard model, builds on a bilinear Diffie-Hellman assumption and offers forward security as well as strong entity authentication. If strong entity authentication is not required, then one half of the participants does not have to send any message in the second round, which may be of interest for scenarios where communication efficiency is a main concern. / by Kashi Neupane. / Thesis (Ph.D.)--Florida Atlantic University, 2012. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2012. Mode of access: World Wide Web.

Computer networks--Security measures

Computer network protocols

Data encryption (Computer science)

Cryptography in the presence of key-dependent messages

Unknown Date

The aim of this work is to investigate a security model in which we allow an adversary to have access to functions of the secret key. In recent years, significant progress has been made in understanding the security of encryption schemes in the presence of key-dependent plaintexts or messages (known as KDM). Here, we motivate and explore the security of a setting, where an adversary against a message authentication code (MAC) or signature scheme can access signatures on key-dependent messages. We propose a way to formalize the security of message authentication schemes in the presence of key-dependent MACs (KD-EUF) and of signature schemes in the presence of key-dependent signatures (KDS). An attack on a message recognition protocol involving a MAC is presented. It turns out that the situation is quite different from key-dependent encryption: To achieve KD-EUF-security or KDS-security under non-adaptive chosen message attacks, the use of a stateful signing algorithm is inevitable even in the random oracle model. After discussing the connection between key-dependent signing and forward security, we describe a compiler which lifts any EUF-CMA secure one-time signature scheme to a forward secure signature scheme offering KDS-CMA security. Then, we discuss how aggregate signatures can be used to combine the signatures in the certificate chain used in the compiler. A natural question arises about how to combine the security definitions of KDM and KDS to come up with a signcryption scheme that is secure. We also offer a connection with Leakage-Resilient Signatures, which take into account side-channel attacks. Lastly, we present some open problems for future research. / by Madeline Gonzalez. / Thesis (Ph.D.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.

Cryptography--Data processing

Digital signatures

Computer security

Data encryption (Computer science)

Software protection

Quantum Circuits for Cryptanalysis

Unknown Date

Finite elds of the form F2m play an important role in coding theory and cryptography. We show that the choice of how to represent the elements of these elds can have a signi cant impact on the resource requirements for quantum arithmetic. In particular, we show how the Gaussian normal basis representations and \ghost-bit basis" representations can be used to implement inverters with a quantum circuit of depth O(mlog(m)). To the best of our knowledge, this is the rst construction with subquadratic depth reported in the literature. Our quantum circuit for the computation of multiplicative inverses is based on the Itoh-Tsujii algorithm which exploits the property that, in a normal basis representation, squaring corresponds to a permutation of the coe cients. We give resource estimates for the resulting quantum circuit for inversion over binary elds F2m based on an elementary gate set that is useful for fault-tolerant implementation. Elliptic curves over nite elds F2m play a prominent role in modern cryptography. Published quantum algorithms dealing with such curves build on a short Weierstrass form in combination with a ne or projective coordinates. In this thesis we show that changing the curve representation allows a substantial reduction in the number of T-gates needed to implement the curve arithmetic. As a tool, we present a quantum circuit for computing multiplicative inverses in F2m in depth O(mlogm) using a polynomial basis representation, which may be of independent interest. Finally, we change our focus from the design of circuits which aim at attacking computational assumptions on asymmetric cryptographic algorithms to the design of a circuit attacking a symmetric cryptographic algorithm. We consider a block cipher, SERPENT, and our design of a quantum circuit implementing this cipher to be used for a key attack using Grover's algorithm as in [18]. This quantum circuit is essential for understanding the complexity of Grover's algorithm. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2016. / FAU Electronic Theses and Dissertations Collection

Artificial intelligence

Computer networks

Cryptography

Data encryption (Computer science)

Finite fields (Algebra)

Quantum theory