• "History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did."

    Bruce Schneier, "Why Cryptography Is Harder Than It Looks", 1997

  • “Assurance is best addressed during the initial design and engineering of security systems, NOT as an after market patch. The earlier you include a security architect in your design process, the greater the likely hood of a successful and robust design. As the quip goes, he who gets to the (module) interface first wins.”

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008

  • Build-in Security: Ensure that security is considered and built into the design of new infrastructure, so that our critical assets are protected from the start and more resilient to naturally-occurring and deliberate threats throughout their life-cycle."

    Obama-Biden Plan, Agenda: Homeland Security, December 2008

  • “We are a cyber nation. The U.S. information infrastructure--including telecommunications and computer networks and systems and the data that reside on them--is critical to virtually every aspect of modern life. This information infrastructure is increasingly vulnerable to exploitation, disruption, and destruction by a growing array of adversaries.”

    The National Coordination Office (NCO) for Networking Information Technology Research and Development (NITRD), Federal Register: December 30, 2008 (Volume 73, Number 250).

  • “When will we be secure? Nobody knows for sure – but it cannot happen before commercial security products and services possess not only enough functionality to satisfy customers’ stated needs, but also sufficient assurance of quality, reliability, safety, and appropriateness for use. Such assurances are lacking in most of today’s commercial security products and services.”

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", 2005

  • "But conventional security is not enough. The complexity of today's operational environment means organisations must embrace a level of business resilience that is normally associated with the protection of critical national infrastructure."

    Detica, a BAE Systems Company

  • “The current way which organisations approach security can be recognised as an underlying market failure which consists of fire fighting security problems, silo'd implementation of technologies, uncontrolled application development practices and a failure to address systemic problems. Organisations tend to deal with one problem at a time that results in the deployment of point solutions to treat singular problems. This failure is typical of an uncontrolled marketplace evolving with little or no co-ordination.

    The British Government’s Technology Strategy Board, 2008

  • “Never underestimate the attention, risk, money and time that an opponent will put into reading traffic.”

    Robert Morris, former Chief Scientist of the US National Security Agency (NSA), National Computer Security Center, "Crypto '95 invited talks by R. Morris and A. Shamir", 1995

  • “Given today’s common hardware and software architectural paradigms, operating systems security is a major primitive for secure systems – you will not succeed without it. This area is so important that it needs all the emphasis it can get. It is the current ‘black hole’ of security.”

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

  • “The time needed to factor an RSA integer is the same order as the time needed to use that same integer as modulus for a single RSA encryption.   In other words, it takes no more time to break RSA on a quantum computer (up to a multiplicative constant) than to use it legitimately on a classical computer.”

    Professor Gilles Brassard,  "Quantum Information Processing: The Good, the Bad and the Ugly", 1997

  • “The more complex the threats become, the more you have to do the basics and groundwork really well. Staying aware and on top of new vulnerabilities and ensuring that patches and software updates are rapidly implemented is crucial.”

    Jeff Shipley, Cisco Intelligence Collection Manager, Cisco 2008 Annual Security Report

  • The software security industry today is at about the same stage as the auto industry was in 1930" ... "it looks fast, goes nice but in an accident you die.” ... "The major shortfall is absence of assurance (or safety) mechanisms in software. If my car crashed as often as my computer does, I would be dead by now."

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

  • "There is a good chance that large quantum computers can be built within the next 20 years.  This would be a nightmare for IT security if there are no fully developed, implemented, and standardized post-quantum signature schemes."

    Prof. Johannes Buchmann, et al, “Post-Quantum Signatures”, Oct 2004, Technische Universität Darmstadt

Resources Security bibliography Biographies biography: European Network of Excellence for Cryptography (ECRYPT)
biography: European Network of Excellence for Cryptography (ECRYPT)
Security bibliography - Biographies
Full Name: European Network of Excellence for Cryptography (ECRYPT)
Website: http://www.ecrypt.eu.org/
Associated with:
Best known for: the eSTREAM Competition which run during ECRYPT-I
ECRYPT-I: ECRYPT-I started on 1 January 2004.  ECRYPT-I was a European FP7 program that coordinated over 32 organisations including Ericsson AB (Sweden)France TelecomGemaltoIBM Research GmbH (Switzerland)MasterCard Europe sprl (Belgium)Vodafone Group Services Ltd (UK) and over 20 leading European universities
ECRYPT-II:

ECRYPT-II started on 1 August 2008. ECRYPT-II is a 4-year network of excellence funded within the Information & Communication Technologies (ICT) Programme of the European Commission's Seventh Framework Programme (FP7) under contract number ICT-2007-216646. It falls under the action line Secure, dependable and trusted infrastructures.  It has 11 core partners and more than 20 adjoint members to the network who will closely collaborate with the core partners.

Katholieke Universiteit Leuven, Belgium (Co-ordinator)
École Normale Supérieure, France
Ruhr-Universität Bochum, Germany
Royal Holloway, University of London, UK
Università degli Studi di Salerno, Dipartimento di Informatica ed Applicazioni, Italy
University of Bristol, UK
France Telecom R&D, France
IBM Research GmbH, Switzerland
Technische Universiteit Eindhoven, the Netherlands
Graz University of Technology, Austria
Ecole Polytechnique Fédérale de Lausanne, Switzerland
Virtual Lab: The first target for the efforts of the (ECRYPT-II) SymLab is the development of secure and efficient hash functions; a task that will require considerable input from industry and academia alike. A second goal of the SymLab will be to address the development of lightweight cryptographic primitives as a fundamental foundation to ambient technology.
Virtual Lab: A second target for the (ECRYPT-II) MAYA efforts is to improve our knowledge on the hardness of the computational problems that are used as underlying assumptions to provide security. This work will also include the study of new cryptanalytic techniques and new mathematical primitives that would also be viable in a world with quantum computers.
Notes:
Publications: ECRYPT-1 Yearly Report on Algorithms and Key Lengths (2007-2008)
 
This website uses cookies to manage authentication, navigation, and to provide you with a better and more personal service. By continuing to use this website, you are consenting to this use. Find out more here.

image Introduction to synaptic Laboratories global cyber safety and Security status 2012 Cyber Security Technical Problems, Drivers and Incentives Video Presentation by Brian Snow

"Synaptic Laboratories is a rare company; they tackle the hard problems! Their basic approach is directly relevant to Governments and/or any commercial companies that deploy products that must function correctly in high-risk environments. They differ from most competitors in that not only do they work hard to get the concepts right, they also work very hard to assure the implementation is correct and robust as well."

Related Items

 

 

 

 

 

 

 

Universal Transaction System