In continuation of our series of articles about Digital Rights Management Technologies. This is the second technology we shall cover. The first technology article can be found here CPRM.

Digital Rights Management (DRM)

DRM – Is one of the access control technologies created for copyright holders and publishers to limit usages of digital media. It came into picture as copyright holders wanted to prevent unauthorized duplication for their work to generate revenue continuously. All major content provider companies are using some form of this technology e.g. Sony, Apple, Microsoft, BBC, etc. to name a few.

DRM operates on three levels: for the piece of content establish a copyright, for this content manage the distribution and then finally control what the consumer can do with this distributed-copyrighted-content. To establish this level of control following entities are involved: user, content, usage rights and the relationship between them.

List of actions covered by DRM is huge but at high level they can be categorized into following:

1. When is the content available for consumption
2. On how many devices can the content be consumed and if it can be passed between devices or not
3. How many times the content is consumed or expiration date
4. How long will the content be available for consumption
5. Can the user backup and restore the license of the content

DRM systems work basically on content being secured by public key encryption processing where the encryption key has two parts (Public Key, Private Key) that are bound by a special mathematical property. This property allows encryption of the data with one part of the key and decryption with the other part. A high level representation of typical DRM system is shown below:

Anurag wants to buy a piece of media content (music track or video clip) from an online store. As first step Anurag sends his Public Key to the Content server. The content server in turn sends this public key and appropriate media to the DRM gateway. Abhishek pays the appropriate amount of money to the DRM gateway depending on the type of usage rights he wishes to acquire. The DRM gateway then creates an encrypted package of media file and the usages rights. This package is encrypted using the Public Key sent by Anurag. This package is then sent to Anurag who can decrypt the package using his private key. The usages rights acquired by Anurag dictate how the content gets played. Now suppose Anurag forwards the content to his friend Amit. Amit cannot decipher the package unless the package is encrypted with Amit’s public key upon which he can decipher the package and consume the content. For this Amit will have to use the same procedure as followed by Anurag and pay to the DRM gateway to get the desired encrypted package. As can be seen in this example the media rights are limited to the legitimate users.

Coming back to the whole DRM process, the commonly deployed scheme has following components:

1. Content Packaging – Digital media files are encrypted and locked with a key and packaged by DRM. The key is kept with encrypted license and distributed separately. All needed informations are also added in media file viz. how to acquire the license, from which location to acquire this, etc. The packaged media file is saved into a suitable format which can be played by the user on supported devices.
2. Content Distribution – Packaged contents are placed on content server on the web for download. Packaged contents can be downloaded, streamed, distributed on a CD, etc. DRM also ensures super distribution too.
3. Establishing a License Server – Content provider works with DRM Gateway or license server to store license having all the rules and specific rights with that content. DRM Gateway implements all license services and authenticate user’s request for a license. Digital media files and license are stored and distributed separately so that entire DRM system can be managed easily.
4. Acquiring License – Once user gets packaged media file he must have to acquire the license key to unlock the content and play. License acquiring process can start either when user gets the protected content or plays the media file for the first time. He might have the predelivered license too. DRM ensures that license is getting acquired and content provider is getting paid.
5. Playing Media file - Media file will only be played on a media player as per the rules and regulation of the license acquired for the content and the player must support DRM. License usually have different right viz. start times, dates, duration, number of times the content will be played, to play the file on a specific device and copy that to another portable device, how many times content can be copied to another device, etc. Licenses can’t be transferred that’s why if a packaged file is forwarded to a friend, he must have to acquire his or her own license to play that content. By this way DRM ensures that packaged media file can only be played by the device for which license key was granted.

A typical DRM processes and schematic can be represented as below:

Let’s break here for now and we shall continue this discussion in the next part of this article.

To be concluded…

Thanks,

Abhishek Anurag.

This blog is authored by Rohit Pandharkar a fellow CRYPTOcrat.  Rohit is currently pursuing his under graduate studies at College of Engineering Pune. He has great interests in Cryptography, Mathematics and at this early stage has already published couple of research papers related to Cryptography.

You can find more information about Rohit on his LI Profile.

Introduction:

Adi Shamir’s Three Pass Protocol was proposed around 1980 is a creative thought of using commutative property of certain mathematical functions. It calls for 3 passes between Alice and Bob for communicating certain message ‘x’. It enables the message to be transferred from first party to the other without exchanging any encryption keys.

Here is a quick summary of Shamir’s idea:

Pass 1: A to B-Transmission of a masked message ‘x’ from Alice to Bob

Pass 2: B to A- Introducing a contribution/impression from Bob’s end

Pass 3: A to B-Alice removes the mask on the original message ‘x’ that she had introduced but the imprint inserted by Bob still prevents it from being revealed.

After Pass 3: Bob removes this imprint after the third pass, by a computation at his end.

This effectively, recovers the message ‘x’ as all masks have been removed now and since this recovery happens at Bob’s end, Eavesdropper E will not have access to ‘x’

Massey Omura Algorithm:

Let us now look at this well known algorithm based on Shamir’s protocol:

Alice and Bob agree over prime: ‘p’

Alice decides private keys: m,n such that m*n=k(p-1)+1, k: Integer, secret message ‘x’ < p

Bob decides private keys: M,N such that M*N=z(p-1)+1, z: Integer.

Passes:

Pass 1: Alice sends A = [x^m mod p] to Bob.

Pass 2: Bob raises A by ‘M’, and sends back B= [A^M mod p]

Pass 3: Alice raises this B by ‘n’ and sends C= [Bⁿ mod p] to Bob

At Bob’s end: Bob computes D=[C^N mod p]=‘x’ è Secret Message

The proof is very simple, based on Fermat’s little theorem, for details you may refer to the following link http://www.mathlab.cornell.edu/computer_and_portfolio/discrete/prime_power/

New Proposal:

As mentioned before the Massey Omura algorithm uses exponentiation of the part sent by Alice, Bob has to wait for Alice to send in the result of first pass. This dependency continues in the subsequent second pass, with roles reversed, and repeats in the third pass.

This adds an element of ‘wait period’ during processing and transmission. Secondly, Bob is required to carry out (x^m mod p)^M.

Now let’s look at a possible improvement in the processing above. The rationale for this improvement is as follows

1.      Is it possible for Bob to be ready with his imprint, even before the first pass is received, and immediately add it once Bob receives it?

2.      Is it possible to have simple multiplication by some (what we call) “Adulteration” rather than exponentiation for masking.

So here we go:

How about, having a Salting number - ‘y’, decided at Bob’s end, just like ‘x’, however, here ‘y’ need not really be a secret, but only a salting number used to add the so called adulteration. This apparently provides an affirmative answer to both the questions raised above.

Now the requirement is, the adulteration must also be cleaned-up after third pass, at Bob’s end, so that he unfurls the real hidden message.

All this sounds on the lines of Shamir’s core idea, however, we could use a multiplicative adulteration, instead of exponential masking used by Massey Omura.

The questions that need deeper research are -

1.      What are the possible constraints on the selection of salting number ‘y’ for using it as adulterating element?

2.      How to find the Multiplicative Inverse of ‘y’ to reveal the hidden message ‘x’ enabling us to clean-up the adulteration introduced? (to be done at Bob’s end after the third pass).

3.      Will that create symmetry issues? (Massey Omura is symmetric in terms of private key selection criterion for Alice and Bob.)

If you have answers, more questions or comments about this post please feel free to send in those using the “Comments” section below.

I shall leave this post unconcluded and in the following part we will look at a much detailed analysis which apparently is my proposal of this new algorithm. Stay tuned.

Update : 3rd August 2008

Continuing our previous discussion on this topic We will now look at the details of this proposed algorithms.

Selection of private Keys : Alice and Bob agree over a big prime ‘p’.

Decide over primes : Alice and Bob privately pick some large primes m and M respectively. Each also checks that their primes have no common factor with p-1. (Here p is the publicly known prime).

Solving Diophantine equations : Alice privately finds an integer n so that m+n=(p-1)z+1, where z is any integer. And Bob finds an integer N so that that M+N=(p-1) k, where k is any integer. Then, m and n are the private keys of Alice, and M and N are private keys of Bob.

Message and Secret number selection : Alice selects her message x and Bob decides his secret number y such that x<<p and y<<p.

The Scheme

The proof of the algorithm is based on the Fermat’s little theorem, where in ‘y   is the salting number used for multiplicative addition. Here, the powers of ‘y’ die down, (refer selection of M+N) and only a single power of ‘x’ survives because of Fermat’s little theorem. The introduction of salting number ‘y’ and multiplicative adulteration help us.

Questions answered by this technique

1.      Is it possible for Bob to be ready with his imprint, even before the first pass is received, and immediately add it once Bob receives it? Yes: The imprints can be based on powers of ‘y’ which Bob already knows.

2.      Is it possible to have simple multiplication by some (what we call) “Adulteration” rather than exponentiation for masking.

Yes, the above algorithm does so by multiplying by y^M and y^N

Now, answering further questions raised in the earlier part of the article:

1.      What are the possible constraints on the selection of salting number ‘y’ for using it as adulterating element?

y is an integer <p.

2.      How to find the Multiplicative Inverse of ‘y’ to reveal the hidden message ‘x’ enabling us to clean-up the adulteration introduced? (to be done at Bob’s end after the third pass).

The multiplicative inverse of y^M is indirectly, y^N by using Fermat’s little theorem.

3.      Will that create symmetry issues? (Massey Omura is symmetric in terms of private key selection criterion for Alice and Bob.)

Yes, it does, the selection of private keys by Bob and Alice does not use symmetric expressions.

If you have answers, more questions or comments about this post please feel free to send in those using the “Comments” section below.

Abstract

In this article, the Author will talk about identifying computationally intensive operations within classifications of algorithms, such as symmetric-key ciphers.  These operations require many instructions to implement when targeting a general-purpose processor.  The concept of instruction set extensions will be introduced to accelerate these operations by off-loading them to custom hardware attached to the processor’s datapath that is accessed via newly defined instructions in the processor’s control logic.

The article is authored by Dr. Adam Elbirt a long time CRYPTOcrat and who is currently working as an Assistant Professor at University of Massachusetts Lowell.

You can find more information about Dr. Elbirt on his LI Profile.

Creating A Symmetric-Key Crypto-Processor

Most algorithms can be broken down into a finite number of core operations.  When implementing an algorithm in software targeting a general-purpose processor, some core operations are easy to implement, requiring few instructions, while others are significantly more complex, requiring numerous instructions.  An example of a core operation easily implemented in software is key addition, typically achieved by bit-wise XORing a round key with data.    Examples of more complex core operations are bit-level permutations and long number arithmetic.  Numerous instructions are required because the datapath of a general-purpose processor does not directly support the implementation of these operations due to limited processor word size, the requirement that data be operated upon in bytes or multiple of bytes instead of bits, the lack of a required ALU unit, etc.

When using a general-purpose processor to implement symmetric-key cryptographic algorithms such as block ciphers, even the fastest software implementations cannot satisfy the required bulk data encryption data rates for high-end applications such as ATM networks which require an encryption throughput of 622 Mbps. As a result, hardware implementations are necessary for block ciphers to achieve this required performance level. Although traditional hardware implementations lack flexibility, configurable hardware devices offer a promising alternative for the implementation of processors via the use of IP cores in Application Specific Integrated Circuit (ASIC) and Field Programmable Gate Array (FPGA) technology. To illustrate, Altera Corporation offers IP core implementations of the Intel 8051 microcontroller and the Motorola 68000 processor in addition to their own Nios®-II embedded processor. Similarly, Xilinx Inc. offers IP core implementations of the PowerPC processor in addition to their own MicroBlaze^TM and PicoBlaze^TM embedded processors. ASIC and FPGA technologies provide the opportunity to augment the existing datapath of a processor implemented via an IP core to add acceleration modules supported through newly defined instruction set extensions targeting performance-critical functions. Moreover, many licensable and extendible processor cores are also available for the same purpose.

The use of instruction set extensions follows the hardware/software co-design paradigm to achieve the performance and physical security associated with hardware implementations while providing the portability and flexibility traditionally associated with software implementations. Moreover, when considering alternative solutions, instruction set extensions result in significant performance improvements versus traditional software implementations with considerably reduced logic resource requirements versus hardware-only solutions such as co-processors.  The idea is to “improve the wheel” rather than to “reinvent the wheel”.

Examples of instruction set extensions designed to improve the performance of cryptographic algorithms include those implemented to perform arithmetic over the Galois Field GF(2^m), usually targeting elliptic curve cryptography (ECC) systems. Word-level polynomial multiplication was shown to be the time-critical operation when targeting an ARM processor and a special Galois Field multiplication instruction resulted in significant performance improvement. Instruction set extensions targeting a SPARC V8 processor core and a 16-bit RISC processor core were used to accelerate the multiplication of binary polynomials for arithmetic in GF(2^m). An implementation targeting a MIPS32 architecture attempts to accelerate word-level polynomial multiplication through the use of Comba’s method of handling the inner loops of the multiplication operation. Numerous generalized Galois Field multipliers have also been proposed for use in elliptic curve cryptosystems. These implementations focus on accelerating exponentiation and inversion in Galois Fields GF(2^m) where m ? 160-256.

Instruction set extensions designed to minimize the number of memory accesses and accelerate the performance of AES implementations have been proposed for a wide range of processors. Extensions targeting a general-purpose RISC architecture with multimedia instructions yield strategies to implement AES using multimedia instructions while specifically attempting to minimize the number of memory accesses. While the processor is datapath-scalable, the strategies do not map well to 32-bit architectures. Extensions designed to combine the SubBytes andMixColumns AES functions into one T table look-up operation to speed up algorithm execution have also been proposed. However, the functional unit requires a significant amount of hardware to implement and cannot be used for either the final AES round (where the MixColumns function is not used) or key expansion (where the SubBytes function is used without the MixColumns function), and T table performance is heavily dependent upon available cache size. Extensions targeting the Xtensa 32-bit processor improve the performance of AES encryption but worsen the performance of decryption. An implementation targeting a LEON2 processor core combines the SubBytes and ShiftRows AES functions through the use of an instruction set extension termed sbox. Special instructions are also provided to efficiently compute the MixColumns AES function through the use of ECC instruction set extensions.

Clearly, the use of instruction set extensions allows existing processor technologies to be leveraged in combination with custom functionality to vastly improve the performance of the targeted algorithms.  However, even within classifications of algorithms, such as symmetric-key algorithms, a wide range of additional functionality may be required to accelerate the entire suite.  A trade-off analysis of hardware resource requirements versus expected performance improvement is critical when evaluating which core elements of each algorithm to accelerate via added hardware units.  Relevant references that review the discussed implementations are included below.

References

1. S. Bartolini, I. Branovic, R. Giorgi, and E. Martinelli, “A Performance Evaluation of ARM ISA Extension for Elliptic Curve Cryptography Over Binary Finite Fields,” in Proceedings of the Sixteenth Symposium on Computer Architecture and High Performance Computing - SBC-PAD 2004, Foz do Igua¸cu, Brazil, October 27-29 2004, pp. 238-245.

2. J. Großchädl and G.-A. Kamendje, “Instruction Set Extension for Fast Elliptic Curve Cryptography Over Binary Finite Fields GF(2m),” in Proceedings of the Fourteenth IEEE International Conference on Application- Specific Systems, Architectures and Processors - ASAP 2003, The Hague, The Netherlands, June 24-26 2003, pp. 455-468.

3. J. Großchädl and E. Savas, “Instruction Set Extensions for Fast Arithmetic in Finite Fields GF(p) and GF(2m),” in Workshop on Cryptographic Hardware and Embedded Systems - CHES 2004, M. Joye and J.-J. Quisquater, Eds., Cambridge, Massachusetts, USA, August 11-13 2004, vol. LNCS 3156, pp. 133-147, Springer-Verlag.

4. J. Irwin and D. Page, “Using Media Processors for Low-Memory AES Implementation,” in Proceedings of the Fourteenth IEEE International Conference on Application-Specific Systems, Architectures and Processors - ASAP 2003, The Hague, The Netherlands, June 24-26 2003, pp. 144-154.

5. K. Nadehara, M. Ikekawa, and I. Kuroda, “Extended Instructions for the AES Cryptography and Their Efficient Implementation,” in Proceedings of the Eighteenth IEEE Workshop on Signal Processing Systems - SIPS 2004, Austin, Texas, USA, October 13-15 2004, pp. 152-157.

6. S. O’Melia, Instruction Set Extensions for Enhancing the Performance of Symmetric Key Cryptographic Algorithms, MSEE Thesis, University of Massachusetts Lowell, 2005.

7. S. Ravi, A. Raghunathan, N. Potlapally, and M. Sankaradass, “System Design Methodologies for a Wireless Security Processing Platform,” in Proceedings of the 2002 Design Automation Conference - DAC 2002, New Orleans, Louisiana, USA, June 10-14 2002, pp. 777-782.

8. S. Tillich and J. Großchädl, “A Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography Over Binary Finite Fields GF(2m),” in Proceedings of the Ninth Asia-Pacific Conference on Advances in Computer Systems Architecture - ACSAC 2004, Beijing, China, September 7-9 2004, vol. LNCS 3189, pp. 282-295, Springer-Verlag.

9. S. Tillich and J. Großchädl, “Accelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography,” in International Conference on Computational Science and Its Applications - ICCSA 2005, O. Gervasi, M. L. Gavrilova, V. Kumar, A. Laganà, H. P. Lee, Y. Mun, D. Taniar, and C. J. K. Tan, Eds., Singapore, May 9-12 2005, vol. LNCS 3481, pp. 665-675, Springer-Verlag.

10. S. Tillich and J. Großchädl, “Instruction Set Extensions for Efficient AES Implementation on 32-bit Processors,” in Workshop on Cryptographic Hardware and Embedded Systems - CHES 2006, L. Goubin and M. Matsui, Eds., Yokohama, Japan, October 10-13 2006, vol. LNCS 4249, pp. 270-284, Springer-Verlag.

11. S. Tillich and J. Großchädl and A. Szekely, “An Instruction Set Extension for Fast and Memory-Efficient AES Implementation,” in Proceedings of the Ninth International Conference on Communications and Multimedia Security - CMS 2005, J. Dittmann, S. Katzenbeisser, and A. Uhl, Eds., Salzburg, Austria, September 19-21 2005, vol. LNCS 3677, pp. 11-21, Springer-Verlag.

I am sure many of you, who are working or worked with NAC vendors, would love to hear this. After a lot of talk about NAC market being dead, Infonetics has taken a fresh view of NAC market and predicts strong forecast ahead. Ref: Reports of NAC’s death have been greatly exaggerated; market up 16% in 1Q08

According to the research report, NAC market jumped 16% in 1Q08 to $62.7 million which means $10 million more over the previous quarter.

Though NAC market is still dominated by out-of-band appliances mainly from Cisco and Juniper, Infonetics predicts shift towards Ethernet switch based NAC appliances and in-line (bump in the wire) products. It predicts that purpose-built products from Consentry Networks and Nevis Networks will make up 25% of the NAC market. Being an ex-Nevis employee, I am really happy to know this and wish that it happens!!

Comments welcome!!

AT&T is planning to offer security services to inspect and stop malicious traffic before entering the corporate network.
Ref: http://www.mercurynews.com/business/ci_9593411

In all these years service providers are always looked upon as just thick pipes that do their best to get every piece of data to customers. Fundamental question that arises here is should they be allowed to look into the traffic passing through their network? One of the intended use is to stop spams before reaching the corporate networks. According to AT&T, 80% of emails that it delivers is spam. Argument looks very attractive and seems logical to stop all digital debris, malicious content at backbone itself.

But what if ISPs misuse this power. There are endless possibilities. With so many sophisticated solutions available today, it’s not hard to dig more to characterize behavior of subscribers which then can be used for targeted content OR to keep particular traffic away. Remember Comcast delaying BitTorrent traffic generated enough flames!! This needs to be studied deeply from legal aspects.

Nevertheless, I feel this would open lot of opportunities for security vendors who are struggling to sell in crowded enterprise market.

Comments welcome!!

Near Field Communications is the RFID-based standard being built into mobile phones to allow them greater interaction with the physical world. NFC-enabled handsets can be used to pay for bus or train journeys, replacing existing contact less cards. They can read tags embedded in (Smart) posters that trigger a URL to be loaded or a phone number to be called.

At the recently concluded EUSecWest Conference in London Collin Mulliner demonstrated two most interesting hacks which involved replacing the NFC tag on a vending machine, and spoofing a URI in a Smart Poster to connect the user to somewhere other than they wished.

Sean Comeau conducted this interview with Collin Mulliner. The complete interview is available on this link. I am copying few interesting questions here.

…

Sean Comeau: What new threats exist against NFC services and phones?

Collin Mulliner: I’ve basically analyzed THE NFC phone available in Europe (the Nokia 6131 NFC) and found that it allows spoofing of RFID tag content. This is quite interesting since some of the European systems exactly use the part that is spoofable. I’ve also done some fuzzing on the Nokia 6131 NFC and found some smaller bugs.

I’ve also conducted a small survey of NFC systems that are in use in Germany and Austria. This should be quite interesting.

Sean Comeau: What kinds of things are possible when you can spoof tags?

Collin Mulliner: All of these attacks are based on the exploitation of the trust the user has in the RFID/NFC tags (e.g. because the user has used the system for some time and he know what to expect - if everything looks ok he will believe it is ok).

So now if an attack can tamper with these tags (there are multiple ways to do this - e.g. through using a sticky tag on top of the original tag or by modifying the original tag) the user can be tricked into doing things that are bad for him.

There are multiple SMS-based services in the field. These can be attacked because we can spoof the phone number so the SMS is send to a other phone number then the user expects (e.g. premium rate number - other attacks are possible too :-).

….

Sean Comeau: Have you been in contact with any members of the NFC member companies regarding these issues and if so what response have you received?

Collin Mulliner: I have extensive contact with Nokia. They already started fixing the spoofing issues. Nokia seems to care a lot about the issues I reported.

Our fellow CRYPTOcrat, Jan Brands, an expert in NFC security has generously provided few comments for this blog. Please find these comments in the “Comments” section below. Jan also sent us the link to the complete presentation about the experiment performed by Mulliner. It seems the experiment much more than the details given in the interview. You can download the presentation from this link.

Dr. Adam J. Elbirt will soon be unveiling his new book titled “Understanding and Applying Cryptography and Data Security” and has graciously provided us a snippet of what the book is all about. Here is what Dr Adam wrote to us.

There are numerous books available that present cryptography and data security concepts from a variety of perspectives. While useful as reference texts when examining specifics of cryptographic algorithm and protocol implementation, these texts tend to be written from a mathematics perspective versus engineering and computer science viewpoints. Even books such as Applied Cryptography, by Bruce Schneier, are not truly suited to classroom environments though they are written to be accessible to those with a less formal mathematics background. Moreover, mathematics-based books fail to provide real-world examples that span the implementation domains of hardware, software, and embedded systems. This book describes cryptography and data security from the “how do I implement the algorithms and protocols” point of view, with relevant examples and homework problems that will be coded in software languages, such as assembly and C, as well as hardware description languages, such as VHDL and Verilog, to evaluate implementation results. The goal of these implementation comparisons is to provide students with a feel for what they may encounter in actual job situations, examining tradeoffs between code size, hardware logic resource requirements, memory usage, speed and throughput, power consumption, etc.

I am sure this book will be useful to many of us. If you wish to pre-order the book here is the link to its home on amazon’s website.

Dr. Adam is a long time CRYPTOcrat and an expert in NTRU Cryptosystems. He is currently serving as an Assistant Professor at University of Massachusetts Lowell.

Here is the link to Dr. Adam’s profile on Linkedin. We do look forward to seeing this book published soon. Here is wishing Dr. Adam from all of us at CRYPTOcrats a grand success for his new book and many more to come.

Updated statistics available as of 26 June 2008 and can be found under About US section here.

Only 6 months ago few of us got together and decided to have a web representation for our CRYPTOcrats group. Ever since that time in Dec’07 we have been growing up in numbers and I am happy to report some membership statistics now. Its quite interesting to see that such a specialized group got this great response and the credit goes to all of you members (CRYPTOcrats).

There are two distinct views* of the statistics. One is based on the profile of the members that shows the varied mix of people we have in the group. The other one is based on their geographical locations again quite varied and it is really nice to see that we are known in so many parts of the world now.

1. CRYPTOcrats and their job function

There is a strong representation of Architects, Developers and Researchers on the group. It is also nice to see that quite a few CEOs & CTOs bring business leader level perspective to the group.

2. CRYPTOcrats and their geographical locations

There is strong representation from India, however, this includes few members who are presently working in other parts of the word. Followed by India there is a strong representation from US and France. Quite interestingly lots of the senior CRYPTOcrats come from US & France and will soon be contributing to this website. We would look forward to having more representation from Israel, Switzerland and UK where lots of good work in Security and Cryptography is taking place.

Read the rest of this entry »