Студопедия
Случайная страница | ТОМ-1 | ТОМ-2 | ТОМ-3
АвтомобилиАстрономияБиологияГеографияДом и садДругие языкиДругоеИнформатика
ИсторияКультураЛитератураЛогикаМатематикаМедицинаМеталлургияМеханика
ОбразованиеОхрана трудаПедагогикаПолитикаПравоПсихологияРелигияРиторика
СоциологияСпортСтроительствоТехнологияТуризмФизикаФилософияФинансы
ХимияЧерчениеЭкологияЭкономикаЭлектроника

Vulnerabilities

Читайте также:
  1. Economic vulnerabilities

Senator Paul plans 'hold' on Yellen Fed nomination

WASHINGTON (Reuters) - Republican U.S. Senator Rand Paul threatened on Friday to put a 'hold' on the nomination of Janet Yellen to be chair of the Federal Reserve unless he gets a vote on a bill he has sponsored to put the central bank under more scrutiny.

"As part of Senate consideration of the Janet Yellen nomination to be chair of the Federal Reserve, I will request a vote on my bipartisan Federal Reserve Transparency Act," Paul said in a statement. "The American people deserve transparency from the Federal Reserve and the federal government as a whole."

An aide to Paul, however, said no final decision had been made on whether to place a hold on the nomination.

If Paul did move forward, it would force Yellen's supporters to round up 60 votes in the 100-seat Senate to confirm her.

The White House was always expected to have to secure 60 votes for the nomination to clear procedural roadblocks, and Democrats have repeatedly expressed confidence in their ability to do so. The swearing-in of New Jersey Democrat Cory Booker next week will return the Senate effectively to a 55-45 Democratic majority, meaning that only five Republican votes would be needed to support Yellen.

White House Deputy Press Secretary Josh Earnest told reporters aboard Air Force One that the paperwork for the nomination had been submitted to the Senate, paving the way for formal consideration.

"We look forward to the Senate confirming her swiftly and in a bipartisan fashion for this very important role," he said.

A Senate Banking Committee aide separately said that some of her paperwork had been received from the White House and her hearing was expected to be scheduled for next month.

The banking panel, on which Democrats have a four-vote advantage, needs to vet the nomination before it goes before the full Senate for a final vote.

Although Yellen, currently the Fed's vice chair, is expected to win confirmation, the process is likely to be contentious. Many Republicans have criticized the central bank's aggressive easing of monetary policy as a dangerous courtship of inflation that also risks fueling asset bubbles.

To lay groundwork ahead of her hearing, Yellen has been lining up meetings with key members of the banking panel. She plans to meet with Republican Senator Richard Shelby next week, while Senator Bob Corker, also a Republican, is in talks to set up a meeting. Both are expected to oppose her nomination.

Paul's bill would open up the Fed's monetary policy decisions to congressional audit, a step Fed officials have argued would undercut the central bank's political independence. The bill is co-sponsored by 24 Republicans and one Democrat.

 

25 October 2013 Last updated at 14:31 GMT

How the modern world depends on encryption

By Mark Ward Technology correspondent, BBC News

Encryption makes the modern world go round. Every time you make a mobile phone call, buy something with a credit card in a shop or on the web, or even get cash from an ATM, encryption bestows upon that transaction the confidentiality and security to make it possible.

"If you consider electronic transactions and online payments, all those would not be possible without encryption," said Dr Mark Manulis, a senior lecturer in cryptography at the University of Surrey.

At its simplest encryption is all about transforming intelligible numbers or text, sounds and images into a stream of nonsense.

There are many, many ways to perform that transformation, some straightforward and some very complex. Most involve swapping letters for numbers and use maths to do the transformation. However, no matter which method is used the resulting scrambled data stream should give no hints about how it was encrypted.

During World War II, the Allies scored some notable victories against the Germans because their encryption systems did not sufficiently scramble messages. Rigorous mathematical analysis by Allied code crackers laid bare patterns hidden within the messages and used them to recreate the machine used to encrypt them.

Those codes revolved around the use of secret keys that were shared among those who needed to communicate securely. These are known as symmetric encryption systems and have a weakness in that everyone involved has to possess the same set of secret keys.

In the modern era, a need has arisen to communicate securely with people and organisations we do not know and with whom we cannot easily share secret keys, said Dr Manulis. This need has given rise to public-key cryptography. Despite the formidable name it encapsulates a simple idea.

Wartime code-cracking machines such as Colossus broke German encryption systems

Essentially, it allows anyone to send a message that only one person (or company or website or gadget) can unlock. It does this using two keys: one public, one private. The public key is used to lock a message. Anyone can get hold of that public key but once a message is locked with it, that message can only be opened with the corresponding private key.

Typically these keys are large numbers and the security of the system depends on the fact that some mathematical operations are easier than others.

For instance, it is far easier to multiply numbers together (public key and plain text message) to get a result than it is to start with that result (the scrambled message) and work backwards. Complicated mathematics guarantees that the right private key will unscramble a message.

Far harder, even for the fastest computer, is starting with that result (the scrambled message) and searching through all the possible combinations of numbers that could produce it.

"Because of the size of the keys is so huge its impossible for an attacker to search through the key space with the resources they usually have," he said. Such "brute force" attacks are pretty much doomed no matter how much computer power attackers bring to bear, he said

Typically the numbers used in these mathematical encryption systems are tens if not hundreds of digits long. This makes it impossible, to all intents and purposes, to search through all potential keys in a reasonable amount of time.

The web and many other modern communication systems employ a hybrid approach, said Dr Manulis, because public key encryption is not very computationally efficient compared to symmetric key encryption.

On the web, the relatively slower public key cryptography is used initially to establish a secure connection between you and a website. The symmetric system would be no good for this step because there is no way to securely swap the secret key.

However, with a secure channel in place, the faster symmetric system can be used to share a key and then scramble the data passing back and forth.

On mobiles, a similar system is used and encryption keys are held on a handset's sim card to help keep chatter scrambled.

Vulnerabilities

Attacks on these encryption systems take many forms, said Dr Manulis.

"You do not need to break the communication system if you have some spy software on the end point," he said.

In addition, weaknesses have been found in the software used to encapsulate them on computers and phones.

"The algorithms are mathematically proven," he said, " and if there's any problem then it usually comes in the implementation of the algorithm."

In addition, there have been suggestions that the NSA has subverted the process of creating encryption algorithms, to make them easier for it to break.

Official agencies can also force firms, be they websites or mobile operators, to surrender their private keys so they can eavesdrop on supposedly secure communications.

Some have sought to get make encryption more secure by using a technique known as end-to-end encryption.

This differs from more standard systems which can be vulnerable because their scrambling system is, in software terms, separate from the program used to create a message.

If attackers insert themselves between the message making software and the encryption system at either end of a conversation they will see information before it is scrambled.

End-to-end encryption closes this gap by having the message making software apply the scrambling directly. In addition, many of these systems run a closed network so messages never travel over the public internet and are only decrypted when they reach their intended recipient.

 


Дата добавления: 2015-10-28; просмотров: 97 | Нарушение авторских прав


<== предыдущая страница | следующая страница ==>
Overall architecture| Christmas tree

mybiblioteka.su - 2015-2024 год. (0.007 сек.)