Homeland security's Report - substantial in context and scope

GOING DARK, GOING FORWARD a primer on the encryption debate.

These 25 pages are enough to make me speechless - with only 3 exceptions:

1. There is so much happening in cyber security. There are so many opinions, facts, options and directions. WOW! If I think so, I can't imagine who among my friends and associates will actually read this report.
   
2. The article posted on engadget.com entitled Homeland Security's big encryption report wasn't fact-checked is another interesting read. Again, so many facts, counter facts, opinions and directions.
   My only thought here is that, I appreciate all that our governments and professionals are doing to safeguard our security, rights, and freedoms.
   The fact that there is accountability and free speech, speaks volumes about those of us who are fortunate to live in a free, safeguarded and educated society.
   
3. The first point on page 6 of this report states:

Encryption plays a vital role in modern society, and increasingly widespread use of encryption in digital communications and data management has become a “fact of life.”

In regards to 'data management', sadly encryption has fallen short. The massive loss of more than 400 billion dollars per year is clear evidence of this fact, rather than the opinion.

Sooner or later (and I am betting on sooner) CORA will be recognized as the standard for data security. Unlike encryption, CORA is capable of producing "unbreakable data security".

Soon the CORAcsi Challenge 2016 will be launched to the global community. While this challenge is admittedly 'unfair', it will announce and validate this bold statement about "unbreakable data security". Stay tuned and spread the word.

IoT needs unbreakable

http://
ZDNet just published an article “The first big Internet of Things security breach is just around the corner”.

The IoT is projected to be worth in excess of 3 trillion dollars by 2020. Therefore, it should be obvious that it isn’t going away. Smart devices and chips will be everywhere. Yes, this is a security risk.

The challenge to the cyber security industry is to become “unbreakable”. 

Imagine the hundreds of thousands of hackers and unscrupulous employees who are spending ungodly numbers of hours and days trying to steal what doesn’t belong to them. Next imagine how many would continue to do so if they weren’t getting a piece of the $400,000,000,000 being stolen from you and me each and every year.

Unbreakable - the concept - is simple. 

Make it too costly and time intensive to “risk failing at the hack”! 

Risk money, time and potential criminal consequences, without getting “the prize” – who is going to do it? Ok, maybe the odd duck, but that is far better than the hundreds of thousands globally attempting to, and succeeding at stealing “our money”. Yes, it is our money, even if we don’t realize it. The big boys and girls aren’t going to lose 400 + billion a year without passing those losses onto the rest of us – not if they want to keep their jobs.

This is exactly why CORAcsi is unbreakable. Is it conceivable that someone might discover where all the CORA packages are stored throughout the Cloud, then breach each of the servers and networks involved, within a short window – say 5 minutes? 
Perhaps it is conceivable – and if they did, CORA would be no better than encryption. This may be conceivable, however, it is totally improbable, and will reduce the numbers attempting to succeed significantly, as failures clutter their landscape. 

Unbreakable = too costly and time intensive to risk failing at - the hack.

Unbreakable = leaving a trail (such as an employee who has access to “the catalog”).

Unbreakable = too many networks and servers to violate before a single package has been deleted.

Unbreakable = too many unknowns to warrant the cost while risking the consequences.

PELE - Practice Excellence and Live Excellence

Preamble

I would like to think there is a fundamental principle that defines CORAcsi’s corporate culture and Mission Statement. Allow me to take you on a journey behind the scenes, to a love of learning, and teaching, that spans decades.
What is life without passion? What is work without passion? I love talking about technology, innovation, teaching, learning, the love of learning, principles, integrity, commitment, physics, math... and yet, there is a foundation to all of these passions that I have identified through years of teaching, and that is excellence.

"Excellence is to Perfection as the Journey to the Destination."

He looks over a sea of faces. Some have boredom stamped upon their irises (irides). Others are evidently excited to be back at school, though history has proven that this excitement diminishes over time, especially with respect to "work".

The Challenge – motivate these young men and woman to ‘choose excellence’ daily.

He begins with a question:
“With a show of hands, how many want to live a life of… mediocrity?”
  Not a single hand!

After a short pause, another question follows:
“How many want to live a life of excellence?”
  Everyone raises their hand without exception – every year!

The pitch:

Aristotle so many millennia ago realized that ‘Excellence is not an act but a habit’. 

Let’s translate – if you want a life of excellence, then you must choose it by practicing excellence daily. If excellence is your habit, one that you have built daily, even when you didn’t ‘feel like it’, then you will have chosen success, chosen a life of excellence.

Over the course of a semester the students will often hear:

“Practice Excellence – Live Excellence.”

Practice Excellence – Live Excellence.

“Good Habits lead to success. Bad Habits lead to failure.”

Good Habits lead to success. Bad Habits lead to failure.

I imagine a school, team, corporation, country and world in which these principles are realized. I believe we are closer today, than they were in Aristotle's day. I aspire to call forth this foundation of excellence through my words, actions and creative works. I enjoy connecting with like minded people.

BlockChains and CORA

Allow me to briefly illuminate the similarities, and differences between BlockChains and CORA.

BlockChains are incredibly resilient, and beyond the control of any “one”. This makes BlockChains ideal for online currency, which was the apparent rationale that drove its creation.

CORA on the other hand was originally developed with a single purpose – to provide unbreakable data security – which encryption alone cannot deliver. 

While CORA has surprised us at CORAcsi.com with additional applications, such as securing one’s online, digital footprint, this is a byproduct of its primary mandate – security.

Hence I targeted a “distributed methodology”, but more than “just a distributed methodology”. I insisted upon the following characteristics:

Points B and D above are pivotal to understanding the difference between BlockChains and CORA as a means of securing data and protecting one's online digital footprint.

For online currency, I personally cannot imagine a better technology than BlockChains.

decentralized, peer-to-peer

The BlockChain is a decentralized implementation. Decentralized, peer-to-peer implementations have been around for years - "bitTorrents" that utilize many duplicates: seeds (files) and catalogs (routing tables).
The design of the BlockChain is beautiful; it is persistent, independent and versatile.

Regarding security, decentralized peer-to-peer systems violate requirement “B” above, by removing the requirements that:

1. The data can be quickly and permanently “shut down”.
2. The fragments are highly controlled and secured by professionals (not seeded to unknown computes, perhaps even home computers).

CORA must remain “centralized” so that it can be controlled and if necessary, shut down to prevent unauthorized individuals, teams, companies, or countries from viewing data that belongs to another. Moreover, CORA will not place packages (seeds) in multiple locations, nor on personal computers.

As stated in my earlier blog, executables in a BlockChain should make the global community extremely uncomfortable!

Executables violate requirement “D”, namely that each fragment must be inactive. Perhaps sterile is a better word! 

CORA is committed to using packages that inactive and can be shut down permanently if required.

Blockchains - Concepts and Connections

BitCoin

I often reflect about, well just about anything and everything. As I mused about BlockChains, I imagined that the paper accredited to Satoshi Nakamoto's gave rise to the BlockChain frenzy. An incredible concept and implementation that is ideal for the online currency that is "BitCoin":

1. redundant
2. decentralized
3. robust
4. a natural propensity towards security (as the number of blocks increase).
5. global

The following video can be found in IEEE SPECTRUM's article entitled "The Future of the Web Looks a Lot Like Bitcoin"

As with every pathfinder who proves a new concept, others are quick follow. Near the end of this article the author talks about the push to include executables in BlockChains. There are many articles and blogs that can be found about BlockChains, in particular I would like to draw your attention to the following:

BlockChain executable

O'REILLY's "Understanding the blockchain"

Blockchains and Online Dispute Resolution: Smart Contracts as an Alternative to Enforcement

Mike Hearn's blog "Developing apps for block chains"

---

itnews reports "Ransomware uses blockchains for decoder delivery"

In Ethereum landing page (as of June 5, 2016) one doesn't have to look far to read "Build unstoppable applications".

I know it sounds good, or great, however, we need to slow down for a moment and think about it! In a perfect world, we would all accept the same definitions for honor and integrity.. We would all know the difference between right and wrong, good and evil.

In a perfect world, I doubt that anyone would understand or care about a virus, worm, Trojan or malware. In a perfect world, a zero-day attach or vulnerability would only be found in the popular writings of a science fiction author with an incredible imagination.

Caution

Our world is not perfect - not yet! A zero-day vulnerability is "by definition" one that hasn't been considered or planned for! Do you see the danger in building "unstoppable applications"? Allow me to rephrase this:

Do you recognize the danger in an environment that allows for the building of:

• unstoppable viruses
• unstoppable worms
• unstoppable zero-day attacks

Yes, I know, we will build in safeguards, just like we do with Computers and Servers, and yet, someone always finds a way (sounds a lot like Jurassic Park).

Bottom line: Blockshains are ideal for an online currency that is decentralized. Once this moves to anything that can be "executed", there must be a "centralization" - a way to control these "seeds" of "potential disaster".

Upcoming Blog

Stay tuned for one of my upcoming blogs which contrasts this "decentralized distributed environment" with CORA, a Context Ordered Replacement Algorithm from CORAcsi that allows for the implementation of a centralized distributed environment.

Encryption - breaking the myth series - part 3

Say what?

In my original post Encryption - breaking the myth, I endeavored to use "my flavor of irony" sprinkled with a touch of sarcasm, to spark some thought and debate.

Then my lovely wife and I played with a visual presentation "Encryption - shatter the myth", and still I muse about "what are these big companies thinking?".

I imagine... they are imagining... that we can hope no one will every breach a server again. Let's make it terribly difficult to be online... so what if our employees need to use, "difficult to use" corporate laptops to "occasionally" check their email. And yet, the breaches continue.
This led to the second blog post "Encryption - breaking the myth series - part 2".

I've stolen my copy, just have to break the encryption now

One of my favorite blogs (very subjective here) is my 3'rd blog about my prime number generator. This blog references what I like to call an "Organic Sieve". Maybe it isn't perfectly clear, but lets get to the bottom line: with organic sieves, one can readily "look up" any prime number - am I the only one the realizes what this says about encryption?

Game Of... Numbers

As I continue to blog and dialog with "people", I occasionally find inspiration in the strangest ways and times. Someone I consider to be quite brilliant with technology contrasted "prime number" based encryption with "other types". Ya, how about "strong passwords"?

Just for fun, lets consider a strong password that uses 10 digits, each of which might have 72 different values (26 lower case, 26 upper case, 10 digits and some special characters). How many possible combinations are involved?

Yes, that is a big number, and that is why strong passwords are important (being force fed I suppose). That is why we often here statistics like, this strong password (above) is more than 12 billion times stronger than a password that uses 6 lower case letters.

Lets add one more perspective here, namely, one could argue that this "strong password" is on par with a 63 bit prime number used to encrypt data. Today's standards (without getting too bogged down in details about symmetric or asymmetric algorithms) are well beyond 256 bits.

Simplicity is the ideal lens for capturing 'the complex'

I apologize for the over simplification, its just that I do like "simple", and think fondly of the KISS rule/acronym. The simple truth is that "encryption isn't good enough":

Article - 2016 - hacker & bank (actually reported)

Article - 2016 - University employees vulnerable - tax data breach

Article - 2015 - Lloyd's CEO on the cost of cyber attachs

Article - 2015 - forbes.com - average costs

Article - 2014 - washington post - cost of cyber crimes

bankrate.com: 11 data breaches that stung US consumers

2014 - data breaches by industry

Prime Number Generator: Chapter 3 - the Generator

The Generator

Here is the original statement of my Prime Number Generator. There is a Formula followed by restrictions:

Formula

The  n Î N_o  is unnecessary – including the first prime, the even prime, “2” is irrelevant in the scope of its application to encryption. As a utilitarian methodology, it is not needed (see the revised expression below).

Restriction

Let's revisit this expression and simplify it

If we omit "2", then this equation is much simpler: 

Formula

          P = 2n+1

Restriction

n ¹ 4R(R+1)/2 + (2R+1)m

or, expressed differently

n ¹ 2R²+2R(m+1) + m

For demonstration purposes only, an old JavaScript based version is available at http://CORAcsi.com/PrimeNumbers

So where's the fun in an older, slower, sieve based Prime Number Generator?

When teaching Math and Physics I start class with a quote and some tidbits. One such tidbit involves Mersenne Primes. I became aware of the Great Internet Mersenne Prime Search at www.Mersenne.org. For years they offered a $250,000 reward for the first person that found a 1 billion digit Mersenne Prime.

Oh yes, I verified this challenge!

I encouraged my students to pursue this, offering them my Prime Number Generator, and my assistance with the technologies involved. A number of groups embraced the challenge, however, they did not persevere. Then some number of years ago, the URL's by which I had verified this reward had disappeared. I couldn’t verify the $250,000 reward, and I certainly didn't want to mention a reward that "might not be available".

One of the drawbacks to a sieve approach is the amount of memory needed to continue the pattern. Essentially it is necessary to remember the past. This is considered a drawback, and certainly it would be for a normal sieve.

It's like making a snow man, the more your roll the snowball, in the snow, the larger it becomes.

Time to play

A few years ago I decided to play with my original generator. During that time I became aware of an interesting pattern that emerges if one gets creative with the binary sequences that would generate a very large prime. Essentially it would be possible to generate an “organic sieve” that could be used to perpetuate this continued pattern. Run the organic sieve for a few hours today, then again in a week for a few more hours. Every time it is run, it grows - and can then be used to reveal more prime numbers.

An organic sieve could be called "Frosty the snow man". It grows just like cited above. The difference being, that the molecules of frozen water in "Frosty", each can point to a prime number.

The existing “prime numbers” are essentially the generators (or eliminators in the sequence) of the, yet to be generated primes. If one were to creatively design a data structure to hold “the generated primes” in such a way that this “organic sieve” not only represents a “projector to known primes”, but a generator of “yet to be known” primes, then it becomes a growing entity that can be static in use, or dynamic in the generation of more primes. 

In other words, this organic sieve in its static state is like a write once, read many times, lookup table. Use it today to quickly look up any “known prime”. If in a few years, one wants more “immensely large primes”, then run the organic sieve dynamically for a few days, and it will grow, producing an even larger “static form” that can be used to look up more “immensely large primes”.

How big, is big?

Consider for a moment that a 1 billion digit Mersenne prime would require just about half a GB (more than 415 billion bytes) just to store. This means that half a GB of RAM would be used to simply hold this enormous Mersenne Prime. A similar amount of space would be needed to store it – a single prime number.

The one drawback if you will, is the size of this “organic sieve”. An organic sieve that represents all prime numbers up to and including this 1-billion-digit prime would require approx. 780 trillion bytes. 

Altruistic anyone?

I didn’t bother to finish this organic sieve. It wasn't sufficiently interesting beyond the concept stage, nor was it important enough in comparison to CORA. I mention it here because, you surely know that there are so many incredibly smart people in this world. I am confident that others have already done this. 

Bottom line – primes are obtainable in an efficient manner. Hence, Encryption isn’t a safe manner to protect data – static data. Encryption may be fine for communication – data in transit – however, as should be obvious with the number of reported breaches and loss of data and money – encryption is breakable!

Memory lane

I have shared this little trip down memory lane with you, in the hope that you will more fully realize “why encryption doesn’t cut it any more”. As our computers become more powerful, and can generate larger prime numbers, they are also more powerful in the finding of these prime numbers, particularly if one is using a prime number generator, or an organic sieve.

This was my motivation to develop CORA! 

Should there be any fellow math enthusiasts and/or technology lovers out there that would like to delve into this generator or organic sieve, enjoy, and let me know how it goes.