160 likes | 280 Views
Software Security CompSci 725 Handout 14: Academic Writing; Introduction to Cryptography. Clark Thomborson University of Auckland. “Moral Rights” of an Author. In many (but not all!) legal codes, an author has
E N D
Software SecurityCompSci 725Handout 14: Academic Writing;Introduction to Cryptography Clark Thomborson University of Auckland
“Moral Rights” of an Author • In many (but not all!) legal codes, an author has • The “right of integrity”. An author’s words must not be mutilated or distorted (especially if this would damage the author’s honor or reputation). • The “right of attribution”. The true author has the right to have his/her name on the work, and non-authors may not make false claims of authorship. • These rights are commonly observed in academic ethics, and may be enforced by contracts. • As a student at the University of Auckland, you must honour other authors’ rights of integrity and attribution, especially avoiding false claims of authorship.
“Effectively Using Direct Quotations”U of Richmond Writer’s Web • This is a guide to academic style, showing you how to • Make clear attributions to the true author, • Avoid making false claims of authorship for yourself, and • Adjust the author’s words, to suit the context of your writing. • A “direct quotation” is an exact copy of another author’s words. • You must cite the true author. • You may omit words before, after, or in the middle of the quoted passage. All changes must be clearly marked. • You may alter words, by using square brackets: “[Nero] was the maddest of them all.” (Smith 32) • You must avoid “misrepresenting the … author’s opinion.”
When to Use Direct Quotes • The U of Richmond Writer’s Web recommends you “Use a Quotation: • to emphasize a point you’ve made. • to provide an example. • to show an author’s intention. • to show how historical figures spoke or thought.” • Which (if any) of these reasons support my decision to directly quote the Writer’s Web on this slide? • My advice for technical writing: • You may use a direct quotation for definitions and lists. • Don’t quote someone else’s explanation unless you analyze it in your text. • Use paraphrase and summary much more often than direct quotation.
Academic Honesty • Our department recently published guidelines for honesty in our Undergraduate Guide online at http://www.cs.auckland.ac.nz/handbook/current/UG.H.html • These guidelines will appear in next year’s hardcopy. • Are the following guidelines for honesty an assertion of a “right to integrity” or a “right to attribution”? “[In] assignments and research, you gain credit for your own work. …[so] it is dishonest to present other people’s work as though it were your own.” “Getting help in understanding from staff and tutors.” “Plagiarism is the inclusion in your assignment of material copied or closely paraphrased from someone else’s writings … without an explicit indication of the source of the material. It is … cheating.”
Paraphrasing • A direct quotation: “Simply put, PARAPHRASING is putting an author’s work into your own words. … While not plagiarism if done right, it would show little or no creativity and receive an appropriate grade.” [M Spears, http://www.ehhs.cmich.edu/~mspears/plagiarism.htmlon 14 March 2001] • A paraphrase: You may show a little creativity by rewording (without plagiarizing) part or all of another paper. • You can create an appropriate paraphrase, by considering • what your reader is likely to know already and • what your reader needs to know, in order to understand your argument, or point of view. (So … you must have a point of view!) • You can show quite a bit of creativity by appropriately paraphrasing several authors, to support a novel point of view.
Summarization • A summary is “a brief statement giving the main points” [Thorndike-Barnhard Dictionary, 1955]. • One technique for summarization is to write one sentence for each paragraph (or section) in an article. • An extended form of the “right to integrity” protects the “artistic impression” of a work. So … • You might seek the original author’s consent before publishing a new artistic work that includes a summary, paraphrase or other adaptation of another poem, picture, or other work of art. • Academic writings are not considered to be “artistic”: you don’t need an academic author’s consent to summarise or paraphrase their work!
Other Moral Rights(not mentioned in Berne Convention) • “The right of disclosure: the author has the final decision on when and where to publish… • “the right to withdraw or retract: … the author may purchase at wholesale price all of the remaining copies of the author’s work, then prevent printing of more copies… • “the right to reply to criticism: … a right to reply to a critic and have the reply published in the same place as the critic’s expression.” [Standler, internet essay, 29 May 1998. Available: http://www.rbs2.com/moral.htm, March 2001] • rights to anonymous and pseudonymous publication. [Cotter, 76 N.C.L. Rev. 1, Nov. 1997. Available: http://cyber.law.harvard.edu/ metaschool/Fisher/integrity/Links/Articles/cotter.html, March 2001]
Applied Cryptography (2nd Ed.)Bruce Schneier • “Suppose a sender wants to send a message to a receiver. Moreover, this sender wants to send the message securely: She wants to make sure an eavesdropper cannot read the message.” • Exercise 1. Draw a picture of this scenario. • Exercise 2. Which of Pfleeger’s four threats is a concern to this sender?
Terminology of Cryptography • Plaintext, ciphertext, encryption, decryption: • Cryptography: the art (science) of keeping messages secure. • Cryptanalysts seek to “break” cyphertexts (that is, to discover the plaintext, given the cyphertext). Sender Decryption plaintext cyphertext plaintext Receiver Encryption
A Simple Encryption Scheme • Rot(k,s) : “rotate” each character in string s by k: {for( i=0; i<len(s); i++ ) s[i] = ( s[i] + k ) mod 26; return(s); } • Exercise: write the corresponding decryption routine. • Exercise: how many keys must you try, before you can “break” a ciphertext Rot(k,s)? • This is a (very weak) “secret-key” encryption scheme, where the secret key is k.
Symmetric and Public-Key Encryption • If the decryption key kdcan be computed from the encryption key ke, then the algorithm is called “symmetric”. • Question: is Rot(k,s) a symmetric cipher? • If the decryption key kd cannot be computed (in a reasonable amount of time) from the encryption key ke, then the algorithm is called “asymmetric” or “public-key”. • The subscripts on kd and ke are usually omitted.
Algebraic Notation for Cryptography • The encryption function is E( ) or Ek( ). • The decryption function is D( ) or Dk( ). • The receiver can read the message only if D(E(M)) = M. • In public-key cryptography, • We let “everyone” know our public-key ke. • We let our friends know the corresponding private-key kd. • Only friends can decrypt messages encoded with Eke( ). • Anyone can encrypt messages using Eke( ).
Authentication in PK Cryptography • We can “sign” messages, using Ekd( ) to encrypt with our secret (private) key kd. • Anyone can verify our signature, by looking up our public key ke and computing Dke( ). • We want more than one public/private key pair, otherwise friends could forge our kd signature. • Authority-to-sign kd authority-to-read kd’ • A “public key infrastructure” (PKI) will help us discover other people’s public keys ke, ke’, … • Public key cryptography can provide integrity and non-repudiation, in addition to authentication, for messages.
Types of Cryptographic Attack • A ciphertext may be broken by… • Discovering the “restricted” algorithm (if the algorithm doesn’t require a key). • Discovering the key by non-cryptographic means (bribery, theft, ‘just asking’). • Discovering the key by “brute-force search” (through all possible keys). • Discovering the key by cryptanalysis based on other information, such as known pairs of (plaintext, ciphertext). • The weakest point in the system may not be its cryptography! (See Schneier’s latest book.)
Steganography • “Steganography serves to hide secret messages in other messages, such that the secret’s very existence is concealed.” [Schneier] • A cryptanalyst is given a ciphertext, and possibly some additional information such as key frequencies, cipher-plaintext pairs, “black-box” encrypters, etc. They are typically asked to discover the corresponding plaintext. • A steganalyst is given a (large) collection of messages. They are typically asked to discover if any of these messages contains a secret message. If the secret message is a ciphertext, cryptanalysis is required to read the secret plaintext.