Cisco Blogs


Cisco Blog > Open at Cisco

In Search of The First Transaction

At the height of an eventful week – Cloud and IoT developments, Open Source Think Tank,  Linux Foundation Summit – I learned about the fate of my fellow alumnus, an upperclassman as it were, the brilliant open source developer and crypto genius known for the first transaction on Bitcoin.

Hal Finney is a Caltech graduate who went on to become one of the most dedicated, altruistic and strong contributors to open source cryptography. We are a small school in size, so one would think it’s easy to keep in touch; we try but do poorly, mostly a very friendly and open bunch, but easy to loose ourselves into the deep work at hand and sometimes miss what’s hiding in plain sight.

He was among the first to work with Phil Zimmermann on PGP, created the first reusable proof-of-work (POW) system years before Bitcoin, had just the right amount of disdain for noobs in my opinion, and years later, one of the first open source developers with Satoshi Nakamoto on Bitcoin, in fact the first transaction ever. There is a great story about Hal in Forbes this week, “My hunt for Bitcoin’s creator led to a paralyzed crypto genius, thank you, Hal Finney for going through with it, and Andy Greenberg for writing it. Sometimes it is very painful, shocking to see how things turn out, I think this is one of those moments when we realize how much this is going to mean to all of us, the brilliant minds of programmers like Hal Finney, who never sought the limelight, but did so much for us without asking for anything in return, who leave behind a long lasting contributions to privacy and security in our society, he is in fact a co-creator of the Bitcoin project. Do you realize that every bitminer successfully providing the required POW, should in fact reach the very same conclusion at the end of every new transaction… forever? You’d better accurately represent who was the very first. What a legacy to remember!

I often go to Santa Barbara to see a very, very close and dear person there, my daughter. But now, there is another reason to stop by and pay tribute to one of the finest there. We will all be in search of the first transaction, eventually.

Tags: , , , , , , , , , , , , , , , , ,

Trust but Verify and Verify and Verify Again

TRAC-tank-vertical_logo-300x243
Two recent disclosures show that often the weaknesses in cryptography lie not in the algorithms themselves, but in the implementation of these algorithms in functional computer instructions. Mathematics is beautiful. Or at least mathematics triggers the same parts of our brain that respond to beauty in art and music [1]. Cryptography is a particularly beautiful implementation of mathematics, a way of ensuring that information is encoded in such a way so that it can only be read by the genuine intended recipient. Cryptographically signed certificates ensure that you are certain of the identity of the person or organisation with which you are communicating, and cryptographic algorithms ensure that any information you transfer cannot be read by a third party. Although the science of cryptography is solid, in the real world nothing is so easy.
Read More »

Tags: ,

NCSAM 2013 Wrap-Up: Cisco Thought Leadership Regarding a Different Ghost in the Machine

Is it the end of October already? As has been true for centuries, there is a tradition for children to wear costumes and disguise themselves while going door to door with a simple question: “Trick or treat?” While I am not sure there is a coincidence, but having National Cyber Security Awareness Month (NCSAM) end on a day characterized by pranks, false identifications and the like seems appropriate. And what scary stories we had to tell!

Read More »

Tags: , , , , , ,

A Crypto Conversation: How We Choose Algorithms

Cryptography is critical to secure, trustworthy communications. Recent questions within the tech industry have created entirely new discussions about the cryptography underpinning our communications infrastructure. While some in the media have focused on the algorithm chosen for Deterministic Random Bit Generation (DRBG), we’ve seen many more look to have a broader crypto conversation. With this backdrop, I’d like to take the opportunity to talk about how we select algorithms (not just the DRBGs) for our products.

Before we go further, I’ll go ahead and get it out there: we don’t use the DUAL_EC_DRBG in our products. While it is true that some of the libraries in our products can support the DUAL_EC_DRBG, it is not invoked in our products. For our developers, the DRBG selection is driven by an internal standard and delivered to those developers from an internal team of crypto experts through a standard crypto library. The DRBG algorithm choice cannot be changed by the customer. Our Product Security Incident Response Team (PSIRT) confirmed this in a Security Response published on October 16.

Read More »

Tags: , , ,

ICCC 2013: Improving Common Criteria Standards for New Technologies

In order for government and enterprise organizations to keep their data secure from increasingly advanced cyber threats, security solutions and protocols are critical. However, these organizations must ensure that their chosen security solutions meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.

The challenges above are why Common Criteria was created. Common Criteria is an international standard for IT product security and reliability. In fact, many governments will not use security products that don’t meet Common Criteria standards.

This year, the International Common Criteria Conference is being held in Orlando, Florida from September 10-12. The conference is a place for Certification Bodies, Evaluation Laboratories, Researchers, Evaluators, Product Makers and Buyers and Sellers to come together and exchange ideas in order to improve Common Criteria.

Cisco will lead multiple sessions covering topics like Cryptography, Network Device Protection Profiles, Improving Common Criteria and Marketing Common Criteria.

Details on the speaking sessions presented by and in collaboration with Cisco are below:

  • Keynote Speaker: CCUF Perspective

September 11 from 9-9:30AM ET

Alicia Squires, Cisco, CCUF Chair

  • Marketing the New CC

September 11 from 9:30-11AM ET

Moderator: Mark Loepker, NIAP, CCES Chair

Panelists: Joshua Brickman, Oracle; Jen Gilbert, Cisco; Matt Keller, Corsec; Eric Winterton, Booz Allen Hamilton.

  • Entropy Sources -- Industry Realities and Evaluation Challenges

September 11 from 10-10:30AM ET

Alicia Squires: CISSP, Product Certification Engineer, Cisco Chair, CCUF Management Group

  • Cryptography and Common Criteria

September 11 from 11:30-12PM ET

Ashit Vora, Manager, Common Criteria Certification, Cisco and Chris Brych, Manager, Security Certifications, SafeNet, Inc.

  • Lessons and Recommendations from Evaluating Against NDPP in Three Different Schemes

September 11 from 5-5:30PM ET

Terrie Diaz, Product Certification Engineer, Cisco and Ashit Vora, Manager, Common Criteria Certification, Cisco

  • Widening the Use of CC for End Users Worldwide

September 12 from 9:30-11AM ET

Moderator: Michele Mullen, Director, ATA, CSEC

Adam Golodner, Director, Global Security & Technology Policy, Cisco; Steve Lipner, Microsoft; Blackberry (INVITED); Ericsson (INVITED)

Tags: , , , , , ,