Cyber Security: a MOOC in progress

Members of the research group in Secure and Resilient Systems at Newcastle University are currently preparing a new MOOC (Massive Open Online Course) on the practicalities of Cyber Security. The three-week course Cyber Security: Safety at Home, Online, in Life will be running on the FutureLearn platform from 5th September 2016.

Preparing to discuss how we handle risks in everyday life

The course team preparing to film a discussion on how we handle risks in everyday life

Although it’s the first time our group has participated in MOOC development, it’s the 5th course that Newcastle University’s Learning and Teaching Development Service (LTDS) will have delivered, so we feel we’re in safe hands. Our aim is to introduce course participants to current topics in cyber security research and show how they relate to everyday life: privacy of data, safety of financial transactions, and security implications of smart devices, to take three examples.

For us as researchers and lecturers in security and resilience, it’s an interesting and sometimes challenging process to think about how best to present material in this medium. We’re moving from research papers and presentations, lectures and coursework assignments to short articles, discussion topics, quizzes and video. We hope it will be of interest to anyone with some background knowledge in cyber security and an interest in finding out current practice and research directions in this area.

We hope you can join us on 5th September! You can register for the course at https://www.futurelearn.com/courses/cyber-security.

J-PAKE adopted by ISO/IEC standard

J-PAKE is a password-based authenticated key exchange protocol, developed by Peter Ryan and myself in 2008. Over the past six years, the protocol has withstood all sorts of attacks and has started to see some real-world use in providing end-to-end secure communication for Internet users. The full records of discussions on J-PAKE can be found in the previous lightbluetouchpaper blog.

About six months ago, in the ISO/IEC SC 27 meeting held at Hong Kong in April 2014, I gave a presentation on the rationale of including J-PAKE into the ISO/IEC 11770-4 standard. The presentation slides are available here. An accompanying document was officially circulated among the national bodies under ISO before the meeting. It was agreed in that meeting to start a six-month study period on Revision of ISO/IEC 11770-4 and invite all national bodies to comment my proposal.

This week, in its meeting held in Mexico City, October 20-24, 2014, ISO/IEC SC 27 Working Group 2 considered the contributions received under the study period. After some discussion, SC 27/WG 2 unanimously agreed that this standard should be revised to include J-PAKE.

In the same meeting, two security weaknesses of the existing SPEKE protocol in ISO/IEC 11770-4 were discussed based on the findings reported in our SSR’14 paper. (A copy of the paper is publicly available at IACR ePrint and the paper is discussed in a previous blog post.) After some discussion, it was agreed that the SPEKE specification in ISO/IEC 11770-4 should be revised to address the attacks reported in our SSR’14 paper. The revision work on ISO/IEC 11770-4 starts immediately with myself being one of the editors. We expect to provide the first working draft for comment by 15 Dec, 2014.

On a more lightweight subject, while in Mexico, I try to do as Mexicans do: i.e., drink a glass of cactus (mixed with celery, parsley, pineapple and orange) during the breakfast. It was such a horrible taste that I was unable to finish it the first time. However, the more I try it, the more I like it. Now I can’t have a breakfast without it. The way our body treats a new taste of drink reminds me of the way how our mind treats a new idea. A “new” idea usually has a bitter taste in it as it challenges our mind into accepting something different. The natural reaction is to reject it and remain satisfied where we are and what we already know. However, to appreciate the “sweetness” out of the initial “bitterness” of any new idea, it takes time and patience – and in fact, lots of patience. When I return to the UK, I am sure this will be the drink I miss most from Mexico. So, cheers one more time before my flight home tomorrow!

Cactus drink

Radio interview with Ehsan Toreini about private browsing

Ehsan was interviewed on a radio show last Thursday (17 July, 2015) by an Australian radio station LifeFM, on the security issues of private browsing in modern browsers. It was related to a recently published paper which Ehsan co-authored: “On the privacy of private browsing – A forensic approach” (2014, ScienceDirect).

The interview recording can be found here.