François Chung, Ph.D.

Tag: digital signature

Cybersecurity specialization

Cybersecurity specialization

Coursera training, MOOC (2022). This specialization from The University of Maryland (US) covers the fundamental concepts underlying the construction of secure systems, including the hardware, the software and the human-computer interface, with the use of cryptography to secure interactions. These concepts are illustrated with examples drawn from modern practice, and augmented with hands-on exercises involving relevant tools and techniques.

Course 1: Usable security

Main topics:

  • Human-Computer Interaction (HCI);
  • Design methodology and prototyping;
  • A/B testing, quantitative and qualitative evaluation;
  • Secure interaction design;
  • Biometrics, two-factor authentication (2FA);
  • Privacy settings, data inference.

Course 2: Software security

Main topics:

  • Low-level security: attacks and exploits;
  • Defending against low-level exploits:
  • Web security: attacks and defenses;
  • Designing and building secure software;
  • Static program analysis;
  • Penetration and fuzz testing.

Course 3: Cryptography

Main topics:

  • Computational secrecy and modern cryptography;
  • Private-key encryption;
  • Message authentication codes;
  • Number theory;
  • Key exchange and public-key encryption;
  • Digital signatures.

Course 4: Hardware security

Main topics:

  • Digital system design: basics and vulnerabilities;
  • Designing intellectual property protection;
  • Physical attacks and modular exponentiation;
  • Side-channel attacks and countermeasures;
  • Hardware trojan detection;
  • Trusted integrated circuit;
  • Good practice and emerging technologies.

References

Training

Usable security (course certificate)
Software security (course certificate)
Cryptography (course certificate)
Hardware security (course certificate)

Related articles

Blockchain essentials (Cognitive Class training)
Bitcoin and cryptocurrency technologies (Coursera training)

Learn more

Digital identity wallet

Digital identity wallet

Zetes project @Brussels, Belgium (2022). For many years, transactional and online services have relied on end users using devices such as desktop computers and laptops. Therefore, solutions for remote identity proofing and digital signatures have been designed to the characteristics of such devices. However, these devices are more and more replaced by mobile devices such as tablets and smartphones, which raises new challenges.

For example, smart cards and tokens, which are typically connected to desktop computers and laptops using USB devices, cannot be easily connected to smartphones, or cannot at all. Furthermore, given developments in cloud computing, solutions have emerged in the last few years where the process of digital signature creation is done in a distributed way by different systems that may be controlled by different actors.

This is why recent standards have introduced the concept of mobile identity (e.g. driving licence in association with a mobile device) and electronic signature created using a remote signature creation device (i.e. electronic signature device is replaced by cloud-based services offered and managed by a trusted service provider), which can be both made available to the end user through a digital identity wallet as a smartphone app.

The related standards are:

  • ISO/IEC 18013-5:2021 - Personal identification, ISO-compliant driving licence, Part 5: Mobile driving licence (mDL) application;
  • ETSI TS 119 432 - Electronic Signatures and Infrastructures (ESI), Protocols for remote digital signature creation;
  • CSC standard - Architectures and protocols for remote signature applications.

In this project, my tasks are first related to the analysis of these standards so as to investigate how they could be implemented in practice and what is their impact on the project scope. Then, my tasks are related to the analysis of business needs (whether internal or from the customer), software implementation (e.g. software releases and documentation) and project management (e.g. project coordination with the customer).

References

PKI for identity documents

PKI for identity documents

Zetes project @Brussels, Belgium (2021). A Public Key Infrastructure (PKI) is a set of physical components (e.g. computers and hardware), human procedures (e.g. checks and validation) and software (e.g. system and applications) intended to manage the public keys of the users of a system. The objective is the secure electronic transfer of information for a range of online activities, such as e-commerce and electronic identification (eID).

In the case of electronic identity documents, such as the identity card, a PKI makes it possible to bind public keys to the identity of citizens, whose personal information is not only printed on the identity card, but also stored in the identity card chip. This system not only allows citizens to use their card to identify themselves online (authentication), but also to sign digital documents using a Qualified Electronic Signature (QES).

A PKI can also be used in an international scheme, such as for the verification of passports at country borders. In that case, a country emits passports for its citizens and also puts in place a PKI to allow other countries to check those passports. This means that, when a citizen presents a passport at the border control, the inspection system checks the identity information both printed on the passport and stored in the passport chip.

As a Functional Analyst and Product Owner within Zetes People ID’s development team, my tasks are related to the analysis of PKI software needs, whether internal or from the customer (e.g. requirement gathering and product presentation), PKI software implementation (e.g. software releases and documentation) and project management (e.g. project coordination during change requests).

References

Related article

Identity proofing (Zetes project)

Learn more

Bitcoin and cryptocurrency technologies

Bitcoin and cryptocurrency technologies

Coursera training, MOOC (2019). Given online by Princeton University (US), this training explains how Bitcoin and other cryptocurrencies work at a technical level, and provides the conceptual foundations to engineer secure software that interacts with the Bitcoin network. Other important topics covered are how secure Bitcoins are, how anonymous Bitcoin users are, what determines the price of Bitcoins and whether cryptocurrencies can be regulated.

Week 1: Introduction to crypto and cryptocurrencies

Main topics:

  • Cryptographic hash functions;
  • Hash pointers and data structures;
  • Digital signatures;
  • Public keys as identities.

Week 2: How Bitcoin achieves decentralization

Main topics:

  • Centralization vs. decentralization;
  • Distributed consensus;
  • Consensus without identity: the blockchain;
  • Incentives and proof of work.

Week 3: Mechanics of Bitcoin

Main topics:

  • Bitcoin transactions;
  • Bitcoin scripts;
  • Bitcoin blocks;
  • Bitcoin network.

Week 4: How to store and use Bitcoins

Main topics:

  • Online wallets and exchanges;
  • Payment services;
  • Transaction fees;
  • Currency exchange markets.

Week 5: Bitcoin mining

Main topics:

  • Mining hardware;
  • Energy consumption and ecology;
  • Mining pools;
  • Mining incentives and strategies.

Week 6: Bitcoin and anonymity

Main topics:

  • How to de-anonymize Bitcoin;
  • Decentralized mixing;
  • Zerocoin and Zerocash;
  • Tor and Silk Road.

Week 7: Community, politics and regulation

Main topics:

  • Consensus in Bitcoin;
  • Bitcoin core software;
  • Governments notice Bitcoin;
  • Anti money-laundering.

Week 8: Alternative mining puzzles

Main topics:

  • ASIC resistant puzzles;
  • Proof-of-useful-work;
  • Nonoutsourceable puzzles;
  • Virtual mining.

Week 9: Bitcoin as a platform

Main topics:

  • Bitcoin as an append-only log;
  • Bitcoin as smart property;
  • Multi-party lotteries in Bitcoin;
  • Bitcoin as randomness source.

Week 10: Altcoins and the cryptocurrency ecosystem

Main topics:

  • Short history of Altcoins;
  • Interaction between Bitcoin and Altcoins;
  • Lifecycle of an Altcoin;
  • Sidechains.

Week 11: The future of Bitcoin

Main topics:

  • The blockchain as a vehicle for decentralization;
  • Blockchain integration;
  • What can we decentralize?
  • When is decentralization a good idea?

References

Related articles

Cybersecurity specialization (Coursera training)
Blockchain essentials (Cognitive Class training)

Learn more