Economics Book Review: Global Financial Systems: Stability & Risk by Jon Danielsson

How come that an Information Security blog posts now a review of a book dealing with the foundations of modern finance?

If you wonder why, then probably you are starting as an Information Security professional. Good luck to you! Train your psychological resilience

If you will read this post to find out why the reading of this book is recommendable, then surely you have wondered how Information Security can provide value to the business

This book titled Global Financial Systems: Stability and Risk is used by his author, Jon Danielsson, in his lectures about Global Financial Systems in the London School of Economics.

In 19 Chapters and in several weeks' reading time, readers get an first comprehensive idea of what has happened in the last decade and what it is currently happening in this global financial crisis. Not only that, readers get also an understanding on key financial concepts.

This information will be of great help to understand the business functionality of the IT Systems that you will probably pen-test or secure or harden or white-hat hack. And not only in the financial sector, literally in any industry sector somehow related or affected by banks i.e. in all industries.

Chapter 1 deals with systemic risk. Worth being highlighted are the interlinks among different risks and the concept of fractional reserve banking.

I identified four concepts that could have a reflection also in the Information Security field: procyclicality, information asymmetry, interdependence and perverse incentives.

Chapter 2 talks about the Great Depression from 1929 to 1933 and four potential causes such as trade restrictions, wrong monetary policies, competitive devaluations and agricultural overproduction.

Chapter 3 talks about a very special type of risk: endogenous risk. The author mentions a graph on how perceived risk goes in time after actual risk. Very interesting concept to apply also in Information Security.

Chapter 4 deals with liquidity and different models bank follow (or should follow). Liquidity is essential but, reading this chapter, complex. The distinction between funding liquidity and market liquidity is also an eye-opener.

Chapter 5 describes central banking and banking supervision. The origin of central banking dates from 1668 in Sweden and from 1694 in England. The author mentions two key roles in central banking: monetary policy and financial stability.

Chapter 6 teaches us why short-term foreign currency borrowing is a bad idea.

Chapter 7 describes the importance of the fractional reserve system and a concept that it is almost opposite to what information security professionals face on a daily basis: moral hazard (literally, "it is what happens when those taking risks do not have to face the full consequences of failure but they enjoy all benefits of success").

Chapter 8 deals with the complexity of coming up with a smart deposit insurance policy that would avoid "moral hazard" possibilities in a fractional reserve banking system.

Chapter 9 describes the problems that trading actions like short selling can bring into the financial system. An impartial reader of this chapter would see the need to come up with an effective and worldwide trading regulation. Concepts such as a "clearing house" and a "central counterparty" are mentioned.

Chapters 10 and 15: Market participants need to know probabilities to default when engaging in credit activities. These chapters explain securitisation concepts such as Special Purpose Vehicles (SPV), Collateralised Debt Obligation (CDO), Asset Backed Securities (ABS) and Credit Default Swaps (CDS). Could you think of similar concepts being used in Information Security?

Chapter 11 presents the "impossible trinity" i.e. no country is able to pursue simultaneously these three goals: fixed exchange rate, free capital movements and an independent monetary policy. Remember that the biggest market is the foreign exchange market.

Chapter 12 focuses on mathematical models of currency crises. The reader can see how these models evolved and how the global games model was proposed.

Chapter 13 goes through the different sets of international financial regulation i.e. Basel I and Basel II. There is also an appendix referring to the Value-At-Risk model.

Chapter 14 could trigger some discussions. There is a patent political element in bailing banks out. Should governments contribute or not to move private sector bank losses into the public sector?

Chapter 16 shows the need to take into account concepts such as tail risk, endogenous risk and systemic risk. Very very interesting reading for us information security professionals.

Chapter 17, 18 and 19 deal with current developments. Chapter 17 studies the period from 2007 to 2009 of the latest financial crisis, chapter 18 describes efforts taken in developing financial regulations and chapter 19 talks about the current sovereign debt crisis and its relation with the common currency and the challenge of a transfer union i.e. a higher degree of unification.

In addition, the website of the book offers the slides of every chapter, a link to and three additional chapters with updated information on the European crisis, financial regulations and current challenges in financial policy.

Happy risk management!

Risky times


Book Review: Executive Data Science by Brian Caffo, Roger D. Peng and Jeffrey Leek

In the introduction to the Data Science world, one needs to build the right frame surrounding the topic. This is usually done via a set of straight to the point books that I mention or summarise in this blog. This is the third one. All of them appear with the "data science" label.

The third book that I start with is written by Brian Caffo, Roger D. Peng and Jeffrey Leek. Its title is "Executive Data Science". You can get it here. If you need to choose only one among the three books I talked about in this blog, probably the more comprehensive one will be this one.

The collection of bullet points that I have extracted from the book is a way to acknowledge value in a twofold manner: first, I praise the book and congratulate the authors and second, I try to condense in some lines a very personal collection of points extracted from the book.

As always, here it goes my personal disclaimer: the reading of this very personal and non-comprehensive list of bullet points by no means replaces the reading of the book it refers to; on the contrary, this post is an invite to read the entire work.

In approximately 150 pages, the book provides literally the following key points (please consider all bullet points as using inverted commas i.e. they show text coming from the book):

- "Descriptive statistics have many uses, most notably helping us get familiar with a data set".
- Inference is the process of making conclusions about populations from samples.
- The most notable example of experimental design is randomization.
- Two types of learning: supervised and unsupervised.
- Machine Learning focuses on learning.
- Code and software play an important role to see if the data that you have is suitable for answering the question that you have.
- The five phases of a data science project are: question, exploratory data analysis, formal modeling, interpretation and communication.
- There are two common languages for analyzing data. The first one is the R programming language. R is a statistical programming language that allows you to pull data out of a database, analyze it, and produce visualizations very quickly. The other major programming language that’s used for this type of analysis is Python. Python is another similar language that allows you to pull data out of databases, analyze and manipulate it, visualize it, and connected to
downstream production.
- Documentation basically implies a way to integrate the analysis code and the figures and the plots that have been created by the data scientist with plain text that can be used to explain what’s going on. One example is the R Markdown
framework. Another example is iPython notebooks.
- Shiny by R studio is a way to build data products that you can share with people who don’t necessarily have a lot of data science experience.
- Data Engineer and Data Scientist: A data engineer builds out your system for actually computing on that infrastructure. A data scientist needs to be able to do statistics.
- Data scientists: They usually know how to use R or Python, which are general purpose data science languages that people use to analyze data. They know how to do some kind of visualization, often interactive visualization with something like D3.js. And they’ll likely know SQL in order to pull data out of a relational
- is also mentioned as a data science web site.

The authors also provide useful comments on creating, managing and growing a data science team. They start with the basics e.g. "It’s very helpful to right up front have a policy on the Code of Conduct".

- Data science is an iterative process.
- The authors also mention the different types of data science questions (as already mentioned in the summary of the book titled "The Elements of Data Analytic Style".
- They also provide an exploratory data analysis checklist.
- Some words on how to start with modeling.
- Instead of starting to discuss causal analysis, they talk about associational analysis.
- They also provide some tips on data cleaning, interpretation and communication.
- Confounding: The apparent relationship or lack of relationship between A and B may be due to their joint relationship with C.
- A/B testing: giving two options.
- It’s important not to confuse randomization, a strategy used to combat lurking and confounding variables and random sampling, a stategy used to help with generalizability.
- p-value and null hypothesis are also mentioned.
- Finally they link to knit.

Happy data-ing!

Find your way

Book Review: The Elements of Data Analytic Style by @jtleek i.e. Jeffrey Leek

In the introduction to the Data Science world, one needs to build the right frame surrounding the topic. This is usually done via a set of straight to the point books that I will be summarising in this blog.

The second book that I start with is written by Jeffrey Leek. Its title is "The Elements of Data Analytic Style". You can get it here. It is a primer on basic statistical concepts that are worth having in mind when embarking on a scientific journey.

This summary is a way to acknowledge value in a twofold manner: first, I praise the book and congratulate the author and second, I share with the community a very personal summary of the books.

Let me try to share with you the main learning points I collected from this book. As always, here it goes my personal disclaimer: the reading of this very personal and non-comprehensive summary by no means replaces the reading of the book it refers to; on the contrary, this post is an invite to read the entire work.

In approximately 100 pages, the book provides the following key points:

Type of analysis
Figure 2.1, titled the data analysis question type flow chart is the foundation of the book. It classifies the different types of data analysis. The basic one is a descriptive one (reporting results with no interpretation). A step further is a exploratory analysis (will the proposed statements be still valid in a qualitative way using a different sample?).

If this also holds true in a quantitative manner, then we are in an inferential analysis. If we can use a subset of measures to predict some others then we can talk about a predictive analysis. The next step, certainly less frequent, is the possibility to seek a cause, then we are in a casual analysis. Finally, and very rarely, if we go beyond statistics and find a deterministic relation, then those are the mechanistic analysis.

Correlation does not imply causation
This is key to understand. The additional element to really grasp it is the existence of confounding elements i.e. additional variables, not touched by the statistical work we are embarked on, that connect the variables we are studying. Two telling examples are mentioned in the book:
- The consumption of ice cream and the murder rate are correlated. However, there is no causality. There is a confounder: the temperature.
- Shoe size and literacy are correlated. However there is a confounder here: age.

Other typical mistakes
Overfitting: Using a single unsplit data set for both model building and testing.
Data dredging: Fitting a large number of models to a data set.

Components of a data set
It is not only the raw data, but also the tidy data set, a code book describing each of the variables and its values in the tidy data set and a script on how to reach the tidy data set from the raw data.
The data set should be understood even if you, as producer or curator of the data set, are not there.

Type of variables
Continuous, ordinal, categorical, missing and censored.

Some useful tips
- The preferred way to graphically represent data: plot your data.
- Explore your data thoroughly before jumping to statistical analysis.
- Use a linear regression analysis to compare it with the initial scatterplot of the original data.
- More data usually beats better algorithms.

Section 9 provides some hints on how to write an analysis. Section 10 does a similar role on how to create graphs. Section 11 hints how to present the analysis to the community. Section 12 cares about how to make the entire analysis reproducible. Section 14 provides a checklist and Section 15 additional references.

Happy analysis!

Happy stats!

Book Review: How to be a modern scientist by @jtleek i.e. Jeffrey Leek

In the introduction to the Data Science world, one needs to build the right frame surrounding the topic. This is usually done via a set of straight to the point books that I will be summarising in this blog.

The first book that I start with is written by Jeffrey Leek. It is not a Data Science book by itself but rather an introductory set of tips on how to aspire to make science today.

The title of the book is "How to be a modern scientist" that you can get here. Actually, the series of posts that I start with this one is a consequence of reading this book. It is a way to acknowledge value in a twofold manner: first, I praise the book and congratulate the author and second, I share with the community a biased version of value that they could obtain by reading this book. These two processes are currently also present in the scientific community, together with more traditional aspects such as scientific paper reading, and, certainly, writing.

Let me try to share with you the main learning points I collected from this book. As always, here it goes my personal disclaimer: the reading of this very personal and non-comprehensive summary by no means replaces the reading of the book it refers to; on the contrary, this post is an invite to read the entire work.

Paper writing and publishing
There are currently three elements in modern science, what you can write, what you can code and the data you can share (the data you have based your investigation on).
The four parts the author states that a scientific paper consists of are great: a set of methodologies, a description of data, a set of results and, finally, a set of claims.
A key point is that your paper should tell or explain a story. That is why the author talks about "selecting your plot" for your paper i.e. once you have an answer to your question is when you start writing your paper.
These chapters distinguish between posting a preprint of a paper (for example in and submitting the paper to a peer-reviewed journal. For junior scientists, the mix the author mentions of using a preprint server and a closed access journal is very adequate.

Peer review and data sharing
The author proposes some elegant ways to carefully and timely review papers and also mentions the use e.g. of blogs to start sharing a serious and constructive review.
Regarding data sharing, his suggestion is to use a public repository that would remain accessible throughout time such as e.g.

Scientific blogging and coding
A way to market your papers can be via blogging. The three recommended platforms are, and
The author also reminds us that the Internet is a medium in which controversy flourishes.
In terms of code, the suggestion for general code is and

Social media in science
An useful way to promote the work of others and your work.

Teaching in science
Post your lectures on the Internet (be aware of any  non-disclosure agreements with the University or the educational institution to teach at. Share videos of your lectures and, if resources allow it, create your own online course. 

Books and internal scientific communication
Three platforms are suggested:, and amazon kindle direct publishing.

Regarding internal communication, is one of the proposed tools to keep teams in sync.

Scientific talks and reading scientific papers, credit and career planning and online identity
This are the last sections of the book: some hints on preparing scientific talks, reading papers constructively and, very important, giving credit to all those community members who have help you out either by writing something you use or by creating frameworks you use. A key suggestion is to use as many related metrics as possible in your CV and in your presentations.

Finally, the books ends up with some useful (and common sense based) tips on career planning and online identity.

Thanks to the author of How to be a modern scientist

Happy revealing!

Economics Book review: Bad Samaritans by Ha-Joon Chang - Reality vs hearsay - Similar in Infosec?

I am convinced that Information Security professionals can benefit from reading, not only Information Security books like this one or that one, but also books that would shed some light on key business areas. Areas to which, ultimately, Information Security and IT Security provides services to. This is why I propose a series of book reviews outside the Information Security realm. Economics is certainly one of those. Understanding key points on Economics would enable security professionals to understand and assess system and data criticality and to better aim at providing added value to their customers.
In this occasion I present some learning points extracted from the book titled Bad Samaritans by Ha-Joon Chang. Certainly this list does not replace the reading of the book. I do recommend its careful reading.

However, for those with little time, maybe these points can be of help to you:

In two thoughts:

- There is a tendency in rich countries to request developing countries to follow economic policies that are, in many occasions, the opposite of what the rich countries did to reach where they are in economic terms.
- Care, reflection, attention to detail and a sense of fairness should be applied in this politically-driven field named economics.

In more than two thoughts:

On Chapter 0

- South Korea as a country greatly improved in about 50 years. Similarly to Haiti becoming Switzerland. This happened thanks to a mix of economic policies that, during most of those years, from the 1960s to today, by no means could be considered free-trade based.
- This economic development was not only linked to periods of democracy.
- The Korean government was extra careful controlling imports and their influence in their national economy.
- Intellectual property piracy has played an important role in countries that did protect their industries.
- This chapter argues clearly against neo-liberal economics.
-  It is interesting to see that today's rich countries used protectionism and subsidies to reach their current state.
- All this has been summarised as "climbing and kicking away the ladder".
- So, it seems that a careful, selective and gradual opening of countries' economies is key to make progress in this matter.

On Chapter 1

- Fewer than 50 years ago, it was unthinkable to see Japan as a high-quality car maker country.
- Democracy in Hong-Kong only started in 1994. Three years before the handover to China. And 152 years after the start of the British ruling.
- Before free trade, there was protectionism.
- Globalisation was not always hand in hand with free trade.
- Interesting thought: Something purely driven by politics is evitable.
- The role of the IMF, the World Bank and the WTO is biased towards the benefit of the rich countries.

On Chapter 2

- How did rich countries become rich? In a nutshell, by protecting their markets.
- How did rich countries protect their markets? Basically by:
  • Applying tariff rates.
  • Keeping industries in their local markets
  • Supporting local industries via governmental decisions (and budget).
  • Keeping primary commodities production in the colonies.
In a way, while reading this chapter, one can grasp the confusion that, throughout History, economic theories had between limiting parameters during a specific period of time and new limiting parameters after having applied a specific economic policy in terms of development or industrialisation, or even after benefiting from a specific technological breakthrough.

On Chapter 3

Very succinctly, this chapter suggests the need to find the right pace and timeline for a country to adopt free trade or, even, the right balance between protected and free trade. Done very quickly, it could mean a lack of growth. Done very slowly, it could mean losing growth opportunities.

On Chapter 4

Today's rich countries regulated foreign direct investment when they were at the receiving end. Foreign direct investment needs to be regulated.

On Chapter 5

There is a fine line defining which (and whether) some specific enterprises need to be owned by the State and when they need to be sold and to whom.

On Chapter 6

Equally, it is also very complex to get the right balance on Intellectual Property Rights and when ideas need to be protected by patents.

On Chapter 7

Economics is driven by politics. This is the reason why a balanced and prudent government is so decisive.

On Chapter 8

The trouble of corruption and how it damages the economy.  Interestingly, economic prosperity and democracy are not so compulsorily linked.

On Chapter 9

Culture in all countries can evolve with the right political measures.

On a Final Chapter      

There was at least an example in History when the "Bad Samaritans" (as so called by this book) behaved as "Good Samaritans": The Marshall Plan.

Enjoy the reading!

Enjoy the future!

Papers on Blockchain and Bitcoin: Student notes

Lots of time devoted to this post. The reader will find it useful to get an initial idea of both concepts: Bitcoin and blockchain.

As usual, a disclaimer note: This summary is not comprehensive and it reflects mostly literal extracts from the mentioned papers and article.

Let's start summarising a classic paper, the paper on bitcoin, written by Satoshi Nakamoto.

Paper 1
Bitcoin: A Peer-to-Peer Electronic Cash System by Satoshi Nakamoto

This paper appeared on 2008. The first Bitcoins were exchanged in 2009. By June 2011 there were around 10000 users and 6.5 million Bitcoins [Info coming from this paper]. 

Bitcoins (BTC) are generated at a predictable rate. The eventual total number of BTC will 21 million [Info coming from this paper].

This is a proposal of a peer-to-peer electronic cash version. The novelty here is that there is no need for a trusted third party to tackle the double spending challenge. The key for the functioning of this peer-to-peer network is that the majority of CPU power is not controlled by an attacker.

The proposal is to replace the need of trust, an element that make transaction costs higher by a cryptographic (and distributed) proof. More specifically, via a peer-to-peer distributed timestamp server that generates computational proof of the chronological order of transactions.

Interestingly, an electronic coin is a chain of digital signatures. The main challenge in an electronic payment system is double spending avoidance. A digital mint would solve this, however this means that the entire scheme would depend on the mint.

The participants of the peer-to-peer network form a collective consensus regarding the validity of this transaction by appending it to the public history of previously agreed transactions (the blockchain) using a hashing function and their keypair. A transaction can have multiple inputs and multiple outputs [Info coming from this paper].

The only way to confirm the absence of a transaction is to be aware of all transactions. Without the role of a central party, this translates into two requirements:
- All transactions must be publicly announced.
- All market participants should agree on a single payment history. In practical terms, this means the majority of market participants.

The first technical element requiring this electronic payment proposal is a timestamp server. Each timestamp includes all previous timestamps. A timestamp consists of a published hash of a block of items.

How do we consider the distributed nature of the system in the case of the timestamp servers? The authors (or author) propose a proof-of-work system. In this case, the proof-of-work means one CPU-one vote. The majority decision is represented by the longest chain. This longest chain will have the greatest proof of work effort invested in it.

Technically, the proof-of-work involves scanning for a value that when hashed, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.

The reader can start grasping the great degree of CPU-intensity that this electronic payment system requires.

Nodes always consider the longest chain to be the correct one and they will keep working on extending it.

Incentives come both from the creation of a new coin and from transaction fees. The first transaction in a block is a special transaction that starts a new coin owned by the creator of the block. Potential attackers will find much more benefitial to them to devote their CPU cycles and electricity to create new coins rather than to re-do existing blocks and to control enough consensus for theirs.

Transactions are hashed in a Merkle Tree way. This makes payment verification possible without running a full network node. This verification helps as long as honest nodes control the network.

The authors state that there is never the need to extract a complete standalone copy of a transaction history.

As all transactions need to be published, the way to obtain privacy in this system is to de-couple identities from public keys. However, privacy is only partially guaranteed. An additional recommendation is to use a new keypair for each new transaction.

An attacker can only try to change one of their own transactions to take back money that they recently spent.

Paper 2
An Analysis of Anonymity in the Bitcoin System by Fergal Reid and Martin Harrigan

This paper provides further input, probably the first paper, on the topic we mentioned earlier in this post regarding Bitcoin and the limits of user anonymity.

The decentralised nature of the BTC system and the lack of a central authority brings along the need to make all transaction history publicly available.

Users in Bitcoin are identified by public keys. Bitcoin maps a public key with a user only in the user's node and it allows users to issue as many public keys as wished. Users can also make use of third-party mixers (or laundry).

The interesting element of this paper is the description of the topological structure of two networks derived from Bitcoin's public transaction history: The transaction network and the user network. This is doable thanks to the transaction history being publicly available. After joining Bitcoin's peer-to-peer network, a client can freely request the entire history of Bitcoin transactions. This enables the possibility of performing passive identification analysis.

The authors of this paper studied BTC transactions from January 2009 to July 2011. 1019486 transactions and 12530564 public keys.

The authors of this paper are not aware of network structure studies of electronic currencies. However, this was done in a physical currency based on gift certificates named Tomamae-cho that existed in Japan during 3 months in 2004-2005.

The flow of that currency showed that the cumulative degree distribution followed a power-law distribution and the network showed small-world properties (high average clustering coefficient and low average path length.

Many papers maintain the difficulty to keep anonymity in networks in which user behaviour data is available. The main postulate of the authors of this paper is that Bitcoin does not anonymise user activity.

The transaction network
It represents the flow of BTCs between transactions over time. Each node represents a transaction and each directed edge represents an output of the transaction corresponding to the source node that is an input to the transaction corresponding to the target node. Each edge includes a timestamp and a BTC value.

There is no preferential attachment in this network.

The user network
It represents the flow of BTCs between users over time. Each node represents a user and each directed edge represents an input-output pair of a single transaction. Each directed edge also includes a timestamp and a BTC value.

As a user can use many different public keys, the authors of the paper construct an ancillary network in which each vertex represents a public key. They connect nodes with undirected edges where each edge joins a pair of public keys that are both inputs to the same transaction and then are controlled by the same user.

The contraction of public keys into users generates a network that is a proxy for the social network of BTC users.

Disassembling anonymity
A first source to decrease anonymity consists of integrating off-network information. Some BTC related organisations relate public keys with personally identifiable information. SOme BTC users disclose voluntarily  their public keys in fora.

Bitcoin public keys are strings with about 33 characters in length and starting with the digit one.

A second source of information is IP addressing. Unless they are using anonymising proxy technology such as Tor, it is relatively true that the first IP address informing of a transaction is the source of it.

A third source is based in egocentric analysis and visualisation e.g. WIkileaks published its public key to request donations. The analysis of transactions having as destination that particular public key can also provide input on identities.

A fourth source will be context discovery e.g. identifying nodes that correspond to BTC brokers.

These techniques help investigating BTC thefts. For example, a very quick transfer of BTCs between public keys (most of them not yet known to the network of already done transactions)  can be an indication to generate a theft hypothesis.

There are other analysis paths involving tainted BTCs, order books from BTC exchanges, client implementations, time analysis and the like.

Mitigation strategies
The official BTC client could be patched to prevent the linking of public keys with user information, a service that would use dummy public keys could be implemented (certainly, this would increase transaction fees). Even the BTC protocol could be modified to allow for BTC mixing at protocol level.

For the time being, the authors of this paper state that physical cash payments still represent a competitive and anonymous payment system.

The final statement from the authors of this paper: "Strong anonymity is not a prominent design goal of the BTC system".

Paper 3
Bitcoin: Economics, Technology and Governance by Rainer Boehme, Nicolas Christin, Benjamin Edelman and Tyler Moore

This paper defines Bitcoin (BTC) as an online communication protocol facilitating the use of a virtual currency. It states that BTc is the first widely adopted mechanism to provide absolute scarcity of a money supply. Inflation does not have a place in this system.

Public keys serve as account numbers. Every new transaction published to the BTC network is periodically grouped in a block of recent transactions. A new block is added to the chain of blocks every ten minutes.

In some cases, a transaction batch will be added to the block chain but then a few minutes later it will be altered because a majority of miners reached a different solution.

When listing a transaction, the buyer and the seller can also offer to pay a "transaction fee", normally 0.0001 which is a bonus payment to whatever miner solves the computationally difficult puzzle that verifies the transaction.

The paper reviews four key categories of intermediaries: Currency exchanges, digital wallet services, mixers and mining pools.

Currency exchanges
They exchange BTCs for traditional currencies or other virtual currencies. Most operate double auctions with bids and asks and charge a commission (from to 0.2. to 2 percent). Today BTC resembles more a payment platform rather than a real currency.

There are significant regulatory requirements (including expensive certification fees) to establish a exchange. In addition to that, they require considerable security measures. So the number of them is relatively limited.

Digital wallet services
They are data files that include BTC accounts, recorded transactions and keys necessary to spend or transfer the stored value. In practice, digital wallet services tend to increase centralisation (and online availability with high security requirements also).

The loss of a private key, if not backed up, would mean the loss of the possibility to trade with those owned (i.e. digitally signed) BTCs.

The entire blockchain reached 30GB in March 2015.

Mixers ensure that timing does not yield clues about money flows. They let users pool sets of transactions in unpredictable combinations. Mixers charge 1 to 3 percent of the amount sent. Mixer protocols are usually not public.

Mining pools
BTCs are created when a miner solves a mathematical puzzle. Mining pools now combine resources from numerous miners. Oversized mining pools threaten the decentralisation that underpins BTC's trustworthiness.

Uses of Bitcoin
Initially it seems illicit activities use BTC given its openness and distributed nature. Every Bitcoin transaction must be copied into all future versions of the block chain. Updating the block chain entails an undesirable delay, making BTC too slow for many in-person retail payments.

Some scientists stress the importance of BTC for its ability to create a decentralised record of almost anything.

Risks in BTC
Market risk due to the fluctuation in the exchange rate between BTC and other currencies. It has also the shallow market problem: a person trading quickly a large amount would affect the market price.
Counterparty risk: Of the exchanges that closed (either due to a security breach or to low-volume business), 46% of them did not reimburse their customers after shutting down.

The BTC system offers no possibility to un-do a transaction, creating then transaction risk (and affecting end consumer protection).

There is certainly some operational risk coming from the technical infrastructure and the already mentioned 51 percent attack.

Finally, BTC faces also privacy, legal and regulatory risks.

Three types, BTC-specific crime, BTC-facilitated crime and money laundering.

The authors suggest that longstanding reporting requirements can provide a level of compliance for virtual currencies similar to what has been achieved for traditional currencies. However, they recommend to consider regulations in the broader context of a global market for virtual currencies services.

Social science lab
Interestingly, most users treat their bitcoin investments as speculative assets rather than as means of payment.

A so far theoretical concern: Larger blocks are less likely to win a block race than a smaller one.

Privacy and anonymity
Some authors claim that almost have of BTC users can be identified.

An open question posed by the authors
What happens if the BTC economy grows faster than the supply of bitcoins?

A final thought by the authors of this paper: BTC may be able to accommodate a community of experimentation built on its foundations.

Paper 4
Bitcoin-NG: A scalable blockchain protocol by Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, and Robert van Renesse (Cornell Univesity)

This paper proposes a new blockchain protocol designed to scale. Original bitcoin-derived blockchain protocols have inherent scalability limits. To improve efficiency, one has to trade off throughput for latency. BTC currently targets a conservative 10-minute slot between blocks, yielding 10 minute expected latencies for transactions to be encoded in the blockchain.

Bitcoin-NG achieves a performance improvement by decoupling Bitcoin's blockchain operation into two planes: leader election and transaction serialisation.

Some generic descriptions of the blockchain protocol
An output is spent if it is the input of another transaction. A client owns x Bitcoins at time t if the aggregate of unspent outputs to its address is x. The miners commit the transactions into a global append-only log called the blockchain.

The blockchain records transactions in units of blocks. A valid block contains a solution to a cryptopuzzle involving the hash of the previous block, the hash (the Merkle root) of the transactions in the current block, which have to be valid and a special transaction (the coinbase) crediting the miner with the reward for solving the cryptopuzzle. The cryptopuzzle is a double hash of the block header whose result has to be smaller than a set value. The difficulty of the problem, set by this value, is dynamically adjusted such that blocks are generated at an average rate of one every ten minutes.

It is a blockchain protocol that serialises transactions allowing for better latency and bandwidth than BTC.

The protocol divides into time epochs. In each epoch, a single leader is in charge of serialising state machine transitions. To facilitate state propagation, leaders generate blocks. The protocol introduces two types of blocks: key blocks for leader election and microblocks that contain the ledger entries.

Leader election is already taking place in BTC. But in BTC the leader is in charge of serialising history, making the entire duration of time between leader elections a long system freeze. Leader election in BTC-NG is forward-looking and ensures that the system is able to continually process transactions.

Bitcoin-NG is resilient to selfish mining against attackers with less than 1/4 of the mining power.

Bitcoin-NG shows that it is possible to improve the scalability of blockchain protocols to the point where the network diameter limits consensus latency and the individual node processing power is the throughput bottleneck.  

Paper 5
A Protocol for Interledger Payments by Stefan Thomas and Evan Schwartz

This paper deals with the complexity to move money between different payment systems. The authors of the paper propose a way to connect different blockchain implementations. It uses ledger-provided escrow (conditional locking of funds) to allow secure payments through untrusted connectors.

This is a protocol for secure interledger payments across an arbitrary chain of ledgers and connectors. It uses ledger-provided escrow based on cryptographic conditions to remove the need to trust connectors between different ledgers. Payments can be as fast and cheap as the participating ledgers and connectors allow and transaction details are private to their participants.

The focus of this summary is not the deep description of this protocol but the introduction to the BAR (Byzantine, Altruistic, Rational model.

Byzantine actors may deviate from the protocol for any reason, ranging from technical failure to deliberate attempts to harm other parties or simply impede the protocol.

Altruistic actors follow the protocol exactly.

Rational actors are self-interested and will follow or deviate from the protocol to maximize their short and long-term benefits.

The authors of the paper assume that all actors in the payment are either Rational or Byzantine. Any participant in a payment may attempt to overload or defraud any other actors involved. Thus, escrow is needed to make secure interledger payments.

This protocol proposes two working modes: The atomic mode and the universal mode.

In the atomic mode, transfers are coordinated by a group of notaries that serve as the source of truth regarding the success or failure of the payment. The atomic mode only guarantees atomicity when notaries N act honestly. Rational actors can be incentivised to participate with a fee.

The universal mode relies on the incentives of rational participants to eliminate the need for external coordination.

Paper 6
A Next-Generation Smart Contract and Decentralized Application Platform from Ethereum's GitHub repository

This white paper presents a blockchain implementation alternative to BTC and, initiallly, more generic.It presents blockchain technology as a tool of distributed consensus. It is not only cryptocurrencies but also financial instruments, non-fungible assets such as domain names or any other digital asset being controlled by a script i.e. a piece of code implementing arbitrary rules (e.g. smart contracts).

Ethereum provides a blockchain with a built-in fully fledged Turing-complete programming language.

A recap on BTC
As already mention in the summary of Paper 1 in this post, BTC is a decentralised currency managing ownership through public key cryptography with a consensus algorithm named "proof of work". It achieves two main goals: It allows nodes in the network to collectively agree on the state of the BTC ledger and it allows free entry into the consensus process. How does it do this last point? By replacing the need to use a central register by an economic barrier.

The ledger of a cryptocurrency can be thought of as a state transition system. The "state" in BTC is the collection of all coins (unspent transaction outputs, UTXO) and their owners.

BTC decentralised consensus process requires nodes in the network to continuously attempt to produce packages of transactions called blocks. The network is intended to create a block every ten minutes. Each block contains a timestamp, a nonce, a hash of the previous block and a list of all transactions that took place in the previous block.

Requirement for the "proof of work": The double SHA256 hash of every block - a 256-bit number - must be less than a dynamically adjusted target (e.g. 2 to the power of 187).

The miner of every block is entitled to include a transaction giving themselves 25 BTC out of nowhere.

In the event of a malicious attacker, they will target the order of transactions, not protected by cryptography.

The rule is that in a fork the longest blockchain prevails. In order for an attacker to make his blockchain the longest, he would need to have more computational power than the rest of the network (51% attack).

Merkle Trees
A Merkle Tree is a type of binary tree. Each node is the hash of its two children. As hashes propagate upwards. This way, a client, by downloading the header of a block, would know whether the block has been tampered.

A "simplified payment verification" protocol allows for light nodes to exist. They download only block headers and branches related to their transactions.

Alternative blockchain applications

Namecoin: A decentralised name registration database.
Colored coins and metacoins: A customised digital currency on top of BTC.

Basic scripting
UTXO in BTC can be owned also by a script expressed in a simple stack-based programming language. However, this language has some drawbacks:

- Lack of Turing completeness. Loops are not supported.
- Value-blindness: UTXO are all or nothing.
- No opportunity to consider multi-stage contracts.
- UTXOs are blockchain-blind.

Ethereum builds an alternative framework with a built-in Turing-complete programming language.

An Ethereum account contains four fields: The nonce (a counter that guarantees that each transaction can only be processed once), the ether balance, the contract code and the account's storage.

Ether is the crypto-fuel of Ethereum. Externally owned accounts are controlled by private keys and contract accounts are controlled by their contract code.

Contracts are autonomous agents living inside the Ethereum execution environment. Contracts have the ability to send message to other contracts. A message is a transaction produced by a contract. A transaction refers to the signed data package that stores a message to be sent from an externally owned account. Each transaction sets a limit to how many computational steps of code execution it can use.

Ethereum is also based on blockchain. Ethereum blocks contain a copy of both the transaction and the most recent state.

Ethereum applications
Token systems, financial derivatives (financial contracts mostly require reference to an external price ticker), identity and reputation systems, decentralised file storage and decentralised autonomous organisations.

Other potential uses are saving wallets, a decentralised data feed, smart multisignature escrow, cloud computing, peer-to-peer gambling and prediction markets.

Blockchains with fast confirmation times suffer from reduced security due to blocks taking a long time to propagate through the network. Ethereum implements a simplified version of GHOST (Greedy Heaviest Observed Subtree) which only goes down seven levels.

Currency issuance
Ether is released in a currency sale at the price of 1000-2000 ether per BTC. Ether has an endowment pool and a permanently growing linear supply.

The linear supply reduces the risk of an excessive wealth concentration and gives users a fair chance to acquire ether.

BTC mining is no longer a decentralised and egalitarian task. It requires high investments. Most BTC miners rely on a centralised mining pool to provide block headers. Ethereum will use a mining algorithm where miners are required to fetch random data from the state. This white paper states that this model is untested.
Ethereum full nodes need to store just the state instead of the entire blockchain history. Every miner will be forced to be a full node, creating a lower bound on the number of full nodes and an intermediate state tree root after processing each transaction will be included in the blockchain.

The question now is ... will it work?

Article 1
Technology: Banks Seek the Key to Blockchain by Jane Wild, Martin Arnold and Philip Stafford - 

This article on blockchain can be found here. The authors mention an internal blockchain implementation and remember that a blockchain is a shared database technology that connects consumers and suppliers creating online networks with no need for middlemen or a central authority. Applications are endless and supporters claim that trust is created by the participating parties.

The authors of this article mention the use of blockchain, also named distributed ledger, as a back-office new implementation and even new governmental implementations such as land registers. 

There are two types of blockchains in terms of accessibility: invitation-only (private) and public (open). UBS and Microsoft are working with blockchain start-up Ethereum (running  an open source technology). Other banks are going the private blockchain way.

The authors of this article also mention that this technology has in front of it key challenges such as robustness, security, regulation.

The ledger of BTC weighs already more than 45 GB.

Bits and pieces

Using Networks To Make Predictions - A lecture (3 of 3) by Mark Newman

For those willing to get introduced to the world of complex networks, the three lectures given by Mark Newman, a British physicist, at the Santa Fe Institute on 14,15 and 16 September 2010 are a great way to get to know a little bit about this field.

The first lecture introduced the concept of networks. The second lecture talked about network characteristics (centrality, degree, transitivity, homophily and  modularity). Let's continue with the third lecture. You can find it here. This time on the impact of network science.

In this post I summarise (certainly in a very personal fashion, although some points are directly extracted from his slides) the learning points I extracted from the lecture.

Dynamics in networks
- For example, how does a rumor spread in a network?
- This aspect is much more controversial than the point touched in lectures 1 and 2.
- An example: Citation networks (e.g. the network of legal opinions or the network of scientific papers).
- "Price observed that the distribution of the number of citations a paper gets follows a power law or Pareto distribution - a fat-tailed distribution in which most papers get few citations and a few get many".
- This power law is somehow surprising.

Power laws
- In comparison to a normal distribution, the power law shows that there are some nodes with a number of links that is several orders of magnitude higher. This does not happen in normal distributions.
- Examples of cases that follow a Pareto law (power law) are word counts in books, web hits, wealth distribution, family names, city populations, etc.
- Power law - the 80/20 rule. E.g. "the top 20% own 86% of the wealth. 10% of the cities have 60% of the people. 75% of people have surnames in the top 1%.
- Power laws are a very study area in complex systems.

Where do power laws come from? Preferential attachment
- The importance of getting an early lead e.g. with an excellent product, or by good marketing.  
- A plausible theory is preferential attachment. Interestingly enough, this theory does ignore the content of the papers. It only uses the number of links the nodes have. 
- First mover advantage: In citations, if you are one of the first ones writing on a topic, your paper will be cited anyway, regardless of the content. They are the early lead in that specific field.
- How many you have depends on how many you already have.
- In conclusion, it is much more effective, according to this theory, to write a mediocre paper on tomorrow's field rather than a superb paper in today's field.
- The long tail effect: A small number of nodes with  lots of connections.

The spread of a disease over a network
- Percolation model. In a specific network, I colour some of the edges and with those I have a different network starting from my initial network.
- How does the structure of the network influence the spread of a disease?
- Degree is the number of connections you have.
- Hubs are extremely effective of passing diseases along.
- What about if we vaccinate hubs? Targeted vaccination.
- Herd immunisation.
- Targeted attacks are much more effective (clear link with information security)
- We can use the network itself to find the hubs.
- People who should be vaccinated are the most mentioned friends.

Network robustness
- Can we tell that a network is robust by looking at its structure? Let's go back to the concept of homophily (mentioned in Part 2 or 3 of this series of lectures).
- Homophily by degree: Party people hanging out with party people (positive correlation coefficient in social networks- high degree nodes connect with high degree nodes).
- You get a very dense core and very clean borders. Social networks are then very robust networks. This is exactly the opposite we would like in terms of disease spread.
- Social networks are very robust and easy to vaccinate against diseases.
- Internet is fragile however. The high degree nodes connect with the low degree nodes. The highly dense nodes connect with scarcely connected nodes. The high degree nodes are spread out all over the network. Those networks are not so robust. They are fragile. If you knock down nodes with high degree, you knock down the network very quickly.
- Number of connections (x axis) is the degree.
- The crucial factor in the spread of disease is airplanes.

Future directions
- Great slide: This is very very new field. "We need to
- Improve the measurement of networks.
- Understand how networks change over time.
- Understand how changing a network can change its performance, and perhaps improve it.
- Get better at predicting network phenomena.
- Predict how society will react or evolve based on social networks.
- Prevent disease outbreaks before they happen. 
- And..?"
- Sometimes you engineer a network and sometimes it works!

Networking city

Book Review: Intentional Risk Management Through Complex Networks Analysis - Innovation for Infosec

This post provides a non-comprehensive summary of a multi-author book published in 2015 titled "Intentional Risk Management Through Complex Networks Analysis".
I recommend this book to those looking for real science-based Information Security innovations. This statement is not a forced marketing slogan. It is a reality.
The authors of this book are, in alphabetic order Victor Chapela, Regino Criado, Santiago Moral and Miguel Romance.

In this post I present some of the interesting points proposed by the authors. The ideas mentioned here are coming from the book. Certainly this summary is a clear invitation to read the book, digest its innovative proposals and start innovating in this demanding field of IT Security.

Chapter 1. Intentional Risk and Cyber-Security: A Motivating Introduction

The authors start distinguishing between Static Risk and Dynamic Risk. Static Risk is opportunistic risk (e.g. identity theft). Dynamic Risk is directed intentional risk that attempts to use potentially existing but unauthorised paths (e.g. using a vulnerability).

Static Risk is based on the probability that a user with authorised access to a specific application abuse his access for personal gain. This risk can be deterred by reducing anonymity.

In Dynamic Risk the attacker tries to get the most valuable node via the least number of hops via authorised or unauthorised accesses.

Currently the main driver for a cyber-attack is the expected profit for the attacker. The book also links Intentionality Management with Game Theory, specifically with the stability analysis of John Nash's equilibrium. The book uses Complex Network Theory (both in terms of structure and dynamics) to provide a physical and logical structure of where the game is played.

The authors consider intentionality as the backbone for cyber-risk management. They mention a figure, coming from a security provider, of around USD 400 billion as the latest annual cost of cyber-crime.

The authors make a distinction between:
- Accidental risk management, a field in which there is a cause that leads to an effect and attacks are prevented mostly with redundancy (e.g. in data centres) and
- Intentional risk management, in which we have to analyse the end goal of the attackers.

To prevent these attacks we can:

- Reduce the value of the asset.
- Increase the risk the attacker runs.
- Increase the cost for the attacker.

Traditionally the risk management methodologies are based on an actuarial approach, using the typical probability x impact. Being the probability based on observation of the frequency of past events.

We need to assess which assets are the most valuable assets for the attackers.

Using network theory, whose foundations can also be found in this blog in summaries posted in October 2015, November 2015, December 2015, January 2016, February 2016 and March 2016, the more connected a node is (or the more accessibility a computer system has), the greater is the risk for it to be hackable.

A key point proposed by this book: Calculated risk values should be intrinsic to the attributes of the network and require no expert estimates. The authors break down attackers' expected profit into these three elements:

- Expected income i.e. the value for them.
- The expense they run (depending on the accessibility both via a technical user access or a non-technical user access).
- Risk to the attacker (related to anonymity and some deterrent legal, economic and social consequences.

An attacker prefers busy applications that are highly accessible, admin access privileges and critical remote execution vulnerabilities. The main driver for attackers is value for them. Attackers in the dynamic risk arena are not deterred by anonymity.

The authors relate anonymity to the number of users who have access to the same application.

Chapter 2. Mathematical Foundations: Complex Networks and Graphs (A Review)
Complex network model the structure and non-linear non-linear dynamics of discrete complex systems.

The authors mention the difference between holism and reductionism. Reductionism works if the system is linear. Complexity depends on the degrees of freedom that a system has and whether linearity is present.

Networks are composed of vertices and edges. In complex networks small changes may have global consequences.

Euler walk: A path between two nodes for which every link appears exactly once. The degree of a node is the number of links the node shares.

If the number of links with odd degree is greater than 2 then no Euler walk exists.

If the number of links with odd degree equals 0 then there are Euler walks from any node.

If the number of links with odd degree equals 2 then there is only an Euler walk  from one of the odd nodes.

A graph is the mathematical representation of a network. The adjacency matrix of a graph is a way to determine the graph completely. A node with a low degree is weakly connected. A regular network is a network whose nodes have exactly the same degree.

In a directed network the adjacency matrix is not necessarily symmetric. Paths do not allow repetition of vertices while walks do. A tree is a connected graph in which any two vertices are connected by exactly one path.

Structural vulnerability: How does the removal of a finite number of links and/or nodes affect the topology of a network?

Two nodes with a common neighbour are likely to connect to each other. The clustering coefficient measures it.

The eigenvector centrality of a node is proportional to the sum of the centrality values of all its neighbouring nodes.

Spectral graph theory studies the eigenvalues of matrices that embody the graph structure.

Betweenness centrality: Edge betweenness of an edge is the fraction of shortest paths between pairs of vertices that run along it. Degree distribution provides  the probability of finding a node in G with degree k.

Complex networks models
In random graphs, the probability that 2 neighbours of a node are connected is the probability that two randomly chosen nodes are linked. Large scale random networks have no clustering in general. The average distance in a random network is rather small.

Small world model
Some real networks like the Internet have characteristics which are not explained by uniformly random connectivity. Small world property: The network diameter is much smaller that the number of nodes. Most vertices can be reached from the others through a small number of edges.

Scale-free networks
The degree distribution does not follow a Poisson like distribution but does follow a power law i.e. the majority of nodes have low degree and some nodes, the hubs, have an extremely high connectivity.

Additionally, many systems are strongly clustered with many short paths between the nodes. They obey the small world property.

Scale-free networks emerge in the context of a growing network in which new nodes prefer to connect to highly connected nodes. When there are constraints limiting the addition of new edges, then broad-scale or single-scale networks appear.

Assortative networks
Most edges connect nodes that exhibit similar degrees (the opposite is disassortative networks).

A Hamiltonian cycle in a graph passes through all its nodes exactly once. The line graph is a set of nodes that are the initial set of edges.

Chapter 3. Random Walkers

Two different types of random walkers: Uniform random walkers and random walkers with spectral jump (a personalisation vector).

Statistical mechanics: The frequency of all the nodes will be the same in all the random walkers developed. In any type of random walker the most important element is the frequency with which each node appears. 

"If we move on a network in a random way, we will pass more often through the more accessible nodes". This is the idea of the PageRank algorithm used by Google. The difficulty comes to compute the frequency of each node. A random walker on a network can be modelled by a discrete-time Markov chain.

Multiplex networks: The edges of those networks are distributed among several layers. It is useful to model Dynamic Risk.

Intentional risk analysis
Accessibility: Linked to the frequency of a uniform random walker with spectral jump in the weighted network of licit connections. Two types of nodes:

- Connection-generator nodes (e.g. Internet access, effective access of internal staff).
- Non connection-generator node (those nodes through which the communication is processed).

Static intentional risk? (It exists but it is not so key I assume) The accessibility of each connection is zero cost because the accesses have been achieved by using the structure of the network.

In dynamic intentional risk each connection or non-designed access increase entails a cost for the attacker who seeks access to the valuable information (the vaults).

Modelling accessibility
A biased random walker with spectral jumps, going to those nodes with an optimal cost/benefit ratio. The random walker makes movements approaching the vaults. Accessibility in dynamic intentional risk may be modelled using a biased random walker with no spectral jumps in a 3-layered multiplex network.

1. A first layer corresponding to spectral jumps (ending and starting connections).
2. A second layer with the existing connections registered by the sniffing.
3. A third layer with connections due to the existence of both vulnerabilities + affinities.

Chapter 4. The Role of Accessibility in the Static and Dynamic Risk Computation

The anonymity is computed for each edge of the intentionality network. The value and the accessibility are computed for each node. Two ways to calculate the edge's PageRank:

a. via the classic PageRank algorithm (frequency of access to an edge and the PageRank of its nodes).
b. via Line Graph i.e. the nodes are the edges of the original network.

The dumping factor will be the jumping factor.

The outcome will be a weighted and directed network with n nodes and m edges. There are equivalent approaches using the personalization vector.

Chapter 5. Mathematical Model I: Static Intentional Risk

Static Risk: Opportunistic risk. Risk follows authorised paths.
Dynamic Risk: Directed intentional risk. Tendency to follow unauthorised paths. Linked to the use of potentially existing paths but not authorised in the network.

The model is based on the information accessibility, on its value and on the anonymity level of the attacker.

Intentionality complex network for static risk. Elements:

- Value: How profitable the attack is.
- Anonymity: How easy the identity of the attacker is determined.
- Accessibility: How easily the attack is carried out.

Every node has a resistance (a measure for an attacker to get access). Value is located at certain nodes of the network called vaults. Different algorithms will be used: Max-path algorithm, value assignment algorithm and accessibility assignment algorithm.

Static risk intentionality network construction method:
1. Network construction from the table of connection catches.
2. Network collapsed and anonymity assignment.
3. Value assignment.
4. Accessibility assignment.

Two networks appear in this study, the users network and the admins network. Network sniffing provides the connections between the nodes IP and the nodes IP:ports. Based on this sniffing, we get the number of users who use each one of the edges. The inverse of that integer number becomes the label for each edge. The max-path algorithm is executed to distribute the value from the vaults to all the nodes of the networks.

The inverse of the number of users in each edge is used as a value reduction factor. The higher the number of users who access a node, the higher value reduction potential attackers will have in that node but, however, the higher anonymity they will have though.

Each edge is labelled with the frequency of access (the number of accesses). The accessibility of a node is linked to the accessibility of the edges connecting it. For each edge, the PageRank algorithm is calculated.

The higher the access frequency, the higher the probability that someone will misuse the information present in that node.

The higher the profit to risk ratio for the attacker, the greater the motivation for the attacker.

The paradigm shift is relevant: From the traditional risk = impact x probability to:

- Attacker income: Value for each element of the network.
- Attacker probability: Directly proportional to accessibility.
- Attacker risk: 1/anonymity.

The value of each element resides in the node. Anonymity resides on the edge.
The profit to risk for the attacker ratio (PAR) =

value x accessibility x (anonymity /k) being k the potential punishment probability for the attacker.

 Chapter 6. Mathematical Model II: Dynamic Intentional Risk

Zero-day attacks are not integrated in the model.

In static risk:

- The most important single attribute is Value. The value depends on the percentage of value accessible by the user.
- The attacker uses their authorised access.
- Anonymity is an important incentive. Lack of anonymity is a deterrent.
- Accessibility has no cost (the user is already authorised)
- There is a higher level of personal risk perception.
- The higher the number of users, the higher his perceived anonymity.

In dynamic risk:

- The most important single attribute is accessibility.
- The degree of anonymity is not a deterrent (the user is not already authorised or known).

- The hacker tries to access the entire value.
- Typical values of anynomity: Coming from the Internet anonymity equals 1, from Wireless equals 0.5 and from the Intranet equals 0.

Accessibility in Dynamic Risk
Each jump of a non-authorised user from one element to another element increases the cost for the attacker. The more distance to the value, the more difficult and costly the attack is.

Dynamic risk construction
First step: Performing a vulnerability scanning of the network to get all non-authorised paths (known vulnerabilities, open ports, app fingerprinting, known vulnerabilities and so forth).

The vulnerability scanner used is Nessus.

Two types of potential connections:
- Affinities: Two nodes sharing e.g. OS, configurations and users.
- Vulnerabilities.

A modified version of the PageRank algorithm is used.

Dynamic Risk model

User network + admins network + affinities + vulnerabilities

Anonymity does not play any role in Dynamic Risk but accessibility is the main parameter.

Each edge has an associate weight. The dynamic risk of an element is the potential profit the attacker obtains reaching that element. As anonymity is not relevant in the context of dynamic risk, it is not necessary to collapse its associated network.

The accessibility of an element of the Dynamic Risk Network is the value we get for the relative frequency of a biased random walker through that element.

- Dynamic risk = value x accessibility
- The dynamic risk of a network is the maximum dynamic risk value of its elements (interesting idea - why not the sum?)
- The dynamic risk average = the total value found in the vaults x accessibility average (the root mean square of all accessibility values associated to elements of the network in the context of dynamic risk).

Chapter 7. Towards the Implementation of the Model

Source ports in this model are not important. They are mostly generated randomly.

Access levels. Restricted and unrestricted.
The higher the level of privilege, the more information and functionality an attacker can access. Typically there are two types of accesses, based on different ports:

- Restricted end user access: Always authorised and mostly with low risk.

- Unrestricted technical access: Any access that allows a technical user or an external hacker to have unrestricted access to code, configuration or data. It can be authorised or gained via an exploit. It is a high risk: Using admin access in an application you can in most cases escalate privileges to gain control over the server and the network.

For static risk we need to find which accesses are already authorised and normal. The frequency of connections for each socket (especially for the frequently used sockets) informs about the busiest routes and how many hosts accessed a specific application.

For dynamic risk, we need to model the potential routes that a hacker might find and exploit. For an attacker, sockets that are used normally are desirable since they are more anonymous.

Attackers will select routes where they can obtain the most privileges with the least effort and get the closest to their end goal.

Other unknown risks are out of the scope of this proposal. This is a key point to understand.

To calculate anonymity in the static risk network we need to collapse all the IP sources that connect to the same port destination. It will be the inverse of the number of IP sources collapsed.

Value: How much the data or functionality is worth for the attacker. It needs to be placed manually into those vault nodes.

And the ending point of the book is the great news that the authors are working on a proof of concept.

Innovation in IT Security


What networks can tell us about the world - A lecture (2 of 3) by Mark Newman

For those willing to get introduced to the world of complex networks, the three lectures given by Mark Newman, a British physicist, at the Santa Fe Institute on 14,15 and 16 September 2010 are a great way to get to know a little bit about this field.

In his first lecture, Mark Newman introduced what a network was. Let's continue with the second lecture, in which he explains what we can do with complex networks. You can find it here.

In this post I summarise (certainly in a very personal fashion, although some points are directly extracted from his slides) the learning points I extracted from the lecture.

Positioning of nodes within a social network. Centrality
- The idea of distances in networks.
- The most famous experiment in networks is the one by Stanley Milgram in 1967. The same Milgram who, some years afterwards made the famous experiment on obedience to an authority.
- The network-related experiment that Milgram made relates to the concept of a "small-world".
- He explains the mathematical basis of the six-step relationship concept. Everybody is connected with everyone is even less than six steps.
- If each person knows 100 people, then the number of people 1 step away from you is 100. The number of people 2 steps away from you is 100x100 = 10000. Actually people 5 steps away is 10 billion (more than the current world population).
- A way to pinpoint important people in a social network. Closeness centrality: Average distance to everyone in the network. Those nodes with the shortest distance are well connected. The most connected node is the one with the highest closeness centrality. However, this calculation is not very useful. Its calculation is complex and centrality numbers are very very similar to each other in a social network.

Degree centrality
- Can we do better? Yes, the degree centrality. The degree is the number of nodes a node is connected to. Degree centrality is just the degree number.
- Hubs in the network play a really important role in the function of the network.
- He presents a very important graph in network science. The degree graph. The x axis represents the degree i.e. the number of connections that a node has. The y axis represent the number of nodes that have that degree.
- They are well spaced values.

- "Degree is like a score where you get one point per person you know. But not all people are equally important".
- How can we signal whether a node is connected to a very important node? One algorithm is PageRank. The rank associated to any node is an eigenvector. "Each node in the network has a score that is the sum of the score of its neighbours.

- What does a triangle means in a social network? A friend of my friend is my friend. Or, probably two of my friends know each other.
- However if my friends don't know each other, I am more central, I have more influence in the network.
- Predicting future friendships: Look for pairs who have one or more mutual friends.

- Probably not a big surprise but... 
- People tend to be friends with people in the same school grade.
- People tend to get married with people with a similar age.
- Liberal blogs like to be connected to liberal blogs.
- Conservative blogs like to be connected to conservative blogs.
- We can use homophily to make predictions.
- For example, on average about 70% of your friends vote like you do.
- Probably people change opinions to match their friends' and people change friends to match their opinions (both things happen).
- "83% of friends had the same ethnicity.
- However if those links are randomly chosen there is already a specific chance.
- Modularity helps us identifying when there is a lot of homophily in the network. The difference between the homophily case and the random case.

Modules, groups or communities
- Are there communities in a network?
- This helps understanding how networks will split up.
- A computer can calculate the definition of modularity for all nodes in the network.
- Understanding these network characteristics would enable us to solve real problems.

Sunset networking

The connected world - A lecture (1 of 3) by Mark Newman

For those willing to get introduced to the world of complex networks, the three lectures given by Mark Newman, a British physicist at the Santa Fe Institute on 14,15 and 16 September 2010 are a great way to get to know a little bit about this field.

Let's start with the first lecture. You can find it here.

In this post I summarise (certainly in a very personal fashion, although some points are directly extracted from his slides) the learning points I extracted from the lecture.

- We find networks in many different fields.
- They can be used to explain very different things happening in real life.
- A network is a collection of edges and nodes or vertices (plural of vertex). These words are taken from Spatial Mathematics.
- Although the border among them is blurred. He proposes 4 types of networks: Technological, information, biological and social networks.

Technological networks
- One example, the Internet is a complex network. Even though we human beings built it, we do not know its structure. However, we can make a scientific experiment and try to identify its structure. For example, using the program traceroute.
- When we see the result, we start understanding why the study of complex networks (e.g. with billions of nodes) help us making networks e.g. more efficient and more robust.
- Some human-made networks are the Internet and the air transportation network. These are technological networks.
- In some networks we are interested in their static structure. In some others, for example in the airline network, we are also interested in the dynamics of the nodes, cities connected by flights and edges, the flights themselves. The dynamic study of a complex network is actually the cutting edge of network science these days.

Information networks
- Regarding information networks, for example the World Wide Web, where the nodes are web pages and the edges are the hyperlinks you can find in the web pages.
- A hyperlink has its direction. So, the WWW is a directed network. In 1990 there were around 20 pages. In 2010 Google listed more than 25 billion. Actually the number of pages is now infinite. Some pages didn't exist until you asked for.
- A recommendation network (e.g. books in Amazon that could be of your interest) is also an information network.

Biological networks
- An example is the metabolic network or the neural network.
- A food web (which species eats which species) is also an example of a complex network.
- A self-edge in the food web represents canibalism.

Social networks
- His favorite. Jacob Moreno in 1934 already talked about sociograms. He observed kids playing in the playground.
- Actually, even Newman's grandfather, in a scientific paper, mentioned the idea of a social network.

Measuring social networks
- This is a complex endeavour. How can we measure? By observation, interviews, questionnaires, online data, archival records and message passing.
- Social networks govern the way diseases spread.
- Political connections, business board connections, dating connections are only some examples of complex networks.

The understanding of complex networks is still basic. 

In the second lecture, once he has explained how networks are described, Mark Newman will talk about how can these network diagrams be used.

Foggy networks?



Complex networks: Structure and dynamics by S. Boccaletti et al. - Summary based on extracts

Following the series of book summaries, student notes to papers and analysis related to Network Science posted in this blog, all of them easy to reach using the network science label, I focus this time on a classical survey paper titled
"Complex networks: Structure and dynamics" by S. Boccaletti, V. Latora, Y. Moreno, M. Chavez, D.-U. Hwang.

This is a paper with over 100 pages and 888 references. The summary approach I follow this time is different. After having read and highlighted the paper, I literally copy here those statements that could be considered a non-complete summary of the paper. Network science students could find it useful as an initial reference to later on dive deep into the entire paper.

1. Intro 

- Networks: systems composed by a large number of highly interconnected dynamical units.
- The first approach to capture the global properties of such systems is to model them as graphs whose nodes represent the dynamical units, and whose links stand for the interactions between them.
- A relevant property regards the degree of a node, that is the number of its direct connections to other nodes. In real networks, the degree distribution P (k), defined as the probability that a node chosen uniformly at random has degree k or, equivalently, as the fraction of nodes in the graph having degree k, significantly deviates from the Poisson distribution expected for a random graph and, in many cases, exhibits a power law (scale-free) tail with an exponent taking a value between 2 and 3.
- real networks are characterized by correlations in the node degrees, by having relatively short paths between any two nodes (small-world property), and by the presence of a large number of short cycles or specific motifs.
- coupling architecture has important consequences on the network functional
robustness and response to external perturbations, as random failures, or targeted attacks.
- how the network structure affects the properties of a networked dynamical
- some brain diseases are the result of an abnormal and, some times, abrupt synchronization of a large number of neural populations
- finding the communities within a network is a powerful tool for understanding the functioning of the network, as well as for identifying a hierarchy of connections within a complex architecture

2. Structure

- The walk of minimal length between two nodes is known as shortest path or
geodesic. A cycle is a closed walk, of at least three nodes, in which no edge is repeated.
- A component of the graph is a maximally connected induced subgraph. A giant
component is a component whose size is of the same order as N.
- The degree (or connectivity) k i of a node i is the number of edges incident with the node.
- in assortative networks the nodes tend to connect to their connectivity peers, while in disassortative networks nodes with low degree are more likely connected with highly connected ones
- The concept of betweenness can be extended also to the edges. The edge betweenness is defined as the number of shortest paths between pairs of nodes that run through that edge
- transitivity means the presence of a high number of triangles
- An alternative possibility is to use the graph clustering coefficient C
- A motif M is a pattern of interconnections
- a community (or cluster, or cohesive subgroup) is a subgraph G (N , L ), whose nodes are tightly connected, i.e. cohesive
- The spectrum of a graph is the set of eigenvalues of its adjacency matrix
- The eigenvalues and eigenvectors of A, and N have been used to characterize either models and real networks, and also for discovering the presence of cohesive subgroups
- despite the inherent differences, most of the real networks are characterized by the same topological properties, as for instance relatively small characteristic path lengths, high clustering coefficients, fat tailed shapes in the degree distributions, degree correlations, and the presence of motifs and community structures
- in most of the real networks, despite of their often large size, there is a relatively short path between any two nodes. This feature is known as the small-world property
- when
the scientists approached the study of real networks from the available databases, it was considered reasonable to find degree distributions localized around an average value, with a well-defined average of quadratic fluctuations. In contrast with all the expectancies, it was found that most of the real networks display power law shaped degree distribution
- Such networks have been named scale-free networks [2,93], because power-laws have the property of having the same functional form at all scales
- ER random graphs are the best studied among graph models, although they do not reproduce most of the properties of real networks
- the degree distribution is well approximated by a Poisson distribution
- The Watts and Strogatz (WS) model is a method to construct graphshaving both the small-world property and a high clustering coefficient
- Graphs with a power-law degree distribution can be simply obtained as a special case of the random graphs with a given degree distribution. We denote such graphs as static scale-free to distinguish them from models of evolving graphs
- Static scale-free graphs are good models for all cases in which growth or aging processes do not play a dominant role in determining the structural properties of the network
- The Barabási–Albert (BA) model is a model of network growth inspired to the formation of the World Wide Web and is based on two basic ingredients: growth and preferential attachment
- The BA model does not allow for changes after the network is formed. However, in real networks like the WWW or a social network, connections can be lost and added. Albert and Barabási (AB) have proposed a generalization of
their original model
- Here we present some of the most striking examples of real systems which have been studied as weighted networks. It has been found that the weights characterizing the various connections exhibit complex statistical features with highly varying distributions and power-law behaviors. Correlations between weights and topology provide a complementary perspective on the structural organization of such systems. Biological, social and technological networks.
- The easiest way to construct a weighted network is by considering a random graph with a given probability distribution P (k), and by assuming that the weights of the edges are random independent variables, distributed according to a weight distribution Q(w)
- Spatial networks: A particular class of networks are those embedded in the real space, i.e. networks whose nodes occupy a precise position in two or three-dimensional Euclidean space, and whose edges are real physical connections. The typical example are neural networks
- networks with strong geographical constraints are not small worlds
- example that power law degree distributions do not necessarily imply the small-world behavior
- random immunization in presence of geographical clustering might be more successful in controlling human epidemics than previously believed
- the structure of the world-wide airport network, finding empirical evidences
that both degree and betweenness distributions decay as truncated power laws

3. Static and dynamic robustness

- Robustness refers to the ability of a network to avoid malfunctioning when a fraction of its constituents is damaged. This is a topic of obvious practical reasons
- static robustness, is meant as the act of deleting nodes without the need of redistributing any quantity
- dynamical robustness refers to the case in which the dynamics of redistribution of flows should be taken into account
- The two types of robustness are similar in spirit, but while the first can be analytically treated, e.g. by using the tools of statistical physics such as percolation theory, the analytical treatment of the second case is harder and in almost all cases one has to rely on numerical simulations.
- The study of random failures in complex networks can be exactly mapped into a standard percolation problem
- the response to attacks of the scale-free network is similar to the response to attacks and failures of the random graph network
- The numerical results indicate that both the global and the local efficiency of scale-free networks are unaffected by the removal of some (up to 2%) of the nodes chosen at random. On the other hand, at variance with random graphs, global and local efficiencies rapidly decrease when the nodes removed are those with the higher connectivity
- The conclusion that follows immediately is that any graph with a finite amount of random mixing of edges for which the second moment diverges does not have a percolation threshold
- targeted deletion of nodes in uncorrelated scale-free networks are highly effective if compared to random breakdown, as previously anticipated by the numerical simulations by Albert et al. [275]. This is due to the critical high degree of just a few vertices whose removal disrupts the whole network. On the other hand, tolerance to attacks in correlated networks is still a problem entirely to be explored. This is due in part to the lack of generic models that produce networks with arbitrary degree-degree correlations
- in order to prevent the breakdown of scale-free networks, one has to find an optimal criterion that takes into account two factors: the robustness of the system itself under repeated failures, and the possibility of knowing in advance that the collapse of the system is approaching
- cascading failures occur much easier in small-world and scale-free networks than in global coupling networks
- an appropriate randomness in path selection can shift the onset of traffic congestion, allowing to accommodate more packets in the network

4. Spreading processes

- Epidemic spreading vs rumour spreading
- epidemiological processes can be regarded as percolation like processes
- the long term maintenance of the infection in a closed population is impossible in the SIR model, due to the depletion of susceptibles, as the epidemic spread through the population
- in both models the spread of infections is tremendously strengthened on scale-free networks. For such a reason, here we shall mainly concentrate on the SIR model
- Heterogeneous graphs with highly skewed degree distributions are particularly important to describe real transmission networks. For example, in the case of sexual contacts, which are responsible for the diffusion of sexually transmitted
diseases, the degree distribution has been found to follow a power-law
- a targeted immunization based on the node connectivity can restore a finite
epidemic threshold and potentially eradicate a virus. This result gives also important indications on the best public health strategies to adopt in order to control and eradicate sexually transmitted diseases (as the HIV). The real
problem here is that sexual promiscuous individuals are not always easy to identify
- vaccination of random acquaintances of random chosen individuals. This strategy is based on the fact that the probability of reaching a particular node by following a randomly chosen edge is proportional to the nodes degree
- structured scale-free networks do not possess the small-world property
- the diseases are longest lived in assortative networks

- desirable to spread the “epidemic” (the rumour) as fast and as efficiently as possible
- The standard rumor model is the so-called DK model
- denoted by ignorant (I), spreader (S) and stifler (R) nodes
- there is no “rumor threshold”, contrarily to the case of epidemic spreading.
The difference does not come from any difference in the growth mechanism of s(t)—the two are actually the same—,but from the disparate rules for the decay of the spreading process
- contrary to epidemic modelling, rumor processes can be tailored depending on the specific application. In this respect, there are still many issues to be addressed such as the influence of correlations, and dynamical rewiring. But we already know that even for a very poorly designed rumor, the final fraction of stiflers is finite at variance with epidemiological models

5. Synchronisation and collective dynamics

- Synchronization is a process wherein many systems (either equivalent or non-equivalent) adjust a given property of their motion due to a suitable coupling configuration, or to an external forcing
- We start with discussing the so called Master Stability Function approach
- Master stability function arguments are currently used as a challenging framework for the study of synchronized behaviors in complex networks, especially for understanding the interplay between complexity in the overall topology and local dynamical properties of the coupled units
- where a weighting in the connections has relevant consequences in
determining the network’s dynamics
- asymmetry in the coupling was shown to play a fundamental role in connection with synchronization of coupled spatially extended fields
- conveying the global complex structure of shortest paths into a weighting procedure gives in that range a better criterion for synchronization than solely relying on the local information around a node
- asymmetry here deteriorates the network propensity for synchronization
- which are the essential topological ingredients enhancing synchronization in weighted networks? The answer is that only the simultaneous action of many ingredients provide the best conditions for synchronization
- The first ingredient is that the weighting must induce a dominant interaction from hub to non-hub nodes
- A second fundamental ingredient is that the network contains a structure of connected hubs influencing the other nodes
- the need of a dominant interaction from hubs to non-hubs for improving synchronization, also for highly homogeneous networks
- weighted networks is the most promising framework for the study of how the architectural properties of the connection wiring influence the efficiency and robustness of the networked system in giving rise to a synchronized behavior
- the coupling strength at which the transition occurs is determined by
the largest eigenvalue of the adjacency matrix
- the ability of a given network to synchronize is strongly ruled by the structure of connections
- some studies suggested that small-world wirings always lead to enhance synchronization as compared with regular topologies

6. Applications

- the larger is the clustering coefficient, the easier the development of the consensus takes place
- the role of complex topologies in opinion dynamics is still to be better investigated
- network structure can be as important as the game rules in order to maintain
cooperative regimes
- the Internet has a relatively high clustering coefficient, about 100 times larger than that of a ER random graph with the same size. Interestingly, the clustering properties increase with time. Moreover, the clustering coefficient is a power-law decaying function of the degree
- Finally, the betweenness distributions follow a power-law
- For the data mining in WWW, it is necessary to estimate the accuracy and
valueness of such information. Interestingly, in the commercial search engine Google such estimation is performed by the so called “page rank” measurements
- it is expected that the large-scale network approach may lead to new insights on various longstanding questions on life, such as robustness to external perturbations, adaptation to external circumstances, and even hidden underlying design principles of evolution
- Similarly to metabolic networks, scale-free properties, high-clustering and small-world properties with hierarchical modularity and robustness against random attacks were observed in protein–protein interaction networks
- argued that the
biological functional organization and the spatial cellular organization are correlated significantly with the topology of the network, by comparing the connectivity structure with that of randomized networks
- Protein crystallography reveals that the fundamental unit of the protein structure is the domain
- Up to now, we have presented evidences supporting that scale-free distributions, small-world, and high clustering seem to be universal properties of cellular networks
- One of the basic properties of scale-free networks is the existence of hub nodes
- The scale-freeness property of a network might indicate growing and
preferential attachment as evolutionary principles that led to the formation of the network as we know it nowadays
- Suppressing a link between highly connected proteins and favoring links between highly connected and low-connected pairs of proteins decreases the likelihood of cross talks between different functional modules of the cell, and increases the overall robustness of the network against localized effects of deleterious perturbations. This feature (combined with scale-free and small-world property) is considered nowadays a key property to explain biological robustness
- Each network motif appears to carry out a specific dynamical function in the network, as it has been experimentally and theoretically demonstrated
- the brain organization is ruled by optimizing principles of resource allocation and constraint minimization
- This plasticity renders neurons able to continuously change connections, or establish new ones according to the computational and communication needs
- The literature usually refers to three different types of connectivity: neuroanatomical, functional and effective
- the description of neural system may be improved by using weighted networks
- Within the framework of learning of artificial neural networks, it has recently been shown that a small-world connectivity may yield a learning error and learning time lower than those obtained with random or regular connectivity patterns
- Some brain diseases, as epilepsy, are the result of an abnormal and, some times, abrupt synchronization of a large number of neural populations
- Many open questions e.g. the presence of motifs is a relevant feature in the structure of cortical networks. However, the role of motifs in brain dynamics remain unclear
- learning could induce changes in the wiring scheme
- Synchronization has been found to be enhanced by a small-world wiring structure. This finding has suggested a plausible paradigm to explain the emergence of some neural phenomena as epileptic seizures, characterized by
a sudden and strong synchronization. Unfortunately, there is presently no conceptual or computational works to understand the role of connectivity in the control of these synchronized states

7. Other topics

- finding the communities within a network is a powerful tool for understanding the structure and the functioning of the network, and its growth mechanisms
- spectral graph partitioning
- A class of algorithms that work much better when there is no prior knowledge on the number of communities is the hierarchical clustering analysis used in social networks analysis
- a series of algorithms based on the idea of iteratively removing edges with high
centrality score have been proposed. Such methods use different measures of edge centrality, as the random-walk betweenness, the current-flow betweenness
- fast method based on modularity
- The study of the eigenvector associated with the second smallest eigenvalue is of practical use only when a clear partition into two parts exists, which is rarely the case
- other algorithms use voltage drops, the graph is considered an electric circuit
- The ability to navigate and search for shortest paths in a network without knowledge on its whole topological structure is a relevant issue, not only in
social systems, but also in optimization of information finding from the World Wide Web, traffic way-finding in a city, transport of information packets on the Internet, or diffusion of signaling molecules in a biological cell
- Analytical and numerical results show that the information does not distribute
uniformly in heterogeneous networks
- Since in a highly heterogeneous network, as the Internet, the highest-degree nodes are connected to a significant fraction of all nodes in the network,
the agent need only a few steps to find a node that is a neighbor of the target q
- This means that in the small world regime, the average search time increases very slowly with the network size, in comparison with regular and random networks, and also with respect to a strategy based on random walk
- For a single search problem the optimal network is clearly a highly polarized starlike structure. This structure is indeed very simple and efficient in terms of searchability, since the average number of steps to find a given node is always bounded, independently of the size of the system. However, the polarized starlike structure becomes inefficient when many search processes coexist in the  network, due to the limited capacity of the central node
- This means that only two classes of networks can be considered as optimal: starlike configurations when the number of parallel searches is small, or homogeneous configurations when the number of parallel searches is large.
- agents making use of local information of the net topology are more efficient in such dynamical environment than agents making use of the global information, thus suggesting that this can explain what occurs in multi-agent systems for the processes of allocation of distributed resources
- Finally, for high densities and small noises, the motion of walkers becomes ordered on the same scale of the system size, and all walkers move in the same spontaneously chosen direction