Knocking down the HACIENDA with TCP Stealth
|
|
- Linda Oliver
- 5 years ago
- Views:
Transcription
1 Knocking down the HACIENDA with TCP Stealth Christian Grothoff Actual work: Julian Kirsch Technische Universität München May 8, 2015
2 Knocking down the HACIENDA 1/1
3 Knocking down the HACIENDA 2/1
4 Knocking down the HACIENDA 3/1
5 Knocking down the HACIENDA 4/1
6 Knocking down the HACIENDA 5/1
7 Knocking down the HACIENDA 6/1
8 Knocking down the HACIENDA 7/1
9 Knocking down the HACIENDA 8/1
10 Knocking down the HACIENDA 9/1
11 Knocking down the HACIENDA 10/1
12 Knocking down the HACIENDA 11/1
13 Knocking down the HACIENDA 12/1
14 Knocking down the HACIENDA 13/1
15 Knocking down the HACIENDA 14/1
16 Knocking down the HACIENDA 15/1
17 Knocking down the HACIENDA 16/1
18 Knocking down the HACIENDA 17/1
19 Knocking down the HACIENDA 18/1
20 Knocking down the HACIENDA 19/1
21 So, is it all lost? Knocking down the HACIENDA 20/1
22 Two Solutions Backwards-compatible minimally invasive hotfix Clean-slate principled rearchitecture Knocking down the HACIENDA 21/1
23 An Introduction to Port Knocking No knock, no fun Port knocking example Host 1 Host 2 Host 1 Host 2 SYN (SEQ = x 0 ) port 4242 SYN (SEQ = x) port 22 RST (SEQ = y 0, ACK = x 0 + 1) Time RST (SEQ = y, ACK = x + 1) Time SYN (SEQ = x 1 ) port 1337 RST (SEQ = y 1, ACK = x 1 + 1) SYN (SEQ = x 2 ) port 22 SYN (SEQ = y 2, ACK = x 2 + 1) (SEQ = x 2 + 1, ACK = y 2 + 1) Knocking down the HACIENDA 22/1
24 Design Overview 2. Practical and Secure Stealthy Servers Knocking down the HACIENDA 23/1
25 Design Stealthiness Source Port Sequence Number Acknowledgement Number Destination Port Data Offset Reserved U R G A CK P SH R ST S YN F IN Window Checksum Options Urgent Pointer Knocking down the HACIENDA 24/1
26 Design (v1) Security Destination IP address IP d Destination port P d TCP timestamp T Pre-Shared Key S Hash function h Authentication Security Token (AV) AV := h((ip d, P d, T), S) ISN := AV Knocking down the HACIENDA 25/1
27 Knocking down the HACIENDA 26/1
28 Design (v2) Security Destination IP address IP d Destination port P d TCP timestamp T Pre-Shared Key S Hash functions h, h Payload p TCP Payload Integrity Protector IH IH := h (S p) Authentication Security Token AV AV := h((ip d, P d, T, IH), S) ISN := AV IH Knocking down the HACIENDA 27/1
29 Host 1 Host 2 SYN (SEQ = x = (AV IH)) AV correct? Time RST (SEQ = y, ACK = x + 1) ACK (SEQ = y, ACK = x + 1) (SEQ = x + 1, ACK = y + 1) no yes IH correct? Payload RST (SEQ = y + 1, ACK = x + 2)... no yes Knocking down the HACIENDA 28/1
30 Design Ease of Use Source IP and Port not included in ISN generation Compatibility with NATs Knocking is implemented in the kernel No fiddling with config-files, firewall rules or daemons Trivial to use from an application developer s perspective Knocking down the HACIENDA 29/1
31 Design Ease of Use TCP Stealth Server 1 char s e c r e t [ 6 4 ] = " This i s my magic ID. " ; 2 i n t payload_len = 4 ; 3 i n t sock ; 4 5 sock = socket ( AF_INET, SOCK_STREAM, IPPROTO_TCP) ; 6 i f ( sock < 0) { 7 p r i n t f ( " socket ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 8 return 1 ; 9 } 10 i f ( setsockopt ( sock, IPPROTO_TCP, TCP_STEALTH, s e c r e t, s i z e o f ( s e c r e t ) ) ) { 11 p r i n t f ( " setsockopt ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 12 return 1 ; 13 } 14 i f ( setsockopt ( sock, IPPROTO_TCP, TCP_STEALTH_INTEGRITY_LEN, 15 &payload_len, si ze of ( payload_len ) ) ) { 16 p r i n t f ( " setsockopt ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 17 return 1 ; 18 } 19 / Continue with bind ( ), l i s t e n ( ), a c c e p t ( ), r e c v ( ),... / Knocking down the HACIENDA 30/1
32 Design Ease of Use TCP Stealth Client 1 char s e c r e t [ 6 4 ] = " This i s my magic ID. " ; 2 char payload [ 4 ] = " 1234 " ; 3 i n t sock ; 4 5 sock = socket ( AF_INET, SOCK_STREAM, IPPROTO_TCP) ; 6 i f ( sock < 0) { 7 p r i n t f ( " socket ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 8 return 1 ; 9 } 10 i f ( setsockopt ( sock, IPPROTO_TCP, TCP_STEALTH, s e c r e t, s i z e o f ( s e c r e t ) ) ) { 11 p r i n t f ( " setsockopt ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 12 return 1 ; 13 } 14 i f ( setsockopt ( sock, IPPROTO_TCP, TCP_STEALTH_INTEGRITY, 15 payload, s i z e o f ( payload ) ) ) { 16 p r i n t f ( " setsockopt ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 17 return 1 ; 18 } 19 / Continue with c o n n e c t ( ), send ( ),... / Knocking down the HACIENDA 31/1
33 Design Ease of Use libknockify Shared library for use at compile- or run-time Enables TCP Stealth functionality for legacy code $ LD_PRELOAD=./libknockify.so ncat knock-server application-port Configuration options (such as the TCP Stealth secret) are given as environment variables or via a special file Knocking down the HACIENDA 32/1
34 Limitations Distribution of the Pre-Shared Key ISN has only 32 bits Knocking down the HACIENDA 33/1
35 Limitations Distribution of the Pre-Shared Key ISN has only 32 bits Changes to ISN and TSVal by middle boxes: TCP Port Behavior Unchanged 126 (93%) 116 (82%) 128 (90%) Mod. outbound 5 (4%) 5 (4%) 6 (4%) Mod. inbound 0 (0%) 1 (1%) 1 (1%) Mod. both 4 (3%) 13 (9%) 7 (5%) Proxy (probably mod. both) 0 (0%) 7 (5%) 0 (0%) Total 135 (100%) 142 (100%) 142 (100%) Numbers by Honda et al. Is it Still Possible to Extend TCP? Knocking down the HACIENDA 33/1
36 Limitations Distribution of the Pre-Shared Key ISN has only 32 bits Changes to ISN and TSVal by middle boxes: TCP Port Behavior Unchanged 126 (93%) 116 (82%) 128 (90%) Mod. outbound 5 (4%) 5 (4%) 6 (4%) Mod. inbound 0 (0%) 1 (1%) 1 (1%) Mod. both 4 (3%) 13 (9%) 7 (5%) Proxy (probably mod. both) 0 (0%) 7 (5%) 0 (0%) Total 135 (100%) 142 (100%) 142 (100%) Numbers by Honda et al. Is it Still Possible to Extend TCP? IETF, Linux and FreeBSD communities so far fail to adopt Knocking down the HACIENDA 33/1
37 Cat break (sponsored by IRTF) Knocking down the HACIENDA 34/1
38 HACIENDA is a port mapper. Knocking down the HACIENDA 35/1
39 HACIENDA is a port mapper. What else does the NSA map? Knocking down the HACIENDA 35/1
40 HACIENDA is a port mapper. What else does the NSA map? Let s ask The Intercept... Knocking down the HACIENDA 35/1
41 Knocking down the HACIENDA 36/1
42 Time to Build a NEWGNU Network Knocking down the HACIENDA 37/1
43 The NEWGNU Network (very simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer Knocking down the HACIENDA 38/1
44 The NEWGNU Network (very simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer HTTPS/TCP/WLAN/... Knocking down the HACIENDA 38/1
45 The NEWGNU Network (very simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer CORE (OTR) HTTPS/TCP/WLAN/... Knocking down the HACIENDA 38/1
46 The NEWGNU Network (very simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer R 5 N DHT (KBR) CORE (OTR) HTTPS/TCP/WLAN/... Knocking down the HACIENDA 38/1
47 The NEWGNU Network (very simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer CADET (SCTP+Axolotl+TCP Stealth) R 5 N DHT (KBR) CORE (OTR) HTTPS/TCP/WLAN/... Knocking down the HACIENDA 38/1
48 The NEWGNU Network (very simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNU Name System CADET (SCTP+Axolotl+TCP Stealth) R 5 N DHT (KBR) CORE (OTR) HTTPS/TCP/WLAN/... Knocking down the HACIENDA 38/1
49 The NEWGNU Network (very simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer Applications GNU Name System CADET (SCTP+Axolotl+TCP Stealth) R 5 N DHT (KBR) CORE (OTR) HTTPS/TCP/WLAN/... Knocking down the HACIENDA 38/1
50 The NEWGNU Network (very simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNUnet Applications GNU Name System CADET (SCTP+Axolotl+TCP Stealth) R 5 N DHT (KBR) CORE (OTR) HTTPS/TCP/WLAN/... Knocking down the HACIENDA 38/1
51 Limitations Distribution of the Pre-Shared Key use GNU Name System Knocking down the HACIENDA 39/1
52 Limitations Distribution of the Pre-Shared Key use GNU Name System ISN has only 32 bits use 256 bits Knocking down the HACIENDA 39/1
53 Limitations Distribution of the Pre-Shared Key use GNU Name System ISN has only 32 bits use 256 bits Changes to ISN and TSVal by middle boxes irrelevant in overlay Knocking down the HACIENDA 39/1
54 Limitations Distribution of the Pre-Shared Key use GNU Name System ISN has only 32 bits use 256 bits Changes to ISN and TSVal by middle boxes irrelevant in overlay IETF, Linux and FreeBSD communities so far fail to adopt all in userspace Knocking down the HACIENDA 39/1
55 Limitations Distribution of the Pre-Shared Key use GNU Name System ISN has only 32 bits use 256 bits Changes to ISN and TSVal by middle boxes irrelevant in overlay IETF, Linux and FreeBSD communities so far fail to adopt all in userspace More issues to address more research! (not done yet!) Knocking down the HACIENDA 39/1
56 A Pattern of Hope Spy Program Target Defense Started FTM/TRACFIN SWIFT/VISA/etc. DigiCash/GNU Taler 1990 TREASUREMAP Internet (all) Freenet/GNUnet/Tor 2000 HACIENDA vuln. TCP service Port Knocking 2000 BULLRUN/DUAL_EC_DRBG PRNG (backdoor) n/a 2004 BULLRUN/LONGHAUL TLS/IPSEC (keys) OTR/AXOLOTL 2004 MJOLNIR Long-path in Tor Tor PRISM US big data corps SecuShare 2009 MORECOWBELL DNS GNU Name System Knocking down the HACIENDA 40/1
57 Questions? Find more information at: Thanks to: JULIAN KIRSCH JACOB APPELBAUM MONIKA ERMERT LAURA POITRAS HENRIK MOLTKE MAURICE LECLAIRE ANDREAS ENGE BART POLOT LUCA SAIU THE SOURCE This work was funded by the Deutsche Forschungsgemeinschaft (DFG) under ENP GR 3688/1-1. Slides will be at Knocking down the HACIENDA 41/1
58 Limitations RFC 1323: TCP Extensions for High Performance Source Port Sequence Number Acknowledgement Number Destination Port Data Offset Reserved U R G A CK P SH R ST S YN F IN Window Checksum Options Urgent Pointer Kind=8 10 TS Value (TSval) TS Value (TSval) TS Echo Reply (TSecr) Options TS Echo Reply (TSecr) Options Knocking down the HACIENDA 42/1
Knocking down the HACIENDA with TCP Stealth
Knocking down the HACIENDA with TCP Stealth Christian Grothoff Actual work: Julian Kirsch Technische Universität München July 23, 2015 Knocking down the HACIENDA 1/29 Knocking down the HACIENDA 2/29 Knocking
More informationSocket Programming. Daniel Zappala. CS 360 Internet Programming Brigham Young University
Socket Programming Daniel Zappala CS 360 Internet Programming Brigham Young University Sockets, Addresses, Ports Clients and Servers 3/33 clients request a service from a server using a protocol need an
More informationCryptography in GNUnet
Cryptography in GNUnet Protocols for a Future Internet for Libre Societies Christian Grothoff Sept 30th, 2015 Sometime in 2013... The NEWGNU Network (very simplified) Internet Google DNS/X.509 TCP/UDP
More informationComputer Networks ( Classroom Practice Booklet Solutions)
Computer Networks ( Classroom Practice Booklet Solutions). Concept Of Layering 0. Ans: (b) Sol: Data Link Layer is responsible for decoding bit stream into frames. 0. Ans: (c) Sol: Network Layer has the
More informationBoost UDP Transaction Performance
Boost UDP Transaction Performance Toshiaki Makita NTT Open Source Software Center Today's topics Background Basic technologies for network performance How to improve UDP performance 2 Who is Toshiaki Makita?
More informationPublic-key cryptography and the Discrete-Logarithm Problem. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J.
Public-key cryptography and the Discrete-Logarithm Problem Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein Cryptography Let s understand what our browsers do. Schoolbook
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationOverview. Public Key Algorithms II
Public Key Algorithms II Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationRemote Timing Attacks are Practical
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel
More informationUnreliable Failure Detectors for Reliable Distributed Systems
Unreliable Failure Detectors for Reliable Distributed Systems A different approach Augment the asynchronous model with an unreliable failure detector for crash failures Define failure detectors in terms
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationDo we have a quorum?
Do we have a quorum? Quorum Systems Given a set U of servers, U = n: A quorum system is a set Q 2 U such that Q 1, Q 2 Q : Q 1 Q 2 Each Q in Q is a quorum How quorum systems work: A read/write shared register
More informationU-Prove Range Proof Extension Draft Revision 1
U-Prove Range Proof Extension Draft Revision 1 Microsoft Research Author: Mira Belenkiy June 2014 2014 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views
More informationComparative firewall study Chemnitz, 1st October 2004
A Attachment A.1 Particular test results This chapter lists the test results for each firewall system tested with each previously described test. A.2 Packetfilter on OpenBSD A.2.1 General requirements
More informationCS 3411 Systems Programming
CS 3411 Systems Programming Department of Computer Science Michigan Technological University Sockets Today's Topics New Way of Communicating Between Processes Sockets Standard" Unix Processes/IPC IPC stands
More informationEnforcing honesty of certification authorities: Tagged one-time signature schemes
Enforcing honesty of certification authorities: Tagged one-time signature schemes Information Security Group Royal Holloway, University of London bertram.poettering@rhul.ac.uk Stanford, January 11, 2013
More informationLeopold Franzens University Innsbruck. Responding to Spurious Loss Events in TCP/IP. Master Thesis. Institute of Computer Science
Leopold Franzens University Innsbruck Institute of Computer Science Distributed and Parallel Systems Group Responding to Spurious Loss Events in TCP/IP Master Thesis Supervisor: Dr. Michael Welzl Author:
More informationOverlay Transport Virtualization (OTV) Unicast-Mode Transport Infrastructure Deployment
Overlay Transport Virtualization (OTV) Unicast-Mode Transport Infrastructure Deployment July 24, 2012 ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS")
More informationOverview of Geospatial Open Source Software which is Robust, Feature Rich and Standards Compliant
Overview of Geospatial Open Source Software which is Robust, Feature Rich and Standards Compliant Cameron SHORTER, Australia Key words: Open Source Geospatial Foundation, OSGeo, Open Standards, Open Geospatial
More informationPost-quantum key exchange for the Internet based on lattices
Post-quantum key exchange for the Internet based on lattices Craig Costello Talk at MSR India Bangalore, India December 21, 2016 Based on J. Bos, C. Costello, M. Naehrig, D. Stebila Post-Quantum Key Exchange
More informationNetworked Control Systems
Networked Control Systems Simulation & Analysis J.J.C. van Schendel DCT 2008.119 Traineeship report March till June 2008 Coaches: Supervisor TU/e: Prof. Dr. D. Nesic, University of Melbourne Dr. M. Tabbara,
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationDistributed systems Lecture 4: Clock synchronisation; logical clocks. Dr Robert N. M. Watson
Distributed systems Lecture 4: Clock synchronisation; logical clocks Dr Robert N. M. Watson 1 Last time Started to look at time in distributed systems Coordinating actions between processes Physical clocks
More informationmd5bloom: Forensic Filesystem Hashing Revisited
DIGITAL FORENSIC RESEARCH CONFERENCE md5bloom: Forensic Filesystem Hashing Revisited By Vassil Roussev, Timothy Bourg, Yixin Chen, Golden Richard Presented At The Digital Forensic Research Conference DFRWS
More informationConcurrent HTTP Proxy Server. CS425 - Computer Networks Vaibhav Nagar(14785)
Concurrent HTTP Proxy Server CS425 - Computer Networks Vaibhav Nagar(14785) Email: vaibhavn@iitk.ac.in August 31, 2016 Elementary features of Proxy Server Proxy server supports the GET method to serve
More informationSlides for Chapter 14: Time and Global States
Slides for Chapter 14: Time and Global States From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, Addison-Wesley 2012 Overview of Chapter Introduction Clocks,
More informationEffective Entropy for Memory Randomization Defenses
Effective Entropy for Memory Randomization Defenses William Herlands, Thomas Hobson, Paula Donovan 7 th Workshop on Cyber Security Experimentation and Test 18 August 2014 This work is sponsored by Assistant
More informationDistributed Systems Principles and Paradigms. Chapter 06: Synchronization
Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer Science Room R4.20, steen@cs.vu.nl Chapter 06: Synchronization Version: November 16, 2009 2 / 39 Contents Chapter
More informationVerification of the TLS Handshake protocol
Verification of the TLS Handshake protocol Carst Tankink (0569954), Pim Vullers (0575766) 20th May 2008 1 Introduction In this text, we will analyse the Transport Layer Security (TLS) handshake protocol.
More informationTime in Distributed Systems: Clocks and Ordering of Events
Time in Distributed Systems: Clocks and Ordering of Events Clocks in Distributed Systems Needed to Order two or more events happening at same or different nodes (Ex: Consistent ordering of updates at different
More informationTECDIS and TELchart ECS Weather Overlay Guide
1 of 24 TECDIS and TELchart ECS provides a very advanced weather overlay feature, using top quality commercial maritime weather forecast data available as a subscription service from Jeppesen Marine. The
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationThe Analysis of Microburst (Burstiness) on Virtual Switch
The Analysis of Microburst (Burstiness) on Virtual Switch Chunghan Lee Fujitsu Laboratories 09.19.2016 Copyright 2016 FUJITSU LABORATORIES LIMITED Background What is Network Function Virtualization (NFV)?
More informationTroubleshooting Replication and Geodata Services. Liz Parrish & Ben Lin
Troubleshooting Replication and Geodata Services Liz Parrish & Ben Lin AGENDA: Troubleshooting Replication and Geodata Services Overview Demo Troubleshooting Q & A Overview of Replication Liz Parrish What
More informationHASH FUNCTIONS. Mihir Bellare UCSD 1
HASH FUNCTIONS Mihir Bellare UCSD 1 Hashing Hash functions like MD5, SHA1, SHA256, SHA512, SHA3,... are amongst the most widely-used cryptographic primitives. Their primary purpose is collision-resistant
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationA Small Subgroup Attack on Arazi s Key Agreement Protocol
Small Subgroup ttack on razi s Key greement Protocol Dan Brown Certicom Research, Canada dbrown@certicom.com lfred Menezes Dept. of C&O, University of Waterloo, Canada ajmeneze@uwaterloo.ca bstract In
More informationPseudo-Random Generators
Pseudo-Random Generators Topics Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More informationPseudo-Random Generators
Pseudo-Random Generators Why do we need random numbers? Simulation Sampling Numerical analysis Computer programming (e.g. randomized algorithm) Elementary and critical element in many cryptographic protocols
More informationMySQL Attack Mitigation Using Deception Technology
1 RESEARCH REPORT : MySQL Attack Mitigation Using Deception Technology RESEARCH REPORT MySQL Attack Mitigation Using Deception Technology A Report by TrapX Labs December 31, 2016 2 RESEARCH REPORT : MySQL
More informationSDS developer guide. Develop distributed and parallel applications in Java. Nathanaël Cottin. version
SDS developer guide Develop distributed and parallel applications in Java Nathanaël Cottin sds@ncottin.net http://sds.ncottin.net version 0.0.3 Copyright 2007 - Nathanaël Cottin Permission is granted to
More informationApplied cryptography
Applied cryptography Identity-based Cryptography Andreas Hülsing 19 November 2015 1 / 37 The public key problem How to obtain the correct public key of a user? How to check its authenticity? General answer:
More informationHASH FUNCTIONS 1 /62
HASH FUNCTIONS 1 /62 What is a hash function? By a hash function we usually mean a map h : D {0,1} n that is compressing, meaning D > 2 n. E.g. D = {0,1} 264 is the set of all strings of length at most
More informationPatrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies
Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies Jun Dai, Xiaoyan Sun, and Peng Liu College of Information Sciences and Technology Pennsylvania State University,
More informationSTRIBOB : Authenticated Encryption
1 / 19 STRIBOB : Authenticated Encryption from GOST R 34.11-2012 or Whirlpool Markku-Juhani O. Saarinen mjos@item.ntnu.no Norwegian University of Science and Technology Directions in Authentication Ciphers
More informationDistributed Systems Principles and Paradigms
Distributed Systems Principles and Paradigms Chapter 6 (version April 7, 28) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.2. Tel: (2)
More informationDevelopment of a Web-Based GIS Management System for Agricultural Authorities in Iraq
Development of a Web-Based GIS Management System for Agricultural Authorities in Iraq USCID Water Management Conference Phoenix, Arizona April 18, 2013 Gabriele Bonaiti Extension Program Specialist David
More informationTopics. Pseudo-Random Generators. Pseudo-Random Numbers. Truly Random Numbers
Topics Pseudo-Random Generators Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More informationElliptic curves. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J. Bernstein
Elliptic curves Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein Diffie-Hellman key exchange Pick some generator. Diffie-Hellman key exchange Pick some generator. Diffie-Hellman
More informationTroubleshooting Replication and Geodata Service Issues
Troubleshooting Replication and Geodata Service Issues Ken Galliher & Ben Lin Esri UC 2014 Demo Theater Tech Session Overview What is Geodatabase Replication Replication types Geodata service replication
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationE8 TCP. Politecnico di Milano Scuola di Ingegneria Industriale e dell Informazione
E8 TP Politecnico di Milano Scuola di Ingegneria Industriale e dell Informazione Exercises o onsider the connection in the figure A =80 kbit/s τ =0 ms R =? τ =? B o o o Host A wants to know the capacity
More informationSession Data. Evan Misshula
Session Data Evan Misshula emisshula@qc.cuny.edu What is session data? Session data is the summary of the communications between two devices log is like the bill of a mobile phone Who? What? Where? Typical
More informationPOST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW?
POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Böck https://hboeck.de 1 INTRODUCTION Hanno Böck, freelance journalist and hacker. Writing for Golem.de and others. Fuzzing Project, funded
More informationSMART Planning Charette Facilitation Webinar
US Army Corps of Engineers PLANNING SMART BUILDING STRONG SMART Planning Charette Facilitation Webinar Hosted by the Planning Community of Practice & the Collaboration and Public Participation Community
More informationAnalyzing the IETF ACE-OAuth Protocol
Analyzing the IETF ACE-OAuth Protocol Hannes Tschofenig Arm Limited, Email: hannes.tschofenig@arm.com I. ABSTRACT The OAuth Security Workshop series was started after a group of researchers from Trier/Germany
More informationENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions
ENEE 457: Computer Systems Security 09/19/16 Lecture 6 Message Authentication Codes and Hash Functions Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationTime, Clocks, and the Ordering of Events in a Distributed System
Time, Clocks, and the Ordering of Events in a Distributed System Motivating example: a distributed compilation service FTP server storing source files, object files, executable file stored files have timestamps,
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationHash-based signatures & Hash-and-sign without collision-resistance
Hash-based signatures & Hash-and-sign without collision-resistance Andreas Hülsing 22.12.2016 Hash-based Signature Schemes [Mer89] Post quantum Only secure hash function Security well understood Fast 22-12-2016
More informationAdvanced Topicson Network Socket Programming
Advanced Topics on Network Socket Programming Computer Science Department, University of Crete Manolis Surligas surligas@csduocgr October 18, 2017 Manolis Surligas (CSD, UoC) Advanced Topicson Network
More informationVA IPv6 Addressing Plan. Options and Final Proposal 2/28/08
VA IPv6 Addressing Plan Options and Final Proposal 2/28/08 Design Considerations VA IPv6 address space from ARIN 2610:00d8::/32 /32 is considered as an ISP address space Since VA is an enterprise, it acts
More informationSenior astrophysics Lab 2: Evolution of a 1 M star
Senior astrophysics Lab 2: Evolution of a 1 M star Name: Checkpoints due: Friday 13 April 2018 1 Introduction This is the rst of two computer labs using existing software to investigate the internal structure
More informationRecap. CS514: Intermediate Course in Operating Systems. What time is it? This week. Reminder: Lamport s approach. But what does time mean?
CS514: Intermediate Course in Operating Systems Professor Ken Birman Vivek Vishnumurthy: TA Recap We ve started a process of isolating questions that arise in big systems Tease out an abstract issue Treat
More informationIncident Response tactics with Compromise Indicators
Vladimir Kropotov, Vitaly Chetvertakov, Fyodor Yarochkin RusCrypto 2014 March 25-28, 2014 Outline Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions Introduction Indicators
More informationCS505: Distributed Systems
Cristina Nita-Rotaru CS505: Distributed Systems Ordering events. Lamport and vector clocks. Global states. Detecting failures. Required reading for this topic } Leslie Lamport,"Time, Clocks, and the Ordering
More informationM o n i t o r i n g O c e a n C o l o u r P y t h o n p r o c e d u r e f o r d o w n l o a d
M o n i t o r i n g O c e a n C o l o u r P y t h o n p r o c e d u r e f o r d o w n l o a d Copernicus User Uptake Information Sessions Copernicus EU Copernicus EU Copernicus EU www.copernicus.eu I N
More information10:00 12:30. Do not open this problem booklet until the start of the examination is announced.
21 I 20 8 26 10:00 12:30 (1),. Do not open this problem booklet until the start of the examination is announced. (2) 4.. Answer the following 4 problems. Use the designated answer sheet for each problem.
More informationHenning Schulzrinne Columbia University, New York Columbia University, Fall 2000
1 Network Security: Hashes Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified October 5, 2000 Slide
More informationPost-Quantum Cryptography & Privacy. Andreas Hülsing
Post-Quantum Cryptography & Privacy Andreas Hülsing Privacy? Too abstract? How to achieve privacy? Under the hood... Asymmetric Crypto ECC RSA DSA Symmetric Crypto AES SHA2 SHA1... Combination of both
More informationIEEE C /058r3
Project Title IEEE 802.16 Broadband Wireless Access Working Group MAC support and the general structure of the Coexistence Protocol messages Date Submitted 2006-07-13 Source(s)
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationTroubleshooting IOM Issues
This chapter contains the following sections: IOM Terminology, page 1 Chassis Boot Sequence, page 2 Link Pinning and Failover Behavior, page 3 Recommended Solutions for IOM Issues, page 4 IOM Terminology
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationYou submitted this homework on Wed 31 Jul :50 PM PDT (UTC -0700). You got a score of out of You can attempt again in 10 minutes.
Feedback Week 6 - Problem Set You submitted this homework on Wed 31 Jul 2013 1:50 PM PDT (UTC -0700) You got a score of 1000 out of 1 You can attempt again in 10 minutes Question 1 Recall that with symmetric
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #5 Sep 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list by end of today Quiz #1 will be on Thursday,
More informationOn the Counter Collision Probability of GCM*
On the Counter Collision Probability of GCM* Keisuke Ohashi, Nagoya University Yuichi Niwa, Nagoya University Tetsu Iwata, Nagoya University Early Symmetric Crypto (ESC) seminar January 14 18, Mondorf
More informationThe Future of the USAP Antarctic Internet Data Distribution System
The Future of the USAP Antarctic Internet Data Distribution System A discussion on LDM Efforts at ASC with Satellite Ground Stations update Andrew B. Archer Antarctic Support Contract Matthew A. Lazzara
More informationThe Byzantine Generals Problem Leslie Lamport, Robert Shostak and Marshall Pease. Presenter: Jose Calvo-Villagran
+ The Byzantine Generals Problem Leslie Lamport, Robert Shostak and Marshall Pease Presenter: Jose Calvo-Villagran jcalvovi@uwaterloo.ca + Overview n The Byzantine Generals Problem n A solution: Oral Messages
More informationSecurity Protocols and Application Final Exam
Security Protocols and Application Final Exam Solution Philippe Oechslin and Serge Vaudenay 25.6.2014 duration: 3h00 no document allowed a pocket calculator is allowed communication devices are not allowed
More informationCS425: Algorithms for Web Scale Data
CS425: Algorithms for Web Scale Data Most of the slides are from the Mining of Massive Datasets book. These slides have been modified for CS425. The original slides can be accessed at: www.mmds.org Challenges
More informationIntroduction to ArcGIS Server - Creating and Using GIS Services. Mark Ho Instructor Washington, DC
Introduction to ArcGIS Server - Creating and Using GIS Services Mark Ho Instructor Washington, DC Technical Workshop Road Map Product overview Building server applications GIS services Developer Help resources
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 20, 2014 CPSC 467, Lecture 15 1/37 Common Hash Functions SHA-2 MD5 Birthday Attack on Hash Functions Constructing New
More informationCS483 Design and Analysis of Algorithms
CS483 Design and Analysis of Algorithms Lectures 2-3 Algorithms with Numbers Instructor: Fei Li lifei@cs.gmu.edu with subject: CS483 Office hours: STII, Room 443, Friday 4:00pm - 6:00pm or by appointments
More informationAutomata-based analysis of recursive cryptographic protocols
1 Automata-based analysis of recursive cryptographic protocols Thomas Wilke Joint work with Ralf Küsters Christian-Albrechts-Universität zu Kiel June 13, 2004 Un-/Decidability of security in the DY model
More informationInter-Packet Delay Based Correlation for Tracing Encrypted Connections Through Stepping Stones
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections Through Stepping Stones Xinyuan Wang, Douglas S. Reeves, S. Felix Wu Department of Computer Science Department of Electrical and Computer
More informationAdmin. ! Will post sample questions soon. 1. Choose a bit-length k. 2. Choose two primes p and q which can be represented with at most k bits
Admin Assignment 6 Midterm reviews Tue & Wed! Will post sample questions soon ENCRYPTION TAKE 2: PRACTICAL DETAILS Assignment 7 Office hours end today at 3:40 (instead of 4) David Kauchak CS52 Spring 2016
More informationTelecommunication Services Engineering (TSE) Lab. Chapter IX Presence Applications and Services.
Chapter IX Presence Applications and Services http://users.encs.concordia.ca/~glitho/ Outline 1. Basics 2. Interoperability 3. Presence service in clouds Basics 1 - IETF abstract model 2 - An example of
More informationAlgebra I - Study Guide for Final
Name: Date: Period: Algebra I - Study Guide for Final Multiple Choice Identify the choice that best completes the statement or answers the question. To truly study for this final, EXPLAIN why the answer
More informationSearching, mainly via Hash tables
Data structures and algorithms Part 11 Searching, mainly via Hash tables Petr Felkel 26.1.2007 Topics Searching Hashing Hash function Resolving collisions Hashing with chaining Open addressing Linear Probing
More informationForecast solutions for the energy sector
Forecast solutions for the energy sector A/S Lyngsø Allé 3 DK-2970 Hørsholm Henrik Aalborg Nielsen, A/S 1 Consumption and production forecasts Heat load forecasts for district heating systems usually for
More information2: Iterated Cryptographic Hash Functions
2: Iterated ryptographic Hash Functions we want hash function H : ({0, 1} n ) {0, 1} n of potentially infinite input size instead we have compression function F : {0, 1} m {0, 1} n {0, 1} n and define
More informationAddendum-1, West Aurora 129 Print RFP
Addendum-1, West Aurora 129 Print RFP 1. There are no dates in the RFP. Do you have a timetable for all of the typical activities (due date, approval date, implementation date, etc)? Due date is 5-22.
More informationcs/ee/ids 143 Communication Networks
cs/ee/ids 143 Communication Networks Chapter 4 Transport Text: Walrand & Parakh, 2010 Steven Low CMS, EE, Caltech Agenda Internetworking n Routing across LANs, layer2-layer3 n DHCP n NAT Transport layer
More informationSignatures and DLP-I. Tanja Lange Technische Universiteit Eindhoven
Signatures and DLP-I Tanja Lange Technische Universiteit Eindhoven How to compute ap Use binary representation of a to compute a(x; Y ) in blog 2 ac doublings and at most that many additions. E.g. a =
More informationNetwork Security: Hashes
1 Network Security: Hashes Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified October 5, 2000 2
More informationPractical, Quantum-Secure Key Exchange from LWE
Practical, Quantum-Secure Key Exchange from LWE Douglas Stebila 4 th ETSI/IQC Workshop on Quantum-Safe Cryptography September 21, 2016 Acknowledgements Collaborators Joppe Bos Craig Costello and Michael
More informationInternet Congestion Control: Equilibrium and Dynamics
Internet Congestion Control: Equilibrium and Dynamics A. Kevin Tang Cornell University ISS Seminar, Princeton University, February 21, 2008 Networks and Corresponding Theories Power networks (Maxwell Theory)
More information