Knocking down the HACIENDA with TCP Stealth
|
|
- Merryl Conley
- 5 years ago
- Views:
Transcription
1 Knocking down the HACIENDA with TCP Stealth Christian Grothoff Actual work: Julian Kirsch Technische Universität München July 23, 2015
2 Knocking down the HACIENDA 1/29
3 Knocking down the HACIENDA 2/29
4 Knocking down the HACIENDA 3/29
5 Knocking down the HACIENDA 4/29
6 Knocking down the HACIENDA 5/29
7 Knocking down the HACIENDA 6/29
8 Knocking down the HACIENDA 7/29
9 Knocking down the HACIENDA 8/29
10 Knocking down the HACIENDA 9/29
11 Knocking down the HACIENDA 10/29
12 Knocking down the HACIENDA 11/29
13 Knocking down the HACIENDA 12/29
14 So, is it all lost? Knocking down the HACIENDA 13/29
15 Two Solutions Backwards-compatible minimally invasive hotfix (TCP Stealth) Clean-slate principled rearchitecture Knocking down the HACIENDA 14/29
16 An Introduction to Port Knocking No knock, no fun Port knocking example Host 1 Host 2 Host 1 Host 2 SYN (SEQ = x 0 ) port 4242 SYN (SEQ = x) port 22 RST (SEQ = y 0, ACK = x 0 + 1) Time RST (SEQ = y, ACK = x + 1) Time SYN (SEQ = x 1 ) port 1337 RST (SEQ = y 1, ACK = x 1 + 1) SYN (SEQ = x 2 ) port 22 SYN (SEQ = y 2, ACK = x 2 + 1) (SEQ = x 2 + 1, ACK = y 2 + 1) Knocking down the HACIENDA 15/29
17 Design Overview 2. Practical and Secure Stealthy Servers Knocking down the HACIENDA 16/29
18 Design Stealthiness Source Port Sequence Number Acknowledgement Number Destination Port Data Offset Reserved U R G A CK P SH R ST S YN F IN Window Checksum Options Urgent Pointer Knocking down the HACIENDA 17/29
19 Design (v1) Security Destination IP address IP d Destination port P d TCP timestamp T Pre-Shared Key S Hash function h Authentication Security Token (AV) AV := h((ip d, P d, T), S) ISN := AV Knocking down the HACIENDA 18/29
20 Knocking down the HACIENDA 19/29
21 Design (v2) Security Destination IP address IP d Destination port P d TCP timestamp T Pre-Shared Key S Hash functions h, h Payload p TCP Payload Integrity Protector IH IH := h (S p) Authentication Security Token AV AV := h((ip d, P d, T, IH), S) ISN := AV IH Knocking down the HACIENDA 20/29
22 Host 1 Host 2 SYN (SEQ = x = (AV IH)) AV correct? Time RST (SEQ = y, ACK = x + 1) ACK (SEQ = y, ACK = x + 1) (SEQ = x + 1, ACK = y + 1) no yes IH correct? Payload RST (SEQ = y + 1, ACK = x + 2)... no yes Knocking down the HACIENDA 21/29
23 Design Ease of Use Source IP and Port not included in ISN generation Compatibility with NATs Knocking is implemented in the kernel No fiddling with config-files, firewall rules or daemons Trivial to use from an application developer s perspective Knocking down the HACIENDA 22/29
24 Design Ease of Use TCP Stealth Server 1 char s e c r e t [ 6 4 ] = " This i s my magic ID. " ; 2 i n t payload_len = 4 ; 3 i n t sock ; 4 5 sock = socket ( AF_INET, SOCK_STREAM, IPPROTO_TCP) ; 6 i f ( sock < 0) { 7 p r i n t f ( " socket ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 8 return 1 ; 9 } 10 i f ( setsockopt ( sock, IPPROTO_TCP, TCP_STEALTH, s e c r e t, s i z e o f ( s e c r e t ) ) ) { 11 p r i n t f ( " setsockopt ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 12 return 1 ; 13 } 14 i f ( setsockopt ( sock, IPPROTO_TCP, TCP_STEALTH_INTEGRITY_LEN, 15 &payload_len, si ze of ( payload_len ) ) ) { 16 p r i n t f ( " setsockopt ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 17 return 1 ; 18 } 19 / Continue with bind ( ), l i s t e n ( ), a c c e p t ( ), r e c v ( ),... / Knocking down the HACIENDA 23/29
25 Design Ease of Use TCP Stealth Client 1 char s e c r e t [ 6 4 ] = " This i s my magic ID. " ; 2 char payload [ 4 ] = " 1234 " ; 3 i n t sock ; 4 5 sock = socket ( AF_INET, SOCK_STREAM, IPPROTO_TCP) ; 6 i f ( sock < 0) { 7 p r i n t f ( " socket ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 8 return 1 ; 9 } 10 i f ( setsockopt ( sock, IPPROTO_TCP, TCP_STEALTH, s e c r e t, s i z e o f ( s e c r e t ) ) ) { 11 p r i n t f ( " setsockopt ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 12 return 1 ; 13 } 14 i f ( setsockopt ( sock, IPPROTO_TCP, TCP_STEALTH_INTEGRITY, 15 payload, s i z e o f ( payload ) ) ) { 16 p r i n t f ( " setsockopt ( ) f a i l e d, %s\n", s t r e r r o r ( errno ) ) ; 17 return 1 ; 18 } 19 / Continue with c o n n e c t ( ), send ( ),... / Knocking down the HACIENDA 24/29
26 Design Ease of Use libknockify Shared library for use at compile- or run-time Enables TCP Stealth functionality for legacy code $ LD_PRELOAD=./libknockify.so ncat knock-server application-port Configuration options (such as the TCP Stealth secret) are given as environment variables or via a special file Knocking down the HACIENDA 25/29
27 Limitations Distribution of the Pre-Shared Key ISN has only 32 bits Knocking down the HACIENDA 26/29
28 Limitations Distribution of the Pre-Shared Key ISN has only 32 bits Changes to ISN and TSVal by middle boxes: TCP Port Behavior Unchanged 126 (93%) 116 (82%) 128 (90%) Mod. outbound 5 (4%) 5 (4%) 6 (4%) Mod. inbound 0 (0%) 1 (1%) 1 (1%) Mod. both 4 (3%) 13 (9%) 7 (5%) Proxy (probably mod. both) 0 (0%) 7 (5%) 0 (0%) Total 135 (100%) 142 (100%) 142 (100%) Numbers by Honda et al. Is it Still Possible to Extend TCP? Knocking down the HACIENDA 26/29
29 Working Code... Implemented for 3+ Linux kernel versions Implemented for FreeBSD Holger Kenn (MSFT) said would be easy to do in W32-Kernel(s) Sample client and server programs Patches for OpenSSH, GNUnet, systemd libknockify(.so) LD_PRELOAD Master s thesis, presentations, website, article in 5 languages Tested in big-endian/little-endian platforms (incl. compatibility) Draft has test vectors, detailed protocol specification Based on 1 year of community feedback, authors clueless about what else to do. Except find the right WG. Spencer solved that. Knocking down the HACIENDA 27/29
30 Why standardize... Port scanning is a well-known vulnerability. We need to address it. Implementations need to be compatible. Kernels must offer it for ease of deployment. Kernels will only ship by default if standardized. (Some GNU/Linux distributions already ship this anyway.) This does not solve all issues, but as many as we can with maximum backwards compatiability. Knocking down the HACIENDA 28/29
31 ... and rough consensus? Find more information at: Thanks to: JULIAN KIRSCH JACOB APPELBAUM MONIKA ERMERT LAURA POITRAS HENRIK MOLTKE MAURICE LECLAIRE ANDREAS ENGE BART POLOT LUCA SAIU THE SOURCE This work was funded by the Deutsche Forschungsgemeinschaft (DFG) under ENP GR 3688/1-1. Slides will be at Knocking down the HACIENDA 29/29
Knocking down the HACIENDA with TCP Stealth
Knocking down the HACIENDA with TCP Stealth Christian Grothoff Actual work: Julian Kirsch Technische Universität München May 8, 2015 Knocking down the HACIENDA 1/1 Knocking down the HACIENDA 2/1 Knocking
More informationSocket Programming. Daniel Zappala. CS 360 Internet Programming Brigham Young University
Socket Programming Daniel Zappala CS 360 Internet Programming Brigham Young University Sockets, Addresses, Ports Clients and Servers 3/33 clients request a service from a server using a protocol need an
More informationComputer Networks ( Classroom Practice Booklet Solutions)
Computer Networks ( Classroom Practice Booklet Solutions). Concept Of Layering 0. Ans: (b) Sol: Data Link Layer is responsible for decoding bit stream into frames. 0. Ans: (c) Sol: Network Layer has the
More informationConcurrent HTTP Proxy Server. CS425 - Computer Networks Vaibhav Nagar(14785)
Concurrent HTTP Proxy Server CS425 - Computer Networks Vaibhav Nagar(14785) Email: vaibhavn@iitk.ac.in August 31, 2016 Elementary features of Proxy Server Proxy server supports the GET method to serve
More informationCS 3411 Systems Programming
CS 3411 Systems Programming Department of Computer Science Michigan Technological University Sockets Today's Topics New Way of Communicating Between Processes Sockets Standard" Unix Processes/IPC IPC stands
More informationU-Prove Range Proof Extension Draft Revision 1
U-Prove Range Proof Extension Draft Revision 1 Microsoft Research Author: Mira Belenkiy June 2014 2014 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationSenior astrophysics Lab 2: Evolution of a 1 M star
Senior astrophysics Lab 2: Evolution of a 1 M star Name: Checkpoints due: Friday 13 April 2018 1 Introduction This is the rst of two computer labs using existing software to investigate the internal structure
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationRemote Timing Attacks are Practical
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel
More informationEffective Entropy for Memory Randomization Defenses
Effective Entropy for Memory Randomization Defenses William Herlands, Thomas Hobson, Paula Donovan 7 th Workshop on Cyber Security Experimentation and Test 18 August 2014 This work is sponsored by Assistant
More informationOHW2013 workshop. An open source PCIe device virtualization framework
OHW2013 workshop An open source PCIe device virtualization framework Plan Context and objectives Design and implementation Future directions Questions Context - ESRF and the ISDD electronic laboratory
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationOverview. Public Key Algorithms II
Public Key Algorithms II Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationAnalyzing the IETF ACE-OAuth Protocol
Analyzing the IETF ACE-OAuth Protocol Hannes Tschofenig Arm Limited, Email: hannes.tschofenig@arm.com I. ABSTRACT The OAuth Security Workshop series was started after a group of researchers from Trier/Germany
More informationNetworked Control Systems
Networked Control Systems Simulation & Analysis J.J.C. van Schendel DCT 2008.119 Traineeship report March till June 2008 Coaches: Supervisor TU/e: Prof. Dr. D. Nesic, University of Melbourne Dr. M. Tabbara,
More informationmd5bloom: Forensic Filesystem Hashing Revisited
DIGITAL FORENSIC RESEARCH CONFERENCE md5bloom: Forensic Filesystem Hashing Revisited By Vassil Roussev, Timothy Bourg, Yixin Chen, Golden Richard Presented At The Digital Forensic Research Conference DFRWS
More informationPublic-key cryptography and the Discrete-Logarithm Problem. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J.
Public-key cryptography and the Discrete-Logarithm Problem Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein Cryptography Let s understand what our browsers do. Schoolbook
More informationPortal for ArcGIS: An Introduction. Catherine Hynes and Derek Law
Portal for ArcGIS: An Introduction Catherine Hynes and Derek Law Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options and groups Portal for ArcGIS
More informationUnreliable Failure Detectors for Reliable Distributed Systems
Unreliable Failure Detectors for Reliable Distributed Systems A different approach Augment the asynchronous model with an unreliable failure detector for crash failures Define failure detectors in terms
More informationComparative firewall study Chemnitz, 1st October 2004
A Attachment A.1 Particular test results This chapter lists the test results for each firewall system tested with each previously described test. A.2 Packetfilter on OpenBSD A.2.1 General requirements
More informationAdvanced Topicson Network Socket Programming
Advanced Topics on Network Socket Programming Computer Science Department, University of Crete Manolis Surligas surligas@csduocgr October 18, 2017 Manolis Surligas (CSD, UoC) Advanced Topicson Network
More informationSTRIBOB : Authenticated Encryption
1 / 19 STRIBOB : Authenticated Encryption from GOST R 34.11-2012 or Whirlpool Markku-Juhani O. Saarinen mjos@item.ntnu.no Norwegian University of Science and Technology Directions in Authentication Ciphers
More informationFrom BASIS DD to Barista Application in Five Easy Steps
Y The steps are: From BASIS DD to Barista Application in Five Easy Steps By Jim Douglas our current BASIS Data Dictionary is perfect raw material for your first Barista-brewed application. Barista facilitates
More informationMySQL Attack Mitigation Using Deception Technology
1 RESEARCH REPORT : MySQL Attack Mitigation Using Deception Technology RESEARCH REPORT MySQL Attack Mitigation Using Deception Technology A Report by TrapX Labs December 31, 2016 2 RESEARCH REPORT : MySQL
More informationFrom BASIS DD to Barista Application in Five Easy Steps
Y The steps are: From BASIS DD to Barista Application in Five Easy Steps By Jim Douglas our current BASIS Data Dictionary is perfect raw material for your first Barista-brewed application. Barista facilitates
More informationPortal for ArcGIS: An Introduction
Portal for ArcGIS: An Introduction Derek Law Esri Product Management Esri UC 2014 Technical Workshop Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More informationIEEE C /058r3
Project Title IEEE 802.16 Broadband Wireless Access Working Group MAC support and the general structure of the Coexistence Protocol messages Date Submitted 2006-07-13 Source(s)
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationSlides for Chapter 14: Time and Global States
Slides for Chapter 14: Time and Global States From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, Addison-Wesley 2012 Overview of Chapter Introduction Clocks,
More informationBoost UDP Transaction Performance
Boost UDP Transaction Performance Toshiaki Makita NTT Open Source Software Center Today's topics Background Basic technologies for network performance How to improve UDP performance 2 Who is Toshiaki Makita?
More informationIntroduction to Portal for ArcGIS
Introduction to Portal for ArcGIS Derek Law Product Management March 10 th, 2015 Esri Developer Summit 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 7: Information flow control Eran Tromer 1 Slides credit: Max Krohn, MIT Ian Goldberg and Urs Hengartner, University of Waterloo
More informationInfrared Tire Temperature Sensor, IRTS-V2 - Datasheet
The Izze-Racing tire temperature sensor is specifically designed to measure the highly transient surface temperature of a tire with spatial fidelity, providing invaluable information for chassis tuning,
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationStructure. Background. them to their higher order equivalents. functionals in Standard ML source code and converts
Introduction 3 Background functionals factor out common behaviour map applies a function to every element of a list fun map [ ] = [ ] map f ( x : : xs ) = f x : : map f xs filter keeps only those elements
More informationThe Analysis of Microburst (Burstiness) on Virtual Switch
The Analysis of Microburst (Burstiness) on Virtual Switch Chunghan Lee Fujitsu Laboratories 09.19.2016 Copyright 2016 FUJITSU LABORATORIES LIMITED Background What is Network Function Virtualization (NFV)?
More information10:00 12:30. Do not open this problem booklet until the start of the examination is announced.
21 I 20 8 26 10:00 12:30 (1),. Do not open this problem booklet until the start of the examination is announced. (2) 4.. Answer the following 4 problems. Use the designated answer sheet for each problem.
More informationM o n i t o r i n g O c e a n C o l o u r P y t h o n p r o c e d u r e f o r d o w n l o a d
M o n i t o r i n g O c e a n C o l o u r P y t h o n p r o c e d u r e f o r d o w n l o a d Copernicus User Uptake Information Sessions Copernicus EU Copernicus EU Copernicus EU www.copernicus.eu I N
More informationNotes on Zero Knowledge
U.C. Berkeley CS172: Automata, Computability and Complexity Handout 9 Professor Luca Trevisan 4/21/2015 Notes on Zero Knowledge These notes on zero knowledge protocols for quadratic residuosity are based
More informationAalto University 2) University of Oxford
RFID-Based Logistics Monitoring with Semantics-Driven Event Processing Mikko Rinne 1), Monika Solanki 2) and Esko Nuutila 1) 23rd of June 2016 DEBS 2016 1) Aalto University 2) University of Oxford Scenario:
More informationTroubleshooting Replication and Geodata Services. Liz Parrish & Ben Lin
Troubleshooting Replication and Geodata Services Liz Parrish & Ben Lin AGENDA: Troubleshooting Replication and Geodata Services Overview Demo Troubleshooting Q & A Overview of Replication Liz Parrish What
More informationYou submitted this homework on Wed 31 Jul :50 PM PDT (UTC -0700). You got a score of out of You can attempt again in 10 minutes.
Feedback Week 6 - Problem Set You submitted this homework on Wed 31 Jul 2013 1:50 PM PDT (UTC -0700) You got a score of 1000 out of 1 You can attempt again in 10 minutes Question 1 Recall that with symmetric
More informationReplication cluster on MariaDB 5.5 / ubuntu-server. Mark Schneider ms(at)it-infrastrukturen(dot)org
Mark Schneider ms(at)it-infrastrukturen(dot)org 2012-05-31 Abstract Setting of MASTER-SLAVE or MASTER-MASTER replications on MariaDB 5.5 database servers is neccessary for higher availability of data and
More informationInfrared Tire Temperature Sensor Kit, IRTS-UK-V2 Datasheet
The Izze-Racing infrared sensor is specifically designed to measure the highly transient surface temperature of a tire with spatial fidelity, providing invaluable information for chassis tuning, tire exploitation,
More informationDistributed Oblivious RAM for Secure Two-Party Computation
Seminar in Distributed Computing Distributed Oblivious RAM for Secure Two-Party Computation Steve Lu & Rafail Ostrovsky Philipp Gamper Philipp Gamper 2017-04-25 1 Yao s millionaires problem Two millionaires
More informationOverlay Transport Virtualization (OTV) Unicast-Mode Transport Infrastructure Deployment
Overlay Transport Virtualization (OTV) Unicast-Mode Transport Infrastructure Deployment July 24, 2012 ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS")
More informationWeb GIS Deployment for Administrators. Vanessa Ramirez Solution Engineer, Natural Resources, Esri
Web GIS Deployment for Administrators Vanessa Ramirez Solution Engineer, Natural Resources, Esri Agenda Web GIS Concepts Web GIS Deployment Patterns Components of an On-Premises Web GIS Federation of Server
More informationIntroduction to Portal for ArcGIS. Hao LEE November 12, 2015
Introduction to Portal for ArcGIS Hao LEE November 12, 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration options Portal for ArcGIS + ArcGIS for
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationInfrared Temperature Sensor - Datasheet
The Izze-Racing infrared sensor is specifically designed to measure the highly transient surface temperature of a tire with spatial fidelity, providing invaluable information for chassis tuning, tire exploitation,
More informationPseudonym and Anonymous Credential Systems. Kyle Soska 4/13/2016
Pseudonym and Anonymous Credential Systems Kyle Soska 4/13/2016 Moving Past Encryption Encryption Does: Hide the contents of messages that are being communicated Provide tools for authenticating messages
More informationAutomata-based analysis of recursive cryptographic protocols
1 Automata-based analysis of recursive cryptographic protocols Thomas Wilke Joint work with Ralf Küsters Christian-Albrechts-Universität zu Kiel June 13, 2004 Un-/Decidability of security in the DY model
More informationExtending Dolev-Yao with Assertions
Extending Dolev-Yao with Assertions Vaishnavi Sundararajan Chennai Mathematical Institute FOSAD 2015 August 31, 2015 (Joint work with R Ramanujam and S P Suresh) Vaishnavi S Extending Dolev-Yao with Assertions
More informationSDS developer guide. Develop distributed and parallel applications in Java. Nathanaël Cottin. version
SDS developer guide Develop distributed and parallel applications in Java Nathanaël Cottin sds@ncottin.net http://sds.ncottin.net version 0.0.3 Copyright 2007 - Nathanaël Cottin Permission is granted to
More informationCLX000 Technical Manual (v5.7x)
CLX000 Technical Manual (v5.7x) CSS Electronics (Updated 2018-04-24) Figure 1: CL1000, CL2000 & CL3000 Updated: 2018-04-24 Contents 1 About This Document 1 2 Introduction 2 3 Technical Specification 2
More informationIntroduction to Information Retrieval
Introduction to Information Retrieval http://informationretrieval.org IIR 19: Size Estimation & Duplicate Detection Hinrich Schütze Institute for Natural Language Processing, Universität Stuttgart 2008.07.08
More informationRecap. CS514: Intermediate Course in Operating Systems. What time is it? This week. Reminder: Lamport s approach. But what does time mean?
CS514: Intermediate Course in Operating Systems Professor Ken Birman Vivek Vishnumurthy: TA Recap We ve started a process of isolating questions that arise in big systems Tease out an abstract issue Treat
More informationLeopold Franzens University Innsbruck. Responding to Spurious Loss Events in TCP/IP. Master Thesis. Institute of Computer Science
Leopold Franzens University Innsbruck Institute of Computer Science Distributed and Parallel Systems Group Responding to Spurious Loss Events in TCP/IP Master Thesis Supervisor: Dr. Michael Welzl Author:
More informationLeveraging Web GIS: An Introduction to the ArcGIS portal
Leveraging Web GIS: An Introduction to the ArcGIS portal Derek Law Product Management DLaw@esri.com Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options
More informationAnomaly Detection for SOME/IP using Complex Event Processing
Chair of Network Architectures and Services TUM Department of Informatics Technical University of Munich (TUM) Anomaly Detection for SOME/IP using Complex Event Processing Nadine Herold, Stephan-A. Posselt,
More informationEnforcing honesty of certification authorities: Tagged one-time signature schemes
Enforcing honesty of certification authorities: Tagged one-time signature schemes Information Security Group Royal Holloway, University of London bertram.poettering@rhul.ac.uk Stanford, January 11, 2013
More informationLecture 5. 1 Review (Pairwise Independence and Derandomization)
6.842 Randomness and Computation September 20, 2017 Lecture 5 Lecturer: Ronitt Rubinfeld Scribe: Tom Kolokotrones 1 Review (Pairwise Independence and Derandomization) As we discussed last time, we can
More informationFaulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting
CCS 17, October 3-November 3, 217, Dallas, TX, USA Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting Zain Shamsi, Daren B.H. Cline, and Dmitri Loguinov Texas A&M University,
More informationAbsence of Global Clock
Absence of Global Clock Problem: synchronizing the activities of different part of the system (e.g. process scheduling) What about using a single shared clock? two different processes can see the clock
More informationPARASITIC COMPUTING: PROBLEMS AND ETHICAL
ISSN 2320-9194 8 International Journal of Advance Research, IJOAR.org Volume 1, Issue 11, November 2013, Online: ISSN 2320-9194 PARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATION Abstract Parasitic
More informationTroubleshooting Replication and Geodata Service Issues
Troubleshooting Replication and Geodata Service Issues Ken Galliher & Ben Lin Esri UC 2014 Demo Theater Tech Session Overview What is Geodatabase Replication Replication types Geodata service replication
More informationSession Data. Evan Misshula
Session Data Evan Misshula emisshula@qc.cuny.edu What is session data? Session data is the summary of the communications between two devices log is like the bill of a mobile phone Who? What? Where? Typical
More informationHASH FUNCTIONS 1 /62
HASH FUNCTIONS 1 /62 What is a hash function? By a hash function we usually mean a map h : D {0,1} n that is compressing, meaning D > 2 n. E.g. D = {0,1} 264 is the set of all strings of length at most
More informationDevelopment of a Web-Based GIS Management System for Agricultural Authorities in Iraq
Development of a Web-Based GIS Management System for Agricultural Authorities in Iraq USCID Water Management Conference Phoenix, Arizona April 18, 2013 Gabriele Bonaiti Extension Program Specialist David
More informationOverview of Geospatial Open Source Software which is Robust, Feature Rich and Standards Compliant
Overview of Geospatial Open Source Software which is Robust, Feature Rich and Standards Compliant Cameron SHORTER, Australia Key words: Open Source Geospatial Foundation, OSGeo, Open Standards, Open Geospatial
More informationA Brief Introduction To. GRTensor. On MAPLE Platform. A write-up for the presentation delivered on the same topic as a part of the course PHYS 601
A Brief Introduction To GRTensor On MAPLE Platform A write-up for the presentation delivered on the same topic as a part of the course PHYS 601 March 2012 BY: ARSHDEEP SINGH BHATIA arshdeepsb@gmail.com
More informationVerification of the TLS Handshake protocol
Verification of the TLS Handshake protocol Carst Tankink (0569954), Pim Vullers (0575766) 20th May 2008 1 Introduction In this text, we will analyse the Transport Layer Security (TLS) handshake protocol.
More informationThe File Geodatabase API. Craig Gillgrass Lance Shipman
The File Geodatabase API Craig Gillgrass Lance Shipman Schedule Cell phones and pagers Please complete the session survey we take your feedback very seriously! Overview File Geodatabase API - Introduction
More informationClock Synchronization
Today: Canonical Problems in Distributed Systems Time ordering and clock synchronization Leader election Mutual exclusion Distributed transactions Deadlock detection Lecture 11, page 7 Clock Synchronization
More informationBenny Pinkas Bar Ilan University
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Benny Pinkas Bar Ilan University 1 Extending OT [IKNP] Is fully simulatable Depends on a non-standard security assumption
More informationThe File Geodatabase API. Dave Sousa, Lance Shipman
The File Geodatabase API Dave Sousa, Lance Shipman Overview Introduction Supported Tasks API Overview What s not supported Updates Demo Introduction Example Video: City Engine Provide a non-arcobjects
More informationENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions
ENEE 457: Computer Systems Security 09/19/16 Lecture 6 Message Authentication Codes and Hash Functions Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationParallelization of the QC-lib Quantum Computer Simulator Library
Parallelization of the QC-lib Quantum Computer Simulator Library Ian Glendinning and Bernhard Ömer VCPC European Centre for Parallel Computing at Vienna Liechtensteinstraße 22, A-19 Vienna, Austria http://www.vcpc.univie.ac.at/qc/
More informationDustin L. Black, Principal Technical Account Manager Guil Barros, Principal Product Manager. June 25, 2015
RED HAT GLUSTER STORAGE ADVANCED FEATURES LAB Dustin L. Black, Principal Technical Account Manager Guil Barros, Principal Product Manager June 25, 2015 Dustin L. Black, RHCA @dustinlblack dustin@redhat.com
More informationData byte 0 Data byte 1 Data byte 2 Data byte 3 Data byte 4. 0xA Register Address MSB data byte Data byte Data byte LSB data byte
SFP200 CAN 2.0B Protocol Implementation Communications Features CAN 2.0b extended frame format 500 kbit/s Polling mechanism allows host to determine the rate of incoming data Registers The SFP200 provides
More informationSpace-efficient Tracking of Persistent Items in a Massive Data Stream
Space-efficient Tracking of Persistent Items in a Massive Data Stream Bibudh Lahiri Dept. of ECE Iowa State University Ames, IA, USA 50011 bibudh@iastate.edu* Jaideep Chandrashekar Intel Labs Berkeley
More informationApplied cryptography
Applied cryptography Identity-based Cryptography Andreas Hülsing 19 November 2015 1 / 37 The public key problem How to obtain the correct public key of a user? How to check its authenticity? General answer:
More informationEx1 Ex2 Ex3 Ex4 Ex5 Ex6
Technische Universität München (I7) Winter 2012/13 Dr. M. Luttenberger / M. Schlund Cryptography Endterm Last name: First name: Student ID no.: Signature: If you feel ill, let us know immediately. Please,
More informationThese are special traffic patterns that create more stress on a switch
Myths about Microbursts What are Microbursts? Microbursts are traffic patterns where traffic arrives in small bursts. While almost all network traffic is bursty to some extent, storage traffic usually
More informationAuthentication. Chapter Message Authentication
Chapter 5 Authentication 5.1 Message Authentication Suppose Bob receives a message addressed from Alice. How does Bob ensure that the message received is the same as the message sent by Alice? For example,
More informationModel-based Prototyping of an Interoperability Protocol for Mobile Ad-hoc Networks
Model-based Prototyping of an Interoperability Protocol for Mobile Ad-hoc Networks L. M. Kristensen, M. Westergaard, and P. C. Nørgaard 2 Department of Computer Science, University of Aarhus, IT-parken,
More informationKatz, Lindell Introduction to Modern Cryptrography
Katz, Lindell Introduction to Modern Cryptrography Slides Chapter 12 Markus Bläser, Saarland University Digital signature schemes Goal: integrity of messages Signer signs a message using a private key
More informationElliptic curves. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J. Bernstein
Elliptic curves Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein Diffie-Hellman key exchange Pick some generator. Diffie-Hellman key exchange Pick some generator. Diffie-Hellman
More informationAn easy-to-use application that lets end users prepare and deploy background maps to your Carmenta based applications.
Introducing Carmenta Map Builder An easy-to-use application that lets end users prepare and deploy background maps to your Carmenta based applications. Carmenta s geospatial technology is known for its
More informationTraining Path FNT IT Infrastruktur Management
Training Path FNT IT Infrastruktur Management // TRAINING PATH: FNT IT INFRASTRUCTURE MANAGEMENT Training Path: FNT IT Infrastructure Management 2 9 // FNT COMMAND BASIC COURSE FNT Command Basic Course
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationTiming Attacks on Software Implementation of RSA
Timing Attacks on Software Implementation of RSA Project Report Harshman Singh School of Electrical Engineering and Computer Science Oregon State University Major Professor: Dr. Çetin Kaya Koç 2 Acknowledgements
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationRevisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives
S C I E N C E P A S S I O N T E C H N O L O G Y Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives David Derler, Christian Hanser, and Daniel Slamanig, IAIK,
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationWho are we? Cesena Security and Network Applications. Why join CeSeNA?
Unexpected inputs: the danger of data and code injection Who are we? Cesena Security and Network Applications We like computer security and we want to share our knowledge. Founded by Marco Ramilli in 2005.
More informationSMART Planning Charette Facilitation Webinar
US Army Corps of Engineers PLANNING SMART BUILDING STRONG SMART Planning Charette Facilitation Webinar Hosted by the Planning Community of Practice & the Collaboration and Public Participation Community
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More information