Android Security Mechanisms (2)
|
|
- Geoffrey Montgomery
- 6 years ago
- Views:
Transcription
1 Android Security Mechanisms (2) Lecture 9 Operating Systems Practical 14 December 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit OSP Android Security Mechanisms (2), Lecture 9 1/33
2 SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 2/33
3 Outline SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 3/33
4 Secure Communication Cryptographic providers for securing communication Recommendation: standardized security protocols Secure Sockets Layer (SSL) and Transport Layer Security (TLS) SSL is the predecesor of TLS OSP Android Security Mechanisms (2), Lecture 9 4/33
5 SSL/TLS Secure point-to-point communication protocols Authentication, message confidentiality and integrity for communication over TCP/IP Combination of symmetric and asymmetric encryption for confidentiality and integrity Public key certificates for authentication OSP Android Security Mechanisms (2), Lecture 9 5/33
6 Cipher Suite Cipher suite = set of algorithms for key agreement, authentication, integrity protection and encryption Client sends SSL version and list of cipher suites Client and server negotiate common cipher suite OSP Android Security Mechanisms (2), Lecture 9 6/33
7 Authentication and Encryption Authenticate through certificates Usually only server authentication Client authentication is also supported Compute shared symmetric key Secure communication using symmetric encryption & key OSP Android Security Mechanisms (2), Lecture 9 7/33
8 Public Key Certificates Binding an identity to a public key X.509 certificates Signature algorithm Validity Subject DN Issuer DN OSP Android Security Mechanisms (2), Lecture 9 8/33
9 Direct Trust SSL client communicates with a small number of servers Set of trusted server certificates = trust anchors Can be self-signed A server is trusted if it s certificate is part of the set Good control over trusted server Hard to update server key and certificate OSP Android Security Mechanisms (2), Lecture 9 9/33
10 Private CAs Private Certificate Authority (CA) -> trust anchor Signs server certificate Client trusts any certificate issued by the CA Easy to update server key and certificate Single point of failure OSP Android Security Mechanisms (2), Lecture 9 10/33
11 Public CAs Public Certificate Authorities (CAs) -> trust anchors Client configured with a set of trust anchors Web browsers - more than 100 CAs OSP Android Security Mechanisms (2), Lecture 9 11/33
12 Outline SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 12/33
13 Java Secure Socket Extension (JSSE) Android provides support for SSL/TLS through JSSE javax.net and javax.net.ssl Provides: SSL client and server sockets Socket factories SSLEngine - producing and consuming SSL streams SSLContext - creates socket factories and engines KeyManager, TrustManager and factories HttpsURLConnection OSP Android Security Mechanisms (2), Lecture 9 13/33
14 JSSE Classes Source: OSP Android Security Mechanisms (2), Lecture 9 14/33
15 SSLSocket SSLSocket is created: Through SSLSocketFactory Accepting a connection on a SSLServerSocket SSLServerSocket created through SSLServerSocketFactory SSLEngine: Created by SSLContext I/O operations handled by the application OSP Android Security Mechanisms (2), Lecture 9 15/33
16 SSLContext SSL Context obtained in two ways 1. getdefault() method of SSLServerSocketFactory or SSLSocketFactory Default context initialized with default KeyManager, default TrustManager and secure random generator Key material from system properties OSP Android Security Mechanisms (2), Lecture 9 16/33
17 SSLContext 2. getinstance() static method of SSLContext Context initialized with array of KeyManager, array of TrustManager, secure random generator KeyManager obtained from KeyManagerFactory TrustManager obtained from TrustManagerFactory Factories initialized with KeyStore (key material) OSP Android Security Mechanisms (2), Lecture 9 17/33
18 SSLSession Established SSL connection -> SSLSession object Includes identities, cipher suites, etc. SSLSession used in multiple connections between same entities OSP Android Security Mechanisms (2), Lecture 9 18/33
19 TrustManager and KeyManager JSSE delegates trust decisions to TrustManager Delegates authentication key selection to KeyManager Each SSLSocket has access to them through SSLContext TrustManager has a set of trusted CA certificates (trust anchors) A certificate issued by a trusted CA is considered trustworthy OSP Android Security Mechanisms (2), Lecture 9 19/33
20 System Trust Store Default JSSE TrustManager initialized using the system trust store Major commercial and government CA certificates /system/etc/security/cacerts.bks TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( ( KeyStore ) n u l l ) ; TrustManager [ ] tms = tmf. gettrustmanagers ( ) ; X509TrustManager xtm = ( X509TrustManager ) tms [ 0 ] ; f o r ( X C e r t i f i c a t e c e r t : xtm. g e t A c c e p t e d I s s u e r s ( ) ) { S t r i n g c e r t S t r = S : + c e r t. getsubjectdn ( ). getname ( ) + \ n I : + c e r t. g e t I s s u e r D N ( ). getname ( ) ; Log. d (TAG, c e r t S t r ) ; } OSP Android Security Mechanisms (2), Lecture 9 20/33
21 System Trust Store Until Android 4.0, A single file: /system/etc/security/cacerts.bks Read-only partition From Android 4.0 In addition, two directories /data/misc/keychain/cacerts-added /data/misc/keychain/cacerts-removed Modified only by the system user Add trust anchors through TrustedCertificateStore class OSP Android Security Mechanisms (2), Lecture 9 21/33
22 Validate Server Certificate TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( X509 ) ; tmf. i n i t ( ( KeyStore ) n u l l ) ; TrustManager [ ] tms = tmf. gettrustmanagers ( ) ; X509TrustManager xtm = ( X509TrustManager ) tms [ 0 ] ; X C e r t i f i c a t e [ ] c e r t C h a i n = { s e r v e r C e r t } ; xtm. c h e c k S e r v e r T r u s t e d ( c e r t C h a i n, RSA ) ; SSLSocket and HttpURLConnection perform similar validations OSP Android Security Mechanisms (2), Lecture 9 22/33
23 HttpURLConnection Preferred method for connecting to a HTTPS server Uses default SSLSocketFactory to create secure sockets Custom trust store or authentication keys setdefaultsslsocketfactory() or setsslsocketfactory() of HttpsURLConnection OSP Android Security Mechanisms (2), Lecture 9 23/33
24 Use your own Trust Store Use your own trust store instead of the system trust store Load trust store in a KeyStore object Obtain TrustManagerFactory and initialize it with trust store Load key material in KeyStore object (for client authentication) Obtain KeyManagerFactory and initailize it with key store Obtain SSLContext and initialize it with TrustManager and KeyManager Create URL and HttpURLConnection Associate SSLSocketFactory of SSLContext to HttpURLConnection OSP Android Security Mechanisms (2), Lecture 9 24/33
25 Use your own Trust Store KeyStore t r u s t S t o r e = l o a d T r u s t S t o r e ( ) ; KeyStore k e y S t o r e = l o a d K e y S t o r e ( ) ; TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( t r u s t S t o r e ) ; KeyManagerFactory kmf = KeyManagerFactory. g e t I n s t a n c e ( KeyManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; kmf. i n i t ( k e y S t o r e, KEYSTORE PASSWORD. t o C h a r A r r a y ( ) ) ; SSLContext s s l C t x = SSLContext. g e t I n s t a n c e ( TLS ) ; s s l C t x. i n i t ( kmf. getkeymanagers ( ), tmf. g ettrustmanagers ( ), n u l l ) ; URL u r l = new URL( h t t p s : / / m y s e r v e r. com ) ; HttpsURLConnection u r l C o n n e c t i o n = ( HttpsURLConnection ) u r l u r l C o n n e c t i o n. s e t S S L S o c k e t F a c t o r y ( s s l C t x. g e t S o c k e t F a c t o r y ( ) ) ; OSP Android Security Mechanisms (2), Lecture 9 25/33
26 Use your own Trust Store Generate your trust store using Bouncy Castle and openssl in comand line Trust store file in /res/raw/ KeyStore l o c a l T r u s t S t o r e = KeyStore. g e t I n s t a n c e ( BKS ) ; I n p u t S t r e a m i n = g e t R e s o u r c e s ( ). openrawresource ( R. raw. m y t r u s t s t o r e ) ; l o c a l T r u s t S t o r e. l o a d ( in, TRUSTSTORE PASSWORD. t o C h a r A r r a y ( ) ) ; TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( l o c a l T r u s t S t o r e ) ; SSLContext s s l C t x = SSLContext. g e t I n s t a n c e ( TLS ) ; s s l C t x. i n i t ( n u l l, tmf. gettrustmanagers ( ), n u l l ) ; URL u r l = new URL( h t t p s : / / m y s e r v e r. com ) ; HttpsURLConnection u r l C o n n e c t i o n = ( HttpsURLConnection ) u r l u r l C o n n e c t i o n. s e t S S L S o c k e t F a c t o r y ( s s l C t x. g e t S o c k e t F a c t o r y ( ) ) ; OSP Android Security Mechanisms (2), Lecture 9 26/33
27 Outline SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 27/33
28 Android JSSE Providers JSSE providers implement functionality for engine classes Trust managers, key managers, secure sockets, etc. Developers work with engine classes Android includes two JSSE providers: HarmonyJSSE AndroidOpenSSL OSP Android Security Mechanisms (2), Lecture 9 28/33
29 Harmony JSSE Implemented in Java Java sockets, JCA cryptographic classes SSLv3, TLSv1 Deprecated, not actively maintained OSP Android Security Mechanisms (2), Lecture 9 29/33
30 AndroidOpenSSL Calls to OpenSSL native library (JNI) TLSv1.1, TLSv1.2 Server Name Indication (SNI) SSL clients specify target hostname Server with multiple virtual hosts Used by default by HttpsURLConnection Both providers share KeyManager and TrustManager code Different SSL socket implementation OSP Android Security Mechanisms (2), Lecture 9 30/33
31 Outline SSL/TLS JSSE Android JSSE Providers Bibliography OSP Android Security Mechanisms (2), Lecture 9 31/33
32 Bibliography Android Security Internals, Nikolay Elenkov using-custom-certificate-trust-store-on.html guides/security/jsse/jsserefguide.html OSP Android Security Mechanisms (2), Lecture 9 32/33
33 Keywords SSL/TLS Trust anchors Certificate Authority Trust store Java Secure Socket Extension SSLSocket HttpsURLConnection AndroidOpenSSL OSP Android Security Mechanisms (2), Lecture 9 33/33
Android Security Mechanisms
Android Security Mechanisms Lecture 9 Android and Low-level Optimizations Summer School 1 August 2015 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy
More informationAndroid Security Mechanisms
Android Security Mechanisms Lecture 8 Operating Systems Practical 7 December 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license,
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationCS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing
Lecture 11: Key Management, Secret Sharing Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Key Management Secret Sharing Shamir s Threshold
More informationAndroid Services. Lecture 4. Operating Systems Practical. 26 October 2016
Android Services Lecture 4 Operating Systems Practical 26 October 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.
More informationFundamentals of Modern Cryptography
Fundamentals of Modern Cryptography BRUCE MOMJIAN This presentation explains the fundamentals of modern cryptographic methods. Creative Commons Attribution License http://momjian.us/presentations Last
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationST-Links. SpatialKit. Version 3.0.x. For ArcMap. ArcMap Extension for Directly Connecting to Spatial Databases. ST-Links Corporation.
ST-Links SpatialKit For ArcMap Version 3.0.x ArcMap Extension for Directly Connecting to Spatial Databases ST-Links Corporation www.st-links.com 2012 Contents Introduction... 3 Installation... 3 Database
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationDan Boneh. Introduction. Course Overview
Online Cryptography Course Introduction Course Overview Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My recommendations: Take notes
More informationPart I. System call overview. Secure Operating System Design and Implementation System Calls. Overview. Abstraction. Jon A. Solworth.
Secure Operating System Design and Implementation System Calls Jon A. Solworth Part I System call overview Dept. of Computer Science University of Illinois at Chicago February 1, 2011 Overview Abstraction
More informationPublic-key cryptography and the Discrete-Logarithm Problem. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J.
Public-key cryptography and the Discrete-Logarithm Problem Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein Cryptography Let s understand what our browsers do. Schoolbook
More informationExtending Dolev-Yao with Assertions
Extending Dolev-Yao with Assertions Vaishnavi Sundararajan Chennai Mathematical Institute FOSAD 2015 August 31, 2015 (Joint work with R Ramanujam and S P Suresh) Vaishnavi S Extending Dolev-Yao with Assertions
More informationHomework 4 for Modular Arithmetic: The RSA Cipher
Homework 4 for Modular Arithmetic: The RSA Cipher Gregory V. Bard April 25, 2018 This is a practice workbook for the RSA cipher. It is not suitable for learning the RSA cipher from scratch. However, there
More informationKEY DISTRIBUTION 1 /74
KEY DISTRIBUTION 1 /74 The public key setting Alice M D sk[a] (C) C Bob pk[a] C $ E pk[a] (M) σ $ S sk[a] (M) M,σ Vpk[A] (M,σ) Bob can: send encrypted data to Alice verify her signatures as long as he
More informationHardware cryptographic support for IBM Z and IBM LinuxONE with Ubuntu Server
Hardware cryptographic support for IBM Z and IBM LinuxONE with Ubuntu Server Klaus Bergmann, Reinhard Buendgen, Uwe Denneler, Jonathan Furminger, Frank Heimes, Manfred Gnirss, Christian Rund, Patrick Steuer,
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationnew interface and features
Web version of SciFinder : new interface and features Bhawat Ruangying, CAS representative Updated at 22 Dec 2009 www.cas.org SciFinder web interface Technical aspects of SciFinder Web SciFinder URL :
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationSDS developer guide. Develop distributed and parallel applications in Java. Nathanaël Cottin. version
SDS developer guide Develop distributed and parallel applications in Java Nathanaël Cottin sds@ncottin.net http://sds.ncottin.net version 0.0.3 Copyright 2007 - Nathanaël Cottin Permission is granted to
More informationLeveraging Web GIS: An Introduction to the ArcGIS portal
Leveraging Web GIS: An Introduction to the ArcGIS portal Derek Law Product Management DLaw@esri.com Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options
More informationVerification of the TLS Handshake protocol
Verification of the TLS Handshake protocol Carst Tankink (0569954), Pim Vullers (0575766) 20th May 2008 1 Introduction In this text, we will analyse the Transport Layer Security (TLS) handshake protocol.
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationSocket Programming. Daniel Zappala. CS 360 Internet Programming Brigham Young University
Socket Programming Daniel Zappala CS 360 Internet Programming Brigham Young University Sockets, Addresses, Ports Clients and Servers 3/33 clients request a service from a server using a protocol need an
More informationA Small Subgroup Attack on Arazi s Key Agreement Protocol
Small Subgroup ttack on razi s Key greement Protocol Dan Brown Certicom Research, Canada dbrown@certicom.com lfred Menezes Dept. of C&O, University of Waterloo, Canada ajmeneze@uwaterloo.ca bstract In
More informationRSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer Mathematical Attacks Input Crypto Algorithm Key Output Goal: recover the key given access to the inputs
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationEnforcing honesty of certification authorities: Tagged one-time signature schemes
Enforcing honesty of certification authorities: Tagged one-time signature schemes Information Security Group Royal Holloway, University of London bertram.poettering@rhul.ac.uk Stanford, January 11, 2013
More informationCryptographical Security in the Quantum Random Oracle Model
Cryptographical Security in the Quantum Random Oracle Model Center for Advanced Security Research Darmstadt (CASED) - TU Darmstadt, Germany June, 21st, 2012 This work is licensed under a Creative Commons
More informationQuantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018
Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018 What drives a company s digital strategy in 2020 and beyond? Quantum Computing it s the end of the world
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #5 Sep 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list by end of today Quiz #1 will be on Thursday,
More informationNon- browser TLS Woes
Non- browser TLS Woes Dan Boneh Joint work with M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, and V. Shma?kov Proc. ACM CCS 2012 30 second summary Lots of non- browser systems using TLS: Payment gateway
More informationBob. Eve. Alice. Trent. Author: Bill Buchanan. Author: Prof Bill Buchanan
` Encryption Introduction Before electronic communications Codes A few fundamentals Key-based encryption Cracking the code Brute force Block or stream Private-key methods Encryption keys Passing keys Public-key
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 19 November 8, 2017 CPSC 467, Lecture 19 1/37 Zero Knowledge Interactive Proofs (ZKIP) ZKIP for graph isomorphism Feige-Fiat-Shamir
More informationChapter 3 Cryptography
Chapter 3 Cryptography Introduction: Cryptography is an ancient art of keeping secrets. Cryptography ensures security of communication over insecure medium. Terms used in Cryptography: 1) Plain Text: The
More information31 Dec '01 07 Jan '02 14 Jan '02 21 Jan '02 28 Jan '02 M T W T F S S M T W T F S S M T W T F S S M T W T F S S M T W T F S S
ID Task Name Duration 0 7 Month Project Plan Template 158.5 days 1 1 Preproduction 81.5 days 2 1.1 Project Clarification 12.5 days 3 1.1.1 Clarify/Audit Commercial (inc. Marketing) requirements/objectives
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationGeodatabase Best Practices. Dave Crawford Erik Hoel
Geodatabase Best Practices Dave Crawford Erik Hoel Geodatabase best practices - outline Geodatabase creation Data ownership Data model Data configuration Geodatabase behaviors Data integrity and validation
More informationIntroduction to Portal for ArcGIS. Hao LEE November 12, 2015
Introduction to Portal for ArcGIS Hao LEE November 12, 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration options Portal for ArcGIS + ArcGIS for
More informationRemote Timing Attacks are Practical
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 20, 2014 CPSC 467, Lecture 15 1/37 Common Hash Functions SHA-2 MD5 Birthday Attack on Hash Functions Constructing New
More informationENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions
ENEE 457: Computer Systems Security 09/19/16 Lecture 6 Message Authentication Codes and Hash Functions Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationEUROPEAN MIDDLEWARE INITIATIVE
EUROPEAN MIDDLEWARE INITIATIVE MYPROXY YAIM ADMINISTRATOR GUIDE Document version: 1.0.2-1 EMI Component Version: 1.x 1/10 This work is co-funded by the European Commission as part of the EMI project under
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationSTRIBOB : Authenticated Encryption
1 / 19 STRIBOB : Authenticated Encryption from GOST R 34.11-2012 or Whirlpool Markku-Juhani O. Saarinen mjos@item.ntnu.no Norwegian University of Science and Technology Directions in Authentication Ciphers
More informationChapter 3 Cryptography
Chapter 3 Cryptography Introduction: Cryptography is an ancient art of keeping secrets. Cryptography ensures security of communication over insecure medium. Terms used in Cryptography: 1) Plain text Plain
More informationCS 3411 Systems Programming
CS 3411 Systems Programming Department of Computer Science Michigan Technological University Sockets Today's Topics New Way of Communicating Between Processes Sockets Standard" Unix Processes/IPC IPC stands
More informationK D A A M P L I F I E R S F I R M W A R E U S E R G U I D E
K D A A M P L I F I E R S F I R M W A R E U S E R G U I D E T A B L E O F C O N T E N T S S E C T I O N 1 : P R E PA R I N G Y O U R F I L E S Via Network Router 3 S E C T I O N 2 : A C C E S S I N G T
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationIntroduction to Portal for ArcGIS
Introduction to Portal for ArcGIS Derek Law Product Management March 10 th, 2015 Esri Developer Summit 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationPortal for ArcGIS: An Introduction. Catherine Hynes and Derek Law
Portal for ArcGIS: An Introduction Catherine Hynes and Derek Law Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options and groups Portal for ArcGIS
More informationASYMMETRIC ENCRYPTION
ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationStatistical Attacks on Cookie Masking for RC4
Statistical Attacks on Cookie Masking for RC4 Kenneth G. Paterson 1 and Jacob C.N. Schuldt 2 1 Royal Holloway, University of London, UK 2 AIST, Japan Abstract. Levillain et al. (AsiaCCS 2015) proposed
More informationFrom BASIS DD to Barista Application in Five Easy Steps
Y The steps are: From BASIS DD to Barista Application in Five Easy Steps By Jim Douglas our current BASIS Data Dictionary is perfect raw material for your first Barista-brewed application. Barista facilitates
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 16 March 19, 2012 CPSC 467b, Lecture 16 1/58 Authentication While Preventing Impersonation Challenge-response authentication protocols
More informationPKCS #1 v2.0 Amendment 1: Multi-Prime RSA
PKCS #1 v2.0 Amendment 1: Multi-Prime RSA RSA Laboratories DRAFT 1 May 20, 2000 Editor s note: This is the first draft of amendment 1 to PKCS #1 v2.0, which is available for a 30-day public review period.
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationAttack Graph Modeling and Generation
Attack Graph Modeling and Generation Ratnesh Kumar, Professor, IEEE Fellow Electrical and Computer Engineering, Iowa State University PhD Students: Mariam Ibrahim German Jordanian University Attack Graph:
More informationPI SERVER 2012 Do. More. Faster. Now! Copyr i g h t 2012 O S Is o f t, L L C. 1
PI SERVER 2012 Do. More. Faster. Now! Copyr i g h t 2012 O S Is o f t, L L C. 1 AUGUST 7, 2007 APRIL 14, 2010 APRIL 24, 2012 Copyr i g h t 2012 O S Is o f t, L L C. 2 PI Data Archive Security PI Asset
More informationInformation Security in the Age of Quantum Technologies
www.pwc.ru Information Security in the Age of Quantum Technologies Algorithms that enable a quantum computer to reduce the time for password generation and data decryption to several hours or even minutes
More informationFrom BASIS DD to Barista Application in Five Easy Steps
Y The steps are: From BASIS DD to Barista Application in Five Easy Steps By Jim Douglas our current BASIS Data Dictionary is perfect raw material for your first Barista-brewed application. Barista facilitates
More informationDEVELOPMENT AND IMPLEMENTATION OF A NEW WEB MAPPING SYSTEM ARCHITECTURE FOR ARCTIC REGION
GEOIDE SSII#109 DEVELOPMENT AND IMPLEMENTATION OF A NEW WEB MAPPING SYSTEM ARCHITECTURE FOR ARCTIC REGION Presenter: Fanny Tsai hftsai@ucalgary.ca Supervisor: Dr. Steve Liang steve.liang@ucalgary.ca Date:
More informationIMPACT Improving Massachusetts Post-Acute Care Transfers
IMPACT Improving Massachusetts Post-Acute Care Transfers New England Home Care Conference May 31 st, 2012 Larry Garber, MD Medical Director for Informatics Reliant Medical Group Agenda IMPACT project overview
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 18 November 3, 2014 CPSC 467, Lecture 18 1/43 Zero Knowledge Interactive Proofs (ZKIP) Secret cave protocol ZKIP for graph isomorphism
More informationHASH FUNCTIONS 1 /62
HASH FUNCTIONS 1 /62 What is a hash function? By a hash function we usually mean a map h : D {0,1} n that is compressing, meaning D > 2 n. E.g. D = {0,1} 264 is the set of all strings of length at most
More informationImproving Helios with Everlasting Privacy Towards the Public Denise Demirel, Jeroen van de Graaf, Roberto Araújo
Improving Helios with Everlasting Privacy Towards the Public Denise Demirel, Jeroen van de Graaf, Roberto Araúo 15.08.2012 Fachbereich 20 CDC Denise Demirel 1 Helios Introduced 2008 by Ben Adida Web application
More informationOpen spatial data infrastructure
Open spatial data infrastructure a backbone for digital government Thorben Hansen Geomatikkdagene 2018 Stavanger 13.-15. mars Spatial Data Infrastructure definition the technology, policies, standards,
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationImplementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction
Implementation of the RSA algorithm and its cryptanalysis Chandra M. Kota and Cherif Aissi 1 University of Louisiana at Lafayette, College of Engineering Lafayette, LA 70504, USA Abstract Session IVB4
More informationSecuring the Web of Things
Securing the Web of Things A COMPOSE Perspective Daniel Schreckling University of Passau 1 st W3C WoT IG F2F Open Day April 20, 2015 High- Level COMPOSE Architecture 2 Main Design Decision The situation
More informationRevisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives
S C I E N C E P A S S I O N T E C H N O L O G Y Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives David Derler, Christian Hanser, and Daniel Slamanig, IAIK,
More informationFor the online procedure described here version 2.0 or later of the plug-in is required.
2019/03/20 16:40 1/18 OpenCPN Vector Charts OCPN Vector Charts are licensed and sourced from chart providers like Hydrographic Offices. These - non free - charts give OCPN access to up-to-date and proven
More informationNET 311D INFORMATION SECURITY
1 NET 311D INFORMATION SECURITY Networks and Communication Department TUTORIAL 3 : Asymmetric Ciphers (RSA) A Symmetric-Key Cryptography (Public-Key Cryptography) Asymmetric-key (public key cryptography)
More informationSenior astrophysics Lab 2: Evolution of a 1 M star
Senior astrophysics Lab 2: Evolution of a 1 M star Name: Checkpoints due: Friday 13 April 2018 1 Introduction This is the rst of two computer labs using existing software to investigate the internal structure
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationElliptic Curves and an Application in Cryptography
Parabola Volume 54, Issue 1 (2018) Elliptic Curves and an Application in Cryptography Jeremy Muskat 1 Abstract Communication is no longer private, but rather a publicly broadcast signal for the entire
More informationCryptographic Solutions for Data Integrity in the Cloud
Cryptographic Solutions for Stanford University, USA Stanford Computer Forum 2 April 2012 Homomorphic Encryption Homomorphic encryption allows users to delegate computation while ensuring secrecy. Homomorphic
More informationTHE SPATIAL DATA SERVER BASED ON OPEN GIS STANDARDS IN HETEROGENEOUS DISTRIBUTED ENVIRONMENT
Geoinformatics 2004 Proc. 12th Int. Conf. on Geoinformatics Geospatial Information Research: Bridging the Pacific and Atlantic University of Gävle, Sweden, 7-9 June 2004 THE SPATIAL DATA SERVER BASED ON
More informationNOKIS - Information Infrastructure for the North and Baltic Sea
NOKIS - Information Infrastructure for the North and Baltic Sea Carsten Heidmann 1 and Jörn Kohlus 2 Abstract 1. General The initial motivation for the project NOKIS (German title: Nord- und Ostsee-Küsteninformationssystem)
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #9 Sep 22 nd 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Midterm #1, next class (Tues, Sept 27 th ) All lecture materials and readings
More informationConfiguring LDAP Authentication in iway Service Manager
Configuring LDAP Authentication in iway Service Manager LDAP authentication in iway Service Manager (ism) allows ism to authenticate against LDAP and associate an LDAP ism role to the user. ism includes
More informationConcurrent HTTP Proxy Server. CS425 - Computer Networks Vaibhav Nagar(14785)
Concurrent HTTP Proxy Server CS425 - Computer Networks Vaibhav Nagar(14785) Email: vaibhavn@iitk.ac.in August 31, 2016 Elementary features of Proxy Server Proxy server supports the GET method to serve
More informationGPS Mapping with Esri s Collector App. What We ll Cover
GPS Mapping with Esri s Collector App Part 1: Overview What We ll Cover Part 1: Overview and requirements Part 2: Preparing the data in ArcGIS for Desktop Part 3: Build a web map in ArcGIS Online Part
More informationData Aggregation with InfraWorks and ArcGIS for Visualization, Analysis, and Planning
CI125230 Data Aggregation with InfraWorks and ArcGIS for Visualization, Analysis, and Planning Stephen Brockwell Brockwell IT Consulting Inc. Sean Kinahan Brockwell IT Consulting Inc. Learning Objectives
More informationNon-Interactive Zero-Knowledge Proofs of Non-Membership
Non-Interactive Zero-Knowledge Proofs of Non-Membership O. Blazy, C. Chevalier, D. Vergnaud XLim / Université Paris II / ENS O. Blazy (XLim) Negative-NIZK CT-RSA 2015 1 / 22 1 Brief Overview 2 Building
More informationPicnic Post-Quantum Signatures from Zero Knowledge Proofs
Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM DAVID DERLER STEVEN GOLDFEDER JONATHAN KATZ VLAD KOLESNIKOV CLAUDIO ORLANDI SEBASTIAN RAMACHER CHRISTIAN RECHBERGER
More informationM o n i t o r i n g O c e a n C o l o u r P y t h o n p r o c e d u r e f o r d o w n l o a d
M o n i t o r i n g O c e a n C o l o u r P y t h o n p r o c e d u r e f o r d o w n l o a d Copernicus User Uptake Information Sessions Copernicus EU Copernicus EU Copernicus EU www.copernicus.eu I N
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More informationRSA Encryption. Computer Science 52. Encryption: A Quick Overview. Spring Semester, 2017
Computer Science 52 RSA Encryption Spring Semester, 2017 This document presents the technique of RSA encryption and its mathematical foundation. The implementation details can be found in Sections II,
More informationElliptic Curves and Cryptography
Elliptic Curves and Cryptography Aleksandar Jurišić Alfred J. Menezes March 23, 2005 Elliptic curves have been intensively studied in number theory and algebraic geometry for over 100 years and there is
More informationA Spatial Data Infrastructure for Landslides and Floods in Italy
V Convegno Nazionale del Gruppo GIT Grottaminarda 14 16 giugno 2010 A Spatial Data Infrastructure for Landslides and Floods in Italy Ivan Marchesini, Vinicio Balducci, Gabriele Tonelli, Mauro Rossi, Fausto
More informationCPSA and Formal Security Goals
CPSA and Formal Security Goals John D. Ramsdell The MITRE Corporation CPSA Version 2.5.1 July 8, 2015 Contents 1 Introduction 3 2 Syntax 6 3 Semantics 8 4 Examples 10 4.1 Needham-Schroeder Responder.................
More informationCOMS W4995 Introduction to Cryptography October 12, Lecture 12: RSA, and a summary of One Way Function Candidates.
COMS W4995 Introduction to Cryptography October 12, 2005 Lecture 12: RSA, and a summary of One Way Function Candidates. Lecturer: Tal Malkin Scribes: Justin Cranshaw and Mike Verbalis 1 Introduction In
More informationA Control Flow Integrity Based Trust Model. Ge Zhu Akhilesh Tyagi Iowa State University
A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University Trust Model Many definitions of trust. Typically transaction level trust propagation/policy. Self-assessment of trust.
More information