Android Security Mechanisms
|
|
- Hector Cameron
- 6 years ago
- Views:
Transcription
1 Android Security Mechanisms Lecture 8 Operating Systems Practical 7 December 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit OSP Android Security Mechanisms, Lecture 8 1/35
2 Signing Applications UIDs and File Access Android Permissions Cryptographic Providers Bibliography OSP Android Security Mechanisms, Lecture 8 2/35
3 Outline Signing Applications UIDs and File Access Android Permissions Cryptographic Providers Bibliography OSP Android Security Mechanisms, Lecture 8 3/35
4 Signing Applications Each apk signed with a certificate Generated using the developer s private key Identifies the developer of the application Can be self-signed System applications signed with the platform key Update allowed only if the certificate matches OSP Android Security Mechanisms, Lecture 8 4/35
5 Outline Signing Applications UIDs and File Access Android Permissions Cryptographic Providers Bibliography OSP Android Security Mechanisms, Lecture 8 5/35
6 UIDs and File Access Unique UID at install time for each application Access rights on application s files - other applications cannot access those files Shared UID shareduserid attribute of <manifest> Signed with the same key Treated as the same application, same UID and file permissions Share files with other applications MODE_WORLD_READABLE or MODE_WORLD_WRITABLE when creating a file Gives read or write access to files OSP Android Security Mechanisms, Lecture 8 6/35
7 Outline Signing Applications UIDs and File Access Android Permissions Cryptographic Providers Bibliography OSP Android Security Mechanisms, Lecture 8 7/35
8 Android Permissions By default, applications cannot perform operations to impact other apps, the OS or the user Permission - the ability to perform a particular operation Built-in permissions documented in the platform API reference Defined in the android package Custom permissions - defined by system or user apps pm list permissions Defining package +.permission + name android.permission.reboot com.android.laucher3.permission.receive_launch_- BROADCASTS OSP Android Security Mechanisms, Lecture 8 8/35
9 Android Permissions Apps request permissions in AndroidManifest.xml <uses-permission android:name="android.permission.internet" /> Permissions handled by the PackageManager service Central database of installed packages /data/system/packages.xml Programatically access package information from android.content.pm.packagemanager getpackageinfo() returns PackageInfo instance Cannot be changed or revoked without uninstalling app (until Android 5.1) Android 6.0: apps request permissions at runtime OSP Android Security Mechanisms, Lecture 8 9/35
10 Permission Enforcement A permission can be enforced in a number of places Making a call into the system Starting an activity Starting and binding a service Sending and receiving broadcasts Accessing a content provider OSP Android Security Mechanisms, Lecture 8 10/35
11 Permission Protection Levels Potential risk and procedure to grant permission Normal Low risk Automatically granted without user confirmation ACCESS_NETWORK_STATE, GET_ACCOUNTS Dangerous Access to user data or control over the device Requires user confirmation CAMERA, READ_SMS OSP Android Security Mechanisms, Lecture 8 11/35
12 Permission Protection Levels Signature Highest level of protection Apps signed with the same key as the app that declared the permission Built-in signature permissions are used by system apps (signed with platform key) NET_ADMIN, ACCESS_ALL_EXTERNAL_STORAGE SignatureOrSystem Apps part of system image or signed with the same key as the app that declared the permission Vendors may have preinstalled apps without using the platform key OSP Android Security Mechanisms, Lecture 8 12/35
13 Permission Groups All dangerous permissions belong to permission groups Until Android 5.1: Permission groups are requested at install time (not the individual permissions) On Android 6.0: If there is no other permission in that group, it requests the user s confirmation for that permission group If there is another permission in that group already granted, it does not request any confirmation Examples of dangerous permission groups: Calendar, Camera, Contacts, Location, Phone, SMS, Sensors, Storage, Microphone OSP Android Security Mechanisms, Lecture 8 13/35
14 Kernel-Level Enforcement Access to regular files, device nodes and local sockets managed by the Linux kernel, based on UID, GID Permissions are mapped to supplementary GIDs Built-in permission mapping in /etc/permission/platform.xml Example: INTERNET permission associated with GID inet Only apps with INTERNET permission can create network sockets The kernel verifies if the app belongs to GID inet OSP Android Security Mechanisms, Lecture 8 14/35
15 Framework-Level Enforcement Static permission enforcement System keeps track of permissions associated to each app component Checks whether callers have the required permission before allowing access Enforcement by runtime environment Isolating security decisions from business logic Less flexible Dynamic permission enforcement Components check to see if the caller has the necessary permissions Decisions made by each component, not by runtime environment More fine-grained access control More operations in components OSP Android Security Mechanisms, Lecture 8 15/35
16 Dynamic Enforcement Helper methods in android.content.context class to perform permission check checkpermission(string permission, int pid, int uid) Returns PERMISSION_GRANTED or PERMISSION_DENIED For root and system, permission is automatically granted If permission is declared by calling app, it is granted Deny for private components Queries the Package Manager enforcepermission(string permission, int pid, int uid, String message) Throws SecurityException with message if permission is not granted OSP Android Security Mechanisms, Lecture 8 16/35
17 Static Enforcement An app tries to call a component of another app - intent Target component - android:permission attribute Caller - <uses-permission> Activity Manager Resolves intent Checks if target component has an associated permission Delegates permission check to Package Manager If caller has necessary permission, the target component is started Otherwise, a SecurityException is generated OSP Android Security Mechanisms, Lecture 8 17/35
18 Activity and Service Permission Enforcement Permission checks for activities Intent is passed to Context.startActivity() or startactivityforresult() Resolves to an activity that declares a permission Permission checks for services Intent passed to Context.startService() or stopservice() or bindservice() Resolves to a service that declares a permission If caller does not have the necessary permission, generates SecurityExceptions OSP Android Security Mechanisms, Lecture 8 18/35
19 Content Provider Permission Enforcement Protect the whole component or a particular exported URI Different permissions for reading and writing Read permission - ContentResolver.query() on provider or URI Write permission - ContentResolver.insert(), update(), delete() on provider or URI Synchronous checks OSP Android Security Mechanisms, Lecture 8 19/35
20 Broadcast Permission Enforcement Receivers may be required to have a permission Context.sendBroadcast(Intent intent, String receiverpermission) Check when delivering intent to receivers No permission - broadcast not received, no exception Broadcasters may need to have a permission to send a broadcast Specified in manifest or in registerreceiver Checked when delivering broadcast No permission - no delivery, no exception 2 checks for each delivery: for sender and receiver OSP Android Security Mechanisms, Lecture 8 20/35
21 Custom Permissions Declared by apps Checked statically by the system or dynamically by the components Declared in AndroidManifest.xml <permission t r e e android : name= com. example. app. permission a n d r o i d : l a b e l s t r i n g / e x a m p l e p e r m i s s i o n t r e e l a b e l /> <p e r m i s s i o n group android : name= com. example. app. permission group. TEST GROUP a n d r o i d : l a b e l s t r i n g / t e s t p e r m i s s i o n g r o u p l a b e l a n d r o i d : d e s c r i p t i o n s t r i n g / t e s t p e r m i s s i o n g r o u p d e s c /> <p e r m i s s i o n android : name= com. example. app. permission. PERMISSION1 a n d r o i d : l a b e l s t r i n g / p e r m i s s i o n 1 l a b e l a n d r o i d : d e s c r i p t i o n s t r i n g / p e r m i s s i o n 1 d e s c android : permissiongroup= com. example. app. permission group. TEST GROUP a n d r o i d : p r o t e c t i o n L e v e l = s i g n a t u r e /> OSP Android Security Mechanisms, Lecture 8 21/35
22 Outline Signing Applications UIDs and File Access Android Permissions Cryptographic Providers Bibliography OSP Android Security Mechanisms, Lecture 8 22/35
23 JCA Provider Architecture Java Cryptography Architecture (JCA) Extensible cryptographic provider framework Set of APIs - major cryptographic primitives Applications specify an algorithm, do not depend on particular provider implementation Cryptographic Service Provider (CSP) Package with implementation of cryptographic services Advertises the implemented services and algorithms JCA maintains a registry of providers and their algorithms Providers in a order of preference Service Provider Interface (SPI) Common interface for implementations of a specific algorithm Abstract class implemented by provider OSP Android Security Mechanisms, Lecture 8 23/35
24 JCA Engine Classes JCA engines provide: Cryptographic operations (encrypt/decrypt, sign/verify, hash) Generation or conversion of cryptographic material (keys, parameters) Management and storage of cryptographic objects (keys, certificates) Decouple client code from algorithm implementation Static factory method getinstance() Request implementation indirectly s t a t i c EngineClassName getinstance ( String algorithm ) throws NoSuchAlgorithmException s t a t i c EngineClassName g e t I n s t a n c e ( S t r i n g a l g o r i t h m, S t r i n g p r o v i d e r ) throws NoSuchAlgorithmException, NoSuchProviderException s t a t i c EngineClassName g e t I n s t a n c e ( S t r i n g a l g o r i t h m, P r o v i d e r p r o v i d e r ) throws NoSuchAlgorithmException OSP Android Security Mechanisms, Lecture 8 24/35
25 Message Digest Hash function M essagedigest md = MessageDigest. g e t I n s t a n c e ( SHA 256 ); b y t e [ ] data = getmessage ( ) ; b y t e [ ] hash = md. d i g e s t ( data ) ; Data provided in chuncks using update() then call digest() If data is short and fixed - hashed in one step using digest() OSP Android Security Mechanisms, Lecture 8 25/35
26 Signature Digital signature algorithms based on asymmetric encryption Algorithm name: <digest>with<encryption> Sign: b y t e [ ] data = message to be s i g n e d. g e t B y t e s ( ASCII ) ; S i g n a t u r e s = S i g n a t u r e. g e t I n s t a n c e ( SHA256withRSA ) ; s. i n i t S i g n ( p r i v K e y ) ; s. update ( data ) ; b y t e [ ] s i g n a t u r e = s. s i g n ( ) ; Verify: S i g n a t u r e s = S i g n a t u r e. g e t I n s t a n c e ( SHA256withRSA ) ; s. i n i t V e r i f y ( pubkey ) ; s. update ( data ) ; b o o l e a n v a l i d = s. v e r i f y ( s i g n a t u r e ) ; OSP Android Security Mechanisms, Lecture 8 26/35
27 Cipher Encryption and decryption operations Encryption: S e c r e t key = g e t S e c r e t K e y ( ) ; C i p h e r c = C i p h e r. g e t I n s t a n c e ( AES/CBC/PKCS5Padding ) ; b y t e [ ] i v = new b y t e [ c. g e t B l o c k S i z e ( ) ] ; SecureRandom s r = new SecureRandom ( ) ; s r. n e x t B y t e s ( i v ) ; I v P a r a m e t e r S p e c i v p = new I v P a r a m e t e r S p e c ( i v ) ; c. i n i t ( C i p h e r.encrypt MODE, key, i v p ) ; b y t e [ ] data = Message to e n c r y p t. g e t B y t e s ( UTF 8 ); b y t e [ ] c i p h e r t e x t = c. d o F i n a l ( data ) ; OSP Android Security Mechanisms, Lecture 8 27/35
28 Cipher Decryption: C i p h e r c = C i p h e r. g e t I n s t a n c e ( AES/CBC/PKCS5Padding ) ; c. i n i t ( C i p h e r.decrypt MODE, key, i v p ) ; b y t e [ ] data = c. d o F i n a l ( c i p h e r t e x t ) ; OSP Android Security Mechanisms, Lecture 8 28/35
29 MAC Message Authentication Code algorithms S e c r e t K e y key = g e t S e c r e t K e y ( ) ; Mac m = Mac. g e t I n s t a n c e ( HmacSha256 ) ; m. i n i t ( key ) ; b y t e [ ] data = Message. g e t B y t e s ( UTF 8 ); b y t e [ ] hmac = m. d o F i n a l ( data ) ; OSP Android Security Mechanisms, Lecture 8 29/35
30 KeyGenerator Generates symmetric keys Additional checks for weak keys Set key parity when necessary Takes advantage of the cryptographic hardware KeyGenerator kg = KeyGenerator. g e t I n s t a n c e ( HmacSha256 ) ; S e c r e t K e y key = kg. g e n e r a t e K e y ( ) ; KeyGenerator kg = KeyGenerator. g e t I n s t a n c e ( AES ) ; kg. i n i t ( ) ; S e c r e t K e y key = kg. g e n e r a t e K e y ( ) ; OSP Android Security Mechanisms, Lecture 8 30/35
31 KeyPairGenerator Generates public and private keys K e y P a i r G e n e r a t o r kpg = K e y P a i r G e n e r a t o r. g e t I n s t a n c e ( RSA ) ; kpg. i n i t i a l i z e ( ) ; KeyPair p a i r = kpg. g e n e r a t e K e y P a i r ( ) ; P r i v a t e K e y p r i v = p a i r. g e t P r i v a t e ( ) ; P u b l i c K e y pub = p a i r. g e t P u b l i c ( ) ; OSP Android Security Mechanisms, Lecture 8 31/35
32 Android JCA Providers Harmony s Crypto Provider Limited JCA provider part of the Java runtime library SecureRandom (SHA1PRNG), KeyFactory (DSA) MessageDigest (SHA-1), Signature (SHA1withDSA) Android s Bouncy Castle Provider Full-featured JCA provider Part of the Bouncy Castle Crypto API Cipher, KeyGenerator, Mac, MessageDigest, SecretKeyFactory, Signature, CertificateFactory Large number of algorithms AndroidOpenSSL Provider Native code, performance reasons Covers most functionality of Bouncy Castle Preferred provider Implementation uses JNI to access OpenSSL s native code OSP Android Security Mechanisms, Lecture 8 32/35
33 Outline Signing Applications UIDs and File Access Android Permissions Cryptographic Providers Bibliography OSP Android Security Mechanisms, Lecture 8 33/35
34 Bibliography Android Security Internals, Nikolay Elenkov security/permissions.html OSP Android Security Mechanisms, Lecture 8 34/35
35 Keywords Permissions Protection levels Static enforcement Dynamic enforcement Custom permissions Java Cryptography Architecture Cryptographic Service Provider Engine classes OSP Android Security Mechanisms, Lecture 8 35/35
Android Security Mechanisms
Android Security Mechanisms Lecture 9 Android and Low-level Optimizations Summer School 1 August 2015 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy
More informationAndroid Security Mechanisms (2)
Android Security Mechanisms (2) Lecture 9 Operating Systems Practical 14 December 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license,
More informationAndroid Services. Lecture 4. Operating Systems Practical. 26 October 2016
Android Services Lecture 4 Operating Systems Practical 26 October 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.
More informationActivities, Fragments and Intents
Mobile App Development 1 2 Design Principles 3 1 2 Design Principles 3 Manifest file Outline AndroidManifest.xml XML file Contains name of the application and a default package, Sets up the various permissions
More informationQuantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018
Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018 What drives a company s digital strategy in 2020 and beyond? Quantum Computing it s the end of the world
More informationSTRIBOB : Authenticated Encryption
1 / 19 STRIBOB : Authenticated Encryption from GOST R 34.11-2012 or Whirlpool Markku-Juhani O. Saarinen mjos@item.ntnu.no Norwegian University of Science and Technology Directions in Authentication Ciphers
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 12: Random Number Generators and Picking Appropriate Key Lengths Fall 2015 Prof. Aleksander Essex Random Number Generation Where do keys come from? So far we
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationLecture 10: HMAC and Number Theory
CS 6903 Modern Cryptography April 15, 2010 Lecture 10: HMAC and Number Theory Instructor: Nitesh Saxena Scribes: Anand Bidla, Samiksha Saxena,Varun Sanghvi 1 HMAC A Hash-based Message Authentication Code
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2008 Konstantin Beznosov 09/16/08 Module Outline Stream ciphers under the hood Block ciphers
More informationRSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer Mathematical Attacks Input Crypto Algorithm Key Output Goal: recover the key given access to the inputs
More informationA Control Flow Integrity Based Trust Model. Ge Zhu Akhilesh Tyagi Iowa State University
A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University Trust Model Many definitions of trust. Typically transaction level trust propagation/policy. Self-assessment of trust.
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 20, 2014 CPSC 467, Lecture 15 1/37 Common Hash Functions SHA-2 MD5 Birthday Attack on Hash Functions Constructing New
More informationSDS developer guide. Develop distributed and parallel applications in Java. Nathanaël Cottin. version
SDS developer guide Develop distributed and parallel applications in Java Nathanaël Cottin sds@ncottin.net http://sds.ncottin.net version 0.0.3 Copyright 2007 - Nathanaël Cottin Permission is granted to
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationThe File Geodatabase API. Craig Gillgrass Lance Shipman
The File Geodatabase API Craig Gillgrass Lance Shipman Schedule Cell phones and pagers Please complete the session survey we take your feedback very seriously! Overview File Geodatabase API - Introduction
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationPractice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017
Practice Final Exam Name: Winter 2017, CS 485/585 Crypto March 14, 2017 Portland State University Prof. Fang Song Instructions This exam contains 7 pages (including this cover page) and 5 questions. Total
More informationActivities, Services, Intents...
,,... Mobile App Development Przemyslaw Pawluk 1 2 3 4 1 2 3 4 Basic components Activity functionality with UI Service long-running task without UI Content Provider abstracts data and enables interprocess
More informationCryptographical Security in the Quantum Random Oracle Model
Cryptographical Security in the Quantum Random Oracle Model Center for Advanced Security Research Darmstadt (CASED) - TU Darmstadt, Germany June, 21st, 2012 This work is licensed under a Creative Commons
More informationGeodatabase Best Practices. Dave Crawford Erik Hoel
Geodatabase Best Practices Dave Crawford Erik Hoel Geodatabase best practices - outline Geodatabase creation Data ownership Data model Data configuration Geodatabase behaviors Data integrity and validation
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationSIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography
SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 8 of Trappe and Washington DIGITAL SIGNATURES message sig 1. How do we bind
More informationENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions
ENEE 457: Computer Systems Security 09/19/16 Lecture 6 Message Authentication Codes and Hash Functions Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #5 Sep 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list by end of today Quiz #1 will be on Thursday,
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2012 Konstantin Beznosov 1 Module Outline! Stream ciphers under the hood Block ciphers under
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationIntroduction to ArcGIS Server Development
Introduction to ArcGIS Server Development Kevin Deege,, Rob Burke, Kelly Hutchins, and Sathya Prasad ESRI Developer Summit 2008 1 Schedule Introduction to ArcGIS Server Rob and Kevin Questions Break 2:15
More informationMessage Authentication Codes (MACs)
Message Authentication Codes (MACs) Tung Chou Technische Universiteit Eindhoven, The Netherlands October 8, 2015 1 / 22 About Me 2 / 22 About Me Tung Chou (Tony) 2 / 22 About Me Tung Chou (Tony) Ph.D.
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More informationLeftovers from Lecture 3
Leftovers from Lecture 3 Implementing GF(2^k) Multiplication: Polynomial multiplication, and then remainder modulo the defining polynomial f(x): (1,1,0,1,1) *(0,1,0,1,1) = (1,1,0,0,1) For small size finite
More informationWeb GIS: Architectural Patterns and Practices. Shannon Kalisky Philip Heede
Web GIS: Architectural Patterns and Practices Shannon Kalisky Philip Heede Web GIS Transformation of the ArcGIS Platform Desktop Apps Server GIS Web Maps Web Scenes Layers Web GIS Transformation of the
More informationUsability Extensions for the Worklet Service
Usability Extensions for the Worklet Service Michael Adams Queensland University of Technology, Brisbane, Australia. mj.adams@qut.edu.au Abstract. The YAWL Worklet Service is an effective approach to facilitating
More informationTHE SPATIAL DATA SERVER BASED ON OPEN GIS STANDARDS IN HETEROGENEOUS DISTRIBUTED ENVIRONMENT
Geoinformatics 2004 Proc. 12th Int. Conf. on Geoinformatics Geospatial Information Research: Bridging the Pacific and Atlantic University of Gävle, Sweden, 7-9 June 2004 THE SPATIAL DATA SERVER BASED ON
More informationFundamentals of Modern Cryptography
Fundamentals of Modern Cryptography BRUCE MOMJIAN This presentation explains the fundamentals of modern cryptographic methods. Creative Commons Attribution License http://momjian.us/presentations Last
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationWeb GIS & ArcGIS Pro. Zena Pelletier Nick Popovich
Web GIS & ArcGIS Pro Zena Pelletier Nick Popovich Web GIS Transformation of the ArcGIS Platform Desktop Apps GIS Web Maps Web Scenes Layers Evolution of the modern GIS Desktop GIS (standalone GIS) GIS
More informationIntroduction to Cryptography Lecture 4
Data Integrity, Message Authentication Introduction to Cryptography Lecture 4 Message authentication Hash functions Benny Pinas Ris: an active adversary might change messages exchanged between and M M
More informationDigital signature schemes
Digital signature schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction digital signature scheme security of digital
More informationDesign and implementation of a new meteorology geographic information system
Design and implementation of a new meteorology geographic information system WeiJiang Zheng, Bing. Luo, Zhengguang. Hu, Zhongliang. Lv National Meteorological Center, China Meteorological Administration,
More informationSecurity II: Cryptography exercises
Security II: Cryptography exercises Markus Kuhn Lent 2015 Part II Some of the exercises require the implementation of short programs. The model answers use Perl (see Part IB Unix Tools course), but you
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationWeather Company Data for Advanced Analytics
Service Description Weather Company Data for Advanced Analytics This Service Description describes the Cloud Service IBM provides to Client. Client means the contracting party and its authorized users
More informationARGUS.net IS THREE SOLUTIONS IN ONE
OVERVIEW H i g h l y c o n f i g u r a b l e s o f t w a r e a c c o m m o d a t e s a w i d e r a n g e o f c o l l e c t i o n s T h r e e s o l u t i o n s c o v e r P o r t a l s, C o l l e c t i o
More informationLattice-Based Cryptography
Liljana Babinkostova Department of Mathematics Computing Colloquium Series Detecting Sensor-hijack Attacks in Wearable Medical Systems Krishna Venkatasubramanian Worcester Polytechnic Institute Quantum
More informationIntroduction to Google Drive Objectives:
Introduction to Google Drive Objectives: Learn how to access your Google Drive account Learn to create new documents using Google Drive Upload files to store on Google Drive Share files and folders with
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationArcGIS Earth for Enterprises DARRON PUSTAM ARCGIS EARTH CHRIS ANDREWS 3D
ArcGIS Earth for Enterprises DARRON PUSTAM ARCGIS EARTH CHRIS ANDREWS 3D ArcGIS Earth is ArcGIS Earth is a lightweight globe desktop application that helps you explore any part of the world and investigate
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 7: Information flow control Eran Tromer 1 Slides credit: Max Krohn, MIT Ian Goldberg and Urs Hengartner, University of Waterloo
More informationChain of Responsibility
Department of Computer Science University of Pretoria 29 and 30 September 2014 Overview Identification 1 Identification 2 3 4 5 6 Name and Classification: Chain of Responsibility Intent: Avoid coupling
More informationWeather Company Energy and Power Products
Service Weather Company Energy and Power Products This Service (SD) describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients of the Cloud Service.
More informationALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS
SESSION ID: SP02-R14 ALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS Jon Geater Chief Technology Officer Thales esecurity @jongeater Hold onto your hats! This is a very fast-paced
More informationUsing OGC standards to improve the common
Using OGC standards to improve the common operational picture Abstract A "Common Operational Picture", or a, is a single identical display of relevant operational information shared by many users. The
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationA study of entropy transfers
A study of entropy transfers in the Linux Random Number Generator Th. Vuillemin, F. Goichon, G. Salagnac, C. Lauradoux The need for random numbers Computers are built to be fully deterministic......but
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationThe Quantum Threat to Cybersecurity (for CxOs)
The Quantum Threat to Cybersecurity (for CxOs) Michele Mosca 5 th ETSI-IQC Workshop on Quantum-Safe Cryptography 13 September 2017 What is quantum?? E. Lucero, D. Mariantoni, and M. Mariantoni 2017 M.
More informationPublic-key cryptography and the Discrete-Logarithm Problem. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J.
Public-key cryptography and the Discrete-Logarithm Problem Tanja Lange Technische Universiteit Eindhoven with some slides by Daniel J. Bernstein Cryptography Let s understand what our browsers do. Schoolbook
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationMobile and Wireless Systems Programming
Application Fundamentals Java programming language Android package :.apk Dalvik VM executes files in the Dalvik Executable (.dex) format 1.apk = 1 application 1 application = 1 Linux process 1 application
More informationComputational and Statistical Learning Theory
Computational and Statistical Learning Theory TTIC 31120 Prof. Nati Srebro Lecture 6: Computational Complexity of Learning Proper vs Improper Learning Learning Using FIND-CONS For any family of hypothesis
More informationLeveraging Web GIS: An Introduction to the ArcGIS portal
Leveraging Web GIS: An Introduction to the ArcGIS portal Derek Law Product Management DLaw@esri.com Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options
More informationPseudo-Random Generators
Pseudo-Random Generators Why do we need random numbers? Simulation Sampling Numerical analysis Computer programming (e.g. randomized algorithm) Elementary and critical element in many cryptographic protocols
More informationPseudo-Random Generators
Pseudo-Random Generators Topics Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More informationCryptography and Security Final Exam
Cryptography and Security Final Exam Serge Vaudenay 17.1.2017 duration: 3h no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices are not
More informationA FEW E-COMMERCE APPLICATIONS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 9 of Trappe and Washington
A FEW E-COMMERCE APPLICATIONS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 9 of Trappe and Washington E-COMMERCE: SET SET = Secure Electronic Transaction Consider a credit
More informationUsing the File Geodatabase API. Lance Shipman David Sousa
Using the File Geodatabase API Lance Shipman David Sousa Overview File Geodatabase API - Introduction - Supported Tasks - API Overview - What s not supported - Updates - Demo File Geodatabase API Provide
More informationEnabling ENVI. ArcGIS for Server
Enabling ENVI throughh ArcGIS for Server 1 Imagery: A Unique and Valuable Source of Data Imagery is not just a base map, but a layer of rich information that can address problems faced by GIS users. >
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationTopics. Pseudo-Random Generators. Pseudo-Random Numbers. Truly Random Numbers
Topics Pseudo-Random Generators Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More informationNET 311D INFORMATION SECURITY
1 NET 311D INFORMATION SECURITY Networks and Communication Department TUTORIAL 3 : Asymmetric Ciphers (RSA) A Symmetric-Key Cryptography (Public-Key Cryptography) Asymmetric-key (public key cryptography)
More informationEME : extending EME to handle arbitrary-length messages with associated data
EME : extending EME to handle arbitrary-length messages with associated data (Preliminiary Draft) Shai Halevi May 18, 2004 Abstract We describe a mode of oepration EME that turns a regular block cipher
More informationQuantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017
Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017 What is quantum?? E. Lucero, D. Mariantoni, and M. Mariantoni 2017 M. Mosca New paradigm brings new possibilities Designing
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationPortal for ArcGIS: An Introduction. Catherine Hynes and Derek Law
Portal for ArcGIS: An Introduction Catherine Hynes and Derek Law Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options and groups Portal for ArcGIS
More informationArcGIS Runtime: Migrating from ArcGIS Engine. Rex Hansen
ArcGIS Runtime: Migrating from ArcGIS Engine Rex Hansen Thank You to Our Sponsors Migrating from ArcGIS Engine to ArcGIS Runtime ArcGIS Runtime API: new and evolved workflows on all platforms Windows Linux
More informationIntroduction to Portal for ArcGIS. Hao LEE November 12, 2015
Introduction to Portal for ArcGIS Hao LEE November 12, 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration options Portal for ArcGIS + ArcGIS for
More informationActors for Reactive Programming. Actors Origins
Actors Origins Hewitt, early 1970s (1973 paper) Around the same time as Smalltalk Concurrency plus Scheme Agha, early 1980s (1986 book) Erlang (Ericsson), 1990s Akka, 2010s Munindar P. Singh (NCSU) Service-Oriented
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #4 Sep 2 nd 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list Quiz #1 will be on Thursday, Sep 9 th
More informationAuthentication. Chapter Message Authentication
Chapter 5 Authentication 5.1 Message Authentication Suppose Bob receives a message addressed from Alice. How does Bob ensure that the message received is the same as the message sent by Alice? For example,
More informationSecuring the Web of Things
Securing the Web of Things A COMPOSE Perspective Daniel Schreckling University of Passau 1 st W3C WoT IG F2F Open Day April 20, 2015 High- Level COMPOSE Architecture 2 Main Design Decision The situation
More informationMESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION. Mihir Bellare UCSD 1
MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and authenticity The goal is to ensure that M really originates with Alice and not someone else M has not been modified
More informationLecture 10: NMAC, HMAC and Number Theory
CS 6903 Modern Cryptography April 13, 2011 Lecture 10: NMAC, HMAC and Number Theory Instructor: Nitesh Saxena Scribes: Anand Desai,Manav Singh Dahiya,Amol Bhavekar 1 Recap 1.1 MACs A Message Authentication
More informationGeodatabase: Best Practices. Robert LeClair, Senior Instructor
Geodatabase: Best Practices Robert LeClair, Senior Instructor Agenda Geodatabase Creation Data Ownership Data Model Data Configuration Geodatabase Behaviors Data Validation Extending Performance Geodatabase
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationChapter 7: Signature Schemes. COMP Lih-Yuan Deng
Chapter 7: Signature Schemes COMP 7120-8120 Lih-Yuan Deng lihdeng@memphis.edu Overview Introduction Security requirements for signature schemes ElGamal signature scheme Variants of ElGamal signature scheme
More informationIntroduction to Portal for ArcGIS
Introduction to Portal for ArcGIS Derek Law Product Management March 10 th, 2015 Esri Developer Summit 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More information