T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K
|
|
- Austen Herbert Williams
- 6 years ago
- Views:
Transcription
1 1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi
2 T H R E A T S A R E H I D I N G I N E N2 W H AT YO U W I L L L E A R N Why encryption and digital certificates are helping our adversaries How to architect for today and tomorrow s SSL/TLS threatscape What you need to successfully run your operations What s your 45 day action plan 2
3 S S L / T L S T H R E AT S U P D AT E 3
4 T H R E A T S A R E H I D I N G I N E N4 P R O B L E M : Σ Κ Ό Τ Ο Σ = S C O T O M A = B L I N D S P O T
5 T H R E A T S A R E H I D I N G I N E N % A N D C L I M B I N G Of enterprise network traffic is encrypted with SSL/TLS today 5
6 T H R E A T S A R E H I D I N G I N E N6 5 0 % O F N E T W O R K AT TA C K S W I L L U S E S S L / T L S B Y % N E T W O R K AT TA C K S W I L L U S E S S L / T L S B Y % of 6
7 T H R E A T S A R E H I D I N G I N E N7 E N T U N N E L S M E A N S E C U R I T Y S Y S T E M S C A N T S E E W H AT S C O M I N G 7
8 T H R E A T S A R E H I D I N G I N E N8 T R A D I T I O N A L S E C U R I T Y S Y S T E M S C A N T K E E P U P W I T H P E R F O R M A N C E N E E D E D T O D E C R Y P T A N D I N S P E C T S S L / T L S N E T W O R K 8
9 9 D I F F E R E N C E S I N E N T E R P R I S E E N C R Y P T I O N S T R AT E G I E S B Y C O U N T R Y S o u r c e : P o n e m o n I n s t i t u t e G l o b a l 9 E n c r y p t i o n T r e n d s S t u d y
10 M A LWA R E A N D O U T B O U N D S S L 10
11 T H R E A T S A R E H I D I N G I N E N11 S S L / T L S : H I D D E N D A N G E R S Bad Actors are using encryption to: Hiding Malicious Actions and Messages Hiding the Initial Infection Hiding the Command and Control Channel Hiding Data Exfiltration 2987 blacklisted SSL certificates: Most (recently) are Dyre C&C, KINS C&C, Vawtrak MITM, Shylock C&C, URLzone C&C, TorrentLocker C&C, CryptoWall C&C, Upatre C&C, Spambot C&C, Retefe C&C, ZeuS MITM, etc. * TCP Ports used by Dyre Trojan for Hidden Command & Control - Blue Coat Labs 11
12 NGFW IDS / IPS Host AV Traditional Web Gateway SIEM Gateway DLP Web Application Firewall T H R E A T S A R E H I D I N G I N E N12 B A D G U Y S A R E E VA D I N G D E F E N S E S Traditional Enterprise Defenses Threat Actors Traditional Threats Advanced Threats Nation States Known Threats, Novel Malware Cybercrime Known Malware, Zero-Day Hactivists Known Files Threats Insider-Threats Known IPs/URLs Targeted Attacks Modern HTTPs
13 T H R E A T S A R E H I D I N G I N E N13 S S L / T L S : H I D D E N D A N G E R S Users: Are they SSL Aware? 13
14 T H R E A T S A R E H I D I N G I N E N14 N E X T B I G H A C K E R M A R K E T P L A C E W I L L B E I N S T O L E N C E R T I F I C AT E S 14
15 T H R E A T S A R E H I D I N G I N E N15 W H AT D O Y O U T H I N K T H I N G S L O O K L I K E? Secure Communications
16 T H R E A T S A R E H I D I N G I N E N16 SSL & SSH Keys & Certificates T H I S I S W H AT I T R E A L LY L O O K S L I K E SSL Keys & Certificates Secure Communications Server Authentication Client-side Server Authentication Secure Communications Server Authentication Client-side Authentication
17 T H R E A T S A R E H I D I N G I N E N17 M O R E K E Y S, M O R E C E R T I F I C A T E S, M O R E E N C R Y P T I O N
18 18 A R C H I T E C T I N G F O R S S L / T L S T H R E AT S
19 T H R E A T S A R E H I D I N G I N E N19 Today Ready for Threats A R C H I T E C T U R E G A P A N A LY S I S Role of Decryption Non-Existent/Tactical Strategic Inspection Points Few Performance Struggling Wirespeed Outbound Decryption: Internal trusted root CA Inbound Decryption: all keys & certs available Inbound Decryption: keys & certs securely distributed Few , flash drive, file server All available Encryption distribution w/o people 19
20 T H R E A T S A R E H I D I N G I N E N20 B A L A N C I N G C O M P L I A N C E A N D D ATA P R I VA C Y DATA PRIVACY CONCERNS RISK OF ADVANCED THREATS LEAD TO REQUIREMENTS 1) Manage what type of information is decrypted 2) Assure custody and integrity of encrypted data 20
21 T H R E A T S A R E H I D I N G I N E N21 I N B O U N D A N D O U T B O U N D T R A F F I C Inbound SSL Decryption Web & Servers, Customer Web Portals Outbound SSL Decryption Encrypted , Social Networks, CRM, etc. IPS & IDS AV DLP APM SIM & SIEM Forensics Security Solution IPS & IDS AV DLP APM SIM & SIEM Forensics Security Solution Internet Internet Web, & Portal Servers Clients
22 T H R E A T S A R E H I D I N G I N E N22 P K I A R C H I T E C T U R E F O R I N S P E C T I O N Inbound Outbound Enterprise Root STATIC SSL Decryption Intermediate STATIC www app.. v125.. GENERATED ON THE FLY google.com outlook.com dropbox.com
23 T H R E A T S A R E H I D I N G I N E N23 A R C H I T E C T U R E F O R V I S I B I L I T Y CLIENT INTERNET SERVER GLOBAL INTELLIGENCE NETWORK GATEWAY / FIREWALL SECURITY ANALYTICS CORPORATE SERVERS ❷ SSL VISIBILITY APPLIANCE ❸ ❶ ❹ SANDBOX CLIENT NG IPS Encrypted traffic Decrypted traffic 23
24 T H R E A T S A R E H I D I N G I N E N24 S S L B L I N D S P O T S I N A C T I O N : D ATA I N F I LT R AT I O N + E X F I LT R AT I O N U S I N G S S L Malware Infiltration and Data Exfiltration using Wireshark Compare pcaps from identical operations with and without SSL Inspection enabled in the network. Download from a file magnetic* from sourceforge.net (HTTP Download) Download a known file using HTTPS: Infiltration Upload sensitive data using HTTPS: Exfiltration 24
25 T H R E A T S A R E H I D I N G I N E N25 25
26 S S L B L I N D S P O T S : D ATA E X F I LT R AT I O N E X P E R I M E N T Symantec DLP Network Prevent Details: Base OS: MS Windows 2012 R2 DLP Network Prevent Software Version: 14 DLP Network Prevent configured to monitor HTTP and HTTPS ports. SSL Inspection Device: Hardware Mode:SV800 / Software Version Experiment: 1. Upload sensitive data using HTTP 2. SSL Inspection Disabled: Upload sensitive data using HTTPS 3. SSL Inspection Enabled: Upload sensitive data using HTTPS T H R E A T S A R E H I D I N G I N E N26 NOTE: SYMANTEC DOES NOT CLAIM THEY CAN INSPECT SSL TRAFFIC ON THEIR NETWORK DLP PRODUCTS 26
27 T H R E A T S A R E H I D I N G I N E N27 27
28 E C O N O M I C S O F S S L D E C R Y P T I O N Cost of No-Action =Infection=Intrusion=Breach=$ Direct Low performance -> higher cost to reach needed throughput Incomplete support for latest ciphers creates unseen blindspots Indirect Time and effort to identify, gather, distribute, and update keys & certificates T H R E A T S A R E H I D I N G I N E N28 28
29 O N G O I N G O P E R AT I O N S 29
30 T H R E A T S A R E H I D I N G I N E N30 M A I N TA I N I N G D E C R Y P T I O N Capture new keys and certificates (including those generated outside of IT security) Update renewed, rekey keys and certificates throughout SSL/TLS chain (e.g. firewall, load balancer, WAF, etc.)
31 31 W H AT U S E R B E N E F I T S D O E S T L S 1. 3 O F F E R Higher security than TLS 1.2 Only supports use of handshake mechanisms that provide Perfect Forward Secrecy RSA key exchange not supported Most existing ciphers are no longer supported Only support AEAD cipher suites AES-GCM, AES-CCM and CHACHA Most handshake messages are encrypted Higher speed Faster session establishment Fewer round trips before pass data Standard is 1 round trip time (RTT) compared with 2 in TLS 1.2 Option for 0 RTT with the ability for the client to send early data though with weaker security until the handshake completes Downgrade attack detection Allows client to detect if server did support 1.3 but used 1.2 because it was tricked into thinking the client doesn t support 1.3
32 33 M Y T H S A N D FA C T S A B O U T T L S 1. 3 It prevents MITM devices from being able to look at decrypted data More difficult but not impossible It will require new clients (browsers) Already implemented in browsers There is no possibility to do Passive decrypt for TLS 1.3 Must be a bump in the wire SSLV does not support TLS 1.3 We do already as you will see You cannot downgrade a session You can if you fully terminate TCP and TLS (i.e. full TLS proxy) It will be years before TLS 1.3 is implemented by major sites Once standard roll out will be fast for many large TLS sites on the Internet Google, Facebook, Cloudflare, CDNs all ready to roll Enterprise sites, particularly financial services are likely to take longer to adopt
33 4 5 D AY A C T I O N P L A N 34
34 T H R E A T S A R E H I D I N G I N E N35 YO U R 4 5 D AY A C T I O N P L A N Map your SSL footprint = Risk Exposure Decrypt once feed many v/s decryption in many places in network Performance impact of decryption on existing network/security devices Local regulations and compliance requirements Outbound: HR and Legal must be consulted to ensure user privacy is respected and preserved. Inbound: Obtaining keys/certificates, how will you keep them secure, how will you keep them updated 35
35 T H R E A T S A R E H I D I N G I N E N36 M A P Y O U R I N B O U N D S S L / T L S F O O T P R I N T Where and how many SSL/TLS enabled entities? What are all systems involved in SSL/TLS through DMZ? (e.g. firewall, load balancer, WAF, etc.) What are the security controls that need visibility in to encrypted traffic? How will you track keys and certificates? How frequently are they renewed and rekeyed? Who and how many are responsible for each key and certificate? How will you get them? How will you transfer keys and certificates? How will you update keys and certificates? 36
36 T H R E A T S A R E H I D I N G I N E N37 M A P Y O U R O U T B O U N D S S L / T L S F O O T P R I N T % of Total North-South Traffic is SSL/TLS encrypted SSL Versions seen on the networks SSL Versions have known vulnerabilities. SSL: Bad; TLS: Good BP: Do not allow known bad protocols Certificate Status Valid certificate v/s invalid certs Should not see any traffic with invalid certificate. BP: Do not allow not-valid cert traffic SSL/TLS traffic that isn t on port 443 Non-SSL traffic that is using port 443 Protocol versions in-use Ciphers used Strong v/s Weak cipher suites Logjam/Freak/Heartbleed BP: Do not allow connections with weak ciphers Top N SSL Sites by Request Users of SSL/TLS Traffic North-South communication 37
37 38 Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi THANK YOU
T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationFIS' Partnership with Zelle for P2P Payments
FIS' Partnership with Zelle for P2P Payments Chris Burfield, SVP, Digital Market Strategy Norman Marraccini, VP, Director of Digital Payment Product Strategy & Marketing Peter Tapling, Chief Revenue Officer,
More informationPatrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies
Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies Jun Dai, Xiaoyan Sun, and Peng Liu College of Information Sciences and Technology Pennsylvania State University,
More informationAndroid Security Mechanisms (2)
Android Security Mechanisms (2) Lecture 9 Operating Systems Practical 14 December 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license,
More informationQuantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018
Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018 What drives a company s digital strategy in 2020 and beyond? Quantum Computing it s the end of the world
More informationArcGIS Deployment Pattern. Azlina Mahad
ArcGIS Deployment Pattern Azlina Mahad Agenda Deployment Options Cloud Portal ArcGIS Server Data Publication Mobile System Management Desktop Web Device ArcGIS An Integrated Web GIS Platform Portal Providing
More informationLeveraging Web GIS: An Introduction to the ArcGIS portal
Leveraging Web GIS: An Introduction to the ArcGIS portal Derek Law Product Management DLaw@esri.com Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationMySQL Attack Mitigation Using Deception Technology
1 RESEARCH REPORT : MySQL Attack Mitigation Using Deception Technology RESEARCH REPORT MySQL Attack Mitigation Using Deception Technology A Report by TrapX Labs December 31, 2016 2 RESEARCH REPORT : MySQL
More informationPortal for ArcGIS: An Introduction. Catherine Hynes and Derek Law
Portal for ArcGIS: An Introduction Catherine Hynes and Derek Law Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options and groups Portal for ArcGIS
More informationBroadband Internet Access Disclosure
Broadband Internet Access Disclosure This document provides information about the network practices, performance characteristics, and commercial terms applicable broadband Internet access services provided
More informationST-Links. SpatialKit. Version 3.0.x. For ArcMap. ArcMap Extension for Directly Connecting to Spatial Databases. ST-Links Corporation.
ST-Links SpatialKit For ArcMap Version 3.0.x ArcMap Extension for Directly Connecting to Spatial Databases ST-Links Corporation www.st-links.com 2012 Contents Introduction... 3 Installation... 3 Database
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #5 Sep 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list by end of today Quiz #1 will be on Thursday,
More informationAttack Graph Modeling and Generation
Attack Graph Modeling and Generation Ratnesh Kumar, Professor, IEEE Fellow Electrical and Computer Engineering, Iowa State University PhD Students: Mariam Ibrahim German Jordanian University Attack Graph:
More informationPortal for ArcGIS: An Introduction
Portal for ArcGIS: An Introduction Derek Law Esri Product Management Esri UC 2014 Technical Workshop Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More informationM o n i t o r i n g O c e a n C o l o u r P y t h o n p r o c e d u r e f o r d o w n l o a d
M o n i t o r i n g O c e a n C o l o u r P y t h o n p r o c e d u r e f o r d o w n l o a d Copernicus User Uptake Information Sessions Copernicus EU Copernicus EU Copernicus EU www.copernicus.eu I N
More informationKEY DISTRIBUTION 1 /74
KEY DISTRIBUTION 1 /74 The public key setting Alice M D sk[a] (C) C Bob pk[a] C $ E pk[a] (M) σ $ S sk[a] (M) M,σ Vpk[A] (M,σ) Bob can: send encrypted data to Alice verify her signatures as long as he
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationSTRIBOB : Authenticated Encryption
1 / 19 STRIBOB : Authenticated Encryption from GOST R 34.11-2012 or Whirlpool Markku-Juhani O. Saarinen mjos@item.ntnu.no Norwegian University of Science and Technology Directions in Authentication Ciphers
More informationIntroduction to Portal for ArcGIS. Hao LEE November 12, 2015
Introduction to Portal for ArcGIS Hao LEE November 12, 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration options Portal for ArcGIS + ArcGIS for
More informationARGUS.net IS THREE SOLUTIONS IN ONE
OVERVIEW H i g h l y c o n f i g u r a b l e s o f t w a r e a c c o m m o d a t e s a w i d e r a n g e o f c o l l e c t i o n s T h r e e s o l u t i o n s c o v e r P o r t a l s, C o l l e c t i o
More informationProving Security Protocols Correct. Lawrence C. Paulson Computer Laboratory
Proving Security Protocols Correct Lawrence C. Paulson Computer Laboratory How Detailed Should a Model Be? too detailed too simple concrete abstract not usable not credible ``proves'' everything ``attacks''
More informationArcgis Enterprise Performance And Scalability Best Practices
Arcgis Enterprise Performance And Scalability Best Practices We have made it easy for you to find a PDF Ebooks without any digging. And by having access to our ebooks online or by storing it on your computer,
More informationNew Cloud Solutions by My TimeZero
New Cloud Solutions by My TimeZero 1. TimeZero Products under My TimeZero 2. Creating and Logging into My TimeZero Account 3. Linking My TimeZero Products with Users 3-1 Finding Friends 3-2 Saving Settings
More informationArcGIS Earth for Enterprises DARRON PUSTAM ARCGIS EARTH CHRIS ANDREWS 3D
ArcGIS Earth for Enterprises DARRON PUSTAM ARCGIS EARTH CHRIS ANDREWS 3D ArcGIS Earth is ArcGIS Earth is a lightweight globe desktop application that helps you explore any part of the world and investigate
More informationBEST PRACTICES FOR EDISCOVERY ON DATA IN THE AZURE OR AWS CLOUD TAKEAWAYS FROM THE WEBINAR
BEST PRACTICES FOR EDISCOVERY ON DATA IN THE AZURE OR AWS CLOUD TAKEAWAYS FROM THE WEBINAR 1 1 0 1 1 0 1 1 1 0 0 0 1 0 1 1 0 1 1 1 0 1 1 1 1 1 1 0 1 1 1 0 1 1 1 1 0 0 0 0 1 0 1 0 0 0 0 1 1 1 1 0 1 1 1
More informationLectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols
CS 294 Secure Computation January 19, 2016 Lectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols Instructor: Sanjam Garg Scribe: Pratyush Mishra 1 Introduction Secure multiparty computation
More informationIntroduction to Portal for ArcGIS
Introduction to Portal for ArcGIS Derek Law Product Management March 10 th, 2015 Esri Developer Summit 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More informationIncident Response tactics with Compromise Indicators
Vladimir Kropotov, Vitaly Chetvertakov, Fyodor Yarochkin RusCrypto 2014 March 25-28, 2014 Outline Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions Introduction Indicators
More informationWordPress and CRM. Match Made In Heaven... or Hell?
WordPress and CRM Match Made In Heaven... or Hell? Who Am I? Colin Pizarek Product Manager, NeonCRM Board Member, Ridgeville Foundation Alumnus, Idealware Disclaimer: I m opinionated. Moving data from
More informationTroubleshooting Replication and Geodata Services. Liz Parrish & Ben Lin
Troubleshooting Replication and Geodata Services Liz Parrish & Ben Lin AGENDA: Troubleshooting Replication and Geodata Services Overview Demo Troubleshooting Q & A Overview of Replication Liz Parrish What
More informationInformation Security in the Age of Quantum Technologies
www.pwc.ru Information Security in the Age of Quantum Technologies Algorithms that enable a quantum computer to reduce the time for password generation and data decryption to several hours or even minutes
More informationEnforcing honesty of certification authorities: Tagged one-time signature schemes
Enforcing honesty of certification authorities: Tagged one-time signature schemes Information Security Group Royal Holloway, University of London bertram.poettering@rhul.ac.uk Stanford, January 11, 2013
More informationSOCIAL MEDIA IN THE COMMUNICATIONS CENTRE
SOCIAL MEDIA IN THE COMMUNICATIONS CENTRE Karen Gordon Gordon Strategy www.gordonstrategy.ca v 1 WHAT WE ARE GOING TO TALK ABOUT TODAY T h e s o c i a l m e d i a i n c i d e n t W h a t c a n h a p p
More informationGeoComply Overview. 666 Burrard Street, Suite 1530, Vancouver BC V6C 2X8
GeoComply Overview 666 Burrard Street, Suite 1530, Vancouver BC V6C 2X8 EXECUTIVE SUMMARY GeoComply is a global leader in geolocation technology. Since launching in 2011, GeoComply has quickly become the
More informationnew interface and features
Web version of SciFinder : new interface and features Bhawat Ruangying, CAS representative Updated at 22 Dec 2009 www.cas.org SciFinder web interface Technical aspects of SciFinder Web SciFinder URL :
More informationVerification of the TLS Handshake protocol
Verification of the TLS Handshake protocol Carst Tankink (0569954), Pim Vullers (0575766) 20th May 2008 1 Introduction In this text, we will analyse the Transport Layer Security (TLS) handshake protocol.
More informationWeb GIS Deployment for Administrators. Vanessa Ramirez Solution Engineer, Natural Resources, Esri
Web GIS Deployment for Administrators Vanessa Ramirez Solution Engineer, Natural Resources, Esri Agenda Web GIS Concepts Web GIS Deployment Patterns Components of an On-Premises Web GIS Federation of Server
More informationT R A I N I N G M A N U A L 1. 9 G H Z C D M A P C S 80 0 M H Z C D M A /A M P S ( T R I - M O D E ) PM325
T R A I N I N G M A N U A L 1. 9 G H Z C D M A P C S 80 0 M H Z C D M A /A M P S ( T R I - M O D E ) PM325 Slide. Click. Send the pic O P E R AT I N G I N S T RU C T I O N S H e a d s e t Ja c k S e l
More informationThe science behind these computers originates in
A Methodology for Quantum Risk Assessment Author: Dr. Michele Mosca & John Mulholland DISRUPTIVE TECHNOLOGY INTRODUCTION Until recently, quantum computing was often viewed as a capability that might emerge
More informationImagery and the Location-enabled Platform in State and Local Government
Imagery and the Location-enabled Platform in State and Local Government Fred Limp, Director, CAST Jim Farley, Vice President, Leica Geosystems Oracle Spatial Users Group Denver, March 10, 2005 TM TM Discussion
More informationSession Data. Evan Misshula
Session Data Evan Misshula emisshula@qc.cuny.edu What is session data? Session data is the summary of the communications between two devices log is like the bill of a mobile phone Who? What? Where? Typical
More informationUsing OGC standards to improve the common
Using OGC standards to improve the common operational picture Abstract A "Common Operational Picture", or a, is a single identical display of relevant operational information shared by many users. The
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationWhat s New. August 2013
What s New. August 2013 Tom Schwartzman Esri tschwartzman@esri.com Esri UC2013. Technical Workshop. What is new in ArcGIS 10.2 for Server ArcGIS 10.2 for Desktop Major Themes Why should I use ArcGIS 10.2
More informationData-Sharing Agreement
Data-Sharing Agreement Contributions to LandMark: The Global Platform of Indigenous and Community Lands This Data-Sharing Agreement provides the standards for contributing data to the LandMark: The Global
More informationSolution to Midterm Examination
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Handout #13 Xueyuan Su November 4, 2008 Instructions: Solution to Midterm Examination This is a closed book
More informationEnabling Web GIS. Dal Hunter Jeff Shaner
Enabling Web GIS Dal Hunter Jeff Shaner Enabling Web GIS In Your Infrastructure Agenda Quick Overview Web GIS Deployment Server GIS Deployment Security and Identity Management Web GIS Operations Web GIS
More informationR E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H.
R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H. 5 S O F T W A R E E N G I N E E R I N G B Y S O M M E R V I L L E S E
More informationQuantum threat...and quantum solutions
Quantum threat...and quantum solutions How can quantum key distribution be integrated into a quantum-safe security infrastructure Bruno Huttner ID Quantique ICMC 2017 Outline Presentation of ID Quantique
More informationInnovation. The Push and Pull at ESRI. September Kevin Daugherty Cadastral/Land Records Industry Solutions Manager
Innovation The Push and Pull at ESRI September 2004 Kevin Daugherty Cadastral/Land Records Industry Solutions Manager The Push and The Pull The Push is the information technology that drives research and
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationWeb GIS Patterns and Practices
FedGIS Conference February 24 25, 2016 Washington, DC Web GIS Patterns and Practices Philip Heede Jay Theodore Witt Mathot Web GIS Transformation of the ArcGIS Platform Desktop Apps Web Maps Web Scenes
More informationDan Boneh. Introduction. Course Overview
Online Cryptography Course Introduction Course Overview Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My recommendations: Take notes
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationJOB TITLE: CURRENT CLASSIFICATION/GRID POSITION # GIS Coordinator AD Grid Level 6(c) # 420
COUNTY OF GRANDE PRAIRIE JOB DESCRIPTION JOB TITLE: CURRENT CLASSIFICATION/GRID POSITION # GIS Coordinator AD Grid Level 6(c) # 420 NOC CODE: 2255 STANDARD HOURS: 35 hours/week (non-management) JOB TITLE
More informationWorking with ArcGIS Online
Esri International User Conference San Diego, CA Technical Workshops July 12, 2011 Working with ArcGIS Online Bern Szukalski, Deane Kensok Topics for this Session ArcGIS Online Overview ArcGIS Online Content
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationTroubleshooting Replication and Geodata Service Issues
Troubleshooting Replication and Geodata Service Issues Ken Galliher & Ben Lin Esri UC 2014 Demo Theater Tech Session Overview What is Geodatabase Replication Replication types Geodata service replication
More informationOverview of Geospatial Open Source Software which is Robust, Feature Rich and Standards Compliant
Overview of Geospatial Open Source Software which is Robust, Feature Rich and Standards Compliant Cameron SHORTER, Australia Key words: Open Source Geospatial Foundation, OSGeo, Open Standards, Open Geospatial
More informationCompensation Planning Application
Compensation Planning Application Why Physician Compensation? More and more organizations are formally aligning with physicians. These organizations require large support structures to effectively manage
More informationArcGIS Enterprise: What s New. Philip Heede Shannon Kalisky Melanie Summers Sam Williamson
ArcGIS Enterprise: What s New Philip Heede Shannon Kalisky Melanie Summers Sam Williamson ArcGIS Enterprise is the new name for ArcGIS for Server What is ArcGIS Enterprise ArcGIS Enterprise is powerful
More informationImproving Helios with Everlasting Privacy Towards the Public Denise Demirel, Jeroen van de Graaf, Roberto Araújo
Improving Helios with Everlasting Privacy Towards the Public Denise Demirel, Jeroen van de Graaf, Roberto Araúo 15.08.2012 Fachbereich 20 CDC Denise Demirel 1 Helios Introduced 2008 by Ben Adida Web application
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationGIS Data Conversion: Strategies, Techniques, and Management
GIS Data Conversion: Strategies, Techniques, and Management Pat Hohl, Editor SUB G6ttlngen 208 494219 98 A11838 ONWORD P R E S S V Contents SECTION 1: Introduction 1 Introduction and Overview 3 Ensuring
More informationCryptography and Security Final Exam
Cryptography and Security Final Exam Serge Vaudenay 17.1.2017 duration: 3h no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices are not
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationBuild relationships not link. Scott Wyden Kivowitz
Digital Agency Build relationships not link. Scott Wyden Kivowitz Company book yoursocialnoise.digital #progettinoise Digital Agency Hi! #progettinoise We are yoursocialnoise! A young Digital Agency that
More informationHomeland Security Geospatial Data Model. Mark Eustis SAIC Joe Kelly Traverse Technologies 21 February, 2008
Homeland Security Geospatial Data Model Mark Eustis SAIC Joe Kelly Traverse Technologies 21 February, 2008 Background & Landscape For whom are we doing this? the homeland security community But why build
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 12: Random Number Generators and Picking Appropriate Key Lengths Fall 2015 Prof. Aleksander Essex Random Number Generation Where do keys come from? So far we
More informationSocket Programming. Daniel Zappala. CS 360 Internet Programming Brigham Young University
Socket Programming Daniel Zappala CS 360 Internet Programming Brigham Young University Sockets, Addresses, Ports Clients and Servers 3/33 clients request a service from a server using a protocol need an
More informationSpyMeSat Mobile App. Imaging Satellite Awareness & Access
SpyMeSat Mobile App Imaging Satellite Awareness & Access Imaging & Geospatical Technology Forum ASPRS Annual Conference March 12-16, 2017 Baltimore, MD Ella C. Herz 1 Orbit Logic specializes in software
More informationArcGIS. for Server. Understanding our World
ArcGIS for Server Understanding our World ArcGIS for Server Create, Distribute, and Manage GIS Services You can use ArcGIS for Server to create services from your mapping and geographic information system
More informationMarkov Chain analysis of packet sequence for intrusion detection
Graduate Theses and Dissertations Iowa State University Capstones, Theses and Dissertations 2017 Markov Chain analysis of packet sequence for intrusion detection Chad Bockholt Iowa State University Follow
More informationTECDIS and TELchart ECS Weather Overlay Guide
1 of 24 TECDIS and TELchart ECS provides a very advanced weather overlay feature, using top quality commercial maritime weather forecast data available as a subscription service from Jeppesen Marine. The
More informationASYMMETRIC ENCRYPTION
ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall
More informationIntegrated Electricity Demand and Price Forecasting
Integrated Electricity Demand and Price Forecasting Create and Evaluate Forecasting Models The many interrelated factors which influence demand for electricity cannot be directly modeled by closed-form
More informationLan Performance LAB Ethernet : CSMA/CD TOKEN RING: TOKEN
Lan Performance LAB Ethernet : CSMA/CD TOKEN RING: TOKEN Ethernet Frame Format 7 b y te s 1 b y te 2 o r 6 b y te s 2 o r 6 b y te s 2 b y te s 4-1 5 0 0 b y te s 4 b y te s P r e a m b le S ta r t F r
More informationNo#ons of Privacy: ID- Hiding, Untrace- ability, Anonymity & Deniability
No#ons of Privacy: ID- Hiding, Untrace- ability, Anonymity & Deniability Paris, 19/03/2014 CIDRE Cristina Onete Meet the girl Need authentication Marie-Claire Cris%na Onete 19/03/2014 2 Secure Authentication
More informationRandom Number Generation Is Getting Harder It s Time to Pay Attention
SESSION ID: PDAC-F03 Random Number Generation Is Getting Harder It s Time to Pay Attention Richard Moulds General Manager Whitewood Richard Hughes Laboratory Fellow (Retired) Los Alamos National Laboratory
More informationWeb GIS & ArcGIS Pro. Zena Pelletier Nick Popovich
Web GIS & ArcGIS Pro Zena Pelletier Nick Popovich Web GIS Transformation of the ArcGIS Platform Desktop Apps GIS Web Maps Web Scenes Layers Evolution of the modern GIS Desktop GIS (standalone GIS) GIS
More informationLand Board, NW Services and SDI Tambet Tiits, FRICS
Land Board, NW Services and SDI Tambet Tiits, FRICS 07.09.2016 200th anniversary of the Struve Geodetic Arc Friedrich Georg Wilhelm Struve and Carl Friedrich Tenner Struve Geodetic Arc The Struve Geodetic
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 19 November 8, 2017 CPSC 467, Lecture 19 1/37 Zero Knowledge Interactive Proofs (ZKIP) ZKIP for graph isomorphism Feige-Fiat-Shamir
More informationIntroduction to ArcGIS Server Development
Introduction to ArcGIS Server Development Kevin Deege,, Rob Burke, Kelly Hutchins, and Sathya Prasad ESRI Developer Summit 2008 1 Schedule Introduction to ArcGIS Server Rob and Kevin Questions Break 2:15
More informationBCeMap A Multi Agency Situational Awareness System for the Province of BC
BCeMap A Multi Agency Situational Awareness System for the Province of BC URISA BC Gurdeep Singh Manager, Business Development & Partnership Portfolio Integrated Land Management Bureau, GeoBC Kristopher
More informationPARASITIC COMPUTING: PROBLEMS AND ETHICAL
ISSN 2320-9194 8 International Journal of Advance Research, IJOAR.org Volume 1, Issue 11, November 2013, Online: ISSN 2320-9194 PARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATION Abstract Parasitic
More informationPAX2S Modbus Register Table REVISED 2/20/12 LP0894A
PAX2S Modbus Register Table REVISED 2/2/12 LP894A REGISTER 41 42 43 44 45 46 47 48 49 41 411 412 413 414 415 416 417 418 419 42 421 422 423 424 425 426 427 428 429 43 431 432 481 482 483 484 485 486 487
More informationHASH FUNCTIONS 1 /62
HASH FUNCTIONS 1 /62 What is a hash function? By a hash function we usually mean a map h : D {0,1} n that is compressing, meaning D > 2 n. E.g. D = {0,1} 264 is the set of all strings of length at most
More informationExperimental Study of DIGIPASS GO3 and the Security of Authentication
Experimental Study of DIGIPASS GO3 and the Security of Authentication Igor Semaev Department of Informatics, University of Bergen, Norway e-mail: igor@ii.uib.no arxiv:1506.06332v1 [cs.cr] 21 Jun 2015 Abstract.
More informationData Aggregation with InfraWorks and ArcGIS for Visualization, Analysis, and Planning
Data Aggregation with InfraWorks and ArcGIS for Visualization, Analysis, and Planning Stephen Brockwell President, Brockwell IT Consulting, Inc. Join the conversation #AU2017 KEYWORD Class Summary Silos
More informationPOST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW?
POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW? Hanno Böck https://hboeck.de 1 INTRODUCTION Hanno Böck, freelance journalist and hacker. Writing for Golem.de and others. Fuzzing Project, funded
More informationKnocking down the HACIENDA with TCP Stealth
Knocking down the HACIENDA with TCP Stealth Christian Grothoff Actual work: Julian Kirsch Technische Universität München May 8, 2015 Knocking down the HACIENDA 1/1 Knocking down the HACIENDA 2/1 Knocking
More informationCryptanalysis of a Group Key Transfer Protocol Based on Secret Sharing: Generalization and Countermeasures
Cryptanalysis of a Group Key Transfer Protocol Based on Secret Sharing: Generalization and Countermeasures Kallepu Raju, Appala Naidu Tentu, V. Ch. Venkaiah Abstract: Group key distribution protocol is
More informationHardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow
Hardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow Cees J.A. Jansen Pijnenburg Securealink B.V. Vught, The Netherlands ISSE Conference, London 27 September,
More informationGroup Diffie Hellman Protocols and ProVerif
Group Diffie Hellman Protocols and ProVerif CS 395T - Design and Analysis of Security Protocols Ankur Gupta Secure Multicast Communication Examples: Live broadcast of a match, stock quotes, video conferencing.
More informationData-Sharing Agreement
Data-Sharing Agreement Contributions to LandMark: The Global Platform of Indigenous and Community Lands This Data-Sharing Agreement provides the standards for contributing data to the LandMark: The Global
More informationPortals: Standards in Action
Portals: Standards in Action David Danko ISO TC 211 Metadata Project Leader GIS Standards Consultant-ESRI. Metadata Portals Portal gateway, place of entry Producers Advertise, expose products Share information
More informationPQ Crypto Panel. Bart Preneel Professor, imec-cosic KU Leuven. Adi Shamir Borman Professor of Computer Science, The Weizmann Institute, Israel
#RSAC SESSION ID: CRYP-W10 PQ Crypto Panel MODERATOR: Bart Preneel Professor, imec-cosic KU Leuven PANELISTS: Dr. Dan Boneh Professor, Stanford University Michele Mosca Professor, UWaterloo and evolutionq
More informationHomework 4 for Modular Arithmetic: The RSA Cipher
Homework 4 for Modular Arithmetic: The RSA Cipher Gregory V. Bard April 25, 2018 This is a practice workbook for the RSA cipher. It is not suitable for learning the RSA cipher from scratch. However, there
More informationWhat are we talking about when we talk about post-quantum cryptography?
PQC Asia Forum Seoul, 2016 What are we talking about when we talk about post-quantum cryptography? Fang Song Portland State University PQC Asia Forum Seoul, 2016 A personal view on postquantum cryptography
More information