Android Security Mechanisms
|
|
- Melinda Singleton
- 6 years ago
- Views:
Transcription
1 Android Security Mechanisms Lecture 9 Android and Low-level Optimizations Summer School 1 August 2015 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit Android Security Mechanisms, Lecture 9 1/35
2 Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 2/35
3 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 3/35
4 Android Permissions A string The ability to perform a particular operation Built-in permissions documented in the platform API reference Defined in the android package Custom permissions - defined by system or user apps pm list permissions Defining package +.permission + name android.permission.reboot com.android.laucher3.permission.receive_launch_- BROADCASTS Android Security Mechanisms, Lecture 9 4/35
5 Android Permissions Apps request permissions in AndroidManifest.xml <uses-permission android:name="android.permission.internet" /> Assigned to apps at install time by the package manager service Central database of installed packages /data/system/packages.xml Programatically access package information from android.content.pm.packagemanager getpackageinfo() returns PackageInfo instance Cannot be changed or revoked without uninstalling app Android Security Mechanisms, Lecture 9 5/35
6 Permission Protection Levels Potential risk and procedure to grant permission Normal Low risk Automatically granted without user confirmation ACCESS_NETWORK_STATE, GET_ACCOUNTS Dangerous Access to user data or control over the device Requires user confirmation - accept or cancel installation CAMERA, READ_SMS Android Security Mechanisms, Lecture 9 6/35
7 Permission Protection Levels Signature Highest level of protection Apps signed with the same key as the app that declared the permission Built-in permissions are used by system apps (signed with platform key) NET_ADMIN, ACCESS_ALL_EXTERNAL_STORAGE SignatureOrSystem Apps part of system image or signed with the same key as the app that declared the permission Vendors may have preinstalled apps without using the platform key Android Security Mechanisms, Lecture 9 7/35
8 Kernel-Level Enforcement Access to regular files, device nodes and local sockets managed by the Linux kernel, based on UID, GID Permissions are mapped to supplementary GIDs Built-in permission mapping in /etc/permission/platform.xml Example: INTERNET permission associated with GID inet Only apps with INTERNET permission can create network sockets The kernel verifies if the app belongs to GID inet Android Security Mechanisms, Lecture 9 8/35
9 Framework-Level Enforcement Static permission enforcement System keeps track of permissions associated to each app component Checks whether callers have the required permission before allowing access Enforcement by runtime environment Isolating security decisions from business logic Less flexible Dynamic permission enforcement Components check to see if the caller has the necessary permissions Decisions made by each component, not by runtime environment More fine-grained access control More operations in components Android Security Mechanisms, Lecture 9 9/35
10 Dynamic Enforcement Helper methods in android.content.context class to perform permission check checkpermission(string permission, int pid, int uid) Returns PERMISSION_GRANTED or PERMISSION_DENIED For root and system, permission is automatically granted If permission is declared by calling app, it is granted Deny for private components Queries the Package Manager enforcepermission(string permission, int pid, int uid, String message) Throws SecurityException with message if permission is not granted Android Security Mechanisms, Lecture 9 10/35
11 Static Enforcement An app tries to call a component of another app - intent Target component - android:permission Caller - <uses-permission> Activity Manager Resolves intent Checks if target component has an associated permission Delegates permission check to Package Manager If caller has necessary permission, the target component is started Otherwise, a SecurityException is generated Android Security Mechanisms, Lecture 9 11/35
12 Activity and Service Permission Enforcement Permission checks for activities Intent is passed to Context.startActivity() or startactivityforresult() Resolves to an activity that declares a permission Permission checks for services Intent passed to Context.startService() or stopservice() or bindservice() Resolves to a service that declares a permission If caller does not have the necessary permission, generates SecurityExceptions Android Security Mechanisms, Lecture 9 12/35
13 Content Provider Permission Enforcement Protect the whole component or a particular exported URI Different permissions for reading and writing Read permission - ContentResolver.query() on provider or URI Write permission - ContentResolver.insert(), update(), delete() on provider or URI Synchronous checks Android Security Mechanisms, Lecture 9 13/35
14 Broadcast Permission Enforcement Receivers may be required to have a permission Context.sendBroadcast(Intent intent, String receiverpermission) Check when delivering intent to receivers No permission - broadcast not received, no exception Broadcasters may need to have a permission to send a broadcast Specified in manifest or in registerreceiver Checked when delivering broadcast No permission - no delivery, no exception 2 checks for each delivery: for sender and receiver Android Security Mechanisms, Lecture 9 14/35
15 Custom Permissions Declared by apps Checked statically by the system or dynamically by the components Declared in AndroidManifest.xml <permission t r e e android : name= com. example. app. permission a n d r o i d : l a b e l s t r i n g / e x a m p l e p e r m i s s i o n t r e e l a b e l /> <p e r m i s s i o n group android : name= com. example. app. permission group. TEST GROUP a n d r o i d : l a b e l s t r i n g / t e s t p e r m i s s i o n g r o u p l a b e l a n d r o i d : d e s c r i p t i o n s t r i n g / t e s t p e r m i s s i o n g r o u p d e s c /> <p e r m i s s i o n android : name= com. example. app. permission. PERMISSION1 a n d r o i d : l a b e l s t r i n g / p e r m i s s i o n 1 l a b e l a n d r o i d : d e s c r i p t i o n s t r i n g / p e r m i s s i o n 1 d e s c android : permissiongroup= com. example. app. permission group. TEST GROUP a n d r o i d : p r o t e c t i o n L e v e l = s i g n a t u r e /> Android Security Mechanisms, Lecture 9 15/35
16 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 16/35
17 JCA Provider Architecture Java Cryptography Architecture (JCA) Extensible cryptographic provider framework Set of APIs - major cryptographic primitives Applications specify an algorithm, do not depend on particular provider implementation Cryptographic Service Provider (CSP) Package with implementation of cryptographic services Advertises the implemented services and algorithms JCA maintains a registry of providers and their algorithms Providers in a order of preference Service Provider Interface (SPI) Common interface for implementations of a specific algorithm Abstract class implemented by provider Android Security Mechanisms, Lecture 9 17/35
18 JCA Engine Classes JCA engines provide: Cryptographic operations (encrypt/decrypt, sign/verify, hash) Generation or conversion of cryptographic material (keys, parameters) Management and storage of cryptographic objects (keys, certificates) Decouple client code from algorithm implementation Static factory method getinstance() Request implementation indirectly s t a t i c EngineClassName getinstance ( String algorithm ) throws NoSuchAlgorithmException s t a t i c EngineClassName g e t I n s t a n c e ( S t r i n g a l g o r i t h m, S t r i n g p r o v i d e r ) throws NoSuchAlgorithmException, NoSuchProviderException s t a t i c EngineClassName g e t I n s t a n c e ( S t r i n g a l g o r i t h m, P r o v i d e r p r o v i d e r ) throws NoSuchAlgorithmException Android Security Mechanisms, Lecture 9 18/35
19 Message Digest Hash function M essagedigest md = MessageDigest. g e t I n s t a n c e ( SHA 256 ); b y t e [ ] data = getmessage ( ) ; b y t e [ ] hash = md. d i g e s t ( data ) ; Data provided in chuncks using update() then call digest() If data is short and fixed - hashed in one step using digest() Android Security Mechanisms, Lecture 9 19/35
20 Signature Digital signature algorithms based on asymmetric encryption Algorithm name: <digest>with<encryption> Sign: b y t e [ ] data = message to be s i g n e d. g e t B y t e s ( ASCII ) ; S i g n a t u r e s = S i g n a t u r e. g e t I n s t a n c e ( SHA256withRSA ) ; s. i n i t S i g n ( p r i v K e y ) ; s i g. update ( data ) ; b y t e [ ] s i g n a t u r e = s i g. s i g n ( ) ; Verify: S i g n a t u r e s = S i g n a t u r e. g e t I n s t a n c e ( SHA256withRSA ) ; s. i n i t V e r i f y ( pubkey ) ; s. update ( data ) ; b o o l e a n v a l i d = s. v e r i f y ( s i g n a t u r e ) ; Android Security Mechanisms, Lecture 9 20/35
21 Cipher Encryption and decryption operations Encryption: S e c r e t key = g e t S e c r e t K e y ( ) ; C i p h e r c = C i p h e r. g e t I n s t a n c e ( AES/CBC/PKCS5Padding ) ; b y t e [ ] i v = new b y t e [ c. g e t B l o c k S i z e ( ) ] ; SecureRandom s r = new SecureRandom ( ) ; s r. n e x t B y t e s ( i v ) ; I v P a r a m e t e r S p e c i v p = new I v P a r a m e t e r S p e c ( i v ) ; c. i n i t ( C i p h e r.encrypt MODE, key, i v p ) ; b y t e [ ] data = Message to e n c r y p t. g e t B y t e s ( UTF 8 ); b y t e [ ] c i p h e r t e x t = c. d o F i n a l ( data ) ; Android Security Mechanisms, Lecture 9 21/35
22 Cipher Decryption: C i p h e r c = C i p h e r. g e t I n s t a n c e ( AES/CBC/PKCS5Padding ) ; c. i n i t ( C i p h e r.decrypt MODE, key, i v p ) ; b y t e [ ] data = c. d o F i n a l ( c i p h e r t e x t ) ; Android Security Mechanisms, Lecture 9 22/35
23 MAC Message Authentication Code algorithms S e c r e t K e y key = g e t S e c r e t K e y ( ) ; Mac m = Mac. g e t I n s t a n c e ( HmacSha256 ) ; m. i n i t ( key ) ; b y t e [ ] data = Message. g e t B y t e s ( UTF 8 ); b y t e [ ] hmac = m. d o F i n a l ( data ) ; Android Security Mechanisms, Lecture 9 23/35
24 KeyGenerator Generates symmetric keys Additional checks for weak keys Set key parity when necessary Takes advantage of the cryptographic hardware KeyGenerator kg = KeyGenerator. g e t I n s t a n c e ( HmacSha256 ) ; S e c r e t K e y key = kg. g e n e r a t e K e y ( ) ; KeyGenerator kg = KeyGenerator. g e t I n s t a n c e ( AES ) ; kg. i n i t ( ) ; S e c r e t K e y key = kg. g e n e r a t e K e y ( ) ; Android Security Mechanisms, Lecture 9 24/35
25 KeyPairGenerator Generates public and private keys K e y P a i r G e n e r a t o r kpg = K e y P a i r G e n e r a t o r. g e t I n s t a n c e ( RSA ) ; kpg. i n i t i a l i z e ( ) ; KeyPair p a i r = kpg. g e n e r a t e K e y P a i r ( ) ; P r i v a t e K e y p r i v = p a i r. g e t P r i v a t e ( ) ; P u b l i c K e y pub = p a i r. g e t P u b l i c ( ) ; Android Security Mechanisms, Lecture 9 25/35
26 Android JCA Providers Harmony s Crypto Provider Limited JCA provider part of the Java runtime library SecureRandom (SHA1PRNG), KeyFactory (DSA) MessageDigest (SHA-1), Signature (SHA1withDSA) Android s Bouncy Castle Provider Full-featured JCA provider Part of the Bouncy Castle Crypto API Cipher, KeyGenerator, Mac, MessageDigest, SecretKeyFactory, Signature, CertificateFactory Large number of algorithms AndroidOpenSSL Provider Native code, performance reasons Covers most functionality of Bouncy Castle Preferred provider Implementation uses JNI to access OpenSSL s native code Android Security Mechanisms, Lecture 9 26/35
27 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 27/35
28 SSL/TLS Secure Sockets Layer (SSL) and Transport Layer Security (TLS) SSL is the predecesor of TLS Secure point-to-point communication protocols Authentication, Message confidentiality and integrity for communication over TCP/IP Combination of symmetric and asymmetric encryption for confidentiality and integrity Public key certificates for authentication Java Secure Socket Extension (JSSE) Android Security Mechanisms, Lecture 9 28/35
29 Authentication Based on public key cryptography and certificates Both ends presents its certificate If trusted, they negotiate a shared key for securing the communication using pairs of public/private keys JSSE delegates trust decisions to TrustManager and authentication key selection to KeyManager Each SSLSocket has access to them through SSLContext TrustManager has a set of trusted CA certificates (trust anchors) Android Security Mechanisms, Lecture 9 29/35
30 Obtain Trust Anchors Default JSSE TrustManager initialized using the system trust store /system/etc/security/cacerts.bks TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( ( KeyStore ) n u l l ) ; X509TrustManager xtm = ( X509TrustManager ) tmf. gettrustmanagers ( ) [ 0 ] ; f o r ( X C e r t i f i c a t e c e r t : xtm. g e t A c c e p t e d I s s u e r s ( ) ) { S t r i n g c e r t S t r = S : + c e r t. getsubjectdn ( ). getname ( ) + \ n I : + c e r t. g e t I s s u e r D N ( ). getname ( ) ; Log. d (TAG, c e r t S t r ) ; } Android Security Mechanisms, Lecture 9 30/35
31 Use your own Trust Store Generate your trust store using Bouncy Castle and openssl in comand line Preferred HTTPS API KeyStore l o c a l T r u s t S t o r e = KeyStore. g e t I n s t a n c e ( BKS ) ; I n p u t S t r e a m i n = g e t R e s o u r c e s ( ). openrawresource ( R. raw. m y t r u s t s t o r e ) ; l o c a l T r u s t S t o r e. l o a d ( in, TRUSTSTORE PASSWORD. t o C h a r A r r a y ( ) ) ; TrustManagerFactory tmf = TrustManagerFactory. g e t I n s t a n c e ( TrustManagerFactory. g e t D e f a u l t A l g o r i t h m ( ) ) ; tmf. i n i t ( t r u s t S t o r e ) ; SSLContext s s l C t x = SSLContext. g e t I n s t a n c e ( TLS ) ; s s l C t x. i n i t ( n u l l, tmf. gettrustmanagers ( ), n u l l ) ; URL u r l = new URL( h t t p s : / / m y s e r v e r. com ) ; HttpsURLConnection u r l C o n n e c t i o n = ( HttpsURLConnection ) u r l u r l C o n n e c t i o n. s e t S S L S o c k e t F a c t o r y ( s s l C t x. g e t S o c k e t F a c t o r y ( ) ) ; Android Security Mechanisms, Lecture 9 31/35
32 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 32/35
33 Bibliography Android Security Internals, Nikolay Elenkov using-custom-certificate-trust-store-on.html Android Security Mechanisms, Lecture 9 33/35
34 Outline Android Permissions Cryptographic Providers Network Security Bibliography Keywords Android Security Mechanisms, Lecture 9 34/35
35 Keywords Permissions Protection levels Static enforcement Dynamic enforcement Custom permissions Java Cryptography Architecture Cryptographic Service Provider Engine classes Java Secure Socket Extension Trust Store Android Security Mechanisms, Lecture 9 35/35
Android Security Mechanisms
Android Security Mechanisms Lecture 8 Operating Systems Practical 7 December 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license,
More informationAndroid Security Mechanisms (2)
Android Security Mechanisms (2) Lecture 9 Operating Systems Practical 14 December 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license,
More informationAndroid Services. Lecture 4. Operating Systems Practical. 26 October 2016
Android Services Lecture 4 Operating Systems Practical 26 October 2016 This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationSTRIBOB : Authenticated Encryption
1 / 19 STRIBOB : Authenticated Encryption from GOST R 34.11-2012 or Whirlpool Markku-Juhani O. Saarinen mjos@item.ntnu.no Norwegian University of Science and Technology Directions in Authentication Ciphers
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #5 Sep 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list by end of today Quiz #1 will be on Thursday,
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationFundamentals of Modern Cryptography
Fundamentals of Modern Cryptography BRUCE MOMJIAN This presentation explains the fundamentals of modern cryptographic methods. Creative Commons Attribution License http://momjian.us/presentations Last
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 12: Random Number Generators and Picking Appropriate Key Lengths Fall 2015 Prof. Aleksander Essex Random Number Generation Where do keys come from? So far we
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationLecture 10: HMAC and Number Theory
CS 6903 Modern Cryptography April 15, 2010 Lecture 10: HMAC and Number Theory Instructor: Nitesh Saxena Scribes: Anand Bidla, Samiksha Saxena,Varun Sanghvi 1 HMAC A Hash-based Message Authentication Code
More informationActivities, Fragments and Intents
Mobile App Development 1 2 Design Principles 3 1 2 Design Principles 3 Manifest file Outline AndroidManifest.xml XML file Contains name of the application and a default package, Sets up the various permissions
More informationSDS developer guide. Develop distributed and parallel applications in Java. Nathanaël Cottin. version
SDS developer guide Develop distributed and parallel applications in Java Nathanaël Cottin sds@ncottin.net http://sds.ncottin.net version 0.0.3 Copyright 2007 - Nathanaël Cottin Permission is granted to
More informationQuantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018
Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018 What drives a company s digital strategy in 2020 and beyond? Quantum Computing it s the end of the world
More informationLeftovers from Lecture 3
Leftovers from Lecture 3 Implementing GF(2^k) Multiplication: Polynomial multiplication, and then remainder modulo the defining polynomial f(x): (1,1,0,1,1) *(0,1,0,1,1) = (1,1,0,0,1) For small size finite
More informationENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions
ENEE 457: Computer Systems Security 09/19/16 Lecture 6 Message Authentication Codes and Hash Functions Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 20, 2014 CPSC 467, Lecture 15 1/37 Common Hash Functions SHA-2 MD5 Birthday Attack on Hash Functions Constructing New
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationA Control Flow Integrity Based Trust Model. Ge Zhu Akhilesh Tyagi Iowa State University
A Control Flow Integrity Based Trust Model Ge Zhu Akhilesh Tyagi Iowa State University Trust Model Many definitions of trust. Typically transaction level trust propagation/policy. Self-assessment of trust.
More informationCryptographical Security in the Quantum Random Oracle Model
Cryptographical Security in the Quantum Random Oracle Model Center for Advanced Security Research Darmstadt (CASED) - TU Darmstadt, Germany June, 21st, 2012 This work is licensed under a Creative Commons
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationTHE SPATIAL DATA SERVER BASED ON OPEN GIS STANDARDS IN HETEROGENEOUS DISTRIBUTED ENVIRONMENT
Geoinformatics 2004 Proc. 12th Int. Conf. on Geoinformatics Geospatial Information Research: Bridging the Pacific and Atlantic University of Gävle, Sweden, 7-9 June 2004 THE SPATIAL DATA SERVER BASED ON
More informationCS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing
Lecture 11: Key Management, Secret Sharing Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Key Management Secret Sharing Shamir s Threshold
More informationGeodatabase Best Practices. Dave Crawford Erik Hoel
Geodatabase Best Practices Dave Crawford Erik Hoel Geodatabase best practices - outline Geodatabase creation Data ownership Data model Data configuration Geodatabase behaviors Data integrity and validation
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2008 Konstantin Beznosov 09/16/08 Module Outline Stream ciphers under the hood Block ciphers
More informationLeveraging Web GIS: An Introduction to the ArcGIS portal
Leveraging Web GIS: An Introduction to the ArcGIS portal Derek Law Product Management DLaw@esri.com Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationMessage Authentication Codes (MACs)
Message Authentication Codes (MACs) Tung Chou Technische Universiteit Eindhoven, The Netherlands October 8, 2015 1 / 22 About Me 2 / 22 About Me Tung Chou (Tony) 2 / 22 About Me Tung Chou (Tony) Ph.D.
More informationSecuring the Web of Things
Securing the Web of Things A COMPOSE Perspective Daniel Schreckling University of Passau 1 st W3C WoT IG F2F Open Day April 20, 2015 High- Level COMPOSE Architecture 2 Main Design Decision The situation
More informationSIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography
SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 8 of Trappe and Washington DIGITAL SIGNATURES message sig 1. How do we bind
More informationWeb GIS: Architectural Patterns and Practices. Shannon Kalisky Philip Heede
Web GIS: Architectural Patterns and Practices Shannon Kalisky Philip Heede Web GIS Transformation of the ArcGIS Platform Desktop Apps Server GIS Web Maps Web Scenes Layers Web GIS Transformation of the
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #4 Sep 2 nd 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list Quiz #1 will be on Thursday, Sep 9 th
More informationDan Boneh. Introduction. Course Overview
Online Cryptography Course Introduction Course Overview Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My recommendations: Take notes
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationPortal for ArcGIS: An Introduction. Catherine Hynes and Derek Law
Portal for ArcGIS: An Introduction Catherine Hynes and Derek Law Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options and groups Portal for ArcGIS
More informationUsability Extensions for the Worklet Service
Usability Extensions for the Worklet Service Michael Adams Queensland University of Technology, Brisbane, Australia. mj.adams@qut.edu.au Abstract. The YAWL Worklet Service is an effective approach to facilitating
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2012 Konstantin Beznosov 1 Module Outline! Stream ciphers under the hood Block ciphers under
More informationIntroduction to Cryptography Lecture 4
Data Integrity, Message Authentication Introduction to Cryptography Lecture 4 Message authentication Hash functions Benny Pinas Ris: an active adversary might change messages exchanged between and M M
More informationSecurity II: Cryptography exercises
Security II: Cryptography exercises Markus Kuhn Lent 2015 Part II Some of the exercises require the implementation of short programs. The model answers use Perl (see Part IB Unix Tools course), but you
More informationA FEW E-COMMERCE APPLICATIONS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 9 of Trappe and Washington
A FEW E-COMMERCE APPLICATIONS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 9 of Trappe and Washington E-COMMERCE: SET SET = Secure Electronic Transaction Consider a credit
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationInformation Security in the Age of Quantum Technologies
www.pwc.ru Information Security in the Age of Quantum Technologies Algorithms that enable a quantum computer to reduce the time for password generation and data decryption to several hours or even minutes
More informationPractice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017
Practice Final Exam Name: Winter 2017, CS 485/585 Crypto March 14, 2017 Portland State University Prof. Fang Song Instructions This exam contains 7 pages (including this cover page) and 5 questions. Total
More informationCryptography and Security Final Exam
Cryptography and Security Final Exam Serge Vaudenay 17.1.2017 duration: 3h no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices are not
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationThe File Geodatabase API. Craig Gillgrass Lance Shipman
The File Geodatabase API Craig Gillgrass Lance Shipman Schedule Cell phones and pagers Please complete the session survey we take your feedback very seriously! Overview File Geodatabase API - Introduction
More informationThe Quantum Threat to Cybersecurity (for CxOs)
The Quantum Threat to Cybersecurity (for CxOs) Michele Mosca 5 th ETSI-IQC Workshop on Quantum-Safe Cryptography 13 September 2017 What is quantum?? E. Lucero, D. Mariantoni, and M. Mariantoni 2017 M.
More informationALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS
SESSION ID: SP02-R14 ALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS Jon Geater Chief Technology Officer Thales esecurity @jongeater Hold onto your hats! This is a very fast-paced
More informationEnabling ENVI. ArcGIS for Server
Enabling ENVI throughh ArcGIS for Server 1 Imagery: A Unique and Valuable Source of Data Imagery is not just a base map, but a layer of rich information that can address problems faced by GIS users. >
More informationIntroduction to Google Drive Objectives:
Introduction to Google Drive Objectives: Learn how to access your Google Drive account Learn to create new documents using Google Drive Upload files to store on Google Drive Share files and folders with
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationRSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer Mathematical Attacks Input Crypto Algorithm Key Output Goal: recover the key given access to the inputs
More informationnew interface and features
Web version of SciFinder : new interface and features Bhawat Ruangying, CAS representative Updated at 22 Dec 2009 www.cas.org SciFinder web interface Technical aspects of SciFinder Web SciFinder URL :
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 7: Information flow control Eran Tromer 1 Slides credit: Max Krohn, MIT Ian Goldberg and Urs Hengartner, University of Waterloo
More informationArcGIS Deployment Pattern. Azlina Mahad
ArcGIS Deployment Pattern Azlina Mahad Agenda Deployment Options Cloud Portal ArcGIS Server Data Publication Mobile System Management Desktop Web Device ArcGIS An Integrated Web GIS Platform Portal Providing
More informationMESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION. Mihir Bellare UCSD 1
MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and authenticity The goal is to ensure that M really originates with Alice and not someone else M has not been modified
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationThe Entropy Bogeyman. Ed Morris and Khai Van November 5, 2015 International Crypto Module Conference
The Entropy Bogeyman Ed Morris and Khai Van November 5, 2015 International Crypto Module Conference Topics Overview Background Design Problems Public Entropy Vulnerabilities Recommendations International
More informationChapter 3 Cryptography
Chapter 3 Cryptography Introduction: Cryptography is an ancient art of keeping secrets. Cryptography ensures security of communication over insecure medium. Terms used in Cryptography: 1) Plain Text: The
More informationPost-Quantum Cryptography & Privacy. Andreas Hülsing
Post-Quantum Cryptography & Privacy Andreas Hülsing Privacy? Too abstract? How to achieve privacy? Under the hood... Public-key crypto ECC RSA DSA Secret-key crypto AES SHA2 SHA1... Combination of both
More informationPseudo-Random Generators
Pseudo-Random Generators Why do we need random numbers? Simulation Sampling Numerical analysis Computer programming (e.g. randomized algorithm) Elementary and critical element in many cryptographic protocols
More informationArcGIS Earth for Enterprises DARRON PUSTAM ARCGIS EARTH CHRIS ANDREWS 3D
ArcGIS Earth for Enterprises DARRON PUSTAM ARCGIS EARTH CHRIS ANDREWS 3D ArcGIS Earth is ArcGIS Earth is a lightweight globe desktop application that helps you explore any part of the world and investigate
More informationPseudo-Random Generators
Pseudo-Random Generators Topics Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More informationHardware cryptographic support for IBM Z and IBM LinuxONE with Ubuntu Server
Hardware cryptographic support for IBM Z and IBM LinuxONE with Ubuntu Server Klaus Bergmann, Reinhard Buendgen, Uwe Denneler, Jonathan Furminger, Frank Heimes, Manfred Gnirss, Christian Rund, Patrick Steuer,
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationUsing OGC standards to improve the common
Using OGC standards to improve the common operational picture Abstract A "Common Operational Picture", or a, is a single identical display of relevant operational information shared by many users. The
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationBob. Eve. Alice. Trent. Author: Bill Buchanan. Author: Prof Bill Buchanan
` Encryption Introduction Before electronic communications Codes A few fundamentals Key-based encryption Cracking the code Brute force Block or stream Private-key methods Encryption keys Passing keys Public-key
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationTopics. Pseudo-Random Generators. Pseudo-Random Numbers. Truly Random Numbers
Topics Pseudo-Random Generators Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #9 Sep 22 nd 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Midterm #1, next class (Tues, Sept 27 th ) All lecture materials and readings
More informationWeb GIS & ArcGIS Pro. Zena Pelletier Nick Popovich
Web GIS & ArcGIS Pro Zena Pelletier Nick Popovich Web GIS Transformation of the ArcGIS Platform Desktop Apps GIS Web Maps Web Scenes Layers Evolution of the modern GIS Desktop GIS (standalone GIS) GIS
More informationIMPACT Improving Massachusetts Post-Acute Care Transfers
IMPACT Improving Massachusetts Post-Acute Care Transfers New England Home Care Conference May 31 st, 2012 Larry Garber, MD Medical Director for Informatics Reliant Medical Group Agenda IMPACT project overview
More informationDigital signature schemes
Digital signature schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction digital signature scheme security of digital
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationPQ Crypto Panel. Bart Preneel Professor, imec-cosic KU Leuven. Adi Shamir Borman Professor of Computer Science, The Weizmann Institute, Israel
#RSAC SESSION ID: CRYP-W10 PQ Crypto Panel MODERATOR: Bart Preneel Professor, imec-cosic KU Leuven PANELISTS: Dr. Dan Boneh Professor, Stanford University Michele Mosca Professor, UWaterloo and evolutionq
More informationLattice-Based Cryptography
Liljana Babinkostova Department of Mathematics Computing Colloquium Series Detecting Sensor-hijack Attacks in Wearable Medical Systems Krishna Venkatasubramanian Worcester Polytechnic Institute Quantum
More informationElliptic Curve Cryptography
Technical Guideline BSI TR-03111 Elliptic Curve Cryptography Version 2.10 Date: 2018-06-01 History Version Date Comment 1.00 2007-02-14 Initial public version. 1.10 2009-02-03 Enhancements, corrections,
More informationARGUS.net IS THREE SOLUTIONS IN ONE
OVERVIEW H i g h l y c o n f i g u r a b l e s o f t w a r e a c c o m m o d a t e s a w i d e r a n g e o f c o l l e c t i o n s T h r e e s o l u t i o n s c o v e r P o r t a l s, C o l l e c t i o
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationKEY DISTRIBUTION 1 /74
KEY DISTRIBUTION 1 /74 The public key setting Alice M D sk[a] (C) C Bob pk[a] C $ E pk[a] (M) σ $ S sk[a] (M) M,σ Vpk[A] (M,σ) Bob can: send encrypted data to Alice verify her signatures as long as he
More informationLecture 6. Winter 2018 CS 485/585 Introduction to Cryptography. Constructing CPA-secure ciphers
1 Winter 2018 CS 485/585 Introduction to Cryptography Lecture 6 Portland State University Jan. 25, 2018 Lecturer: Fang Song Draft note. Version: February 4, 2018. Email fang.song@pdx.edu for comments and
More informationExtending Dolev-Yao with Assertions
Extending Dolev-Yao with Assertions Vaishnavi Sundararajan Chennai Mathematical Institute FOSAD 2015 August 31, 2015 (Joint work with R Ramanujam and S P Suresh) Vaishnavi S Extending Dolev-Yao with Assertions
More informationIntroduction to ArcGIS Server Development
Introduction to ArcGIS Server Development Kevin Deege,, Rob Burke, Kelly Hutchins, and Sathya Prasad ESRI Developer Summit 2008 1 Schedule Introduction to ArcGIS Server Rob and Kevin Questions Break 2:15
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationOnline Cryptography Course. Collision resistance. Introduc3on. Dan Boneh
Online Cryptography Course Collision resistance Introduc3on Recap: message integrity So far, four MAC construc3ons: PRFs ECBC- MAC, CMAC : commonly used with AES (e.g. 802.11i) NMAC : basis of HMAC (this
More informationArcGIS Enterprise: What s New. Philip Heede Shannon Kalisky Melanie Summers Sam Williamson
ArcGIS Enterprise: What s New Philip Heede Shannon Kalisky Melanie Summers Sam Williamson ArcGIS Enterprise is the new name for ArcGIS for Server What is ArcGIS Enterprise ArcGIS Enterprise is powerful
More information