An introduction to asymmetric cryptography with an in-depth look at RSA, Diffie-Hellman, the FREAK and LOGJAM attacks on TLS/SSL, and the "Mining your P's and Q's attack".
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
Introduction to Public key Cryptosystems with block diagrams
Reference : Cryptography and Network Security Principles and Practice , Sixth Edition , William Stalling
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
Learn what is Asymmetric Encryption and how asymmetric encryption works with examples. Also, demystify the difference between asymmetric vs symmetric encryption.
This PPT explains about the term "Cryptography - Encryption & Decryption". This PPT is for beginners and for intermediate developers who want to learn about Cryptography. I have also explained about the various classes which .Net provides for encryption and decryption and some other terms like "AES" and "DES".
Cryptography and network security Nit701Amit Pathak
Cryptography and network security descries the security parameter with the help of public and private key. Digital signature is one of the most important area which we apply in our daily life for transferring the data.
USER AUTHENTICATION
MEANS OF USER AUTHENTICATION
PASSWORD AUTHENTICATION
PASSWORD VULNERABILITIES
USE OF HASHED PASSWORDS – IN UNIX
PASSWORD CRACKING TECHNIQUES
USING BETTER PASSWORDS
TOKEN AUTHENTICATION
BIO-METRIC AUTHENTICATION
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
Intro to cryptography was part of a presentation showing problems that cryptography solves.
How to Communicate With Secret Messages?
How to Hide Message Existence?
How to Send Secure Emails?
and more...
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
Learn what is Asymmetric Encryption and how asymmetric encryption works with examples. Also, demystify the difference between asymmetric vs symmetric encryption.
This PPT explains about the term "Cryptography - Encryption & Decryption". This PPT is for beginners and for intermediate developers who want to learn about Cryptography. I have also explained about the various classes which .Net provides for encryption and decryption and some other terms like "AES" and "DES".
Cryptography and network security Nit701Amit Pathak
Cryptography and network security descries the security parameter with the help of public and private key. Digital signature is one of the most important area which we apply in our daily life for transferring the data.
USER AUTHENTICATION
MEANS OF USER AUTHENTICATION
PASSWORD AUTHENTICATION
PASSWORD VULNERABILITIES
USE OF HASHED PASSWORDS – IN UNIX
PASSWORD CRACKING TECHNIQUES
USING BETTER PASSWORDS
TOKEN AUTHENTICATION
BIO-METRIC AUTHENTICATION
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
Intro to cryptography was part of a presentation showing problems that cryptography solves.
How to Communicate With Secret Messages?
How to Hide Message Existence?
How to Send Secure Emails?
and more...
Strong cryptography is the usage of systems or components that are considered highly resistant to cryptanalysis, the study of methods to cracking the codes. In this talk I would like to present the usage of strong cryptography in PHP. Security is a very important aspect of web applications especially when they manipulate data like passwords, credit card numbers, or sensitive data (as health, financial activities, sexual behavior or sexual orientation, social security numbers, etc). In particular I will present the extensions mcrypt, Hash, and OpenSSL that are been improved in the last version of PHP. These are the slides presented during my talk at PHP Dutch Conference 2011.
Digital Signature Recognition using RSA AlgorithmVinayak Raja
• OBJECTIVE: Basically, the idea behind digital signatures is the same as your handwritten signature. You use it to authenticate the fact that you promised something that you can't take back later. A digital signature doesn't involve signing something with a pen and paper then sending it over the Internet. But like a paper signature, it attaches the identity of the signer to a transaction.
• PROBLEM SOLVED: Signer authentication , Message authentication, Non-repudiation , Message integrity
A walk through of how to think about Web Exploitation. Focuses less on performing SQL injections and more on how to properly enumerate and evaluate functionality.
This presentation gives an overview of many different encryption and encoding schemes. The content ranges from simple encodings, such as ASCII text represented as decimals to classical ciphers, such as Caesar and Vigenere ciphers to modern encryption standards, such as the Data Encryption Standard (DES) and Advanced Encryption Standard (AES). For modern encryption, there are many different implementation flaws that are discussed in the presentation as well as a few ideas for how to correct those flaws. At the end of the presentation, some thought questions are provided.
We continue where we left off from Part 1. This section covers 2 main topics, debugging libraries and fuzzer design. For debugging libraries we go over PyDBG and WinAppDbg, discussing basic to intermediate examples, and when you might want to use one instead of the other. After that, fuzzer design is discussed, including goals, design choices, architecture, etc. Some code samples are shown from my fuzzer, along with a github link for those who are interested.
This presentation goes over basic exploitation techniques. Topics include:
- Introduction to x86 paradigms used exploited by these techniques
- Stack overflows including the classic stack smashing attack
- Ret2libc
- Format string exploits
- Heap overflows and metadata corruption attacks
This is part 1 of fuzzing, an introduction to the subject. This presentation covers some of theory and thought process behind the subject, as well as an introduction to environment variable fuzzing and file format fuzzing.
We introduce the fundamentals of dynamic memory allocation and highlight several exploitable properties. These ideas are put into practice in a set of heap overflow challenges from exploit-exercise.com's Protostar VM. We walk through the first three. Other uses of heap space such as heap spraying are mentioned.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. Why Cryptography?
● Confidentiality - only intended parties can read contents
● Integrity - message tampering can be detected
● Authentication - the author is verified
● Nonrepudiation - the author cannot deny being the author
3. Why asymmetric cryptography?
● No need to secretly distribute key
● Difficult to brute-force
● Reuse of key does not significantly weaken security
4. Why not asymmetric cryptography?
● More computationally-intensive than symmetric
cryptography
5. RSA
● Developed by Rivest, Shamir, and Adleman in 1977
● Based on the difficulty of factoring product of 2 large
primes, being able to compute private key from public key
● Built-in confidentiality, authentication, integrity, and
nonrepudiation from owner
● Computationally expensive
6. RSA Keys
● Public and private key should be prime numbers ≥ 2048
bits
● Public key should be available to everyone
○ Ex) Distribute using keyserver
● Private key should be known only to the owner of key pair
8. RSA Key Generation
1. Pick primes of similar length (p = 61, q = 53)
2. Compute N as p x q (61 x 53 = 3233)
3. Compute the totient of N (60 x 52 = 3120)
4. Chose public exponent e that is coprime to N (17)
5. Compute the modular multiplicative inverse of e mod totient(N) (2753)
9. RSA Encryption
● e(m) = me
mod N = c
● d(c) = cd
mod N = m
Because:
● d(me
) = med
mod N = m -- ed = 1 + hφ(n) (Definition of multiplicative inverse)
● m1 + hφ(n)
mod N = m
● m(mφ(n)
)h
mod N = m -- aφ(n)
= 1 mod N (Euler’s Theorem)
● m(1)h
mod N = m
10. Uses for RSA
● First connection in SSL/TLS
● Signing communication
○ More efficient to encrypt hash of message rather than
whole message
● Subscription-based services like commercial TV, radio,
etc.
11. Diffie-Hellman Key Exchange
● Developed and published by Whitfield Diffie and Martin
Hellman in 1976
● Relies on difficulty of discrete logarithm problem
● Forward secrecy
● Can be performed with more than two parties
● More efficient than RSA
12. Diffie-Hellman Keys
● Communicating parties agree on a exponential base (g)
and prime modulus (p)
● Each communicating party generates a secret value to
use for exponentiation
● Shared symmetric key can be generated securely over
public network
○ Negotiation steps, if captured, should not give away
key
15. Diffie Hellman Key Exchange
1. Alice and Bob agree on p = 23 and g = 5 (which is primitive root mod 23)
2. Alice chooses a = 6, and sends Bob A = 56
mod 23 = 8
3. Bob chooses b = 15, and sends Alice B = 515
mod 23 = 19
4. S = Ab
mod p = 815
mod 23 = 2
5. S = Ba
mod p = 196
mod 23 = 2
16. Uses for Diffie-Hellman
● Key negotiation over public or unsecured channels
(especially Ephemeral Diffie-Hellman)
○ Part of SSL/TLS
○ IPSec/VPN
○ SSH
18. Timeline of “Modern” Cryptography
Post World War II - Cryptography is regulated as munitions (can’t be exported)
1975 - DES Published
1976 - Diffie-Hellman Key Exchange published
1977 - RSA published
1977 - DES Standardized (FIPS)
1985 - Amiga 1000 released
1989 - Public commercial use of the internet
1991 - PGP Released (First major instance of personal cryptography)
1993 - PGP finds it way out of the United States
1996 - Bernstein v. United States (Cryptography Export laws)
1996 - SSLv3 released (containing export grade cryptography)
19.
20. Factoring RSA Export Keys
● FREAK
● March 3, 2015
● CVE-2015-0204
● Capitalizes on forcing the server to use RSA_EXPORT keys
● RSA_EXPORT Keys are 512 bits or less
● RSA_EXPORT keys were designed to be a backdoor, good enough for public
use, bad enough for the NSA to be able to break if needed
● 9.6% of top million domains vulnerable
21. Factoring RSA Export Keys
● Man in the Middle attack that requests RSA_EXPORT keys
● Most servers just go with it
● Most clients just go with it
● Generally one RSA_EXPORT key per server
● As seen in the diagram, knowing the premaster secret breaks the session
22. CADO-NFS
● Implementation of Number Field Sieve
● Current fastest way to factor large numbers
● Current fastest way to compute discrete logarithm
● Can break 512 bit RSA keys in 7 hours for ~$100 on EC2
23.
24. Logjam
● October 2015
● CVE-2015-4000
● Capitalizes on forcing the server to use DHE_EXPORT parameters
● Tricks the client into thinking they are standard DHE
● 8.4% of the top million domains vulnerable
27. “Mining your P’s and Q’s”
● Low entropy RSA keys may share a common prime
● This prime can be found trivially with Euclid’s GCD Algorithm
● Finding one prime makes the other trivial to find, making generating a private
key trivial to find
28. Euclidean Algorithm for GCD
function gcd(a, b)
while b ≠ 0
t := b;
b := a mod b;
a := t;
return a;