Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family
by Dmitry Khovratovich, Christian Rechberger,
Alexandra Savelieva.
Presented at 19th International Workshop on Fast Software Encryption - FSE 2012 (March 2012, Washington DC)
Predicting Defects using Network Analysis on Dependency GraphsThomas Zimmermann
Network analysis of dependency graphs between code components can help predict defects and prioritize testing. Analyzing dependencies captured metrics like centrality and ego networks that strongly correlated with past defects. These network measures improved prediction of defects, ranking highest risk binaries, and identification of critical "escrow" binaries requiring extra testing over complexity metrics alone, doubling recall of escrow binaries. Combining network and complexity analyses provides more effective defect prediction and testing prioritization to aid new QA managers.
Cvpr2010 open source vision software, intro and training part i vl feat libra...zukun
This document describes using VLFeat, an open source library of computer vision algorithms, to perform image classification on the Caltech-101 dataset. It provides an example pipeline that uses dense SIFT features (PHOW), vector quantization to create a visual vocabulary, spatial histograms to encode local feature distributions, and a linear SVM to train classifiers and classify images. The complete source code for this pipeline is provided and can classify Caltech-101 images with approximately 65% accuracy using only a single feature type and limited training data.
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...CSCJournals
Cryptography has several important aspects in supporting the security of the data, which
guarantees confidentiality, integrity and the guarantee of validity (authenticity) data. One of the
public-key cryptography is the RSA cryptography. The greater the size of the modulus n, it will be
increasingly difficult to factor the value of n. But the flaws in the RSA algorithm is the time
required in the decryption process is very long. Theorem used in this research is the Chinese
Remainder Theorem (CRT). The goal is to find out how much time it takes RSA-CRT on the size
of modulus n 1024 bits and 4096 bits to perform encryption and decryption process and its
implementation in Java programming. This implementation is intended as a means of proof of
tests performed and generate a cryptographic system with the name "RSA and RSA-CRT Text
Security". The results of the testing algorithm is RSA-CRT 1024 bits has a speed of
approximately 3 times faster in performing the decryption. In testing the algorithm RSA-CRT 4096
bits, the conclusion that the decryption process is also effective undertaken more rapidly.
However, the flaws in the key generation process and the RSA 4096 bits RSA-CRT is that the
time needed is longer to generate the keys.
This document summarizes an attack that can recover a 104-bit WEP key using less than 40,000 encrypted packets. The attack is an improvement over previous methods, requiring an order of magnitude fewer packets. On an IEEE 802.11g network, the required number of packets can be obtained through packet re-injection in under 60 seconds. The computational effort required is approximately 220 RC4 key setups, which is negligible on modern CPUs. WEP remains the most commonly used wireless encryption protocol, despite known security weaknesses.
Exploiting tls to disrupt privacy of web application's trafficSandipan Biswas
In this work, we analyze privacy and security aspects of encryption modes, padding schemes
and order of padding of messages in TLS during encrypted communication between client and
web-application on the server. We show that using padding schemes to pad all packets to
hide message sizes during communication without considering underlying encryption modes and
padding methodology is not safe .
Multiple Choice Questions on JAVA (object oriented programming) bank 6 -- inh...Kuntal Bhowmick
This document contains a 20 question multiple choice quiz about object oriented programming concepts related to inheritance. Each question is presented on an even page with the corresponding answer and explanation on the adjacent odd page. The quiz covers topics like superclass vs subclass, method overriding vs hiding, inheritance terminology in Java, and advantages/disadvantages of inheritance. The document instructs readers to first attempt each question before looking at the solution, and suggests viewing it in single page mode for clarity.
Multiple Choice Questions on JAVA (object oriented programming) bank 7 -- abs...Kuntal Bhowmick
The document contains a collection of multiple choice questions and answers about abstract classes in object-oriented programming. It includes 14 questions that test understanding of key concepts of abstract classes such as: when the abstract keyword is used, defining abstract methods, preventing instantiation of abstract classes, requiring subclasses to implement abstract methods, and preventing inheritance of classes. Each question is presented on an even page with its answer on the adjacent odd page.
This document contains an exam for the subject of Operating Systems with 9 questions. It begins by asking for the exam roll number and provides exam details such as code, subject, duration, and maximum marks.
The first question contains 8 short answer sub-questions on topics like interrupts, fragmentation, threads, monitors, deadlock conditions, and disk scheduling algorithms.
The remaining questions are longer form questions divided into 4 units on topics of memory management, concurrency, I/O management, and file systems. The questions assess understanding of concepts like paging, segmentation, virtual memory, deadlocks, scheduling algorithms, disk scheduling, file allocation techniques, and directory structures.
Predicting Defects using Network Analysis on Dependency GraphsThomas Zimmermann
Network analysis of dependency graphs between code components can help predict defects and prioritize testing. Analyzing dependencies captured metrics like centrality and ego networks that strongly correlated with past defects. These network measures improved prediction of defects, ranking highest risk binaries, and identification of critical "escrow" binaries requiring extra testing over complexity metrics alone, doubling recall of escrow binaries. Combining network and complexity analyses provides more effective defect prediction and testing prioritization to aid new QA managers.
Cvpr2010 open source vision software, intro and training part i vl feat libra...zukun
This document describes using VLFeat, an open source library of computer vision algorithms, to perform image classification on the Caltech-101 dataset. It provides an example pipeline that uses dense SIFT features (PHOW), vector quantization to create a visual vocabulary, spatial histograms to encode local feature distributions, and a linear SVM to train classifiers and classify images. The complete source code for this pipeline is provided and can classify Caltech-101 images with approximately 65% accuracy using only a single feature type and limited training data.
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...CSCJournals
Cryptography has several important aspects in supporting the security of the data, which
guarantees confidentiality, integrity and the guarantee of validity (authenticity) data. One of the
public-key cryptography is the RSA cryptography. The greater the size of the modulus n, it will be
increasingly difficult to factor the value of n. But the flaws in the RSA algorithm is the time
required in the decryption process is very long. Theorem used in this research is the Chinese
Remainder Theorem (CRT). The goal is to find out how much time it takes RSA-CRT on the size
of modulus n 1024 bits and 4096 bits to perform encryption and decryption process and its
implementation in Java programming. This implementation is intended as a means of proof of
tests performed and generate a cryptographic system with the name "RSA and RSA-CRT Text
Security". The results of the testing algorithm is RSA-CRT 1024 bits has a speed of
approximately 3 times faster in performing the decryption. In testing the algorithm RSA-CRT 4096
bits, the conclusion that the decryption process is also effective undertaken more rapidly.
However, the flaws in the key generation process and the RSA 4096 bits RSA-CRT is that the
time needed is longer to generate the keys.
This document summarizes an attack that can recover a 104-bit WEP key using less than 40,000 encrypted packets. The attack is an improvement over previous methods, requiring an order of magnitude fewer packets. On an IEEE 802.11g network, the required number of packets can be obtained through packet re-injection in under 60 seconds. The computational effort required is approximately 220 RC4 key setups, which is negligible on modern CPUs. WEP remains the most commonly used wireless encryption protocol, despite known security weaknesses.
Exploiting tls to disrupt privacy of web application's trafficSandipan Biswas
In this work, we analyze privacy and security aspects of encryption modes, padding schemes
and order of padding of messages in TLS during encrypted communication between client and
web-application on the server. We show that using padding schemes to pad all packets to
hide message sizes during communication without considering underlying encryption modes and
padding methodology is not safe .
Multiple Choice Questions on JAVA (object oriented programming) bank 6 -- inh...Kuntal Bhowmick
This document contains a 20 question multiple choice quiz about object oriented programming concepts related to inheritance. Each question is presented on an even page with the corresponding answer and explanation on the adjacent odd page. The quiz covers topics like superclass vs subclass, method overriding vs hiding, inheritance terminology in Java, and advantages/disadvantages of inheritance. The document instructs readers to first attempt each question before looking at the solution, and suggests viewing it in single page mode for clarity.
Multiple Choice Questions on JAVA (object oriented programming) bank 7 -- abs...Kuntal Bhowmick
The document contains a collection of multiple choice questions and answers about abstract classes in object-oriented programming. It includes 14 questions that test understanding of key concepts of abstract classes such as: when the abstract keyword is used, defining abstract methods, preventing instantiation of abstract classes, requiring subclasses to implement abstract methods, and preventing inheritance of classes. Each question is presented on an even page with its answer on the adjacent odd page.
This document contains an exam for the subject of Operating Systems with 9 questions. It begins by asking for the exam roll number and provides exam details such as code, subject, duration, and maximum marks.
The first question contains 8 short answer sub-questions on topics like interrupts, fragmentation, threads, monitors, deadlock conditions, and disk scheduling algorithms.
The remaining questions are longer form questions divided into 4 units on topics of memory management, concurrency, I/O management, and file systems. The questions assess understanding of concepts like paging, segmentation, virtual memory, deadlocks, scheduling algorithms, disk scheduling, file allocation techniques, and directory structures.
Private Range Query by Perturbation and Matrix Based EncryptionJunpei Kawamoto
This document proposes a new method called Inner Product Predicate (IPP) for performing private range queries over encrypted data. The IPP method adds perturbations to attribute values and queries through matrix-based encryption to prevent frequency analysis attacks. Experimental results show the transformed query distributions are different from the originals and query processing time is linear in the number of tuples. Open problems remain around reducing computational costs and defending against attacks using aggregate query results.
Using NP Problems to Share Keys in Secret-Key Cryptographyiosrjce
Public key cryptography has now become an important means for providing confidentiality by its use
of key distribution, in which users can do private communication with the help of encryption keys. It also
provides digital signatures which allow users to sign keys to verify their identities. But public key cryptography
has its own shortcoming regarding to high cost in keys distribution and excessive computation in encoding and
decoding it.
Whereas private key can omit all above problems but only if we can find a way to share private key
confidentially.
This research presents an innovation, which can be our future approach, using technology so-called NP
problems, of sending or sharing keys to the receiver without any need of the third party. This will provide an
open idea where sender and receiver can share any key for any number of times for encrypting data
confidentially that also helpful in overcoming problem of brute force attack
Multiple Choice Questions on JAVA (object oriented programming) bank 3 -- cla...Kuntal Bhowmick
This document contains a 17-page MCQ quiz on object-oriented programming concepts like classes, objects, and conditional statements. It includes 18 multiple choice questions about topics such as the difference between classes and objects, access specifiers, method overloading, constructors, and if statements. Each question is presented on an even page with the corresponding explanation and answer on the adjacent odd page. The document instructs readers to first attempt each question themselves before checking the solution.
Detect helmet impacts in NFL games using videos and player tracking data. A two-stage pipeline involves helmet detection followed by classification of detections as impacts or non-impacts. Post-processing includes temporal non-maximum suppression using tracking results to reduce false positives. Multiple models are ensembled and thresholds tuned on a validation set for best performance.
Multiple Choice Questions on JAVA (object oriented programming) bank 2 -- bas...Kuntal Bhowmick
This document contains a 20-question multiple choice quiz on basic object-oriented programming concepts in Java. Each question is presented on an even page with possible answer options, while the corresponding solution and explanation is given on the adjacent odd page. The quiz covers fundamental topics like data types, access specifiers, inheritance, polymorphism, and more.
Speech recognition using hidden markov model mee 03_19NGUYEN_SPKT
This document describes the implementation of a speech recognition system using hidden Markov models (HMMs) on a DSK-ADSP-BF533 EZ-KIT LITE REV 1.5 digital signal processor board. The key steps taken are:
1. Feature extraction from speech signals by calculating mel frequency cepstrum coefficients (MFCCs). This involves preprocessing the signal, framing and windowing, Fourier transform, mel filtering, and discrete cosine transform.
2. Training HMMs to create models of words using an iterative process that calculates mean, variance, state transition probabilities, and output distributions from multiple utterances of words.
3. Testing utterances against trained models using the Viterbi
The document discusses how ArcGIS Online allows users to organize and share authoritative map content, make and use intelligent web maps that can be accessed anywhere, and leverage Esri's enterprise cloud computing capabilities. It provides examples of how ArcGIS Online can be used to create and share maps for tracking exercise routes, viewing port locations, accessing additional map basemaps and linked information, and publishing custom applications for tours or organizations to utilize.
This document describes a case study based approach for teaching information security. It proposes using case studies that present real-world information security scenarios. Students would analyze these case studies individually and in teams to identify problems, generate solutions, and select optimal solutions. The document outlines various tools and methods for analyzing case studies, including using terminology definitions, static and dynamic perspectives, event chains, and table representations. It provides examples of how these analysis tools could be applied to a case study. The case study approach aims to make information security learning interactive, develop analytical skills, and be close to real-world situations.
This document discusses how O2NE can help businesses that are facing rising energy costs, demands for lower operating costs, and carbon reduction taxes. It summarizes that O2NE provides energy efficiency and sustainable building design services, including energy audits, modeling, building automation systems, and energy management. Over a 30 year period, initial building costs only account for 2% of total costs, while operations and maintenance make up 6%. O2NE aims to help clients minimize energy expenditures and maximize returns on investment over the long term.
Perth Esri Australia SIBA DIGO PresentationTom Gardner
Esri Australia provides spatial solutions for defense and disaster response efforts. They support organizations like the Virginia Department of Emergency Management with tools like VIPER and help provide situational awareness. Esri Australia is also a system builder for defense, supporting field forces with Battlemap and Joint Operations Command with WebRep. They promote interoperability between agencies through next generation research projects.
GeoDesign for Civic Engagement and Sustainable DevelopmentTom Gardner
This document discusses GeoDesign, which tightly couples the creation of design proposals with impact simulations informed by geographic contexts. It presents GeoDesign as a collaborative planning process that helps achieve synergy between humans and nature. The document outlines Carl Steinitz's six-step GeoDesign framework and provides examples of how GeoDesign has been used for debris disposal site selection after tsunamis, analyzing park access and locations, and creating a collaborative park design template. It concludes that challenges of GeoDesign include developing appropriate technology to enable seamless, iterative design workflows and establishing GeoDesign as a cross-disciplinary practice.
Muitos espaços como escolas, empresas de aluguel de quadras e locais para eventos estão ociosos. Uma nova plataforma pretende conectar proprietários destes espaços ociosos a pessoas que precisam alugar estes locais de forma mais acessível, oferecendo também serviços adicionais de gestão e pagamento. A plataforma permite a gestão de horários, finanças e emissão de recibos de forma online para proprietários e locatários.
GeoDesign is a collaborative planning method that tightly couples design proposals with impact simulations informed by geographic contexts. It addresses shortcomings of traditional land use planning like lack of systematic impact monitoring, geo-databases, and flexibility to change designs. GeoDesign involves community input to gather information, analyze current conditions, compare alternatives, and create future land use plans. Examples include transportation planning and redevelopment projects. GeoDesign is a new approach for land use planning and policymaking that utilizes existing geospatial tools.
Euler circuits and dna sequencing by hybridizationMountville Mills
This document discusses DNA sequencing by hybridization, which is a method to reconstruct a long DNA string from knowledge of its short subsequences. It studies the number of possible reconstructions (k) of a random DNA string given its substrings. It shows that k is determined by the pattern of repeated substrings in the DNA string. In the appropriate limit, substrings will occur at most twice, forming pairings. The number of reconstructions is then the number of Euler circuits in the graph induced by the pairing. The document presents a method to compute the number of n-symbol pairings having k Euler circuits in closed form. It also provides asymptotic estimates of k for random DNA strings.
The document discusses geoenablement and spatial technologies. It mentions geoenabling business systems and information as well as GIS. Examples provided include the RECOVERY.gov website, Maryland's StateStat program, and challenges around educating decision makers and growing the spatial industry. The document concludes by thanking the audience and providing a contact email.
Morgan is turning 20 and receiving birthday wishes from friends. The document contains wishes for heart shaped pizza, tropical beaches, stretches that feel good, dried mango, glamour shoes, perfect french fries, relaxation, beautiful sunrises and sunsets, all-you-can-eat sushi, fun with friends, and dancing as Morgan enjoys her birthday cake and makes a wish. Friends say Morgan is a rockstar and wish her enjoyment on her birthday.
The document summarizes a 2009 workshop on cyber security and global affairs. It discusses various approaches to evaluating cryptographic systems, including cryptographic security analysis, mathematical implications, formalized security risk analysis methodologies, and tools for cryptographic protocol analysis. It also proposes a 5-step cryptosystem security assessment process and an ABC model of security threats to develop a mathematical model for evaluating a cryptosystem's resistance to attacks.
Private Range Query by Perturbation and Matrix Based EncryptionJunpei Kawamoto
This document proposes a new method called Inner Product Predicate (IPP) for performing private range queries over encrypted data. The IPP method adds perturbations to attribute values and queries through matrix-based encryption to prevent frequency analysis attacks. Experimental results show the transformed query distributions are different from the originals and query processing time is linear in the number of tuples. Open problems remain around reducing computational costs and defending against attacks using aggregate query results.
Using NP Problems to Share Keys in Secret-Key Cryptographyiosrjce
Public key cryptography has now become an important means for providing confidentiality by its use
of key distribution, in which users can do private communication with the help of encryption keys. It also
provides digital signatures which allow users to sign keys to verify their identities. But public key cryptography
has its own shortcoming regarding to high cost in keys distribution and excessive computation in encoding and
decoding it.
Whereas private key can omit all above problems but only if we can find a way to share private key
confidentially.
This research presents an innovation, which can be our future approach, using technology so-called NP
problems, of sending or sharing keys to the receiver without any need of the third party. This will provide an
open idea where sender and receiver can share any key for any number of times for encrypting data
confidentially that also helpful in overcoming problem of brute force attack
Multiple Choice Questions on JAVA (object oriented programming) bank 3 -- cla...Kuntal Bhowmick
This document contains a 17-page MCQ quiz on object-oriented programming concepts like classes, objects, and conditional statements. It includes 18 multiple choice questions about topics such as the difference between classes and objects, access specifiers, method overloading, constructors, and if statements. Each question is presented on an even page with the corresponding explanation and answer on the adjacent odd page. The document instructs readers to first attempt each question themselves before checking the solution.
Detect helmet impacts in NFL games using videos and player tracking data. A two-stage pipeline involves helmet detection followed by classification of detections as impacts or non-impacts. Post-processing includes temporal non-maximum suppression using tracking results to reduce false positives. Multiple models are ensembled and thresholds tuned on a validation set for best performance.
Multiple Choice Questions on JAVA (object oriented programming) bank 2 -- bas...Kuntal Bhowmick
This document contains a 20-question multiple choice quiz on basic object-oriented programming concepts in Java. Each question is presented on an even page with possible answer options, while the corresponding solution and explanation is given on the adjacent odd page. The quiz covers fundamental topics like data types, access specifiers, inheritance, polymorphism, and more.
Speech recognition using hidden markov model mee 03_19NGUYEN_SPKT
This document describes the implementation of a speech recognition system using hidden Markov models (HMMs) on a DSK-ADSP-BF533 EZ-KIT LITE REV 1.5 digital signal processor board. The key steps taken are:
1. Feature extraction from speech signals by calculating mel frequency cepstrum coefficients (MFCCs). This involves preprocessing the signal, framing and windowing, Fourier transform, mel filtering, and discrete cosine transform.
2. Training HMMs to create models of words using an iterative process that calculates mean, variance, state transition probabilities, and output distributions from multiple utterances of words.
3. Testing utterances against trained models using the Viterbi
The document discusses how ArcGIS Online allows users to organize and share authoritative map content, make and use intelligent web maps that can be accessed anywhere, and leverage Esri's enterprise cloud computing capabilities. It provides examples of how ArcGIS Online can be used to create and share maps for tracking exercise routes, viewing port locations, accessing additional map basemaps and linked information, and publishing custom applications for tours or organizations to utilize.
This document describes a case study based approach for teaching information security. It proposes using case studies that present real-world information security scenarios. Students would analyze these case studies individually and in teams to identify problems, generate solutions, and select optimal solutions. The document outlines various tools and methods for analyzing case studies, including using terminology definitions, static and dynamic perspectives, event chains, and table representations. It provides examples of how these analysis tools could be applied to a case study. The case study approach aims to make information security learning interactive, develop analytical skills, and be close to real-world situations.
This document discusses how O2NE can help businesses that are facing rising energy costs, demands for lower operating costs, and carbon reduction taxes. It summarizes that O2NE provides energy efficiency and sustainable building design services, including energy audits, modeling, building automation systems, and energy management. Over a 30 year period, initial building costs only account for 2% of total costs, while operations and maintenance make up 6%. O2NE aims to help clients minimize energy expenditures and maximize returns on investment over the long term.
Perth Esri Australia SIBA DIGO PresentationTom Gardner
Esri Australia provides spatial solutions for defense and disaster response efforts. They support organizations like the Virginia Department of Emergency Management with tools like VIPER and help provide situational awareness. Esri Australia is also a system builder for defense, supporting field forces with Battlemap and Joint Operations Command with WebRep. They promote interoperability between agencies through next generation research projects.
GeoDesign for Civic Engagement and Sustainable DevelopmentTom Gardner
This document discusses GeoDesign, which tightly couples the creation of design proposals with impact simulations informed by geographic contexts. It presents GeoDesign as a collaborative planning process that helps achieve synergy between humans and nature. The document outlines Carl Steinitz's six-step GeoDesign framework and provides examples of how GeoDesign has been used for debris disposal site selection after tsunamis, analyzing park access and locations, and creating a collaborative park design template. It concludes that challenges of GeoDesign include developing appropriate technology to enable seamless, iterative design workflows and establishing GeoDesign as a cross-disciplinary practice.
Muitos espaços como escolas, empresas de aluguel de quadras e locais para eventos estão ociosos. Uma nova plataforma pretende conectar proprietários destes espaços ociosos a pessoas que precisam alugar estes locais de forma mais acessível, oferecendo também serviços adicionais de gestão e pagamento. A plataforma permite a gestão de horários, finanças e emissão de recibos de forma online para proprietários e locatários.
GeoDesign is a collaborative planning method that tightly couples design proposals with impact simulations informed by geographic contexts. It addresses shortcomings of traditional land use planning like lack of systematic impact monitoring, geo-databases, and flexibility to change designs. GeoDesign involves community input to gather information, analyze current conditions, compare alternatives, and create future land use plans. Examples include transportation planning and redevelopment projects. GeoDesign is a new approach for land use planning and policymaking that utilizes existing geospatial tools.
Euler circuits and dna sequencing by hybridizationMountville Mills
This document discusses DNA sequencing by hybridization, which is a method to reconstruct a long DNA string from knowledge of its short subsequences. It studies the number of possible reconstructions (k) of a random DNA string given its substrings. It shows that k is determined by the pattern of repeated substrings in the DNA string. In the appropriate limit, substrings will occur at most twice, forming pairings. The number of reconstructions is then the number of Euler circuits in the graph induced by the pairing. The document presents a method to compute the number of n-symbol pairings having k Euler circuits in closed form. It also provides asymptotic estimates of k for random DNA strings.
The document discusses geoenablement and spatial technologies. It mentions geoenabling business systems and information as well as GIS. Examples provided include the RECOVERY.gov website, Maryland's StateStat program, and challenges around educating decision makers and growing the spatial industry. The document concludes by thanking the audience and providing a contact email.
Morgan is turning 20 and receiving birthday wishes from friends. The document contains wishes for heart shaped pizza, tropical beaches, stretches that feel good, dried mango, glamour shoes, perfect french fries, relaxation, beautiful sunrises and sunsets, all-you-can-eat sushi, fun with friends, and dancing as Morgan enjoys her birthday cake and makes a wish. Friends say Morgan is a rockstar and wish her enjoyment on her birthday.
The document summarizes a 2009 workshop on cyber security and global affairs. It discusses various approaches to evaluating cryptographic systems, including cryptographic security analysis, mathematical implications, formalized security risk analysis methodologies, and tools for cryptographic protocol analysis. It also proposes a 5-step cryptosystem security assessment process and an ABC model of security threats to develop a mathematical model for evaluating a cryptosystem's resistance to attacks.
1) The document outlines the process of identifying and describing errors made by language learners. It discusses overt errors, which are ungrammatical at the sentence level, and covert errors, which are grammatically correct sentences that do not make sense in context.
2) It provides a procedure for identifying errors, determining if a sentence is overtly or covertly erroneous, and reconstructing the sentence to understand the error. If the learner's native language is known, the sentence can be translated to and from that language.
3) Common error types are described as errors of addition, omission, substitution, or ordering, which can occur at the phonological, lexical, grammatical or discourse levels. While broad, these
The document presents an overview of theories of second language acquisition (SLA). It discusses domains to consider in an SLA theory, including that SLA involves cognitive variations and is intertwined with culture learning. Several SLA theories are then summarized, including Krashen's Input Hypothesis with its sub-hypotheses, cognitive models focusing on attention and implicit/explicit knowledge, and Long's Interaction Hypothesis emphasizing the role of modified interaction between learners and native speakers. The theories represent innatist, cognitive, and social constructivist perspectives on SLA.
Estimating instruction-level throughput (for example, predicting the cycle counts) is critical for many applications that rely on tightly calculated and accurate timing bounds. In this talk, we will present a new throughput analysis tool, MCA Daemon (MCAD). It is built on top of LLVM MCA and combines the advantages of both static and dynamic throughput analyses, providing a powerful, fast, and easy-to-use tool that scales up with large-scale programs in the real world.
Grow and Shrink - Dynamically Extending the Ruby VM StackKeitaSugiyama1
This document summarizes a presentation about dynamically extending the Ruby VM stack. It discusses two methods for extending the stacks - stretching and chaining. Stretching grows the stacks upwards when they reach the maximum size, while chaining implements the call stack as a linked list so only the internal stack needs growing. The implementation aims to make stack extensions safe and efficient for development by prohibiting access to old stacks and frequently triggering extensions for testing. Benchmarks show chaining has lower execution time than stretching but is still slower than the default implementation due to overhead from moving stacks and indirect access. Initial stack size has little effect on performance. The goal is to reduce memory usage through dynamic stack sizing.
Algebraic Fault Attack on the SHA-256 Compression FunctionIJORCS
The cryptographic hash function SHA-256 is one member of the SHA-2 hash family, which was proposed in 2000 and was standardized by NIST in 2002 as a successor of SHA-1. Although the differential fault attack on SHA-1compression function has been proposed, it seems hard to be directly adapted to SHA-256. In this paper, an efficient algebraic fault attack on SHA-256 compression function is proposed under the word-oriented random fault model. During the attack, an automatic tool STP is exploited, which constructs binary expressions for the word-based operations in SHA-256 compression function and then invokes a SAT solver to solve the equations. The simulation of the new attack needs about 65 fault injections to recover the chaining value and the input message block with about 200 seconds on average. Moreover, based on the attack on SHA-256 compression function, an almost universal forgery attack on HMAC-SHA-256 is presented. Our algebraic fault analysis is generic, automatic and can be applied to other ARX-based primitives.
This document appears to be a thesis submitted by Conor McMenamin for their B.Sc. in Computational Thinking at Maynooth University. The thesis investigates existing standards for selecting elliptic curves for use in elliptic curve cryptography (ECC) and whether it is possible to manipulate the standards to exploit weaknesses. It provides background on elliptic curve theory, cryptography, and standards. The document outlines requirements and proposes designing a system to test manipulating the standards by choosing curves with a user-selected parameter ("BADA55") to simulate exploiting a weakness. It describes implementing and testing the system before concluding and discussing future work.
Web-Scale Graph Analytics with Apache® Spark™Databricks
Graph analytics has a wide range of applications, from information propagation and network flow optimization to fraud and anomaly detection. The rise of social networks and the Internet of Things has given us complex web-scale graphs with billions of vertices and edges. However, in order to extract the hidden gems within those graphs, you need tools to analyze the graphs easily and efficiently.
At Spark Summit 2016, Databricks introduced GraphFrames, which implemented graph queries and pattern matching on top of Spark SQL to simplify graph analytics. In this talk, you’ll learn about work that has made graph algorithms in GraphFrames faster and more scalable. For example, new implementations like connected components have received algorithm improvements based on recent research, as well as performance improvements from Spark DataFrames. Discover lessons learned from scaling the implementation from millions to billions of nodes; compare its performance with other popular graph libraries; and hear about real-world applications.
This document discusses techniques for reducing cache misses and improving memory performance. It introduces the concepts of compulsory, capacity and conflict misses. Methods covered for reducing misses include increasing block size, associativity, using victim caches, pseudo-associativity, hardware/software prefetching, and compiler optimizations like merging arrays, loop interchange, fusion and blocking. Both hardware and software prefetching are described as well as the tradeoffs between binding and non-binding prefetching.
Learn to Build an App to Find Similar Images using Deep Learning- Piotr TeterwakPyData
This document discusses using deep learning and deep features to build an app that finds similar images. It begins with an overview of deep learning and how neural networks can learn complex patterns in data. The document then discusses how pre-trained neural networks can be used as feature extractors for other domains through transfer learning. This reduces data and tuning requirements compared to training new deep learning models. The rest of the document focuses on building an image similarity service using these techniques, including training a model with GraphLab Create and deploying it as a web service with Dato Predictive Services.
Karen Easterbrook, Microsoft
Brian LaMacchia, Microsoft
Quantum computers may be 10 years away, but well-funded adversaries are already preparing for their arrival. Even if they can’t read high-value encrypted traffic today, they are recording and storing for when they can decrypt it in the future. If your secrets need to be protected for more than 10 years, you need to take action now. In this talk, we will explore how sufficiently large quantum computers will catastrophically break all public-key cryptography commonly used today, the overall scope of this threat, and the steps underway to develop and deploy quantum-resistant replacement algorithms and security protocols. We will introduce the code and tools that you can use today to fend off these future advanced threats.
1. This work applies and extends the biclique attack framework to cryptanalyze the full 8.5 round IDEA cipher.
2. A biclique is constructed by partitioning the IDEA key schedule and mapping internal states in the forward and backward directions.
3. The authors find an optimal key partitioning that breaks the 128-bit IDEA key into subsets for the biclique attack. This allows them to recover the full IDEA key using bicliques and meet-in-the-middle techniques with significantly less than the expected 2^128 operations.
Searching Encrypted Cloud Data: Academia and Industry Done RightSkyhigh Networks
There are two worlds of crypto-development: industry and academia. Leading researcher Sasha Boldyreva shares her experience on how the two can have a mutually-beneficial collaboration through her work with Skyhigh Networks.
This document provides an overview of deep learning and its applications. It discusses how deep learning can be used for image classification and how neural networks learn hierarchical representations from data. The document highlights some of the challenges of deep learning, such as the large amounts of data and computation required. It also covers how deep learning models can be deployed in production using services like Amazon Web Services to ensure low latency, high availability, and continuous learning.
Micro-Architectural Attacks on Cyber-Physical SystemsHeechul Yun
Micro-architectural attacks are specialized software attacks that target hardware. Modern high-performance computing hardware employs a variety of sophisticated microarchitectural components---multiple levels of caches, prefetchers, out-of-order speculative execution engine, etc.---to improve performance. Micro-architectural attacks target weaknesses in these microarchitectural components and many kinds of successful attacks---which leak secret, alter data, or delay execution times of the victim---have been demonstrated in recent years. As safety-critical cyber-physical systems (CPS) are increasingly relying on high-performance hardware, micro-architectural attacks on CPS are becoming a serious threat to their safety and security. In this talk, I will present examples of micro-architectural attacks in the context of CPS and discuss the challenges and potential approaches to defend against these attacks.
Puzzle-Based Automatic Testing: Bringing Humans Into the Loop by Solving Puzz...Sung Kim
This document describes an approach called Puzzle-based Automatic Testing (PAT) that aims to improve test coverage of automatic test generation techniques by leveraging human problem solving abilities. PAT presents two types of puzzles - object mutation puzzles that require modifying objects to satisfy certain states, and constraint solving puzzles that require finding inputs to satisfy path conditions. The approach was evaluated on two subjects and found to improve test coverage by generating additional test cases from human-solved puzzle solutions. On average, participants were able to solve over 50% of object mutation puzzles and over 70% of constraint solving puzzles within 1 minute each.
We review our recent progress in the development of graph kernels. We discuss the hash graph kernel framework, which makes the computation of kernels for graphs with vertices and edges annotated with real-valued information feasible for large data sets. Moreover, we summarize our general investigation of the benefits of explicit graph feature maps in comparison to using the kernel trick. Our experimental studies on real-world data sets suggest that explicit feature maps often provide sufficient classification accuracy while being computed more efficiently. Finally, we describe how to construct valid kernels from optimal assignments to obtain new expressive graph kernels. These make use of the kernel trick to establish one-to-one correspondences. We conclude by a discussion of our results and their implication for the future development of graph kernels.
Dynamic linking and overlays are techniques for improving memory utilization in operating systems. Dynamic linking postpones linking of library routines until execution using stubs. This allows better memory usage and automatic use of new library versions. Overlays improve memory usage for large programs by loading only required parts into memory at a given time using an overlay manager. Both have advantages of improved memory usage but overlays require complex programming and are slower.
A Unified Framework for Computer Vision Tasks: (Conditional) Generative Model...Sangwoo Mo
Lab seminar introduces Ting Chen's recent 3 works:
- Pix2seq: A Language Modeling Framework for Object Detection (ICLR’22)
- A Unified Sequence Interface for Vision Tasks (NeurIPS’22)
- A Generalist Framework for Panoptic Segmentation of Images and Videos (submitted to ICLR’23)
Learning to Spot and Refactor Inconsistent Method NamesDongsun Kim
To ensure code readability and facilitate software maintenance, program methods must be named properly. In particular, method names must be consistent with the corresponding method implementations. Debugging method names remains an important topic in the literature, where various approaches analyze commonalities among method names in a large dataset to detect inconsistent method names and suggest better ones. We note that the state-of-the-art does not analyze the implemented code itself to assess consistency. We thus propose a novel automated approach to debugging method names based on the analysis of consistency between method names and method code. The approach leverages deep feature representation techniques adapted to the nature of each artifact. Experimental results on over 2.1 million Java methods show that we can achieve up to 15 percentage points improvement over the state-of-the-art, establishing a record performance of 67.9% F1-measure in identifying inconsistent method names. We further demonstrate that our approach yields up to 25% accuracy in suggesting full names, while the state-of-the-art lags far behind at 1.1% accuracy. Finally, we report on our success in fixing 66 inconsistent method names in a live study on projects in the wild.
Challenging Web-Scale Graph Analytics with Apache Spark with Xiangrui MengDatabricks
Graph analytics has a wide range of applications, from information propagation and network flow optimization to fraud and anomaly detection. The rise of social networks and the Internet of Things has given us complex web-scale graphs with billions of vertices and edges. However, in order to extract the hidden gems within those graphs, you need tools to analyze the graphs easily and efficiently.
At Spark Summit 2016, Databricks introduced GraphFrames, which implemented graph queries and pattern matching on top of Spark SQL to simplify graph analytics. In this talk, you'll learn about work that has made graph algorithms in GraphFrames faster and more scalable. For example, new implementations like connected components have received algorithm improvements based on recent research, as well as performance improvements from Spark DataFrames. Discover lessons learned from scaling the implementation from millions to billions of nodes; compare its performance with other popular graph libraries; and hear about real-world applications.
Challenging Web-Scale Graph Analytics with Apache SparkDatabricks
Graph analytics has a wide range of applications, from information propagation and network flow optimization to fraud and anomaly detection. The rise of social networks and the Internet of Things has given us complex web-scale graphs with billions of vertices and edges. However, in order to extract the hidden gems within those graphs, you need tools to analyze the graphs easily and efficiently.
At Spark Summit 2016, Databricks introduced GraphFrames, which implemented graph queries and pattern matching on top of Spark SQL to simplify graph analytics. In this talk, you’ll learn about work that has made graph algorithms in GraphFrames faster and more scalable. For example, new implementations like connected components have received algorithm improvements based on recent research, as well as performance improvements from Spark DataFrames. Discover lessons learned from scaling the implementation from millions to billions of nodes; compare its performance with other popular graph libraries; and hear about real-world applications.
Similar to Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family (20)
Challenging Web-Scale Graph Analytics with Apache Spark
Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family
1. Bicliques for Preimages:
Attacks on Skein-512 and
the SHA-2 family
Dmitry Khovratovich1 Christian Rechberger2
Alexandra Savelieva3
1 Microsoft Research Redmond, USA
2 DTU MAT, Denmark
3 National Research University Higher School of Economics, Russia
19th International Workshop on Fast Software Encryption - FSE 2012
March 19-21, 2012
2. Recent Progress in Preimage
Attacks – MD4, MD5, and Tiger
2010
2009 Guo, Ling, Rechberger,
and Wang. Advanced
meet-in-the-middle
2008 Sasaki, Aoki: Finding preimage attacks: First
Preimages in Full MD5 results on full Tiger, and
Faster Than Exhaustive improved results on
Sasaki and Aoki. Search. EUROCRYPT MD4 and SHA-2.
Preimage attacks on 2009 ASIACRYPT'10
step-reduced MD5.
ACISP'08.
Introduction of Initial Structure
Introduction of Splice-and-Cut Framework
2
3. Recent Progress in Preimage
Attacks – SHA-x Family
2010
2009 Guo, Ling, Rechberger,
and Wang. Advanced
meet-in-the-middle
2008 Aoki and Sasaki. Meet- preimage attacks: First
in-the-middle preimage results on full Tiger, and
attacks against reduced improved results on
SHA-0 and SHA-1. MD4 and SHA-2.
CRYPTO'09. ASIACRYPT'10.
Introduction of Initial Structure
Introduction of Splice-and-Cut Framework
3
4. Problem
• Concrete examples of the initial structure are
extremely sophisticated and hard to generalize.
• Many ad-hoc / not formalized techniques are
used to build initial structures
• While the other elements of splice-and-cut
framework seem exhausted already, the concept
behind initial structure has large potential and
few boundaries.
4
5. Purpose of our Research
• To replace the idea of the initial structure with a
more formal and generic concept
• To design generic algorithms for constructing the
initial structure
• To reduce manual efforts and time to build the
initial structure
5
6. Preimage Attacks
• Preimage attack on hash function.
• Given h, find M: H(M) = f (M; IV ) = h
• For an n-bit ideal hash function: complexity 2n
• Pseudo-preimage attack on compression function.
• Given h, find M and CV: f (M; CV) = h.
• For an n-bit ideal compression function: complexity 2n.
• Pseudo-preimage attacks yielding preimages
• If a pseudo-preimage for the n-bit compression
function is constructed in time 2x , x < n - 2, then the
full preimage can be found in time 21+(n+x)/2 .
6
8. Hash Functions with Merkle-
Damgård Structure
• M is arbitrarily long
• Iterative design
• H(M) = f (M [s]; CV [s] )
• CV[i+1] = f (M [i]; CV [i] )
8
9. Compression Functions in Davies-
Meier Mode
• Blockcipher-based compression function:
f (M; CV) = EM(CV) CV;
• where E is a block cipher keyed with scheduled input M
9
16. Advantage
• The complexity of testing 22d messages for
preimages:
C = 2d(Cbackward + Cforward) + Cbicl [+ Crecheck ]
• One needs 2n-2d bicliques of dimension d to test
2n preimage candidates.
16
17. Differential Perspective on
Bicliques
• Vast pool of already existing tools when it comes to
finding differential trails in hash functions
• Very precise and economic use of degrees of
freedom in the resulting attacks
17
18. Biclique Construction Algorithms
# Main idea Application Attacks
1 Fully specified or Bicliques of Reduced Skein
truncated arbitrary hash function
differential trails dimension
2 Modification of For the case when Reduced
Algorithm 1 for we control internal SHA-2 hash
hash functions in state and message and
DM mode injections within compression
the biclique functions
3 Use rebound For bicliques of Reduced Skein
approach to get dimension 1 compression 18
more rounds function
19. Number of Attacked SHA-2 Hash
Function Rounds - Our Improvements
Hash Chunks Partial Partial Initial Total
function matching fixing structure
SHA-256 29 7 3 4+2 43+2
SHA-512 29 7 8 2+4 46+4
• Compared to:
• Aoki, Guo, Matusiewicz, Sasaki, and Wang. Preimages for
step-reduced SHA-2. In ASIACRYPT’09.
19
20. Summary of Our Contributions
• Formalization of Initial Structure technique as a ‘Biclique’
• 3 generic and flexible algorithms for constructing bicliques
• differential perspective that allows for application of differential
trails, message modification techniques etc. in splice-and-cut
framework
• SHA-2 family
• attack on 45-round SHA-256 and 50-round SHA-512 in the hash
mode
• attack on 52-round SHA-256 and 57-round SHA-512
compression function
• SHA-3 finalist Skein
• attack on 22 rounds of Skein-512 hash function
20
• attack on 37 rounds of Skein-512 compression function
• MITM speed-up of brute force attack on 72 rounds of Skein-512
21. Results in Perspective
• We targeted a main security property, not some
artificial distinguishing property.
• We have results on the real hash, not some
pseudo-attacks, or results that only work with
full access to compression function, cipher or
permutation
21
22. Follow-up Work
• Biclique Cryptanalysis of the Full AES by Bogdanov,
Khovratovich, and Rechberger (2011) - First application to
block ciphers
• A Meet-in-the-Middle Attack on the Full KASUMI by Jia, Yu,
and Wang (2011) - Exploits a new property of the cipher
• Narrow Bicliques: Cryptanalysis of Full IDEA by
Khovratovich, Leurent, and Rechberger (2012) - Variants of
attacks that are many million times faster than brute-force
• Even more results on: SQUARE (by Mala, 2011), IDEA (by
Biham, Dunkelman, Keller, and Shamir, 2011), and ARIA (by
Chen and Xu, 2012) 22
23. Future Work
• Application of the Biclique framework to other
hash functions and block ciphers
• Generalization of the Biclique technique, e.g.
identifying situations where a graph can be used
that deviates from the Biclique definition.
• New design criteria for hash-functions based on
their ability to resist meet-in-the-middle attacks
23