The document is a technical presentation on computer security and cryptography by Alex.C.P. It discusses topics such as viruses, firewalls, hackers, the definition of computer security, confidentiality, integrity and availability. It then covers the basics of cryptography including symmetric and asymmetric algorithms. Application areas like ensuring identity through digital signatures and the role of trust are explained. Finally, techniques to provide confidentiality, integrity and defend against viruses through cryptography are summarized.
The Diffie-Hellman algorithm was developed by Whitfield Diffie and Martin Hellman in 1976.
This algorithm was devices not to encrypt the data but to generate same private cryptographic key at both ends so that there is no need to transfer this key from one communication end to another.
Diffie – Hellman algorithm is an algorithm that allows two parties to get the shared secret key using the communication channel, which is not protected from the interception but is protected from modification.
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
The Diffie-Hellman algorithm was developed by Whitfield Diffie and Martin Hellman in 1976.
This algorithm was devices not to encrypt the data but to generate same private cryptographic key at both ends so that there is no need to transfer this key from one communication end to another.
Diffie – Hellman algorithm is an algorithm that allows two parties to get the shared secret key using the communication channel, which is not protected from the interception but is protected from modification.
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
this presentation is on block cipher modes which are used for encryption and decryption to any message.That are Defined by the National Institute of Standards and Technology . Block cipher modes of operation are part of symmetric key encryption algorithm.
i hope you may like this.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
A brief discussion of network security and an introduction to cryptography. We end the presentation with a discussion of the RSA algorithm, and show how it works with a basic example.
Cryptography and network security Nit701Amit Pathak
Cryptography and network security descries the security parameter with the help of public and private key. Digital signature is one of the most important area which we apply in our daily life for transferring the data.
While computer systems today have some of the best security systems ever, they are more vulnerable than ever before.
This vulnerability stems from the world-wide access to computer systems via the Internet.
Computer and network security comes in many forms, including encryption algorithms, access to facilities, digital signatures, and using fingerprints and face scans as passwords.
Cryptography is the science of using mathematics to encrypt and decrypt data. This presentation explains about the cryptography, its history, types i.e. symmetric and asymmetric cryptography.
( Edureka Cybersecurity Course: https://www.edureka.co/cybersecurity-certification-training)
This Edureka video gives an introduction to Network Security and its nuances. Topics covered in this video are:
1. Need for Network Security
2. What is Network Security
3. Security in the Network, Transport and Application Layer
4. Network Security for Business
this presentation is on block cipher modes which are used for encryption and decryption to any message.That are Defined by the National Institute of Standards and Technology . Block cipher modes of operation are part of symmetric key encryption algorithm.
i hope you may like this.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
A brief discussion of network security and an introduction to cryptography. We end the presentation with a discussion of the RSA algorithm, and show how it works with a basic example.
Cryptography and network security Nit701Amit Pathak
Cryptography and network security descries the security parameter with the help of public and private key. Digital signature is one of the most important area which we apply in our daily life for transferring the data.
While computer systems today have some of the best security systems ever, they are more vulnerable than ever before.
This vulnerability stems from the world-wide access to computer systems via the Internet.
Computer and network security comes in many forms, including encryption algorithms, access to facilities, digital signatures, and using fingerprints and face scans as passwords.
Cryptography is the science of using mathematics to encrypt and decrypt data. This presentation explains about the cryptography, its history, types i.e. symmetric and asymmetric cryptography.
( Edureka Cybersecurity Course: https://www.edureka.co/cybersecurity-certification-training)
This Edureka video gives an introduction to Network Security and its nuances. Topics covered in this video are:
1. Need for Network Security
2. What is Network Security
3. Security in the Network, Transport and Application Layer
4. Network Security for Business
Ppt for graphical password authentication using cued click pointsHari Krishnan
this ppt will give you more information abt. graphical password authentication using cued click points.
email id: harikrishnan89@yahoo.co.in
download and edit it..the upload had some problem with fonts.
note: A slide for any presentation should not contain more than 4-5 sentences but this presentation has more than the requirement.So, i suggest you to edit as per your requirement and to make it more effective, you can add animations as well.
o Review of PGP - Authentication and Confidentiality.
o Review of MIME and S/MIME with a short review of SMTP.
o Review of S/MIME in MS-Outlook - worksheet.
o Review of SSL Protocols.
o Review of SSH, its phases and its supported channel types.
o Demonstration SSL through Wireshark
o Demonstration SSH Channel
o Need for IPSec
o Details of ESP and brief idea of AH.
o SAD and SPD with inbound/outbound packet processing.
A presentation about how we can make the Internet hard to monitor - how we can and should encrypt more communication. This version includes a presentation of the TLS protocol.
Changes in 2.2: Added quotes from Viktor Dukhovni's IETF RFC 7435 about Opportunistic Security
Encryption is a fundamental concept in cryptography that involves the process of converting plaintext (readable and understandable data) into ciphertext (encoded and unintelligible data) using a mathematical algorithm and an encryption key. The primary purpose of encryption is to ensure the confidentiality and privacy of sensitive information during transmission or storage.
In the encryption process:
1. **Plaintext:** This is the original, readable data that is to be protected. It could be a message, a file, or any form of digital information.
2. **Encryption Algorithm:** An encryption algorithm is a set of mathematical rules and procedures that transform the plaintext into ciphertext. Common encryption algorithms include Advanced Encryption Standard (AES), RSA, and Triple DES.
3. **Encryption Key:** The encryption key is a piece of information used by the encryption algorithm to perform the transformation. The key determines the specific pattern and method by which the plaintext is converted into ciphertext. The strength of the encryption often depends on the length and randomness of the key.
4. **Ciphertext:** This is the result of the encryption process—the transformed and encoded data that appears random and is indecipherable without the corresponding decryption key.
Encryption serves several important purposes in the field of cryptography:
- **Confidentiality:** The primary goal of encryption is to keep information confidential and secure from unauthorized access. Even if an unauthorized party intercepts the ciphertext, they should be unable to understand or decipher it without the correct decryption key.
- **Integrity:** Encryption helps ensure the integrity of data by providing a means to detect any unauthorized modifications. If the ciphertext is altered, the decryption process will produce incorrect results, alerting the recipient to potential tampering.
- **Authentication:** In some encryption scenarios, the use of digital signatures or authenticated encryption helps verify the origin and authenticity of the encrypted data.
- **Secure Communication:** Encryption is widely used to secure communication over networks, such as the internet. Protocols like HTTPS (HTTP Secure) use encryption to protect the confidentiality of data transmitted between a web browser and a web server.
- **Data-at-Rest Protection:** Encryption is applied to data stored on devices or servers, ensuring that even if physical access is gained, the data remains protected from unauthorized viewing.
In summary, encryption is a crucial tool in the field of cryptography, providing a means to safeguard the confidentiality, integrity, and authenticity of sensitive information in various digital environments.
Prevention of Cheating Message based on Block Cipher using Digital Envelopeiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
The research of the digital certified mail up to implementing the base algorithm and then, go through more on pretty good privacy (PGP) applied to the email system.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
3. 10/01/10 Technical presentation - Alex.C.P 3
Computer Security
Ensuring that information is accessible only to those authorized to have access" (ISO definition excerpt)
It is the accuracy, consistency and reliability of the information content
Means that the information, the computing systems used to process the information, and the security
controls used to protect the information are all available and functioning correctly when the information is
needed.
●
Confidentiality
● Integrity
● Availability
Concerns itself with
4. 10/01/10 Technical presentation - Alex.C.P 4
The Role of Cryptography
in Computer Security
Confidentiality
Availability
Integrity
Cryptographic Techniques
6. 10/01/10 Technical presentation - Alex.C.P 6
Cryptography History
Cryptography or cryptology; derived from Greek kryptós "hidden,"
and the verb gráfo "write" or λεγειν legein "to speak")
An ancient greek scytale
(3rd BC)
This device was used around 3rd century BC
This machine, used in World War II, uses as its base the XOR cipher
For example, the string "Wiki" (01010111 01101001 01101011 01101001 in
8-bit ASCII) can be encrypted with the key 11110011 using this method as
follows:
The German Lorenz cipher
machine (1940’s)
8. 10/01/10 Technical presentation - Alex.C.P 8
Cryptography – Secret Key Cryptography
Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the bits
of the message one at a time, and block ciphers take a number of bits
Popular SKC schemes
Data Encryption Standard (DES): The most common SKC scheme used today, DES was designed by IBM in the 1970s and adopted by the National Bureau of
Standards (NBS) in 1977 for commercial and unclassified government applications. DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks.
Advanced Encryption Standard (AES): This is the next version of DES and is a 128-bit block cipher employing a 128-, 192-, or 256-bit key
Other schemes -Twofish, Serpent, AES (aka Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.
encrypt decrypt
9. 10/01/10 Technical presentation - Alex.C.P 9
encrypt
Cryptography – Public Key Cryptography
decrypt
PKC depends upon the existence of so-called one-way functions
•Multiplication vs. Factorization
9*16= 144 (can be calculated extremely fast)
But from 144 (2*2*2*2*3*9) it takes more time and effort to guess the correct key (9&16)
•Exponentiation vs. logarithms
3^6 (3 raised to 6) = 729
But the solution to logx 729 = y is non trivial ( note x= 3, y =6)
Note - The mathematical "trick" in PKC is to find a trap door in the one-way function so that the inverse calculation
becomes easy given knowledge of some item of information.
10. 10/01/10 Technical presentation - Alex.C.P 10
Cryptography – Public Key Cryptography Contd
Bob’s
Private
key
(9,16)
Bob’s
Public
key
(144)
Alice writes secret message to Bob & encrypts with Bob’s public
key and gives to mutual friend Dave to deliver to Bob
Curious boy Dave tries to read the letter using Bobs public key –
He can’t
Bob decrypts the letter using his private key
11. 10/01/10 Technical presentation - Alex.C.P 11
Cryptography: Ensuring Identity -Digital Signature
Bob’s
Private
key
Bob’s
Public key
Bob writes message to Alice & encrypts with Bob’s private key
Alice uses Bob’s public key to decrypt it. If it gets decrypted it
means message is from Bob
12. 10/01/10 Technical presentation - Alex.C.P 12
Role of Trust
Secure use of cryptography requires trust.
Bob ? Can
you give me
your public
key
177
Impersonator Dave tricks Alice into
believing that she has Bob Key – Read on
to see what Dave can do next --
Hi !
Hi
Bob
Hi !
Contd…
Then Dave sends a message to Alice “Hi Alice – Our Date is off, too busy – Bob”
Then Dave meets Alice and asks her for a date
13. 10/01/10 Technical presentation - Alex.C.P 13
Role of Trust
Digital Certificate
Hi , Here is
my Public
Key and my
name is
Bob can
you certify
it pls
4
Ok, Can you
prove your ID
Verisign
Certified by
Verisign
+
Verisign Private
Key
=
1
2
3 Bob Shows his Driving License
14. 10/01/10 Technical presentation - Alex.C.P 14
Cryptography against Hackers
SSL, the e-commerce trust engine
SSL does two things:
• First, it encrypts the communication between client and server, so there
is no use in tapping the line and wait for the user to type in his secret password.
But - how can the user know that the web site, which asks him to type in his secret password actually belongs to you
and isn't an imitation meant to seduce him to disclose his password?
That's where the other purpose of SSL comes into play.
• The certificate, which is installed on the server in order to enable
SSL is supposed to be signed by a neutral 3rd party who vouches for
your identity
More details at How SSL Works also see browser settings for safe browsing
15. 10/01/10 Technical presentation - Alex.C.P 15
Trust Models used by cryptographic
schemes
Public Key Certificates and Certificate Authorities
Widely used in e-commerce applications. For purposes of electronic transactions, certificates
are digital documents. The specific functions of the certificate include:
▪ Establish identity: Associate, or bind, a public key to an individual, organization, corporate position, or other entity.
▪ Assign authority: Establish what actions the holder may or may not take based upon this certificate.
▪ Secure confidential information (e.g., encrypting the session's symmetric key for data confidentiality).
Typically, a certificate contains a public key, a name, an expiration date, the name of the authority that issued the certificate
The public key is transmitted as part of a certificate. The digital certificate is used to ensure that the submitted
public key is, in fact, the public key that belongs to the submitter. The client checks that the certificate has
been digitally signed by a certification authority (CA) that the client explicitly trusts.
A CA is a trusted authority that verifies the validity of the combination of entity name and public key in a certificate.
PGP Web of Trust
Is a widely used private e-mail scheme based on public key methods. A PGP user maintains a local key ring of all their known and trusted public keys.
The user makes their own determination about the trustworthiness of a key using what is called a "web of trust.“
If Alice needs Bob's public key, Alice can ask Bob for it in another e-mail or, in many cases, download the public key from an advertised server; this
server might be a well-known PGP key repository or a site that Bob maintains himself. Alice is prepared to believe that Bob's public key, as stored at these locations, is
valid.
Kerberos
Kerberos is a commonly used authentication scheme on the Internet . Kerberos employs a client/server architecture and provides user-to-server
authentication rather than host-to-host authentication. In this model, security and authentication will be based on secret key technology where every host on the network
has its own secret key.
16. 10/01/10 Technical presentation - Alex.C.P 16
Cryptography – Enabling Confidentiality
Confidentiality is the most common use of cryptographic algorithms – protecting
data from prying eyes while in transit over an insecure communications channel
like the Internet.
Once the sender has encrypted the message with the recipient's public key no one (not even the sender) can decrypt it without
access to the recipient's private key.
Confidentiality
Popular PKA Algorithms
RSA: Invented by Ronald Rivest, Adi Shamir, and Leonard Adleman of MIT.
RSA uses a variable size encryption block and a variable size key The key-pair is derived from a very large number, n, that is the
product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an
n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the
factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and
that is what makes the RSA algorithm so secure.
Diffie-Hellman: After the RSA algorithm was published, Diffie and Hellman came up with their own
algorithm. D-H is used for secret-key key exchange only, and not for authentication or digital signatures.
17. 10/01/10 Technical presentation - Alex.C.P 17
Cryptography- Ensuring Integrity
Popular Algorithms
Message Digest (MD) algorithms:MD2, MD4, MD5 A series of byte-oriented algorithms that produce a 128-bit hash
value from an arbitrary-length message.
Secure Hash Algorithm (SHA):. SHA-1 produces a 160-bit hash value
Integrity
Ensuring Integrity is the second most common use of cryptographic algorithms – ensuring that the data
transmitted between two parties is not tampered with intentionally or unintentionally.
18. 10/01/10 Technical presentation - Alex.C.P 18
Cryptography –
Hash function Cryptography
Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered
by an intruder or virus.
Compare
Compute hash token
Bob computes token again from Msg
Send Msg + token to Bob
Compare calculated and received tokens
19. 10/01/10 Technical presentation - Alex.C.P 19
AntivirusScanner
Computer Virus & Cryptography
encryption
(xor-ing the instructions with the key)
20. 10/01/10 Technical presentation - Alex.C.P 20
Cryptography against Virus
Technology of granular execution control, backed by strong cryptographic digital signatures, will go a
long way toward increasing the security of our systems in general.
LoveLetter virus (LOVE-LETTER-FOR-YOU.vbs)
A functioning granular execution control the LoveLetter virus would not have spread, because a piece of code would not have
been allowed to send out hundreds of copies of itself in electronic mail.
Similarly, a Win32 Trojan horse arriving at a victim's system would fail to install, since a random program signed by a stranger, or not signed
at all, would not be allowed to alter the registry, or install itself in the TCP/IP stack.
Downloading programs and comparing it with the MD5 values also helps in safeguarding.
21. 10/01/10 Technical presentation - Alex.C.P 21
Wrap up of popular algorithmsIP Security Protocol (IPsec)
(Psec was first proposed for use with IP version 6 (IPv6), but can also be
employed with the current IP version, IPv4. )
This is actually a bunch of RFC’s written in order to overcome the security
limitations of IPv4
Kerberos -A secret-key encryption and authentication system, designed to
authenticate requests for network resources within a user domain rather than to
authenticate messages. Kerberos also uses a trusted third-party approach; a
client communications with the Kerberos server to obtain "credentials" so that it
may access services at the application server
uses DES to generate keys and encrypt message
Message Digest Cipher (MDC) uses a one-way hash function into a block cipher.
Pretty Good Privacy (PGP)
PGP 5.x uses Diffie-Hellman for key management and digital signatures;
IDEA, CAST, or 3DES for message encryption; and MD5 or SHA for computing
the message's hash value.
Secure Hypertext Transfer Protocol (S-HTTP)
An extension to HTTP to provide secure exchange of documents over the World
Wide Web. Supported algorithms include RSA and Kerberos for key exchange,
DES for encryption
Secure Sockets Layer (SSL) -Developed by Netscape Communications to
provide application-independent security and privacy over the Internet. SSL is
designed so that protocols such as HTTP, FTP (File Transfer Protocol), and Telnet
can operate over it transparently.
RSA is used during negotiation to exchange keys and identify the actual
cryptographic algorithm (DES, IDEA, RC2, RC4, or 3DES) to use for the session.
SSL also uses MD5 for message digests and X.509 public-key certificates.
(Found to be breakable soon after the IETF announced formation of group to
work on TLS.)
Transport Layer Security (TLS) -IETF specification (RFC 2246) intended to
replace SSL.
Employs Triple-DES (secret key cryptography), SHA (hash), Diffie-Hellman (key
exchange), and DSS (digital signatures).
X.509 TU-T recommendation for the format of certificates for the public key
infrastructure. Certificates map (bind) a user identity to a public key. The IETF
application of X.509 certificates is documented in RFC 2459.
Secure Shell or SSH is a network protocol that allows data to be exchanged over
a secure channel between two computers. Encryption provides confidentiality and
integrity of data. SSH uses public-key cryptography to authenticate the remote
computer and allow the remote computer to authenticate the user, if necessary.
Uses Diffie-Hellman key exchange and strong integrity checking via message
authentication codes. (something like a hash function)
22. 10/01/10 Technical presentation - Alex.C.P 22
References
1. An Overview of Cryptography-http://www.garykessler.net/library/crypto.html#dhmath
2. Wikipedia -http://en.wikipedia.org/wiki/Main_Page
3. Cryptography basics for infosecurity managers-http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci936670,00.html
4. DAME -http://ftp.fortunaty.net/text/textfiles/virus/datut006.txt
5. Can Cryptography Prevent Computer Viruses? -http://www.research.ibm.com/antivirus/SciPapers/VB2000JFM.htm
6. The History of Computer Viruses -http://www.virus-scan-software.com/virus-scan-help/answers/the-history-of-computer-viruses.shtml
7. Linux vs. Windows Viruses -http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/
8. How SSL works -https://www.securetrust.com/resources/how-ssl-works
9. How SSL works - http://www.askdavetaylor.com/how_does_ssl_work.html
10. Cryptography Law Survey (in difft countries)- http://rechten.uvt.nl/koops/cryptolaw/
11. Digital Signature Law Survey -https://dsls.rechten.uvt.nl/
12. Practical Quantum Cryptography - http://www.youtube.com/watch?v=CKkqUR7FY0o&feature=related
13. Emerging Security Vulnerabilities & the Impact to Business -http://www.youtube.com/watch?v=QTfFCr4G0qA