A full review of Cyber security standards from the basics of encryption and hashing, through asymmetric encryption and Private/Public keys and TLS, to today's Authentication and Authorization methods with OAuth2 and OIDC.
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
A full review of Cyber security standards from the basics of encryption and hashing, through asymmetric encryption and Private/Public keys and TLS, to today's Authentication and Authorization methods with OAuth2 and OIDC.
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
Strong cryptography is the usage of systems or components that are considered highly resistant to cryptanalysis, the study of methods to cracking the codes. In this talk I would like to present the usage of strong cryptography in PHP. Security is a very important aspect of web applications especially when they manipulate data like passwords, credit card numbers, or sensitive data (as health, financial activities, sexual behavior or sexual orientation, social security numbers, etc). In particular I will present the extensions mcrypt, Hash, and OpenSSL that are been improved in the last version of PHP. These are the slides presented during my talk at PHP Dutch Conference 2011.
Security is a very important aspect of web applications. In order to protect sensitive data we should use cryptography. But cryptography means security? Absolutely not, especially if developers do not,especially if developers do not use it properly. In this talk I would like to present some best practices in PHP to implement secure cryptography using the extensions mcrypt, Hash and OpenSSL.
Does your application transmit customer information? Are there fields of sensitive customer data stored in your DB? Can your application be used on insecure networks? If so, you need a working knowledge of encryption and how to leverage Open Source APIs and libraries to make securing your data as easy as possible. Encryption is quickly becoming a developer’s new frontier of responsibility in many data-centric applications.
In today’s data-sensitive and news-sensationalizing world, don’t become the next headline by an inadvertent release of private customer or company data. Secure your persisted, transmitted and in-memory data and learn the terminology you’ll need to navigate the ecosystem of symmetric and public/private key encryption.
Devcon2 presentation about Embark and some of the upcoming features and goals in Embark 2.0
https://twitter.com/iurimatias
https://github.com/iurimatias/embark-framework
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
Cryptography for Absolute Beginners
Svetlin Nakov @ Sofia Science Festival, May 2019
Video (Bulgarian language): https://youtu.be/-QzFcUkM7_4
Blog: https://nakov.com/blog/2019/05/13/cryptography-for-absolute-beginners-nakov-at-sofia-science-festival-may-2019/
Strong cryptography is the usage of systems or components that are considered highly resistant to cryptanalysis, the study of methods to cracking the codes. In this talk I would like to present the usage of strong cryptography in PHP. Security is a very important aspect of web applications especially when they manipulate data like passwords, credit card numbers, or sensitive data (as health, financial activities, sexual behavior or sexual orientation, social security numbers, etc). In particular I will present the extensions mcrypt, Hash, and OpenSSL that are been improved in the last version of PHP. These are the slides presented during my talk at PHP Dutch Conference 2011.
Security is a very important aspect of web applications. In order to protect sensitive data we should use cryptography. But cryptography means security? Absolutely not, especially if developers do not,especially if developers do not use it properly. In this talk I would like to present some best practices in PHP to implement secure cryptography using the extensions mcrypt, Hash and OpenSSL.
Does your application transmit customer information? Are there fields of sensitive customer data stored in your DB? Can your application be used on insecure networks? If so, you need a working knowledge of encryption and how to leverage Open Source APIs and libraries to make securing your data as easy as possible. Encryption is quickly becoming a developer’s new frontier of responsibility in many data-centric applications.
In today’s data-sensitive and news-sensationalizing world, don’t become the next headline by an inadvertent release of private customer or company data. Secure your persisted, transmitted and in-memory data and learn the terminology you’ll need to navigate the ecosystem of symmetric and public/private key encryption.
Devcon2 presentation about Embark and some of the upcoming features and goals in Embark 2.0
https://twitter.com/iurimatias
https://github.com/iurimatias/embark-framework
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
Cryptography for Absolute Beginners
Svetlin Nakov @ Sofia Science Festival, May 2019
Video (Bulgarian language): https://youtu.be/-QzFcUkM7_4
Blog: https://nakov.com/blog/2019/05/13/cryptography-for-absolute-beginners-nakov-at-sofia-science-festival-may-2019/
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise.
We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Encryption Deep Dive: Randomness, Entropy, RNG, PRNG, AES, AES Operational Modes, Data Rotations, Java Encryption APIs, Tradeoffs, challenges, Envelope Encryption, KMS, and much more on all things encryption.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Launch Your Streaming Platforms in MinutesRoshan Dwivedi
The claim of launching a streaming platform in minutes might be a bit of an exaggeration, but there are services that can significantly streamline the process. Here's a breakdown:
Pros of Speedy Streaming Platform Launch Services:
No coding required: These services often use drag-and-drop interfaces or pre-built templates, eliminating the need for programming knowledge.
Faster setup: Compared to building from scratch, these platforms can get you up and running much quicker.
All-in-one solutions: Many services offer features like content management systems (CMS), video players, and monetization tools, reducing the need for multiple integrations.
Things to Consider:
Limited customization: These platforms may offer less flexibility in design and functionality compared to custom-built solutions.
Scalability: As your audience grows, you might need to upgrade to a more robust platform or encounter limitations with the "quick launch" option.
Features: Carefully evaluate which features are included and if they meet your specific needs (e.g., live streaming, subscription options).
Examples of Services for Launching Streaming Platforms:
Muvi [muvi com]
Uscreen [usencreen tv]
Alternatives to Consider:
Existing Streaming platforms: Platforms like YouTube or Twitch might be suitable for basic streaming needs, though monetization options might be limited.
Custom Development: While more time-consuming, custom development offers the most control and flexibility for your platform.
Overall, launching a streaming platform in minutes might not be entirely realistic, but these services can significantly speed up the process compared to building from scratch. Carefully consider your needs and budget when choosing the best option for you.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
7. ◦ Invented by Leon Battista in 1467
◦ Uses multiple alphabets (polyalphabetic)
◦ Circumvents frequency analysis
A T T A C K A T D A W N
L E M O N L E M O N L E
L X F O P V E F R N H R
Vigenère cipher
14. One time pad
◦ If and only if:
◦ Key length >= Source text
◦ Key is generated randomly
◦ Any key is used only once
◦ Only sender and receiver have key
15. One time function
Source T H I S I S S E C R E T
Position 20 8 9 19 9 19 19 5 3 18 5 20
KEY X V H E U W N O P G D L
+ 23 21 7 4 20 22 13 14 15 6 3 12
Result 43 29 16 23 29 41 32 19 18 24 8 32
Mod 26 17 3 16 23 3 15 6 19 18 24 8 6
Ciphertext R D Q X D P G T S Y 9 G
16.
17. Disadvantages
One time pad
Works fine in some use cases (pen &
paper)
1 GB file requires 1 GB random key
No access to true random input
Key can only be used once, how to
guarantee
18. Semantic
security
Shorter key
Pseudo random generator
Ciphers for varying message length
Safe enough for vast amount of computing power
Practical encryption != Mathematical safe
20. Middle Squares
method
◦ Take random input number (11)
◦ Square number (11 * 11 = 121)
◦ Select # middle chars (0121)
◦ add trailing zero if needed
◦ Square those (12 * 12 = 144)
◦ Repeat until key is long enough
21. ATTACK AT NOON
◦ Key needed consisting of 12 chars (spaces removed)
Sum Outcome Key Length PRG key
11 * 11 0121 12 2
12 * 12 0144 1214 4
14 * 14 0196 121419 6
19 * 19 0361 12141936 8
36 * 36 1296 1214193629 10
84 * 84 7056 121419362905 12
Position 1 2 3 4 5 6 7 8 9 10 11 12
Input A T T A C K A T N O O N
Key 1 2 1 4 1 9 3 6 2 9 0 5
23. Nonce
◦ Cipher algorithm that uses a Nonce next
to a Seed
◦ Seed * Nonce => ~Cipher text
◦ Reuse key because s1*n0 != s1*n1
◦ IV = Initialization Vector, example of
Nonce
◦ In WPA Nonce reuse was predictable
24. C M V H
F R O M M O L L Y
Position 6 18 15 13 13 15 12 12 25
KEY X V H U W N O P G
+ 23 21 7 20 22 13 14 15 6
Result 29 39 22 33 35 28 26 27 31
Mod 26 3 13 22 7 9 2 0 1 5
Ciphertext C M V H J C A B X
F R O M A L I C E
Position 6 18 15 13 1 12 9 3 5
KEY D B J E L L M W A
+ 4 2 10 13 1 12 9 3 5
Result 10 20 25 26 2 24 18 6 10
Mod 26 10 20 25 0 2 24 18 6 10
Ciphertext K U Z A C Y S G K
C Y S G KK U Z A
J C A B X
26. Checksum
◦ Based on hash function
◦ Small change in input, totally different
output
◦ Sender embeds a checksum in encrypted
message
◦ Receiver checks if he can reproduce the
checksum
30. Elliptic Curve
◦ Safer then RSA
◦ y2 = x3 + ax + b
◦ Bitcoin uses it
◦ SSL can use it
30
31.
32. Quantum computing
◦ Sohr‘s algorithm mid 90’s showed RSA is vulnerable
◦ ECC even more vulnerable
◦ To guess Private key in reasonable amount of time few thousand qubits needed
◦ Currently best Quantum computer has 20-50 qubits
◦ Supersingular Isogeny Diffie-Hellman is post-quantum secure
35. Mixing service & Onion Routing
◦ Implemented in TOR (The Onion Router)
◦ Alice want to send message to Bob’s forum anonymously
◦ Use proxy Carol ( A -> C -> B )
◦ Share a key with Carol and send cyphertext
◦ Use mixing service
36. Peeling the onion
◦ Use Multiple mixing services
◦ c1 := E(kd,m))
◦ c2 := E(kc, E(kd,m))
◦ Adding routing info: c2 := E(kc, <David, c1>) where c1 := E(kd, <Bob,m>)
◦ Carol doesn’t know she’s the entry point / Alice is a sender
39. Exploiting multiplication to hide
information and verify ownership
Credit: https://medium.com/beam-mw/mimblewimble-explained-like-youre-12-d779a5bb483d
42. Schnorr Signatures
◦ Bitcoin uses script which signs several tx inputs for a single tx
◦ Signatures take up a lot of space.
◦ Schnorr allows aggregating signatures like:
◦ Output 1 -> ~Input A = Sig 1000
◦ Output 2 -> Input A= Sig 5000
◦ Just store 15000 (10000+15000)
◦ This enables scriptless transactions!
Image: https://bitcoinmagazine.com/articles/scriptless-scripts-how-bitcoin-can-support-smart-contracts-without-smart-contracts/
43. Scriptless scripts
◦ Smart contracts without use of a script
◦ No one can see the smart contract
◦ In this year maybe implemented in bitcoin
44. Unlock song with signature
Schnorr 8000
Schnorr 7000
Initiate transaction
Schnorr 1000
Zero knowledge proof
Calculate Song Schnorr 7000
Schnorr 8000
Finish transaction (streamer Schnorr)
45. Recommended
Reading
Dan Boney & Victor Shoup, A Graduate Course in Applied Cryptography
(September 2017, v0.4). https://crypto.stanford.edu/~dabo/cryptobook/
Applications of Modern Cryptography Technologies, applications and choices
(SURFNet, 2010)
https://www.surf.nl/binaries/content/assets/surf/en/knowledgebase/2010/rapport_20
1009_SNcryptoWEB.pdf
Decrypted secrets. Methods & Maixms of Cryptology byF.L Bauer. (2007).
Bitcoin magazine (November 2017)
https://bitcoinmagazine.com/articles/scriptless-scripts-how-bitcoin-can-support-
smart-contracts-without-smart-contracts/
https://medium.com/beam-mw/mimblewimble-explained-like-youre-12-
d779a5bb483d
46. Crypto erasure
◦ GDPR (AVG) requires option to erase all data (right to be forgotten)
◦ But how to keep track?
◦ And what if system crashes because record is deleted (in event sourcing
for instance)
◦ Crypto erasure, safe all sensitive records encrypted in data store.
◦ Just throw away key if you want to erase all data related to person x
47. Commitment Scheme
◦ Alice & Bob going on a date, but which movie to pick?
◦ Coin flip
◦ Bob make a choice (bit commitment), send to Alice
◦ Coin is flipped, outcome is known to Alice & Bob
◦ Alice can now open envelope