1) Side channel cryptanalysis involves extracting secret information from physical signals emitted by cryptographic devices, such as electromagnetic radiation, temperature changes, timing information, etc.
2) Historically, side channel attacks have been used since the late 19th century but were primarily the domain of intelligence agencies until the 1990s when academics began contributing methods.
3) Popular side channel attacks include electromagnetic analysis to recover signals from EM emissions, timing attacks that analyze cryptographic operation timing variations, power analysis of power consumption patterns, and fault injection attacks that disturb cryptographic computations.
This document provides modern job search tactics and strategies. It recommends writing a great resume that highlights achievements rather than job descriptions, and posting it online but not using it to directly apply for jobs. It also suggests asking for specific help from your network rather than generally informing them you're looking. Finally, it emphasizes building an online reputation through consistent branding across profiles and participating in industry forums.
William Shakespeare was an English poet and playwright best known for his tragedies such as Hamlet, which he wrote between 1599-1601. His works have had a huge influence on language, movies, TV shows, novels and poetry. Shakespeare remains relevant today because his plays touch on universal themes of love, friendship and revenge and feature complex, human characters through memorable quotes.
This document outlines the goals and procedures of the OSG Security team. It discusses operational security through vulnerability identification, fire drills to test readiness, and educating members. The document describes how to report security incidents and software vulnerabilities. It provides information on OSG certificates and the registration and approval process. Upcoming fire drills are mentioned to test jobs submitted through Glide-in WMS. Finally, it notes security tools and packages provided like CA cert bundles and Pakiti vulnerability database.
William Shakespeare was an English poet and playwright best known for his tragedies such as Hamlet. His works from the late 16th and early 17th centuries have had a significant influence on English language and culture by expanding vocabulary, introducing new concepts and structures, and influencing many later authors. Shakespeare remains relevant today because his plays touch on universal themes of human nature and include memorable characters and quotations.
This document provides tips and guidelines for preparing for a US student visa interview. It emphasizes being well-prepared by researching common interview questions and one's own application details. Key recommendations include dressing professionally, maintaining eye contact with the officer, giving concise answers, and exhibiting confidence. Applicants should be ready to explain their need for the visa program, financial support plans, and intentions to return home after completing their education. Overall preparation, documentation, and positive attitude are emphasized as important factors for a successful interview.
The document provides tips for job seekers who are currently employed on how to conduct a job search. It recommends laying the groundwork by polishing your online presence, making yourself more visible through blogging or industry discussions, and helping others in your network. It also suggests taking on high-profile work projects and learning new skills to build your resume while also participating in industry organizations to gain valuable contacts. Finally, it stresses the importance of staying professional by managing your search on your own time, continuing to perform well, and giving proper notice to protect your reputation.
This document outlines examination guidelines for California Prep International School. It defines key terms like student, invigilator, and examination room. It specifies which rooms will be used for paper-based and computer-based exams. Students must arrive on time, are assigned seating, and need their ID number. Exam materials like calculators and dictionaries may be permitted depending on the teacher. Proper behavior is expected, which includes being quiet, not cheating, and switching off phones. Students who need assistance should raise their hand.
1) Side channel cryptanalysis involves extracting secret information from physical signals emitted by cryptographic devices, such as electromagnetic radiation, temperature changes, timing information, etc.
2) Historically, side channel attacks have been used since the late 19th century but were primarily the domain of intelligence agencies until the 1990s when academics began contributing methods.
3) Popular side channel attacks include electromagnetic analysis to recover signals from EM emissions, timing attacks that analyze cryptographic operation timing variations, power analysis of power consumption patterns, and fault injection attacks that disturb cryptographic computations.
This document provides modern job search tactics and strategies. It recommends writing a great resume that highlights achievements rather than job descriptions, and posting it online but not using it to directly apply for jobs. It also suggests asking for specific help from your network rather than generally informing them you're looking. Finally, it emphasizes building an online reputation through consistent branding across profiles and participating in industry forums.
William Shakespeare was an English poet and playwright best known for his tragedies such as Hamlet, which he wrote between 1599-1601. His works have had a huge influence on language, movies, TV shows, novels and poetry. Shakespeare remains relevant today because his plays touch on universal themes of love, friendship and revenge and feature complex, human characters through memorable quotes.
This document outlines the goals and procedures of the OSG Security team. It discusses operational security through vulnerability identification, fire drills to test readiness, and educating members. The document describes how to report security incidents and software vulnerabilities. It provides information on OSG certificates and the registration and approval process. Upcoming fire drills are mentioned to test jobs submitted through Glide-in WMS. Finally, it notes security tools and packages provided like CA cert bundles and Pakiti vulnerability database.
William Shakespeare was an English poet and playwright best known for his tragedies such as Hamlet. His works from the late 16th and early 17th centuries have had a significant influence on English language and culture by expanding vocabulary, introducing new concepts and structures, and influencing many later authors. Shakespeare remains relevant today because his plays touch on universal themes of human nature and include memorable characters and quotations.
This document provides tips and guidelines for preparing for a US student visa interview. It emphasizes being well-prepared by researching common interview questions and one's own application details. Key recommendations include dressing professionally, maintaining eye contact with the officer, giving concise answers, and exhibiting confidence. Applicants should be ready to explain their need for the visa program, financial support plans, and intentions to return home after completing their education. Overall preparation, documentation, and positive attitude are emphasized as important factors for a successful interview.
The document provides tips for job seekers who are currently employed on how to conduct a job search. It recommends laying the groundwork by polishing your online presence, making yourself more visible through blogging or industry discussions, and helping others in your network. It also suggests taking on high-profile work projects and learning new skills to build your resume while also participating in industry organizations to gain valuable contacts. Finally, it stresses the importance of staying professional by managing your search on your own time, continuing to perform well, and giving proper notice to protect your reputation.
This document outlines examination guidelines for California Prep International School. It defines key terms like student, invigilator, and examination room. It specifies which rooms will be used for paper-based and computer-based exams. Students must arrive on time, are assigned seating, and need their ID number. Exam materials like calculators and dictionaries may be permitted depending on the teacher. Proper behavior is expected, which includes being quiet, not cheating, and switching off phones. Students who need assistance should raise their hand.
This document provides a self-study course in block-cipher cryptanalysis organized by Schneier. It lists published block cipher algorithms and cryptanalyses in order of type and difficulty for students to attempt to reproduce published attacks. The goal is for students to gain experience breaking algorithms on their own to learn cryptanalysis techniques. Schneier provides background readings and guides students through lessons involving different attacks like differential and linear cryptanalysis against algorithms like DES, FEAL, and others.
This document summarizes a talk on proxy cryptography given by Anca-Andreea Ivan and Yevgeniy Dodis at NDSS 2003. It introduces the problem of allowing one party (Bob) to decrypt ciphertexts or sign messages on behalf of another party (Alice) without knowing Alice's secret key. This is achieved using a third party (Escrow) and proxy functions. The talk aims to formally define proxy functions and construct simple schemes satisfying the definitions. It outlines related work and compares the authors' formal approach to previous work. It then defines unidirectional and bidirectional proxy functions for both encryption and signatures and presents generic and specialized constructions satisfying security definitions.
The document discusses using social media for recruiting. It notes that social media usage is widespread and many companies have successfully hired candidates through social platforms. It provides tips for implementing a social recruiting strategy, including designating community managers, having an authentic communication plan, and utilizing current employees as brand ambassadors. The document emphasizes that social media should enhance, not replace, existing recruiting strategies and that new tools need to be part of a well-designed strategy rather than seen as the strategy itself.
The document discusses how social media is becoming increasingly important for recruiting and retaining talent. It provides statistics on social media usage and notes that many companies are successfully using social platforms like Facebook and Twitter to find candidates. The document then offers ideas for how companies can utilize social media in their recruiting strategies, such as by empowering current employees to act as brand ambassadors and referring potential candidates from their own social networks. It emphasizes that having clear social media policies and guidelines can help employees feel more comfortable engaging on these platforms.
This document discusses cache-based side channel attacks and proposes new cache designs to prevent them. It begins with an introduction to side channel attacks and two examples: an RSA attack using cache interference and an AES attack analyzing computation times. It then proposes two new cache architectures: a partitioned locked cache that isolates sensitive processes and a randomly permuting cache that obscures which cache lines are evicted. The models are evaluated using an OpenSSL AES implementation, finding the proposed designs prevent attacks with minimal performance overhead.
The document provides an overview of the four components of the IELTS exam - Listening, Reading, Writing and Speaking. It describes the format and timing of each section, the types of questions asked, and strategies for completing each part successfully. The Listening section involves understanding spoken dialogues and monologues on a variety of topics. Reading consists of multiple choice questions and short answers about passages on academic subjects. Writing includes describing a diagram and supporting an opinion on a topic. Speaking assesses oral communication skills through an interview. Effective preparation requires practicing each section, analyzing questions, finding key details, and managing time well.
The document summarizes the format of the IELTS exam, which tests English proficiency in listening, reading, writing and speaking. It is available in two formats: Academic, for university entrance, or General Training. All candidates take the same Listening and Speaking modules, but the Reading and Writing sections differ between formats. The Listening, Reading and Writing tests are completed in one day, while Speaking can be scheduled separately. Each section is then described in 1-3 sentences outlining the key contents and time limits.
Best and effective strategis for IELTS PreparatiuonLord Robin
This study investigated the relationship between Iranian test-takers' use of cognitive and metacognitive strategies and their performance on the reading section of the IELTS exam. 60 Iranian EFL learners completed a sample IELTS reading test and a questionnaire about their cognitive and metacognitive strategy use while taking the test. The results showed a strong positive correlation between strategy use and reading test performance. No significant differences were found in strategy use between male and female test-takers. The findings suggest cognitive and metacognitive strategies are important for performance on the IELTS reading section.
The document provides examples of model answers for IELTS writing tasks 1 and 2. It includes 10 sample writing tasks with graphs or charts and model answers summarizing the key information in 3 sentences or less. The writing samples cover a variety of topics including population data, export levels, consumer behavior, and unemployment rates. The model answers concisely summarize trends, comparisons between data sets, peaks and valleys, and overall implications.
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Triandopoulos of RSA Laboratories and catherine Hart and Ari Juels of Bell Canada
The document discusses mobile device security concerns for enterprises and proposes a solution using Good Technology's mobile device management platform. It outlines key security risks like protecting confidential data and access. The proposed solution would allow centralized management of various mobile platforms through Good while leveraging existing Exchange and Blackberry investments. It compares the costs and architecture of Good Technology to the existing Blackberry Enterprise Server solution, finding Good Technology more cost effective. The document also discusses business, legal and privacy considerations of the proposed employee-owned mobile device policy.
Mark K. Mellis of Stanford University's Information Security Office gave a briefing on securing mobile devices. He discussed risks of loss, theft, or spying of mobile devices and tips for using passcodes, updating software, backups, and encryption. If a device is lost or stolen, he recommends immediately changing network passwords and potentially wiping the device remotely if it is enrolled in Stanford's Mobile Device Management program.
IBM Security Strategy Intelligence, Integration and Expertise
by Marc van Zadelhoff, VP, WW Strategy and Product Management and Joe Ruthven IBM MEA Security Leader
This document discusses the challenges that big data poses for cybersecurity. It notes that the volume, variety, and velocity of data has increased dramatically due to factors like the growth of the internet and consumer technology. This has led to unprecedented growth in cyber threats that security companies must address. The document argues that successfully protecting users requires efficiently processing big data to generate intelligence through techniques like specialized search algorithms, machine learning, and analyzing relationships in the data. It maintains that a combination of automated analysis and human insight is needed to understand the evolving threat landscape.
This document outlines the top 10 big data security and privacy challenges as identified by the Cloud Security Alliance. It discusses each challenge in terms of use cases. The challenges are: 1) secure computations in distributed programming frameworks, 2) security best practices for non-relational data stores, 3) secure data storage and transaction logs, 4) end-point input validation/filtering, 5) real-time security/compliance monitoring, 6) scalable and composable privacy-preserving data mining and analytics, 7) cryptographically enforced access control and secure communication, 8) granular access control, 9) granular audits, and 10) data provenance. Each challenge is described briefly and accompanied by example use cases.
The document discusses big data analysis and provides an introduction to key concepts. It is divided into three parts: Part 1 introduces big data and Hadoop, the open-source software framework for storing and processing large datasets. Part 2 provides a very quick introduction to understanding data and analyzing data, intended for those new to the topic. Part 3 discusses concepts and references to use cases for big data analysis in the airline industry, intended for more advanced readers. The document aims to familiarize business and management users with big data analysis terms and thinking processes for formulating analytical questions to address business problems.
This document provides an overview of public key infrastructure (PKI). It discusses how PKI uses public key cryptography and digital certificates to securely distribute public keys. A PKI relies on certificate authorities (CAs) to issue and revoke certificates binding public keys to their owners. It also discusses the roles of CAs, registration authorities, repositories, and clients in a PKI. The document outlines how standards bodies are working to develop PKI standards and the need for testing interoperability between PKI components. It notes that while PKI can support some applications today, a global public key infrastructure is not yet achievable and full interoperability has not been established.
The document provides an overview of public key infrastructure (PKI) and how it works. It explains foundational concepts like encryption, authentication, and digital signatures. It then discusses how PKI enables the use of public/private key cryptography to securely distribute keys and authenticate parties through the use of digital certificates verified by a certificate authority. The document covers common algorithms like RSA, ECC, AES, and hash functions and provides recommendations around implementing and securing a PKI.
This document discusses public key infrastructures (PKI) and their components. It describes how PKI can enable secure communication, notarization, time-stamping, non-repudiation, and privilege management through the use of certificates, digital signatures, and trusted third parties. It also outlines some of the pitfalls of PKI, such as key compromises, difficulties with revocation, and human errors in certificate validation. Finally, it examines the technical details of how certificates, certification authorities, certificate paths, and trust models function within a PKI.
This document provides an introduction to distributed security concepts and public key infrastructure (PKI). It describes different methods of remote access computing including single sign-on using Kerberos or NIS. It also discusses security building blocks like encryption, digital signatures, and hash algorithms. The document outlines the key elements of PKI including certificate authorities, public/private key pairs, identity certificates, and LDAP servers. It provides details on SSL/TLS and the SSL handshake process.
The Open Science Grid (OSG) is a collaboration between scientific communities, universities, and laboratories to operate a shared high-performance computing infrastructure. The OSG provides common software, security, and services to enable distributed computing across contributed resources. It supports over 30 user communities, including physics experiments like ATLAS and LIGO. The OSG aims to make scientific research more effective by stimulating new computational approaches and building expertise for future distributed computing. It faces challenges in sustaining resources, ensuring security and software evolution, optimizing resource sharing, and maintaining community collaboration at its large scale.
This document provides a self-study course in block-cipher cryptanalysis organized by Schneier. It lists published block cipher algorithms and cryptanalyses in order of type and difficulty for students to attempt to reproduce published attacks. The goal is for students to gain experience breaking algorithms on their own to learn cryptanalysis techniques. Schneier provides background readings and guides students through lessons involving different attacks like differential and linear cryptanalysis against algorithms like DES, FEAL, and others.
This document summarizes a talk on proxy cryptography given by Anca-Andreea Ivan and Yevgeniy Dodis at NDSS 2003. It introduces the problem of allowing one party (Bob) to decrypt ciphertexts or sign messages on behalf of another party (Alice) without knowing Alice's secret key. This is achieved using a third party (Escrow) and proxy functions. The talk aims to formally define proxy functions and construct simple schemes satisfying the definitions. It outlines related work and compares the authors' formal approach to previous work. It then defines unidirectional and bidirectional proxy functions for both encryption and signatures and presents generic and specialized constructions satisfying security definitions.
The document discusses using social media for recruiting. It notes that social media usage is widespread and many companies have successfully hired candidates through social platforms. It provides tips for implementing a social recruiting strategy, including designating community managers, having an authentic communication plan, and utilizing current employees as brand ambassadors. The document emphasizes that social media should enhance, not replace, existing recruiting strategies and that new tools need to be part of a well-designed strategy rather than seen as the strategy itself.
The document discusses how social media is becoming increasingly important for recruiting and retaining talent. It provides statistics on social media usage and notes that many companies are successfully using social platforms like Facebook and Twitter to find candidates. The document then offers ideas for how companies can utilize social media in their recruiting strategies, such as by empowering current employees to act as brand ambassadors and referring potential candidates from their own social networks. It emphasizes that having clear social media policies and guidelines can help employees feel more comfortable engaging on these platforms.
This document discusses cache-based side channel attacks and proposes new cache designs to prevent them. It begins with an introduction to side channel attacks and two examples: an RSA attack using cache interference and an AES attack analyzing computation times. It then proposes two new cache architectures: a partitioned locked cache that isolates sensitive processes and a randomly permuting cache that obscures which cache lines are evicted. The models are evaluated using an OpenSSL AES implementation, finding the proposed designs prevent attacks with minimal performance overhead.
The document provides an overview of the four components of the IELTS exam - Listening, Reading, Writing and Speaking. It describes the format and timing of each section, the types of questions asked, and strategies for completing each part successfully. The Listening section involves understanding spoken dialogues and monologues on a variety of topics. Reading consists of multiple choice questions and short answers about passages on academic subjects. Writing includes describing a diagram and supporting an opinion on a topic. Speaking assesses oral communication skills through an interview. Effective preparation requires practicing each section, analyzing questions, finding key details, and managing time well.
The document summarizes the format of the IELTS exam, which tests English proficiency in listening, reading, writing and speaking. It is available in two formats: Academic, for university entrance, or General Training. All candidates take the same Listening and Speaking modules, but the Reading and Writing sections differ between formats. The Listening, Reading and Writing tests are completed in one day, while Speaking can be scheduled separately. Each section is then described in 1-3 sentences outlining the key contents and time limits.
Best and effective strategis for IELTS PreparatiuonLord Robin
This study investigated the relationship between Iranian test-takers' use of cognitive and metacognitive strategies and their performance on the reading section of the IELTS exam. 60 Iranian EFL learners completed a sample IELTS reading test and a questionnaire about their cognitive and metacognitive strategy use while taking the test. The results showed a strong positive correlation between strategy use and reading test performance. No significant differences were found in strategy use between male and female test-takers. The findings suggest cognitive and metacognitive strategies are important for performance on the IELTS reading section.
The document provides examples of model answers for IELTS writing tasks 1 and 2. It includes 10 sample writing tasks with graphs or charts and model answers summarizing the key information in 3 sentences or less. The writing samples cover a variety of topics including population data, export levels, consumer behavior, and unemployment rates. The model answers concisely summarize trends, comparisons between data sets, peaks and valleys, and overall implications.
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Triandopoulos of RSA Laboratories and catherine Hart and Ari Juels of Bell Canada
The document discusses mobile device security concerns for enterprises and proposes a solution using Good Technology's mobile device management platform. It outlines key security risks like protecting confidential data and access. The proposed solution would allow centralized management of various mobile platforms through Good while leveraging existing Exchange and Blackberry investments. It compares the costs and architecture of Good Technology to the existing Blackberry Enterprise Server solution, finding Good Technology more cost effective. The document also discusses business, legal and privacy considerations of the proposed employee-owned mobile device policy.
Mark K. Mellis of Stanford University's Information Security Office gave a briefing on securing mobile devices. He discussed risks of loss, theft, or spying of mobile devices and tips for using passcodes, updating software, backups, and encryption. If a device is lost or stolen, he recommends immediately changing network passwords and potentially wiping the device remotely if it is enrolled in Stanford's Mobile Device Management program.
IBM Security Strategy Intelligence, Integration and Expertise
by Marc van Zadelhoff, VP, WW Strategy and Product Management and Joe Ruthven IBM MEA Security Leader
This document discusses the challenges that big data poses for cybersecurity. It notes that the volume, variety, and velocity of data has increased dramatically due to factors like the growth of the internet and consumer technology. This has led to unprecedented growth in cyber threats that security companies must address. The document argues that successfully protecting users requires efficiently processing big data to generate intelligence through techniques like specialized search algorithms, machine learning, and analyzing relationships in the data. It maintains that a combination of automated analysis and human insight is needed to understand the evolving threat landscape.
This document outlines the top 10 big data security and privacy challenges as identified by the Cloud Security Alliance. It discusses each challenge in terms of use cases. The challenges are: 1) secure computations in distributed programming frameworks, 2) security best practices for non-relational data stores, 3) secure data storage and transaction logs, 4) end-point input validation/filtering, 5) real-time security/compliance monitoring, 6) scalable and composable privacy-preserving data mining and analytics, 7) cryptographically enforced access control and secure communication, 8) granular access control, 9) granular audits, and 10) data provenance. Each challenge is described briefly and accompanied by example use cases.
The document discusses big data analysis and provides an introduction to key concepts. It is divided into three parts: Part 1 introduces big data and Hadoop, the open-source software framework for storing and processing large datasets. Part 2 provides a very quick introduction to understanding data and analyzing data, intended for those new to the topic. Part 3 discusses concepts and references to use cases for big data analysis in the airline industry, intended for more advanced readers. The document aims to familiarize business and management users with big data analysis terms and thinking processes for formulating analytical questions to address business problems.
This document provides an overview of public key infrastructure (PKI). It discusses how PKI uses public key cryptography and digital certificates to securely distribute public keys. A PKI relies on certificate authorities (CAs) to issue and revoke certificates binding public keys to their owners. It also discusses the roles of CAs, registration authorities, repositories, and clients in a PKI. The document outlines how standards bodies are working to develop PKI standards and the need for testing interoperability between PKI components. It notes that while PKI can support some applications today, a global public key infrastructure is not yet achievable and full interoperability has not been established.
The document provides an overview of public key infrastructure (PKI) and how it works. It explains foundational concepts like encryption, authentication, and digital signatures. It then discusses how PKI enables the use of public/private key cryptography to securely distribute keys and authenticate parties through the use of digital certificates verified by a certificate authority. The document covers common algorithms like RSA, ECC, AES, and hash functions and provides recommendations around implementing and securing a PKI.
This document discusses public key infrastructures (PKI) and their components. It describes how PKI can enable secure communication, notarization, time-stamping, non-repudiation, and privilege management through the use of certificates, digital signatures, and trusted third parties. It also outlines some of the pitfalls of PKI, such as key compromises, difficulties with revocation, and human errors in certificate validation. Finally, it examines the technical details of how certificates, certification authorities, certificate paths, and trust models function within a PKI.
This document provides an introduction to distributed security concepts and public key infrastructure (PKI). It describes different methods of remote access computing including single sign-on using Kerberos or NIS. It also discusses security building blocks like encryption, digital signatures, and hash algorithms. The document outlines the key elements of PKI including certificate authorities, public/private key pairs, identity certificates, and LDAP servers. It provides details on SSL/TLS and the SSL handshake process.
The Open Science Grid (OSG) is a collaboration between scientific communities, universities, and laboratories to operate a shared high-performance computing infrastructure. The OSG provides common software, security, and services to enable distributed computing across contributed resources. It supports over 30 user communities, including physics experiments like ATLAS and LIGO. The OSG aims to make scientific research more effective by stimulating new computational approaches and building expertise for future distributed computing. It faces challenges in sustaining resources, ensuring security and software evolution, optimizing resource sharing, and maintaining community collaboration at its large scale.
The Open Science Grid Consortium aims to build a sustainable national production Grid infrastructure in the United States that will support scientific collaborations. It will build upon existing Grid infrastructures like Grid3 and SAMGrid by integrating distributed computing facilities at laboratories and universities. The Consortium plans to evolve this infrastructure to meet the long-term computational needs of the experimental physics community in the US, which will require increasing its scale, performance, and capabilities by an order of magnitude or more. It also seeks to accommodate the needs of other science partners by developing a flexible framework of services and ensuring the coherent operation of the whole system.
This document summarizes a presentation on grid security given at an Atlas Tier 2 meeting. It discusses the rapidly changing security environment with new federal guidelines, threats from attacks and vulnerabilities in middleware and applications. Recent security events from the past weeks are noted. The presentation emphasizes designing security into systems from the beginning through practices like mutual authentication, logging, and patching. Examples from SLAC's Atlas experience and a proposed updated user agreement policy are provided. The Open Science Grid security team and plans for security auditing, dynamic firewall ports, identity management and securing middleware are briefly outlined.
The document summarizes the security activities of the Open Science Grid (OSG). It discusses OSG's goals of enabling open science collaboration while maintaining security. OSG models its security operations on the NIST 800-53 guidelines and uses an integrated security management approach. Key activities include vulnerability management, inter-grid coordination, education and training, and an iterative process of assessing and improving controls. The overall aim is to support scientific research securely and without hindering open collaboration.
Andrew Hanushevsky gave a presentation on using xrootd proxies to provide scalable and secure remote access to data. Proxies allow clients outside a firewall to access data servers behind the firewall. Proxy clusters provide load balancing and redundancy. Authentication between proxies and servers can be handled through a security transformation that establishes a shared session key. This simplifies key management in large clustered systems and allows access across multiple firewalls. xrootd was designed with security in mind through features like support for security transforms and easy administration of clustered proxies.
The document summarizes a presentation given at the MWSG Meeting at Stanford Linear Accelerator Laboratory on June 5-6, 2006. The presentation discusses the Privilege Project, including its goals of delivering finer-grained authorization of processing resources, key achievements in deploying the authorization infrastructure, and current and future plans such as simplifying the architecture and extending privilege enforcement to network management.
The document describes several block ciphers including DES, AES (Rijndael), and others. It provides details on:
- DES such as its Feistel structure, S-boxes, modes of operation, and cryptanalysis techniques like differential and linear cryptanalysis.
- AES/Rijndael including its SPN structure, security and efficiency compared to Triple DES, and its selection as the AES standard over other finalists like Serpent and Twofish.
- Other block ciphers mentioning characteristics like linear and confusion layers.
More from Information Security Awareness Group (20)
2. Outline
• Generic Models
– Strict Authentication
– Non-Strict Authentication
• State of the Art
– Strict Authentication
– Non-Strict Authentication
• Design Issues
– Error Detection
– Error Correction
– Security
• Conclusions
3. Generic Models
• public key cryptosystem → digital signature → digital
•
signature-based image authentication
digital signature
– sender 가 hash function 을 이용 , original data 를 digest 로 만듬
– digest 를 sender 의 private key 로 encrypt 하여 signature 로 사
용
– signature 와 original information 을 같이 receiver 에게 보냄
– receiver 는 sender 의 public key 로 signature 를 decrypt
– decrypt 된 digest 와 받은 information 를 hash function 을 이용
하여 만든 digest 와 비교
– 일치하면 합법성과 무결성이 증명
5. • The plaintext is not limited to text file
– Original data → digital image
– Image 의 legitimacy 와 integrity 를 검증 가능
– 즉 , digital signature-based image authentication 을 뜻
함
• The hash function is a mathematical digest
function
– Image 의 1bit 만 바뀌어도 결과가 달라짐
– 즉 , image 의 무결성 검증이 가능
6. Strict Authentication
• digital signature-based strict authentication
–
–
–
–
–
–
–
h=H(I)
S=EKr(h)
M=I||S
h’=H(I’)
h^=DKp(S^)
If (h^ =h’) then (legitimacy 와 integrity 검증 )
일방성을 지님 (one-way property)
7. • encryption function-based strict authentication
–
–
–
–
sender 와 receiver 가 같은 key 를 공유
정직한 형태의 image authentication
cutting and pasting 과 같은 위조에 약함
message authentication code(MAC) 로 해결
8. • MAC-based strict authentication
– sender 와 receiver 가 같은 key 를 공유
– sender 가 image I 를 보낼 때 I 를 key 로 암호화한
MAC 와 함께 보냄
– receiver 는 받은 image I’ 을 sender 의 key 와 같은
key 로 암호화하여 MAC 와 비교
– “legitimate” forgery 는 피할 수 없음
9. Non Strict Authentication
• Non-strict authentication
–
–
–
–
–
–
–
–
C=fc(I)
S=EKr(C)
M=I||S
C’= fc(I’)
C^=DKu(S^)
d(C^, C’) → C^ 과 C’ 의 유사도
T → tolerable threshold
d(C^, C’) < T → legitimacy 와 integrity 검증
10. State of the Art
• Strict Authentication
– trustworthy digital camera
• Non-Strict Authentication
–
–
–
–
–
Feature-Based Methods
Edge-Based Methods
Mean-Based Methods
Relation-Based Methods
Structure-Based Methods
11. Strict Authentication
• 1993 년 Friedman 이 digital signature 와 digital
•
camera 를 연관시켜 “ trustworthy digital
camera” 를 제안
Original image 를 MD5 와 같은 cryptographic
algorithm 을 이용하여 해싱
– 원 영상의 1bit 만 틀어져도 인증이 안됨
– lossy compression 에 부적합
• Non strict-based authentication 으로 해결
12. • Trustworthy digital camera 의 동작
– Digital camera 로 영상 캡춰
– 캡춰한 image 를 해싱하여 private key 로 암호화 ,
digital signature 생성
– image 와 digital signature 를 함께 디스크에 저장
※ public key 는 camera 의 겉 표면과 image 의 테두리
에 표시되어 있음
13.
14. • Verification process of Friedman’s idea
– Verification software 를 이용 ( 공개 software)
– Verification software 의 동작
• Image 를 해싱
• Digital signature 를 camera 겉 표면에 나와있는 public key
로 복호화
• 두 개의 hash value 를 비교
• 일치하면 인증 완료
15.
16. Non Strict Authentication
• Schneider and Chang(1996) used content-based
•
•
data as the authentication code
Image feature 를 authentication 에 이용
Image feature is invariant
– Edge information, DCT coefficients, color, and
intensity histogram
• Schneider and Chang’s method 에서는 image 를
일정 블록으로 나누고 , 각 블록의 intensity
histogram 을 이용하여 authentication 을 구현
17. Feature-Based Methods
• large-size image 의 경우에는 signing procedure
•
•
•
가 오래 걸림 → Bhattacharjee and Kutter 가
scale interaction model 을 제안
보다 작은 크기의 feature 를 image 에서 추출
Mexican-Hat wavelets 를 사용
Algorithm
18. • Pij(·) 가 최대인 point 들을 feature point 로 이용
– 단 , 인접 픽셀과의 변화가 threshold 보다 크면 이
용
– featureless 한 region 의 최대값을 제거하기 위함
• feature point 들의 가로 좌표와 세로 좌표를
•
•
string 의 형태로 바꿈
좌표 값의 string 을 암호화하여 signature 를 생
성
Authentication
– Image A 의 feature set 와 image B 의 signature 를 복
호화 한 것과 비교하여 검증함
19. Edge-Based Methods
• Edge 는 image 에 대한 강력한 content feature
•
•
•
•
임
일반적인 image 에서는 edge 의 위치 계산에서
큰 overhead 를 초래
Li, Lou and Liu(2003) 가 binary map 을 이용하
여 overhead 를 해결
그러나 high compression 에 의해 edge 가 변화
하는 문제가 존재
Queluz(2001) 가 해결 방안을 제시
20. Process of edge extraction proposed by Queluz(2001)
Feature extraction : CI=E(I)
Binary edge pattern : EPCI=f(CI)
Feature code : VLC(EPCI)
21. Process of edge integrity evaluation proposed by Queluz(2001)
Extract feature : CT=E(T), EPCT=f(CT)
Extract Binary pattern : EPCI=Decompress(VLC(EPCI))
Check EPCI = EPCT
22. Mean-Based Methods
• Mean 을 이용하는 것은 단순하고 실용적임
• Lou and Liu(2000) 가 mean-based feature code
생성 algorithm 을 제안
– Image 를 non-overlapping 한 block 으로 나눔
– 각 block 에 대한 mean 을 계산하고 양자화 함
– Entropy encoding 으로 compress
23. (a) : 256 × 256 의 original image
(b) : block 에 대한 mean 을 계산한 이미지 맵
(c) : 16 단계로 양자화 한 결과
24. • Verification process
– 받은 image 의 mean 테이블을 구하여 양자화
– 양자화 된 code 와 original quantized code 를 이용하
여 comparison algorithm 수행 → binary error map
생성
– binary error map 으로 검증
• 1 이면 match
• 0 이면 mismatch
25. Relation-Based Methods
• Lin and Chang(1998, 2001) 이 SARI 를 제안
• SARI
– Image 를 8×8 의 겹치지 않는 N 개의 block 들로 나
눔
– 각 block 들을 DCT 변환
– 변환된 DCT block 들을 두 개의 그룹으로 나눔
– Secret key 로써 mapping 하여 N/2 개의의 DCT 블
록들을 비교
– 비교 값에 따라 0 또는 1 의 결과를 추출
– 추출된 값을 feature code 로 사용
27. • SARI 의 verification process
–
–
–
–
받은 image 로 feature code 를 구함
단 , 송신자의 secret key 와 같은 키를 적용함
추출된 feature code 와 original feature code 를 비교
Authentication 완료
28. Structure-Based Methods
• Proposed by Lu and Liao(2000, 2003)
• Image content 의 structure 로써 feature code 계산
• Content structure 는 wavelet domain 에서의 parent node
•
와 children node 의 pair
Inter-scale relationship
– |ws+1,o(x,y)| ≥ |ws,o(2x+i, 2y+j)|
– |ws+1,o(x,y)| ≤ |ws,o(2x+i, 2y+j)|
0≤i, 0≤1
• 다음 조건을 만족하는 pair 로 authentication code 생성
– | |ws+1,o(x,y)| - |ws,o(2x+i, 2y+j)| | > ρ
ρ>0
29. Design Issues
• Digital signature-based image authentication
– blind authentication(or obliviousness)
– Based on strict authentication or non-strict
authentication
• Error Detection
• Error Correction
30. Error Detection
• image 의 modification 을 찾아내는 기능이 있으
면 , 좋은 application 이라 할 수 있음
• 단 , error 를 찾아낼 뿐만 아니라 , distortion 을
복구 할 수도 있어야만 가치가 있음
31. Error Type
• Strict authentication 은 error 의 type 을 구분 못
•
함
Non-strict authentication 에서 error type 을 구분
– Authenticity 對 modification curve
•
•
•
•
Yes or No 의 결과가 아닌 수치형 결과
Authenticity 의 값이 1.0 이면 completely authentic
Authenticity 의 값이 0.0 이면 unauthentic
Authenticity 의 값의 범위는 (0.0, 1.0)
32. Error Location
• Error 의 위치 측정
–
–
–
–
–
–
Block-oriented approach 로 해결
Image 를 전송하기 전에 block 단위로 나눔
각 block 에 대하여 authentication code 를 생성
authentication code 들을 분산된 파일로 전송
각 block 별로 authenticating process 수행
Block 의 크기가 작으면 error localization 이 정교해
지지만 , signing 과 decoding 에 걸리는 시간이 많아
짐
33. Error Correction
• Error Correction 의 요점은 manipulated image
•
•
를 original image 로 복구하는 것
Non-strict authentication 에 주로 사용
Example
– Xie, Arce and Graveman(2001)
35. Brute-force Attacks
• Hash function 에 가능한 모든 값을 다 입력해보
•
•
는 방법
MD5 의 hash code 의 길이가 N bit 라면 , 입력
가능한 sample 의 수는 2N/2
Example
– Hash code 길이 = 128bit
– Sample 수 = 264 개
– 24days, $10 million 의 비용
36. Cryptanalysis Attacks
• Cryptanalysis( 암호해독학 ) 를 이용한 attack
– Hash function 의 내부 구조를 이용하여 분석
→ Cryptanalysis 에 강한 hash function 이 필요
– Cryptanalysis 는 non-strict scheme 에 적용 안됨
– 이런 경우 attacker 는 다양한 key 를 feature code 에
서 추출해내려고 시도함
37. Conclusions
• Digital signature-based authentication
– Strict authentication
– Non-strict authentication
• New requirements
– Large-size 의 image 도 적은 overhead 로 처리
– Watermark 와 digital signature 의 결합
– Watermark 에 의한 새로운 authentication scheme