The document proposes a method called WebIBC that brings public key cryptography to web browsers through identity-based cryptography, without requiring browser plugins. It discusses challenges around private/public key handling in browsers with limited capabilities. WebIBC addresses this by having a private key generator create a private matrix of random elliptic curve private keys and the corresponding public matrix, allowing a user's public key to be derived from their identity like an email address. This allows encryption and signatures directly in JavaScript without private key access.
The document provides an overview of the Combined Public Key (CPK) cryptosystem, which supports both identity-based encryption and identity-based signature schemes. It describes the key components of CPK, including the private and public matrices generated by the private key generator to extract users' private keys based on their identity, and how this supports more efficient encryption and signature generation compared to traditional PKI approaches. CPK combines identity-based cryptography with elliptic curve cryptography to provide an alternative to traditional public key infrastructure systems.
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...Amélie Gyrard
Keynote “Trends on Data Graphs & Security for the Internet of Things”
(Extended Version) #WF-IoT World Forum Internet of Things
Workshop on #Security and #Privacy for #InternetofThings and Cyber-Physical Systems #CPS
#Security #Toolbox #Attacks and #Countermeasures #STAC
#Security #KnowledgeGraphs #Ontologies
Speaker: Dr. Ghislain Atemezing(Research & Development Director, MONDECA, Paris, France) @gatemezing
Credits: Dr. Amelie Gyrard (Kno.e.sis, Wright State University, Ohio, USA)
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...IRJET Journal
This document proposes a new algorithm to enhance 128-bit data security using steganography and cryptography techniques. The algorithm hides a 128-bit plaintext within a 128-bit cover text using steganography. It then encrypts the resulting 256-bit covered data with Hamming code cryptography. This produces a 448-bit encoded message along with a 128-bit message digest. The encoded data is transmitted and decrypted at the receiver. The original plaintext and cover text are extracted and their message digest is compared to the sender's to verify integrity. Simulation results show the algorithm successfully protects the 128-bit data from unauthorized access.
Future Internet Visions: An Opportunity for IrelandMícheál Ó Foghlú
A discussion of European Union Future Internet R&D funding and the TSSG\'s (a research centre in Waterford Institute of Technology, Ireland) engagement in these programmes to date, and future opportunities for Irish academia and industry. Presented at the Future Internet Event (http://www.future-internet.ie) Dublin, Wed 29th October 2008.
Cisco Packet Tracer is a network simulation software that allows users to design, configure and test networks virtually. It provides benefits for both instructors and students by making networking concepts easier to teach and learn. Packet Tracer's key features include simulation of network devices and protocols, visualization of network traffic, and multi-user collaboration. The software supports Cisco Networking Academy curricula and helps develop students' problem solving and critical thinking skills.
Integrated Analytics for IIoT Predictive Maintenance using IoT Big Data Cloud...Hong-Linh Truong
For predictive maintenance of equipment with In-
dustrial Internet of Things (IIoT) technologies, existing IoT Cloud
systems provide strong monitoring and data analysis capabilities
for detecting and predicting status of equipment. However, we
need to support complex interactions among different software
components and human activities to provide an integrated analyt-
ics, as software algorithms alone cannot deal with the complexity
and scale of data collection and analysis and the diversity of
equipment, due to the difficulties of capturing and modeling
uncertainties and domain knowledge in predictive maintenance.
In this paper, we describe how we design and augment complex
IoT big data cloud systems for integrated analytics of IIoT
predictive maintenance. Our approach is to identify various
complex interactions for solving system incidents together with
relevant critical analytics results about equipment. We incorpo-
rate humans into various parts of complex IoT Cloud systems
to enable situational data collection, services management, and
data analytics. We leverage serverless functions, cloud services,
and domain knowledge to support dynamic interactions between
human and software for maintaining equipment. We use a real-
world maintenance of Base Transceiver Stations to illustrate our
engineering approach which we have prototyped with state-of-
the art cloud and IoT technologies, such as Apache Nifi, Hadoop,
Spark and Google Cloud Functions.
This document provides information about various academic projects available in different domains like deep learning, image processing, artificial intelligence, natural language processing, etc. It lists project titles, publishing details, and technologies used. It also offers additional services like complete code, documentation, installation support, and assistance until project evaluation. Videos demonstrating some projects are embedded.
The document provides an overview of the Combined Public Key (CPK) cryptosystem, which supports both identity-based encryption and identity-based signature schemes. It describes the key components of CPK, including the private and public matrices generated by the private key generator to extract users' private keys based on their identity, and how this supports more efficient encryption and signature generation compared to traditional PKI approaches. CPK combines identity-based cryptography with elliptic curve cryptography to provide an alternative to traditional public key infrastructure systems.
Keynote WFIoT2019 - Data Graph, Knowledge Graphs Ontologies, Internet of Thin...Amélie Gyrard
Keynote “Trends on Data Graphs & Security for the Internet of Things”
(Extended Version) #WF-IoT World Forum Internet of Things
Workshop on #Security and #Privacy for #InternetofThings and Cyber-Physical Systems #CPS
#Security #Toolbox #Attacks and #Countermeasures #STAC
#Security #KnowledgeGraphs #Ontologies
Speaker: Dr. Ghislain Atemezing(Research & Development Director, MONDECA, Paris, France) @gatemezing
Credits: Dr. Amelie Gyrard (Kno.e.sis, Wright State University, Ohio, USA)
IRJET- Enhancement of 128-Bits Data Security through Steganography and Crypto...IRJET Journal
This document proposes a new algorithm to enhance 128-bit data security using steganography and cryptography techniques. The algorithm hides a 128-bit plaintext within a 128-bit cover text using steganography. It then encrypts the resulting 256-bit covered data with Hamming code cryptography. This produces a 448-bit encoded message along with a 128-bit message digest. The encoded data is transmitted and decrypted at the receiver. The original plaintext and cover text are extracted and their message digest is compared to the sender's to verify integrity. Simulation results show the algorithm successfully protects the 128-bit data from unauthorized access.
Future Internet Visions: An Opportunity for IrelandMícheál Ó Foghlú
A discussion of European Union Future Internet R&D funding and the TSSG\'s (a research centre in Waterford Institute of Technology, Ireland) engagement in these programmes to date, and future opportunities for Irish academia and industry. Presented at the Future Internet Event (http://www.future-internet.ie) Dublin, Wed 29th October 2008.
Cisco Packet Tracer is a network simulation software that allows users to design, configure and test networks virtually. It provides benefits for both instructors and students by making networking concepts easier to teach and learn. Packet Tracer's key features include simulation of network devices and protocols, visualization of network traffic, and multi-user collaboration. The software supports Cisco Networking Academy curricula and helps develop students' problem solving and critical thinking skills.
Integrated Analytics for IIoT Predictive Maintenance using IoT Big Data Cloud...Hong-Linh Truong
For predictive maintenance of equipment with In-
dustrial Internet of Things (IIoT) technologies, existing IoT Cloud
systems provide strong monitoring and data analysis capabilities
for detecting and predicting status of equipment. However, we
need to support complex interactions among different software
components and human activities to provide an integrated analyt-
ics, as software algorithms alone cannot deal with the complexity
and scale of data collection and analysis and the diversity of
equipment, due to the difficulties of capturing and modeling
uncertainties and domain knowledge in predictive maintenance.
In this paper, we describe how we design and augment complex
IoT big data cloud systems for integrated analytics of IIoT
predictive maintenance. Our approach is to identify various
complex interactions for solving system incidents together with
relevant critical analytics results about equipment. We incorpo-
rate humans into various parts of complex IoT Cloud systems
to enable situational data collection, services management, and
data analytics. We leverage serverless functions, cloud services,
and domain knowledge to support dynamic interactions between
human and software for maintaining equipment. We use a real-
world maintenance of Base Transceiver Stations to illustrate our
engineering approach which we have prototyped with state-of-
the art cloud and IoT technologies, such as Apache Nifi, Hadoop,
Spark and Google Cloud Functions.
This document provides information about various academic projects available in different domains like deep learning, image processing, artificial intelligence, natural language processing, etc. It lists project titles, publishing details, and technologies used. It also offers additional services like complete code, documentation, installation support, and assistance until project evaluation. Videos demonstrating some projects are embedded.
1) JXTA is an open-source peer-to-peer computing platform that provides protocols and APIs for distributed applications.
2) The presentation discusses JXTA's capabilities for virtual networking, security, discovery, and integration with web services.
3) Examples of applications using JXTA include distributed computing platforms like Triana and projects within the Global Grid Forum.
Cloud native java are we there yet go tech world 2019Peter Pilgrim
The document discusses the history and evolution of Java technology from its origins in 1995 to becoming cloud native. It describes how Java originally promised write once, run anywhere portability but failed to deliver for mobile and embedded devices. It then discusses how the rise of social networking drove the need for scalability and high availability, leading to microservices architecture and containers. The document outlines some of the key technologies along Java's journey including Java EE, Spring Boot, Kubernetes, and how they enable cloud native applications.
How You Can Use Open Source Materials to Learn Python & Data Science - EuroPy...Kamila Stępniowska
Please find the slides from my talk "How You Can Use Open Source Materials to Learn Python & Data Science". The talk has been originally performed at EuroPython 2018 in Edinburgh (July 26th, 2018).
You can think of this slides as a resource library and a limited guideline.
The document discusses network troubleshooting techniques. It recommends completing all troubleshooting activities in the chapter, as they will help students preparing for the CCNA exam. The document outlines troubleshooting methodology, including using network documentation, following a troubleshooting process, and isolating issues by layer. It also discusses specific troubleshooting tools, symptoms at different layers, and steps for troubleshooting IP connectivity issues.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
Fundamentals of Information Systems Security Chapter 10Dr. Ahmed Al Zaidy
This document discusses networking and telecommunications security. It covers networking principles like the OSI model, TCP/IP, LANs and WANs. It describes common network devices, protocols and ports. It also discusses network security risks such as denial of service attacks and eavesdropping. Finally, it outlines basic network security defense tools like firewalls, VPNs and network access control.
The main goal of the SecureCloud project is to enable novel big-data applications that can use sensitive data in the cloud without compromising data security and privacy.
This document introduces Fluent Bit, an open source data collector for IoT and embedded devices. It provides a lightweight and customizable solution for collecting and transporting data from various sources to services like Fluentd. Fluent Bit uses a plugin architecture and supports inputs from devices, sensors, and operating systems as well as outputs to services like Treasure Data. It is designed for performance and low resource usage on embedded systems.
Fundamentals of Information Systems Security Chapter 12Dr. Ahmed Al Zaidy
This document discusses information security standards organizations and some of the key standards they develop. It covers the National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), World Wide Web Consortium (W3C), Internet Engineering Task Force (IETF), Institute of Electrical and Electronics Engineers (IEEE), and International Telecommunication Union Telecommunication Sector (ITU-T). It provides brief descriptions of each organization and some of their important standards like ISO's Open Systems Interconnection model, IETF's Request for Comments process, and IEEE's 802 working groups.
The document discusses internet of things (IoT) connectivity models. It describes the OSI and TCP/IP networking models and how they are used to illustrate device communication in layered architectures. It also discusses simplified IoT architectures involving connections from devices to devices, clouds, gateways and applications. Privacy and security challenges are presented, such as the risk of metadata exposure. Standardization efforts are important to ensure interoperability among emerging IoT technologies.
2018년 6월 28일 첫번째 함께하는 딥러닝 컨퍼런스에서 발표한 "내 손 위의 딥러닝_iOS에 딥러닝 심기"입니다.
앞으로 점점 더 가속화 될 모바일 딥러닝에 대해 소개합니다.
주요 내용은 아래와 같습니다.
1. 모바일 딥러닝이란 무엇인가
2. 모바일 딥러닝의 장점
3. 모바일 딥러닝의 등장 배경
4. 모바일 딥러닝 활용 방안
5. 모바일 딥러닝 iOS 구축 사례
6. 모바일 딥러닝 한계 및 극복 방법
궁금한 점이 있다면 github 혹은 메일을 활용해주세요.
Sharing Blockchain Performance Knowledge for Edge Service DevelopmentHong-Linh Truong
The document discusses a framework called GIAU that aims to share performance knowledge to help with edge service and blockchain application development. GIAU provides a way to capture information about blockchain software, deployment patterns, benchmarks, and experiments. It uses a microservices architecture with databases to store and search this knowledge. The goal is to help developers select appropriate blockchain technologies and deployments for different edge service topologies.
The document discusses the legal and ethical issues surrounding research applied across two dimensions: pilot deployment and operational deployment. Standards were established to encrypt anonymized user data in pilot deployments and flexible server models were developed to enable multi-country data aggregation. Pilots were conducted internally based on clinical trial standards to ensure user privacy, anonymity, and consistent informed consent. Key documents produced include a report on national and European legislation available for the public, technical specifications for user privacy that are confidential, and ethical guidelines and security reports still in progress for public dissemination.
This document provides an overview of a presentation on network automation and the role of the network engineer. Some key points include:
- The presentation covers topics like the potential of network automation, challenges of current network operations, and tools that can help automate network tasks.
- It argues that network automation can help address issues like human errors causing outages and the impact of network changes on business operations.
- Network engineers are encouraged to learn new skills like programming, configuration management, and working with APIs to take advantage of network automation and become "NetDevOps Engineers".
- Resources like Cisco DevNet are introduced which provide learning materials, developer sandboxes, and communities to help network engineers gain skills in areas like automation,
A reading of the IBM Research 5-in-5 2018 EditionPietro Leo
Within five years, several emerging technologies will become mainstream and help address major challenges. Small autonomous AI microscopes deployed around the world will continually monitor plankton to anticipate ways to protect water supplies. Quantum computing will be used extensively to solve problems previously considered unsolvable, with IBM continuing to lead in this area. New solutions will counter a substantial rise in biased AI systems, with one method reducing bias in training data to minimize inequity in systems that learn from that data.
The document discusses networking principles and security mechanisms. It covers topics like the OSI reference model, physical and logical network topologies, TCP/IP protocols, wireless networks, and various network security risks and defenses. Specifics covered include wide area networks (WANs) and local area networks (LANs), Ethernet, routers, switches, VLANs, IP addressing, common ports, and protocols like DNS, FTP, HTTP, and others. The goal is to describe fundamental networking concepts and related security issues.
This document discusses cloud computing and Google App Engine. It provides definitions of cloud computing, utility computing, software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). It also describes Google App Engine, including its development environment, supported and non-supported technologies for Java, and architecture. Key benefits and factors of cloud computing are outlined as well.
Embedded computing is everywhere. It is in our car engines, refrigerators, and even in the singing greeting cards we send. With improvements in wireless technology, these systems are starting to talk with each other, and they are appearing in places like our shoes and wrists to monitor our athletic activity or health. This emerging Internet of Everything (IoE) has tremendous potential to improve our lives. But like any powerful technology, it also has a dark side: it will observe and implement many of our actions. Security in the IoE is likely to be even more critical than general Internet security. After reviewing some of the challenges in creating a secure IoE, Horowitz will describe a new research program at Stanford to address this issue.
The document discusses the Combined Public Key (CPK) cryptosystem used in OpenSolaris. CPK provides identity-based encryption and signature schemes as an alternative to traditional public key infrastructure. It maps identities to key pairs using a hash function and private/public key matrices. CPK interfaces with the Solaris cryptographic and key management frameworks using standards like PKCS #11 and PKCS #7.
1) JXTA is an open-source peer-to-peer computing platform that provides protocols and APIs for distributed applications.
2) The presentation discusses JXTA's capabilities for virtual networking, security, discovery, and integration with web services.
3) Examples of applications using JXTA include distributed computing platforms like Triana and projects within the Global Grid Forum.
Cloud native java are we there yet go tech world 2019Peter Pilgrim
The document discusses the history and evolution of Java technology from its origins in 1995 to becoming cloud native. It describes how Java originally promised write once, run anywhere portability but failed to deliver for mobile and embedded devices. It then discusses how the rise of social networking drove the need for scalability and high availability, leading to microservices architecture and containers. The document outlines some of the key technologies along Java's journey including Java EE, Spring Boot, Kubernetes, and how they enable cloud native applications.
How You Can Use Open Source Materials to Learn Python & Data Science - EuroPy...Kamila Stępniowska
Please find the slides from my talk "How You Can Use Open Source Materials to Learn Python & Data Science". The talk has been originally performed at EuroPython 2018 in Edinburgh (July 26th, 2018).
You can think of this slides as a resource library and a limited guideline.
The document discusses network troubleshooting techniques. It recommends completing all troubleshooting activities in the chapter, as they will help students preparing for the CCNA exam. The document outlines troubleshooting methodology, including using network documentation, following a troubleshooting process, and isolating issues by layer. It also discusses specific troubleshooting tools, symptoms at different layers, and steps for troubleshooting IP connectivity issues.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
Fundamentals of Information Systems Security Chapter 10Dr. Ahmed Al Zaidy
This document discusses networking and telecommunications security. It covers networking principles like the OSI model, TCP/IP, LANs and WANs. It describes common network devices, protocols and ports. It also discusses network security risks such as denial of service attacks and eavesdropping. Finally, it outlines basic network security defense tools like firewalls, VPNs and network access control.
The main goal of the SecureCloud project is to enable novel big-data applications that can use sensitive data in the cloud without compromising data security and privacy.
This document introduces Fluent Bit, an open source data collector for IoT and embedded devices. It provides a lightweight and customizable solution for collecting and transporting data from various sources to services like Fluentd. Fluent Bit uses a plugin architecture and supports inputs from devices, sensors, and operating systems as well as outputs to services like Treasure Data. It is designed for performance and low resource usage on embedded systems.
Fundamentals of Information Systems Security Chapter 12Dr. Ahmed Al Zaidy
This document discusses information security standards organizations and some of the key standards they develop. It covers the National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), World Wide Web Consortium (W3C), Internet Engineering Task Force (IETF), Institute of Electrical and Electronics Engineers (IEEE), and International Telecommunication Union Telecommunication Sector (ITU-T). It provides brief descriptions of each organization and some of their important standards like ISO's Open Systems Interconnection model, IETF's Request for Comments process, and IEEE's 802 working groups.
The document discusses internet of things (IoT) connectivity models. It describes the OSI and TCP/IP networking models and how they are used to illustrate device communication in layered architectures. It also discusses simplified IoT architectures involving connections from devices to devices, clouds, gateways and applications. Privacy and security challenges are presented, such as the risk of metadata exposure. Standardization efforts are important to ensure interoperability among emerging IoT technologies.
2018년 6월 28일 첫번째 함께하는 딥러닝 컨퍼런스에서 발표한 "내 손 위의 딥러닝_iOS에 딥러닝 심기"입니다.
앞으로 점점 더 가속화 될 모바일 딥러닝에 대해 소개합니다.
주요 내용은 아래와 같습니다.
1. 모바일 딥러닝이란 무엇인가
2. 모바일 딥러닝의 장점
3. 모바일 딥러닝의 등장 배경
4. 모바일 딥러닝 활용 방안
5. 모바일 딥러닝 iOS 구축 사례
6. 모바일 딥러닝 한계 및 극복 방법
궁금한 점이 있다면 github 혹은 메일을 활용해주세요.
Sharing Blockchain Performance Knowledge for Edge Service DevelopmentHong-Linh Truong
The document discusses a framework called GIAU that aims to share performance knowledge to help with edge service and blockchain application development. GIAU provides a way to capture information about blockchain software, deployment patterns, benchmarks, and experiments. It uses a microservices architecture with databases to store and search this knowledge. The goal is to help developers select appropriate blockchain technologies and deployments for different edge service topologies.
The document discusses the legal and ethical issues surrounding research applied across two dimensions: pilot deployment and operational deployment. Standards were established to encrypt anonymized user data in pilot deployments and flexible server models were developed to enable multi-country data aggregation. Pilots were conducted internally based on clinical trial standards to ensure user privacy, anonymity, and consistent informed consent. Key documents produced include a report on national and European legislation available for the public, technical specifications for user privacy that are confidential, and ethical guidelines and security reports still in progress for public dissemination.
This document provides an overview of a presentation on network automation and the role of the network engineer. Some key points include:
- The presentation covers topics like the potential of network automation, challenges of current network operations, and tools that can help automate network tasks.
- It argues that network automation can help address issues like human errors causing outages and the impact of network changes on business operations.
- Network engineers are encouraged to learn new skills like programming, configuration management, and working with APIs to take advantage of network automation and become "NetDevOps Engineers".
- Resources like Cisco DevNet are introduced which provide learning materials, developer sandboxes, and communities to help network engineers gain skills in areas like automation,
A reading of the IBM Research 5-in-5 2018 EditionPietro Leo
Within five years, several emerging technologies will become mainstream and help address major challenges. Small autonomous AI microscopes deployed around the world will continually monitor plankton to anticipate ways to protect water supplies. Quantum computing will be used extensively to solve problems previously considered unsolvable, with IBM continuing to lead in this area. New solutions will counter a substantial rise in biased AI systems, with one method reducing bias in training data to minimize inequity in systems that learn from that data.
The document discusses networking principles and security mechanisms. It covers topics like the OSI reference model, physical and logical network topologies, TCP/IP protocols, wireless networks, and various network security risks and defenses. Specifics covered include wide area networks (WANs) and local area networks (LANs), Ethernet, routers, switches, VLANs, IP addressing, common ports, and protocols like DNS, FTP, HTTP, and others. The goal is to describe fundamental networking concepts and related security issues.
This document discusses cloud computing and Google App Engine. It provides definitions of cloud computing, utility computing, software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). It also describes Google App Engine, including its development environment, supported and non-supported technologies for Java, and architecture. Key benefits and factors of cloud computing are outlined as well.
Embedded computing is everywhere. It is in our car engines, refrigerators, and even in the singing greeting cards we send. With improvements in wireless technology, these systems are starting to talk with each other, and they are appearing in places like our shoes and wrists to monitor our athletic activity or health. This emerging Internet of Everything (IoE) has tremendous potential to improve our lives. But like any powerful technology, it also has a dark side: it will observe and implement many of our actions. Security in the IoE is likely to be even more critical than general Internet security. After reviewing some of the challenges in creating a secure IoE, Horowitz will describe a new research program at Stanford to address this issue.
The document discusses the Combined Public Key (CPK) cryptosystem used in OpenSolaris. CPK provides identity-based encryption and signature schemes as an alternative to traditional public key infrastructure. It maps identities to key pairs using a hash function and private/public key matrices. CPK interfaces with the Solaris cryptographic and key management frameworks using standards like PKCS #11 and PKCS #7.
Graphical passwords are an alternative to text-based passwords that aim to be easier for users to remember. There are two main types - recognition-based, where users select images they recognize, and recall-based, where users reproduce a sequence of actions. However, graphical passwords may not be as secure due to vulnerabilities like shoulder surfing and guessing common selections. Research continues to design more secure schemes and apply graphical passwords to other areas like public key cryptography.
This document describes a bounded identity-based encryption system that does not require a bilinear map. It uses a secret matrix S that is private to the domain, and secret keys are generated from rows in S corresponding to a user's identity. The public matrix P is generated from S using exponentiation. The system aims to provide security even under collusion attacks, with the size of the matrix scaling up based on the number of potential colluders. The document considers questions around the security and collision properties of the system, and compares it to other identity-based encryption approaches.
This document summarizes identity-based encryption (IBE). It discusses four basic IBE constructions from 2001-2004 and how IBE has been extended. It also describes the typical structure of an IBE scheme with key generation, encryption, and decryption components. Finally, it analyzes the key length and efficiency of various IBE schemes like Boneh-Franklin IBE compared to RSA and ECC.
RedOffice is a Chinese office suite based on OpenOffice that aims to enhance document security with cryptography. It lacks certificate-based encryption, key management utilities, and graphical digital signatures that OpenOffice provides. The document proposes adding a password generator, certificate-based encryption, key/certificate management extension, crypto framework extension, advanced cryptography techniques, embedding security attributes in printed documents, a key management service, and document security service to RedOffice.
This document provides an overview and introduction to OpenSSL including its components, architecture, APIs and usage. It describes OpenSSL as an open source cryptography toolkit that implements SSL/TLS protocols as well as cryptographic functions for encryption, decryption, signatures, certificates etc. It outlines OpenSSL's command line interface, supported algorithms, license, source code organization, EVP crypto API and usage examples for symmetric encryption and hashing.
This document discusses code signing, which involves digitally signing executables and scripts to confirm the software author and ensure the code has not been altered. Code signing can ensure code integrity, identify the source, and determine if code is trustworthy for a purpose. The architecture involves a code signing tool, kernel module to check signatures, and user-space daemon called by the kernel module. Communication between kernel and user space uses techniques like system calls, ioctl, proc filesystem, and netlink sockets.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Azure API Management to expose backend services securely
ICDCS‘08 WebIBC
1. WebIBC
Identity Based Cryptography for Client Side
Security in Web Applications
Zhi Guan, Zhen Cao, Xuan Zhao, Ruichuan Chen,
Zhong Chen, and Xianghao Nan
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
2. Once upon a time ...
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
3. Once upon a time ...
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
4. Once upon a time ...
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
5. Once upon a time ...
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
6. Once upon a time ...
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
7. Once upon a time ...
Strong Cryptography
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
8. Now
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
9. Now
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
10. Now
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
11. Now
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
12. Now
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
13. Now
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
14. Now
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
15. Now
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
16. Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
17. Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
What if servers do evil ?
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
18. Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
What if servers do evil ?
No Security!
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
19. Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
What if servers do evil ?
No Security!
No Privacy!
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
20. Web App Security & Privacy?
• User authentication
• SSL/TLS link encryption
What if servers do evil ?
No Security!
No Privacy!
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
21. Web
App
HTML &
JavaScript
Web Browser
Operating System
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
22. Web
App
HTML &
JavaScript
Web Browser
Operating System EFS, PGP
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
23. Web
App
HTML &
JavaScript
Browser Plug-in
Web Browser
Operating System EFS, PGP
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
24. Web
App
HTML & Here we are
JavaScript
Browser Plug-in
Web Browser
Operating System EFS, PGP
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
25. Challenges
• Private key: JavaScript can not read keys in
local file system.
• Public key: acquire other’s public key or
certificate is not easy for JavaScript programs
in Web browser.
Private Key? Public Key?
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
26. Limited Browser Capability
• HTML, CSS
• JavaScript
• AJAX
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
27. Limited Browser Capability
• HTML, CSS
• JavaScript
• AJAX
Browser Plug-ins?
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
28. Limited Browser Capability
• HTML, CSS
• JavaScript
• AJAX
Browser Plug-ins?
No!
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
29. Our Goal
Strengthen Web Browser Security and Privacy
Without Changing the Browser.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
30. Target
• Our solution: bring public key cryptography to
Web browsers, include public key encryption
and signature generation.
• All the cryptography operations and key usage
are inside the browser and implemented in
JavaScript and HTML only, require no plug-ins
and provide “open source” guarantee.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
31. The first Challenge
Public Key:
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
32. The first Challenge
Public Key:
Identity-Based Cryptography
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
33. PKG (Private Key Generator)
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
34. PKG (Private Key Generator)
Setup: generate master secret and public params
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
35. PKG (Private Key Generator)
Setup: generate master secret and public params
s
m
ra
Pa
c
bli
Pu
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
36. PKG (Private Key Generator)
Setup: generate master secret and public params
s
m
ra
Pa
c
bli
Pu
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
37. PKG (Private Key Generator)
Setup: generate master secret and public params
s
m
ra
Pa
c
bli
Pu
Alice@gmail.com
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
38. PKG (Private Key Generator)
Setup: generate master secret and public params
s
m
ra
Pa
c
bli
Pu
Alice@gmail.com
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
39. PKG (Private Key Generator)
Setup: generate master secret and public params
s
m
ra
Pa
c
bli
Pu
Alice@gmail.com
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
40. PKG (Private Key Generator)
Setup: generate master secret and public params
s
m
ra
Pa
c
bli
Pu
Alice@gmail.com
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
41. PKG (Private Key Generator)
Setup: generate master secret and public params
s
m
ra
Pa
c
bli
Pu
Alice@gmail.com
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
42. PKG (Private Key Generator)
Setup: generate master secret and public params
s
m
ra
Pa
c
bli
Pu
Alice@gmail.com
Decrypt
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
43. Timeline
2001
2004
1986
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
45. Timeline
First Practical
Identity Based IBE scheme
Cryptography, from Weil
the first idea Pairing
Shamir Boneh, Franklin
2001
2004
1986
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
46. Timeline
First Practical
Identity Based IBE scheme
Cryptography, from Weil
the first idea Pairing
Shamir Boneh, Franklin
2001
2004
1986
Cocks
IBE,
not bandwidth efficient
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
47. Timeline
First Practical CPK
Identity Based IBE scheme key
Cryptography, from Weil management,
the first idea Pairing IBE, IBS
Shamir Boneh, Franklin Nan, Chen
2001
2004
1986
Cocks
IBE,
not bandwidth efficient
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
48. CPK Cryptosystem
CPK (Combined Public Key)
Based on generalized Discrete Log Group
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
49. Elliptic Curve Cryptography
G is a point on elliptic curve,
n is the order of cyclic group
<G>
Private key d is random
selected integer in [1, n-1]
Corresponding public key Q =
dG.
y 2 = x3 + ax + b (mod p)
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
50. Elliptic Curve Cryptography
G is a point on elliptic curve,
n is the order of cyclic group
<G>
Private key d is random
selected integer in [1, n-1]
Corresponding public key Q =
dG.
(d1, Q1 = d1G), (d2, Q2 = d2G)
y 2 = x3 + ax + b (mod p)
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
51. Elliptic Curve Cryptography
G is a point on elliptic curve,
n is the order of cyclic group
<G>
Private key d is random
selected integer in [1, n-1]
Corresponding public key Q =
dG.
(d1, Q1 = d1G), (d2, Q2 = d2G)
d = d1 + d2
y 2 = x3 + ax + b (mod p)
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
52. Elliptic Curve Cryptography
G is a point on elliptic curve,
n is the order of cyclic group
<G>
Private key d is random
selected integer in [1, n-1]
Corresponding public key Q =
dG.
(d1, Q1 = d1G), (d2, Q2 = d2G)
d = d1 + d2
Q = Q1 + Q2 = d1G + d2G = (d1+d2)G
y 2 = x3 + ax + b (mod p)
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
53. Elliptic Curve Cryptography
G is a point on elliptic curve,
n is the order of cyclic group
<G>
Private key d is random
selected integer in [1, n-1]
Corresponding public key Q =
dG.
(d1, Q1 = d1G), (d2, Q2 = d2G)
d = d1 + d2
Q = Q1 + Q2 = d1G + d2G = (d1+d2)G
(d,Q)
y 2 = x3 + ax + b (mod p)
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
54. Private Matrix Generation
In PKG
RNG
The trusted authority PKG (Private Key Generator) generates a
m×n matrix in which elements are randomly generated ECC
private keys (integers in [1, n-1]). The private matrix should be kept
secretly in PKG.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
55. Private Matrix Generation
In PKG
private matrix
···
s11 s12 s1n
Rand integers
RNG ···
s21 s22 s2n
sij ∈R [1, n − 1] . . .
..
. . .
.
. . .
···
sm1 sm2 smn
The trusted authority PKG (Private Key Generator) generates a
m×n matrix in which elements are randomly generated ECC
private keys (integers in [1, n-1]). The private matrix should be kept
secretly in PKG.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
56. Public Matrix Generation
In PKG
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
61. Public Matrix Generation
In PKG
public matrix
private matrix
···
s11 G s12 G s1n G
···
s11 s12 s1n
···
s21 G s22 G s2n G
···
s21 s22 s2n
. . .
. . . ..
..
. . .
. . . .
.
. . .
. . .
···
sm1 G sm2 G smn G
···
sm1 sm2 smn
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
62. Public Matrix Generation
In PKG
public matrix
private matrix
···
s11 G s12 G s1n G
···
s11 s12 s1n
···
s21 G s22 G s2n G
···
s21 s22 s2n
. . .
. . . ..
..
. . .
. . . .
.
. . .
. . .
···
sm1 G sm2 G smn G
···
sm1 sm2 smn
key pair
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
63. Public Matrix Generation
In PKG
public matrix
private matrix
···
s11 G s12 G s1n G
···
s11 s12 s1n
···
s21 G s22 G s2n G
···
s21 s22 s2n
. . .
. . . ..
..
. . .
. . . .
.
. . .
. . .
···
sm1 G sm2 G smn G
···
sm1 sm2 smn
key pair
Public Matrix is generated by PKG from the Private Matrix,
elements in Public Matrix is the public key of corresponding
private key in Private Matrix. The public matrix is publicly available
for all users.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
64. Map Algorithm
h1 , h2 , . . . , hn ← H(ID)
Map algorithm H(ID) is a cryptographic hash algorithm, maps
an arbitrary string ID to column indexes of private matrix and
public matrix.
hi is the index of i-th column of public/private matrix.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
65. Private Key Extraction
ID
In PKG
Input user’s identity ID
Map identity to indexes of matrix
h1 , h2 , . . . , hn ← H(ID)
···
s11 s12 s1n Select one element through
···
s21 s22 s2n each column of the private
. . .
..
matrix by the index
. . .
.
. . .
···
sm1 sm2 smn
Add selected private keys,
the result is user’s private key
n−1
corresponding to his identity
dID = shi ,i (mod p)
ID.
i=0
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
66. Public Key Extraction
ID
In User
Input user’s identity ID
Map identity to indexes of matrix
h1 , h2 , . . . , hn ← H(ID)
···
s11 G s12 G s1n G Select one element through
··· each column of the Public
s21 G s22 G s2n G
. . .
..
matrix by the index
. . .
.
. . .
···
sm1 G sm2 G smn G
Add (elliptic curve point add)
selected private keys, the
n−1
result is user’s public key
QID = shi i G corresponding to his identity
i=0
ID.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
67. Identity Based Signature
CPK-Sign (Message, PrivateKey) {
ECDSA-Sign (Message, PrivateKey) -> Signature
}
CPK-Verify (Message, PublicMatrix, SignerID, Signature) {
CPK-ExtractPublicKey(PublicMatrix, SignerID) -> PublicKey
ECDSA-Verify(Message, Signature, PublicKey);
}
ECDSA: Elliptic Curve Digital Signature Algorithm
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
68. Big Picture
h1 , h2 , . . . , hn ← H(ID)
···
s11 s12 s1n
n−1
H(ID)
···
s21 s22 s2n
dID = shi ,i (mod p)
. . .
..
. . .
.
. . . i=0
···
sm1 sm2 smn
···
s11 G s12 G s1n G
H(ID) n−1
···
s21 G s22 G s2n G
QID =
. . . shi i G
..
. . .
.
. . . i=0
···
sm1 G sm2 G smn G
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
69. The second Challenge:
Private Key
• The private key can be access by the
javascript program
• The private key should never leave the
browser
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
70. URI Fragment Identifier
http://www.domain.com/#skey=72bc845b9592b79...
fragment identifier
fragment identifier starts from a # (number sign)
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
72. Fragment Identifier
<div id=quot;menuquot;>
<a href=quot;#section1quot;>section 1</a>
<a href=quot;#section2quot;>section 2</a>
<a href=quot;#section3quot;>section 3</a>
<a href=quot;#refquot;>reference</a>
</div>
<h1>Section1</h1>
<a name=”#section1” id=”section1”>
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
73. Fragment Identifier as
Key Store
• Utilize fragment identifier in bookmark URL as
the private key storage. The fragment identifier
in URL will never be transfered through the
Internet.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
74. Retrieve Private Key From URL
<script type=”text/javascript>
var URL = window.location;
var fragid_start =
URL.substring(URL.indexOf(‘#’));
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
75. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
76. Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
77. Workflow
% setup
PKG
ID
!
y
ske
quot;
# mpk.js
& save
Browser
) do
$U Secure
( RL
we Channel
bib
c.js Public
,m
'm pk Channel
.js
ess
age
WebApp
* forward
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
78. PKG
Browser
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
79. PKG
❶ setup
Browser
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
80. PKG
❶ setup
❷ mpk.js
Browser
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
81. PKG
❶ setup
ID
❸
❷ mpk.js
Browser
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
82. PKG
❶ setup
ID
❸
ey
❷ mpk.js
sk
❹
Browser
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
83. PKG
❶ setup
ID
❸
ey
❷ mpk.js
sk
❺ save ❹
Browser
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
84. PKG
❶ setup
ID
❸
ey
❷ mpk.js
sk
❺ save ❹
Browser
❻U
RL
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
85. PKG
❶ setup
ID
❸
ey
❷ mpk.js
sk
❺ save ❹
Browser
❻U
RL
❼w
ebib
c.js
, mp
k.js
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
86. PKG
❶ setup
ID
❸
ey
❷ mpk.js
sk
❺ save ❹
Browser
❻U
RL
❼w
ebib
❽ do c.js
, mp
k.js
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
87. PKG
❶ setup
ID
❸
ey
❷ mpk.js
sk
❺ save ❹
Browser
❻U
RL
❼w
ebib
❽ do c.js
, mp
k.js
❾m
ess
age
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
88. PKG
❶ setup
ID
❸
ey
❷ mpk.js
sk
❺ save ❹
Browser
❻U
RL
❼w
ebib
❽ do c.js
, mp
k.js ❿ forward
❾m
ess
age
WebApp
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
89. Workflow
1. The authority trusted by Alice and Bob
establishes a PKG, which will generate the
system parameters including the public matrix.
2. Web application embeds WebIBC into these
systems together with the public system
parameters released by the PKG.
3. Alice registers to the PKG with her ID.
4. PKG returns Alice’s private key.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
90. Workflow
5. Alice can append the private key as an
fragment identifier to the Web application’s
URL, then save it as a bookmark into the
browser.
6. Now Alice can use this bookmark to log into
the web application. It should be noted that
the browser will send the URL without the
fragment identifier, so the private key is
secure.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
91. Workflow
7. The WebIBC JavaScript files will also be
downloaded from the server, including the
public matrix of system.
8. Alice uses this web application as normal,
entering Bob’s email address and message
content into the form. When Alice presses the
send button, WebIBC JavaScript programs will
get the email address from the form as public
key and get private key from URL, encrypt and
sign the message.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
92. Workflow
9. Then message will be sent to the server.
10. Because the message has been protected, the
Web application can do no evil to the message
but only forward it to Bob. Bob can also login
into his web application and decrypt the
message by his private key in the fragment
identifier and verify the message through the
public matrix, similar to Alice.
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
93. Performance
0.5KB 2KB 10KB
Safari 1383.7 1,492 2,071
Firefox 1,523 1,661 2,401
IE 1,459 1,698 2,791
Opera 2,110 2,349 3,628
4000 ms
0.5 KB
2 KB
10 KB
3000 ms
2000 ms
1000 ms
0
Safari Firefox IE Opera
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
94. Future Work
• Web based PRNG
• Other Identity based cryptography
• Local storage in HTML5
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008
95. Thank you!
Jun. 19, 2008 Network and Information Security Lab, Peking University ICDCS 2008