This Deck, gives you an overview of the zero trust security posture, considerations you should have while looking to adopt that posture, and the advantages of doing so.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
From the outset, Oracle has delivered the industry's most advanced technology to safeguard data where it lives—in the database. Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both Oracle and non-Oracle Databases. With Oracle's powerful database activity monitoring and blocking, privileged user and multi-factor access control, data classification, transparent data encryption, consolidated auditing and reporting, secure configuration management, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications, saving time and money.
(Stephane Maarek, DataCumulus) Kafka Summit SF 2018
Security in Kafka is a cornerstone of true enterprise production-ready deployment: It enables companies to control access to the cluster and limit risks in data corruption and unwanted operations. Understanding how to use security in Kafka and exploiting its capabilities can be complex, especially as the documentation that is available is aimed at people with substantial existing knowledge on the matter.
This talk will be delivered in a “hero journey” fashion, tracing the experience of an engineer with basic understanding of Kafka who is tasked with securing a Kafka cluster. Along the way, I will illustrate the benefits and implications of various mechanisms and provide some real-world tips on how users can simplify security management.
Attendees of this talk will learn about aspects of security in Kafka, including:
-Encryption: What is SSL, what problems it solves and how Kafka leverages it. We’ll discuss encryption in flight vs. encryption at rest.
-Authentication: Without authentication, anyone would be able to write to any topic in a Kafka cluster, do anything and remain anonymous. We’ll explore the available authentication mechanisms and their suitability for different types of deployment, including mutual SSL authentication, SASL/GSSAPI, SASL/SCRAM and SASL/PLAIN.
-Authorization: How ACLs work in Kafka, ZooKeeper security (risks and mitigations) and how to manage ACLs at scale
Σεμινάριο Κυβερνοασφάλειας για μή τεχνικό προσωπικό απο την Tictac Data Recov...TicTac Data Recovery
Σεμινάριο Κυβερνοασφάλειας για μή τεχνικό προσωπικό απο την Tictac Data Recovery & Cyber Security. Αναλαμβάνουμε σεμινάρια εκπαίδευσης προσωπικού σε θέματα Cyber Security και Phising. https://www.tictac.gr
In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
This Deck, gives you an overview of the zero trust security posture, considerations you should have while looking to adopt that posture, and the advantages of doing so.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
From the outset, Oracle has delivered the industry's most advanced technology to safeguard data where it lives—in the database. Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both Oracle and non-Oracle Databases. With Oracle's powerful database activity monitoring and blocking, privileged user and multi-factor access control, data classification, transparent data encryption, consolidated auditing and reporting, secure configuration management, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications, saving time and money.
(Stephane Maarek, DataCumulus) Kafka Summit SF 2018
Security in Kafka is a cornerstone of true enterprise production-ready deployment: It enables companies to control access to the cluster and limit risks in data corruption and unwanted operations. Understanding how to use security in Kafka and exploiting its capabilities can be complex, especially as the documentation that is available is aimed at people with substantial existing knowledge on the matter.
This talk will be delivered in a “hero journey” fashion, tracing the experience of an engineer with basic understanding of Kafka who is tasked with securing a Kafka cluster. Along the way, I will illustrate the benefits and implications of various mechanisms and provide some real-world tips on how users can simplify security management.
Attendees of this talk will learn about aspects of security in Kafka, including:
-Encryption: What is SSL, what problems it solves and how Kafka leverages it. We’ll discuss encryption in flight vs. encryption at rest.
-Authentication: Without authentication, anyone would be able to write to any topic in a Kafka cluster, do anything and remain anonymous. We’ll explore the available authentication mechanisms and their suitability for different types of deployment, including mutual SSL authentication, SASL/GSSAPI, SASL/SCRAM and SASL/PLAIN.
-Authorization: How ACLs work in Kafka, ZooKeeper security (risks and mitigations) and how to manage ACLs at scale
Σεμινάριο Κυβερνοασφάλειας για μή τεχνικό προσωπικό απο την Tictac Data Recov...TicTac Data Recovery
Σεμινάριο Κυβερνοασφάλειας για μή τεχνικό προσωπικό απο την Tictac Data Recovery & Cyber Security. Αναλαμβάνουμε σεμινάρια εκπαίδευσης προσωπικού σε θέματα Cyber Security και Phising. https://www.tictac.gr
In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
Is your crypto secure? Let's take a look at what main issues there are in modern cryptography that software developers and architects have to be aware of.
Slides presented on a seminar of Budi Luhur University, Jakarta. I talked and gave demo about iCloud features, mostly for mere users, and successfully WOW-ed more than 100 attendees.
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
This is an encore presentation of NowSecure CEO Andrew Hoog’s talk “How Android and iOS Security Enhancements Complicate Threat Detection” from RSA Conference 2017. You'll learn about:
+ Five security enhancements in the Android and iOS platforms that present obstacles to defenders and incident responders
+ Tips on overcoming those challenges
+ The open-source Mobile Triage toolset that facilitates the collection of mobile threat and vulnerability data
Bio-Molecular Engineering is the Future of Molecular BiologyBob Eisenberg
Bio-Molecular Engineering is the Future of Molecular Biology: Now that we have large numbers of excellent structures, we molecular biologists must turn to studying how they work. That is the task of BioMolecular Engineering that uses almost the same tools as classical membrane biophysics. Both treat systems as devices, with inputs, outputs and power supplies, that ONLY function with flow, away from equilibrium.
SkyDrive from Microsoft is the cloud based service that provides universal access to your files across platforms, across devices and with 7GB free there’s nothing to stop you getting started straight away. In a recent webinar for The Training Show I gave gave a tour of the service and demonstrated just how simple it is to edit documents anytime, any place, anywhere.
This is the slide based section of that webinar.
toring passwords and secret configuration is a challenge for an application. Ada Keystore is a library that stores arbitrary content by encrypting them in secure keystore (AES-256, HMAC-256).
The talk presents the project and shows how to use the Ada Keystore library to get or store secret information in a secure manner. The presentation explains how the Ada features such as types, protected types, tasks, pre/post conditions have helped during the development of this project.
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
Encryption is based on three principals: algorithm, key length, and storage. It has also become more popular and it is more often built into databases, networks, config files, OS, and users’ secrets. Is DPAPI and DPAPI-NG enough for us? Unfortunately there are many slip-ups that can be made. Come and learn if ‘encrypted’ = or != ‘safe’ and when! Tools included.
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
Cryptography for Absolute Beginners
Svetlin Nakov @ Sofia Science Festival, May 2019
Video (Bulgarian language): https://youtu.be/-QzFcUkM7_4
Blog: https://nakov.com/blog/2019/05/13/cryptography-for-absolute-beginners-nakov-at-sofia-science-festival-may-2019/
Securing the Web without site-specific passwordsFrancois Marier
Identity systems on the Web are a bit of a mess. Surely in 2013, we would have something else than usernames and passwords for logging into websites. A solution that doesn't require trusting a central authority.
It turns out that solving the general identity problem is very hard. Some of these solutions require complicated redirections, an overwhelming amount of jargon and lots of verbose XML. The technology has been around for a long time, but implementing it properly (and safely) is often incredibly difficult.
This talk will explore the challenges of the existing Web identity solutions and introduce the choices that we made during the development of Persona, a new cross-browser federated identity solution from Mozilla.
It will cover:
- a discussion of the complexities and privacy-related concerns that existing identity solutions have
- how crypto is used in Persona to provide both authentication and privacy
- the Persona federation approach: fully distributed with fallbacks
- demos and actual code from sites that have implemented Persona
- the basics of the Persona API so that attendees can go out and easily support this technology on their own sites
Trying to convince users to pick unique (and strong) passwords for each website is a losing battle. What we're proposing is a standard, built into browsers, that leverages the new security features that email providers are now offering. A simple federated solution to eliminate site-specific passwords.
Secure boot is under constant attack on embedded devices used across industries. Secure boot is essential for secure embedded devices as it prevents malicious actors from obtaining persistent runtime control. In this presentation, we present our vision on secure boot design and what it takes to make it secure.
Secure boot is under constant attack and therefore bypassed on embedded devices used across industries. Whether bypassed using software vulnerabilities or using hardware attacks like fault injection as we and others have previously shown. Secure boot is paramount for secure embedded devices as it prevents malicious actors from obtaining persistent runtime control. In this talk, we present our vision on secure boot design for embedded devices by means of clear, concrete, practical and easy-to-follow recommendations. We leverage our decade-long experience analyzing and bypassing secure boot implementations of embedded devices used by different industries. We understand, in order to be realistic, we need to consider secure boot's functional requirements, engineering costs, and other non-security related requirements. Where possible, we use practical examples that are easy to follow and implement. To keep it fun, we will have a fault injection demonstration live on stage where we bypass secure boot on a fast and feature-rich chip. The audience will be able to follow up on the discussed topics with two white papers which will be released after our talk.
In Hadoop in Taiwan 2013 event, engineer of TCloud Computing presented the security concepts and features of Hadoop, how to script Crypto API, configuration details and future development.
Overview and evolution of password-based authentication schemesIgnat Korchagin
Password is the oldest and the most widely used pillar of authentication, and is still being the core of approximately 80% of authentication events in the 21st century Internet. As the data on the Web becomes more valuable, more sophisticated attacks on authentication are being developed. The good thing is that crypto community tries to keep up with the continuously increasing threat surface and provides more advanced authentication techniques with higher security guarantees. However, password is still a solid building block in each of them: the first part of most two-factor authentication schemes is a password challenge, to generate one-time token, you enter a password, to use a hardware device - you enter a password in the device. But is verifying passwords secure? By communicating a password to a verifying party you leak at least some of the password information. Given the long history of password-based authentication schemes we can clearly see that it is rather challenging even to properly implement password verification. The presentation gives an overview of the evolution of password-based authentication schemes and provides comparison between two of the latest ones: socialist millionaires’ protocol and SPAKE2.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
19. The Big Picture
*.keyvalueservice.icloud.com
*.escrowproxy.icloud.com
Keychain items (encrypted)
Keybag (encrypted)
Some Secret
20. Key-Value Store
• Not new
• Used extensively by many apps e.g. to keep preferences
in sync across devices
• iCloud Keychain utilises two stores:
• com.apple.security.cloudkeychainproxy3
• Syncing between devices
• com.apple.sbd3 (securebackupd3)
• Copy to restore if no other devices
21. Escrow Proxy
• New; Designed to store precious secrets
• Need to know iCSC to recover escrowed data
• Need to receive SMS challenge
• Must successfully complete SRP auth
• User-Agent: com.apple.lakitu (iOS/OS X)
Image: mariowiki.com
23. Key-Value Store
com.apple.sbd3
Key Description
com.apple.securebackup.enabled Is Keychain data saved in KVS?
com.apple.securebackup.record Keychain records, encrypted
SecureBackupMetadata iCSC complexity, timestamp, country
BackupKeybag Keybag protecting Keychain records
BackupUsesEscrow Is keybag password escrowed?
BackupVersion Version, currently @“1”
BackupUUID UUID of the backup
30. 4-digit iCSC [Default]
iCloud Security Code
1234 PBKDF2
Random Password
BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
SHA-256 x 10’000
AES-CBC
256 bit
*.escrowproxy.icloud.com
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
Backup Keybag
Key 1
Key 2
Key 3
AES-GCM
256 bit
AES-Wrap Keys
RFC 3394
*.keyvalueservice.icloud.com
31. Secure Remote Password
• Zero-knowledge password proof scheme
• Combats sniffing/MITM
• One password guess per connection attempt
• Password verifier is not sufficient for impersonation
• Escrow Proxy uses SRP-6a
32. Key Negotiation
a ← random, A ← g^a
b ← random, B ← kv + g^b
u ← H(A, B) u ← H(A, B)
x ← H(SALT, Password)
S ← (B - kg^x) ^ (a + ux)
K ← H(S)
S ← (Av^u) ^ b
K ← H(S)
Key Verification
M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)
(Aborts if M is invalid)
ID, A
SALT, B
M
H(A, M, K)
Password verifier:
!
SALT ← random
x ← H(SALT,Password)
v ← g^x
Agreed-upon parameters:
!
H – one-way hash function
N, g – group parameters
k ← H(N, g)
33. Key Negotiation
a ← random, A ← g^a
b ← random, B ← kv + g^b
u ← H(A, B) u ← H(A, B)
x ← H(SALT, Password)
S ← (B - kg^x) ^ (a + ux)
K ← H(S)
S ← (Av^u) ^ b
K ← H(S)
Key Verification
M ← H(H(N) ⊕ H(g), H(ID), SALT, A, B, K)
(Aborts if M is invalid)
ID, A, SMS CODE
SALT, B
M, SMS CODE
H(A, M, K)
Password verifier:
!
SALT ← random
x ← H(SALT,Password)
v ← g^x
Agreed-upon parameters:
!
H – SHA-256
N, g – RFC 5054 w. 2048-bit group
k ← H(N, g)
36. Escrowed Data Recovery
/get_records
List of escrowed records
/get_sms_targets
List of phone numbers*
*Display purposes only
37. Escrowed Data Recovery
/get_records
List of escrowed records
/get_sms_targets
List of phone numbers*
/generate_sms_challenge
OK
*Display purposes only
38. Escrowed Data Recovery
/get_records
List of escrowed records
/get_sms_targets
List of phone numbers*
/generate_sms_challenge
OK
/srp_init [DsID, A, SMS CODE]
[UUID, DsID, SALT, B]
*Display purposes only
39. Escrowed Data Recovery
/get_records
List of escrowed records
/get_sms_targets
List of phone numbers*
/generate_sms_challenge
OK
/srp_init [DsID, A, SMS CODE]
[UUID, DsID, SALT, B]
/recover [UUID, DsID, M, SMS CODE]
[IV, AES-CBC(KSRP, Escrowed Record)]
*Display purposes only
40. Escrow Proxy Endpoints
Endpoint Description
get_club_cert [?] Obtain certificate
enroll Submit escrow record
get_records List escrowed records
get_sms_targets List SMS numbers for escrowed records
generate_sms_challenge Generate and send challenge code
srp_init First step of SRP protocol
recover Second step of SRP protocol
alter_sms_target Change SMS number
41. Escrow Record
iCloud Security Code
1234 PBKDF2
Random Password
BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
SHA-256 x 10’000
AES-CBC
256 bit
*.escrowproxy.icloud.com
Keychain Passwords
yMa9ohCJ
tzzcVhE7
sDVoCnb
AES-Wrap Keys
RFC 3394
Backup Keybag
Key 1
Key 2
Key 3
AES-GCM
256 bit
*.keyvalueservice.icloud.com
42. Escrow Record
iCloud Security Code
1234 PBKDF2
Random Password
BL7Z-EBTJ-UBKD-X7NM-4W6D-J2N4
SHA-256 x 10’000
AES-CBC
256 bit
*.escrowproxy.icloud.com
Key ← PBKDF2-SHA256(iCSC, 10’000)
EscrowRecord ← AES-CBC(Key, RandomPassword)
44. Escrow Record
Key ← PBKDF2-SHA256(iCSC, 10’000)
EscrowRecord ← AES-CBC(Key, RandomPassword)
• This is stored by Apple
45. Escrow Record
Key ← PBKDF2-SHA256(iCSC, 10’000)
EscrowRecord ← AES-CBC(Key, RandomPassword)
• This is stored by Apple
• iCSC is 4 digits by default
46. Escrow Record
Key ← PBKDF2-SHA256(iCSC, 10’000)
EscrowRecord ← AES-CBC(Key, RandomPassword)
• This is stored by Apple
• iCSC is 4 digits by default
47. Escrow Record
Key ← PBKDF2-SHA256(iCSC, 10’000)
EscrowRecord ← AES-CBC(Key, RandomPassword)
• This is stored by Apple
• iCSC is 4 digits by default
Can you spot the problem yet?
48. Escrow Record
Key ← PBKDF2-SHA256(iCSC, 10’000)
• Offline iCSC guessing is possible
• Almost instant recovery [for default settings]
• iCSC decrypts keybag password
• Keybag password unlocks keybag keys
• Keybag keys decrypt Keychain items
49. Apple, or other adversary with
access to stored data, can near-instantly
decrypt “master”
password and read synced iCloud
Keychain records
!
(for default settings)
52. Complex iCSC
• Mechanics are the same as with simple iCSC
• Offline password recovery attack is still possible,
although pointless if password is complex enough
60. Conclusions
• Trust your vendor but verify his claims
• Never ever use simple iCloud Security Code
• Do not think that SMS Apple sends you is a 2FA
• Yet, iCK is reasonably well engineered although not
without shortcomings