Fault Detection Scheme for AES Using Composite FieldAJAL A J
The cipher Rijndael is one of the five finalists of the Advanced Encryption Standard (AES)
The algorithm has been designed by Joan Daemen and Vincent Rijmen
It is a Block cipher.
The hardware implementation with 128-bit blocks and 128-bit keys is presented.
VLSI optimizations of the Rijndael algorithm are discussed and several hardware design modifications and techniques are used, such as memory sharing and parallelism.
Fault Detection Scheme for AES Using Composite FieldAJAL A J
The cipher Rijndael is one of the five finalists of the Advanced Encryption Standard (AES)
The algorithm has been designed by Joan Daemen and Vincent Rijmen
It is a Block cipher.
The hardware implementation with 128-bit blocks and 128-bit keys is presented.
VLSI optimizations of the Rijndael algorithm are discussed and several hardware design modifications and techniques are used, such as memory sharing and parallelism.
E-MAIL, IP & WEB SECURITY
E-mail Security: Security Services for E-mail-attacks possible through E-mail – establishing keys privacy-authentication of the source-Message Integrity-Non-repudiation-Pretty Good Privacy-S/MIME. IPSecurity: Overview of IPSec – IP and IPv6-Authentication Header-Encapsulation Security Payload (ESP)-Internet Key Exchange (Phases of IKE, ISAKMP/IKE Encoding). Web Security:
AES and DES are two different crypto algorithms having different features. This projects consists of integrating these algorithms to develop a new structure. Here, read and write of text files is employed. Thus, the text files listed should exist in the same folder as the project is in. Implementation is carried in VHDL on Modelsim.
Overview on Cryptography and Network SecurityDr. Rupa Ch
These slides give some overview on the the concepts which were in Crytography and network security. I have prepared these slides by the experiece after refer the text bbok as well as resources from the net. Added figures directly from the references. I would like to acknowledge all the authors by originally.
Public Key Cryptosystems with Applications, Requirements and
Cryptanalysis, RSA algorithm, its computational aspects and security, Diffie-Hillman Key Exchange algorithm, Man-in-Middle attack
This PPT explains about the term "Cryptography - Encryption & Decryption".
This PPT is for beginners and for intermediate developers who want to learn about Cryptography.
I have also explained some famous ciphers like AES, DES and RSA.
Do not forget to like.
This design involves the implementation AES 128. Inside top module, enc, dec and key_generation modules are available. Both enc and dec are controlled via respective resets. When enc executes, key_generation runs and further fills the key memory. dec unit on its execution extracts key from the same memory. Working on to test the design with Side Channel Attacks.
HASH FUNCTIONS AND DIGITAL SIGNATURES
Authentication requirement – Authentication function – MAC – Hash function – Security of hash function and MAC –MD5 – SHA – HMAC – CMAC – Digital signature and authentication protocols – DSS – EI Gamal – Schnorr.
IMPLEMENT A NOVEL SYMMETRIC BLOCK CIPHER ALGORITHMijcisjournal
Cryptography technology is a security technique used to change plain text to another shape of data or to symbols, which is known as the cipher text. Cryptography aims to keep the data secure during its journey through public networks. Currently, there are many proposed algorithms that provide this service especially for sensitive data or very important conversations either through mobile or video conferences. In this paper, an inventive security symmetric algorithm is implemented and evaluated, and its performance is compared to the AES. The algorithm has four different rounds for each quarter of the key container table, and each of them serves to shift the table. The algorithm uses the XOR operation, which, being lightweight and cheap, is very appropriate for use with Real Time Applications. The result shows that the suggested algorithm spends less time than AES although it has 16 rounds and the numbers used to mix up the table are big.
Cryptography technology is a security technique used to change plain text to another shape of data or to
symbols, which is known as the cipher text. Cryptography aims to keep the data secure during its journey
through public networks. Currently, there are many proposed algorithms that provide this service
especially for sensitive data or very important conversations either through mobile or video conferences. In
this paper, an inventive security symmetric algorithm is implemented and evaluated, and its performance is
compared to the AES. The algorithm has four different rounds for each quarter of the key container table,
and each of them serves to shift the table. The algorithm uses the XOR operation, which, being lightweight
and cheap, is very appropriate for use with Real Time Applications. The result shows that the suggested
algorithm spends less time than AES although it has 16 rounds and the numbers used to mix up the table
are big.
E-MAIL, IP & WEB SECURITY
E-mail Security: Security Services for E-mail-attacks possible through E-mail – establishing keys privacy-authentication of the source-Message Integrity-Non-repudiation-Pretty Good Privacy-S/MIME. IPSecurity: Overview of IPSec – IP and IPv6-Authentication Header-Encapsulation Security Payload (ESP)-Internet Key Exchange (Phases of IKE, ISAKMP/IKE Encoding). Web Security:
AES and DES are two different crypto algorithms having different features. This projects consists of integrating these algorithms to develop a new structure. Here, read and write of text files is employed. Thus, the text files listed should exist in the same folder as the project is in. Implementation is carried in VHDL on Modelsim.
Overview on Cryptography and Network SecurityDr. Rupa Ch
These slides give some overview on the the concepts which were in Crytography and network security. I have prepared these slides by the experiece after refer the text bbok as well as resources from the net. Added figures directly from the references. I would like to acknowledge all the authors by originally.
Public Key Cryptosystems with Applications, Requirements and
Cryptanalysis, RSA algorithm, its computational aspects and security, Diffie-Hillman Key Exchange algorithm, Man-in-Middle attack
This PPT explains about the term "Cryptography - Encryption & Decryption".
This PPT is for beginners and for intermediate developers who want to learn about Cryptography.
I have also explained some famous ciphers like AES, DES and RSA.
Do not forget to like.
This design involves the implementation AES 128. Inside top module, enc, dec and key_generation modules are available. Both enc and dec are controlled via respective resets. When enc executes, key_generation runs and further fills the key memory. dec unit on its execution extracts key from the same memory. Working on to test the design with Side Channel Attacks.
HASH FUNCTIONS AND DIGITAL SIGNATURES
Authentication requirement – Authentication function – MAC – Hash function – Security of hash function and MAC –MD5 – SHA – HMAC – CMAC – Digital signature and authentication protocols – DSS – EI Gamal – Schnorr.
IMPLEMENT A NOVEL SYMMETRIC BLOCK CIPHER ALGORITHMijcisjournal
Cryptography technology is a security technique used to change plain text to another shape of data or to symbols, which is known as the cipher text. Cryptography aims to keep the data secure during its journey through public networks. Currently, there are many proposed algorithms that provide this service especially for sensitive data or very important conversations either through mobile or video conferences. In this paper, an inventive security symmetric algorithm is implemented and evaluated, and its performance is compared to the AES. The algorithm has four different rounds for each quarter of the key container table, and each of them serves to shift the table. The algorithm uses the XOR operation, which, being lightweight and cheap, is very appropriate for use with Real Time Applications. The result shows that the suggested algorithm spends less time than AES although it has 16 rounds and the numbers used to mix up the table are big.
Cryptography technology is a security technique used to change plain text to another shape of data or to
symbols, which is known as the cipher text. Cryptography aims to keep the data secure during its journey
through public networks. Currently, there are many proposed algorithms that provide this service
especially for sensitive data or very important conversations either through mobile or video conferences. In
this paper, an inventive security symmetric algorithm is implemented and evaluated, and its performance is
compared to the AES. The algorithm has four different rounds for each quarter of the key container table,
and each of them serves to shift the table. The algorithm uses the XOR operation, which, being lightweight
and cheap, is very appropriate for use with Real Time Applications. The result shows that the suggested
algorithm spends less time than AES although it has 16 rounds and the numbers used to mix up the table
are big.
A new hybrid text encryption approach over mobile ad hoc network IJECEIAES
Data exchange has been rapidly increased recently by increasing the use of mobile networks. Sharing information (text, image, audio and video) over unsecured mobile network channels is liable for attacking and stealing. Encryption techniques are the most suitable methods to protect information from hackers. Hill cipher algorithm is one of symmetric techniques, it has a simple structure and fast computations, but weak security because sender and receiver need to use and share the same private key within a non-secure channel. Therefore, a novel hybrid encryption approach between elliptic curve cryptosystem and hill cipher (ECCHC) is proposed in this paper to convert Hill Cipher from symmetric technique (private key) to asymmetric one (public key) and increase its security and efficiency and resist the hackers. Thus, no need to share the secret key between sender and receiver and both can generate it from the private and public keys. Therefore, the proposed approach presents a new contribution by its ability to encrypt every character in the 128 ASCII table by using its ASCII value direct without needing to assign a numerical value for each character. The main advantages of the proposed method are represented in the computation simplicity, security efficiency and faster computation.
Pairing Based Elliptic Curve Cryptosystem for Message AuthenticationIJTET Journal
Abstract— Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. ECC generates keys through the properties of the elliptic curve equation instead of the traditional method of generation as the product of very large prime numbers. Because ECC helps to establish equivalent security with lower computing power and battery resource usage, it is becoming widely used for mobile applications. Recently the bilinear pairing such as Weil Pairing or Tate Pairing on elliptic curves and hyper elliptic curves has been found various applications in cryptography. Several identity-based cryptosystems using bilinear pairings of elliptic curves or hyper elliptic curves were presented. Blind signature and ring signature are very useful to provide the user’s anonymity and the signer’s privacy. The proposed method focuses an ID-based ring signature scheme which is based on the pairings with elliptic curve cryptography. The proposed method is used to reduce the number of computation of the pairing for the verification of the id based signature and also decoding of the id based public key cryptosystems with authentication by factor of 2.
Data Security Using Elliptic Curve CryptographyIJCERT
Cryptography technique is used to provide data security. In existing cryptography technique the key generation takes place randomly. Key generation require shared key. If shared key is access by unauthorized user then security becomes disoriented. Hence existing problems are alleviated to give more security to data. In proposed system a algorithm called as Elliptic Curve Cryptography is used. The ECC generates the key by using the point on the curve. The ECC is used for generating the key by using point on the curve and encryption and decryption operation takes place through curve. In the proposed system the encryption and key generation process takes place rapidly.
ANALYSIS OF SIDE CHANNEL ATTACKS ON VARIOUS CRYPTOGRAPHIC ALGORITHMSJournal For Research
The need for a secured data transfer through the internet is most needed in today’s life. From Online Banking & Reservation software, Electronic Mails, Social Networking Sites to Governmental informative websites & cloud services, security is the main concern throughout. Quite accordingly, availability of a secure cryptographic algorithm commercially is also of premium importance. The project basically deals with analyzing the performances of two commonly used cryptographic algorithms and determining their resilience against Side Channel cryptanalysis, ascertaining whether a Side Channel cryptanalytic method on these algorithms is possible and finally, strengthening the algorithms against future cryptanalytic attacks. We took the famous asymmetric RSA algorithm for our initial analysis, followed by the symmetric IDEA cryptographic algorithm. The basic objectives were as follows: Monitoring and analyzing the performances of the specified algorithms in normal cases and when subjected to Side Channel cryptanalytic attacks, Devising and implementing a method for a Side Channel cryptanalytic attack on the above cryptographic algorithms, Using principles of Elliptic Curve Cryptography (ECC) to implement a method for strengthening the above cryptographic algorithms against possible Side Channel cryptanalytic attacks, wherein the inputs for the specified cryptographic algorithms was taken from an elliptic curve defined over a prime field.
First presentation of a Cryptography series, it aims to provide a high level overview of cryptography, clarify its objectives, define the terminology and explain the basics of how digital security systems, like Bitcoin, are built.
Mike Dance is a web developer and Bitcoin advocate.
----------
Presented at the BitcoinSYD Meetup on 11 February 2015
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...IJECEIAES
he Wireless Sensor Networks (WSNs) have spread its roots in almost every application. Owing to their scattered nature of sensor nodes, they are more prone to attacks. There are certain applications e.g. military, where sensor data‟s confidentiality requirement during transmission is essential. Cryptography has a vital role for achieving security in WSNs.WSN has resource constraints like memory size, processing speed and energy consumption which bounds the applicability of existing cryptographic algorithms for WSN. Any good security algorithms has higher energy consumption by the nodes, so it‟s a need to choose most energy-efficient cryptographic encryption algorithms for WSNs. This paper surveys different asymmetric algorithms such as RSA, Diffie-Hellman, DSA, ECC, hybrid and DNA cryptography. These algorithms are compared based on their key size, strength, weakness, attacks and possible countermeasures in the form of table.
International Journal of Engineering and Science Invention (IJESI)inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
MEANING OF RESEARCH
OBJECTIVES OF RESEARCH
CHARACTERISTICS OF RESEARCH
CRITERIA OF A GOOD RESEARCH
QUALITIES OF GOOD RESEARCH
RESEARCH MOTIVATIONS
TYPES OF RESEARCH
PROBLEMS IN RESEARCH
RESEARCH APPROACHES
RESEARCH PROCESS
LITERATURE REVIEW
HYPOTHESIS
CRITERIA OF GOOD RESEARCH
PROBLEMS ENCOUNTERED BY RESEARCHER
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
12.1 Security Awareness, Training, and Education
12.2 Polices and Employment Practices
12.3 E-Mail and Internet Use Policies
12.4 Computer Security Incident Response Teams
1 Symmetric Encryption
2 Message Authentication and Hash Functions
3 Public-Key Encryption
4 Digital Signatures and Key Management
5 Random and Pseudo random Numbers
6 Practical Application: Encryption of Stored Data
7 Symmetric vs Asymmetric
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Improved authentication & key agreement protocol using elliptic curve cryptography
1. IMPROVED AUTHENTICATION
&
KEY AGREEMENT PROTOCOL
USING ELLIPTIC CURVE CRYPTOGRAPHY
V.R. Rajasekar
Lecturer – IT
Al Musanaa College of Technology
Sultanate of Oman
National Conference on Recent Trends in Information Technology
Ibra College of Technology
Sultanate of Oman
May 2006
2. PRESENTATION PATH
S1. About ECC…
S2. Existing protocols
S3. Proposed protocol
S4. Implementation related issues
S5. Conclusion and References
3. S1. About ECC
1. Need for cryptography
"CSI/FBI Computer Crime and Security survey – 2005"
4. • The total losses for 2005, because of Computer Crime and security
attacks were US$130 Million. (639 Respondents)
5. • 68% of respondents are using "Encryption for data in transit"
• 46% of respondents are using "Encrypted files“ as the type of
security technology used by their organizations.
6. • Cryptography plays a major role in the Security mechanism.
• Traditional Public-Key Cryptography algorithms available like
RSA, DSA, DH etc.,
• Elliptic Curve Cryptography (ECC) emerging as attractive
alternative to traditional public-key cryptosystem.
• Recently the NIST (National Institute of Standards and
Technology) approved ECC for use by the U.S government.
• Several standard organizations such as IEEE, ANSI, OMA and
IETF have ongoing efforts to include ECC as recommended
security Mechanism.
7. 2. Why ECC is an alternative for traditional PKCA?
• Offers equivalent security with smaller key sizes.
• Resulting in faster computations, Lower power consumption
as well as memory and Bandwidth savings.
• The use of 1024-bit RSA does not match the 128-bit security
level provided by ECC.
• NIST, "Special Publication 800-57: Recommendation for key
management, Part I: General Guideline", Draft Jan 2003.
says ECC is the best suitable system to transport or
exchange keys for symmetric-key ciphers.
8. • Every public-key cryptosystem have a hard mathematical problem
that is computationally difficult.
• The relative difficulty of solving that problem determines the
security strength of the corresponding system.
Public-Key System Example
Method of Solving the
problem / Attack
Integer factorization RSA, Rabin-Williams Sub-Exponential
Discrete logarithm
Diffie-Hellman (DH), DSA,
ElGamal
Sub-Exponential
Elliptic Curve Discrete
Logarithm
ECDH, ECDSA Fully exponential
• ECC requires exponential time to attack, for this reason; ECC
can offer equivalent security with substantially smaller key sizes.
9. S2. Existing protocols
For Key agreement
• Diffie-Hellman Key exchange
• Elliptic Curve Diffie-Hellman (ECDH)
For Authentication
• Elliptic Curve Digital Signature algorithm.
(ECDSA)
10. 1. Diffie-Hellman Key exchange.
• Number of commercial products available
• To enable user to exchange a key securely
• Subsequently used to encrypt messages
• Only for key exchange
11. Drawbacks of DH.
1. Brute-force attack possible by knowing
Prime number (q), primitive root ( α),
Public key of A and B, the secret key K can
be computed.
2. Reply attacks – An attack in which a
service already authorized and completed is
forged by another duplicated request in an
attempt to repeat authorized commands.
12. 2) Elliptic curve Diffie-Hellman (ECDH)
• This protocol establishes a shared key between two
parties.
• DH is based on the multiplicative group modulo p.
• ECDH is based on the additive elliptic curve group.
Elliptic Curve Diffie-Hellmann
13. Drawbacks of ECDH
1. Possibility for Brute-force attack will be reduced but
we cannot say it is fully removed.
2. Reply attacks – An attack in which a service already
authorized and completed is forged by another
duplicated request in an attempt to repeat authorized
commands.
3. The Public key of both the User and Server is not
protected.
4. For every transaction both the server and user should
be initiated repeatedly
14. 3. Elliptic Curve Digital Signature Algorithm ( ECDSA)
This protocol consists of three parts.
• ECDSA Key generation
• ECDSA Signature generation
• ECDSA Signature verification
1. Key generation - Used to generate the Public and Private key of
the users.
2. Signature generation - Used by the user to generate the
signature for the message using Secure Hash algorithm.
3. Signature verification - Used by the User B to verify A’s
Signature and Accepts/Rejects the message and vice versa.
15. Drawbacks of ECDSA.
1. Only for Authentication.
2. Key agreement should be done separately before
authentication.
3. For every transaction both the Key agreement process
and Authentication should be repeated.
4. Suitable only for a Home network.
16. Consolidating the drawbacks of existing protocols.
• Brute-force attack
• Reply attacks
• The Public key of both the User and Server is not
protected.
• Key agreement and authentication should be
done separately.
• For every transaction both the Key agreement &
Authentication process should be repeated.
• Suitable only for a Home network.
18. Mutual Authentication and key agreement protocol
Need to be executed in real-time.
Immediate key exchange – Whenever service is needed by User or Server.
Send Public Key
Receive Public Key of Server
Generate Mutually agreed Secret Key
Send Public Key
Receive Public Key of User
Generate Mutually agreed Secret Key
USER SERVER
Generate certificate
{Secret Key, Exp Date, Random Number}
Compress [E [Certificate, Secret Key]]
Send to User
Decompress, Decrypt ->
Certificate, Random Number
Checks the validity of the Certificate
[Continue/Abort]
19. Generate certificate
{Secret Key, Exp Date, Random Number}
Compress [E [Certificate, Secret Key]]
Send to Server
Decompress, Decrypt ->
Certificate, Random Number
Checks the validity of the Certificate
[Continue/Abort]
Verification procedure has been completed by both the sides
User and Server are ready for their communication
Generate the unique Secret Key
using the Mutually agreed key.
Generate the unique Secret Key
using the Mutually agreed key.
For generating the Unique Secret Key – No need to repeat the entire process.
Both Server and User can perform Scalar addition on the random number know to them.
This key can be used for encrypting the data sent through the channel.
For every Communication the Unique Secret Key will be changed.
Encrypt message using Unique Secret Key
Send to Server
Encrypt message using Unique Secret Key
Send to User
20. S4. Implementation related issues.
• ECC was applied over the finite filed GF(2k
).
• GF(2k
) – Galois field, where k is a composite
number.
• ECC operations like addition, multiplication,
inversion and point doubling operations were
carried over the filed GF(2176
).
• Programs were written in C++ and executed on
the PC with 548 MHz, Pentium II Processor.
21. Result Comparison with [*].
[*] M. Aydos, E. Savas and C.K. Koc, "Implementing Network Security Protocols based
of Elliptic Curve Cryptography", Proceedings of the fourth symposium on computer
networks, Pages 130 – 139, Istanbul, Turkey, May 20 – 21, 1999.
Operation Proposed-Timings Timings given in [*]
EC Addition 80µsec 80 µsec
EC Doubling 80 µsec 80 µsec
EC Multip. 25 msec 25 msec
Protocols Storage
Proposed 1120 bits
Protocol Proposed in [*] 1440 bits
22. S5. Conclusion & References
5.1 Conclusion
1. MA-KA Protocol is an improved in performance.
2. Provides all the security services.
3. More effective than existing protocols.
4. Still having some drawbacks – which will be solved in near
future.
23. 5.2 References.
[1] V. Miller, "Uses of elliptic curves in cryptography", Crypto 1985, LNCS218: Advances
in Cryptology, Springer-Verlag, 1986.
[2] N.Koblitz, "Elliptic curve cryptosystems", Mathematics of Computation, 48:203-209,
1987.
[3] U.S. Dept of Commerce/NIST, "Digital Signature Standard (DSS)", FIPS PUB 186-2,
Jan. 2000.
[4] A. Lenstra and E. Verheul, "Selecting Cryptographic Key Sizes", Journal to Cryptology
14 (2001) pp. 255 – 293, Http:/www.cryptosavvy.com/.
[5] NIST, "Special Publication 800-57: Recommendation for Key Management. Part 1:
General Guideline", Draft Jan.2003.
[6] A. Shamir and E. Tromer, "Factoring Large Numbers with the TWIRL Device", Crypto
2003, LNCS 2729, Springer-Verlag, Aug.2003.
[7] B. Kaliski, "TWIRL and RSA Key size", RSA Laboratories Technical Note, May 2003.
http://rsasecurity.com/rsalabs/technotes/twirl.html.
24. [8] N. Smart, "How secure are elliptic curves over composite extension fields?",
EUROCRYPT 2001, LNCS 2045 Springer-Verlag, pp. 30- 39, 2001.
[9] Certicom Research, "SEC 2: Recommended Elliptic Curve Domain Parameters",
Standards for efficient Cryptography, Version 1.0, Sep. 2000.
[10] IEEE P 1363. Standard Specifications for Public-Key Cryptography. Draft version 7,
September 1998.
[11] M. Aydos, B. Sunar and C.K. Koc, "An Elliptic Curve Cryptography based
Authentication and Key agreement Protocol for wireless communication", 2nd
International workshop on Discrete Algorithms and Methods for Mobile Computing and
Communications, Dallas, Texas, October, 30, 1998.
[12] M. Aydos, E. Savas and C.K. Koc, "Implementing Network Security Protocols based of
Elliptic Curve Cryptography", Proceedings of the fourth symposium on computer
networks, Pages 130 – 139, Istanbul, Turkey, May 20 – 21, 1999.
[13] E. De Win. A. Bosselars, S. Vandenberghe P. De Gersem and J. Vandewalle. A fast
software implementation for arithmetic operations in GF (2n). In K. Kim and T.
Matsumoto, editors, Advances in Cryptology – ASIACRYPT 96, Lecture notes in
computer Science, N0. 1163, Pages 65 – 76. New York, NY: Springer – Verlag, 1996.