This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography, hashes, signatures, and MACs address them.
- Symmetric block ciphers like DES and AES including modes of operation like CBC.
- Asymmetric cryptography concepts like key exchange using Diffie-Hellman and digital signatures using RSA.
- Cryptographic hash functions like SHA and their properties.
- Public key infrastructure concepts like certificates and how they establish authenticity of public keys.
Cryptography and network security Nit701Amit Pathak
Cryptography and network security descries the security parameter with the help of public and private key. Digital signature is one of the most important area which we apply in our daily life for transferring the data.
This PPT explains about the term "Cryptography - Encryption & Decryption".
This PPT is for beginners and for intermediate developers who want to learn about Cryptography.
I have also explained some famous ciphers like AES, DES and RSA.
Do not forget to like.
Cryptography and network security Nit701Amit Pathak
Cryptography and network security descries the security parameter with the help of public and private key. Digital signature is one of the most important area which we apply in our daily life for transferring the data.
This PPT explains about the term "Cryptography - Encryption & Decryption".
This PPT is for beginners and for intermediate developers who want to learn about Cryptography.
I have also explained some famous ciphers like AES, DES and RSA.
Do not forget to like.
Overview on Cryptography and Network SecurityDr. Rupa Ch
These slides give some overview on the the concepts which were in Crytography and network security. I have prepared these slides by the experiece after refer the text bbok as well as resources from the net. Added figures directly from the references. I would like to acknowledge all the authors by originally.
Data Protection Techniques and CryptographyTalha SAVAS
Cryptography:
The study of mathematical techniques related to aspects
of providing information security services (to construct).
Cryptanalysis:
The study of mathematical techniques for attempting to
defeat information security services (to break).
Cryptology:
The study of cryptography and cryptanalysis (both).
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
Overview on Cryptography and Network SecurityDr. Rupa Ch
These slides give some overview on the the concepts which were in Crytography and network security. I have prepared these slides by the experiece after refer the text bbok as well as resources from the net. Added figures directly from the references. I would like to acknowledge all the authors by originally.
Data Protection Techniques and CryptographyTalha SAVAS
Cryptography:
The study of mathematical techniques related to aspects
of providing information security services (to construct).
Cryptanalysis:
The study of mathematical techniques for attempting to
defeat information security services (to break).
Cryptology:
The study of cryptography and cryptanalysis (both).
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
This presentation introduces the Basics of Cryptography and Network Security concepts. Heavily derived from content from William Stalling's book with the same title.
Module 6
Advanced Networking
Security problems with internet architecture, Introduction to Software defined networking, Working of SDN, SDN in data centre, SDN applications, Data centre networking, IoT.
This presentation consists of the Seminar, provided by me in the partial fulfillment of my Bachelors Degree in G B Pant Engineering College. Seminar included information about Encryption, Decryption, Cryptosystems and Authenticity in crytosystem.
Bluetooth technology is an emerging wireless networking standard, which is based on chip that provides short-range wireless frequency hopping communication. Now, Bluetooth technology is mainly applied to the communication between mobile terminal devices, such as palm computers, mobile phones, laptops and so on. However, the phenomenon of data-leaking frequently arises in using the Bluetooth technology for data transfer. To enhance the security of data transmission in Bluetooth communication, a hybrid encryption algorithm based on DES and RSA is proposed. The currently used encryption algorithm employed by the Bluetooth to protect the confidentiality of data during transport between two or more devices is a 128-bit symmetric stream cipher called E0. The proposed hybrid encryption algorithm, instead of the E0 encryption, DES algorithm is used for data transmission because of its higher efficiency in block encryption, and RSA algorithm is used for the encryption of the key of the DES because of its management advantages in key cipher. Under the dual protection with the DES algorithm and the RSA algorithm, the data transmission in the Bluetooth system will be more secure. This project is extended with triple des in place of des to enhance more security.
Today in modern era of internet we share some sensitive data to information transmission. but need to ensure security. So we focus on Cryptography modern technique for secure transmission of information over network.
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
Information And Data Security Block Cipher and the data encryption standard (DES) seminar
Mustansiriya University
Department of Education
Computer Science
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
2. Agenda
Basics of security
Basics of cryptography
Symmetric Crypto
DES example, block chaining
Key exchange, Asymetric Crypto
RSA example
Public Key Infrastructure
Trust Provisionning
Attacks and how to cope with it
Attacks on Algorithms
Attacks on Implementations
Attacks on Protocols
Two Examples
A7 FS-application Trust provisioning + Offline Authentication
TLS and support of A70CM
2
4. Security Goals
Confidentiality: Eavesdropping possible?
At 10 at my place
Alice
At 10 at my place
Anneliese
Authenticity: Sender correct?
Mon, at 10 at my
place. Alice
Tue, at 10 at my
place. Alice
Integrity: Message modified?
Alice
Non-Repudiation: Message signed?
But also: Availability (i.e.: preventing denial of service), Privacy (personal data towards
merchant or third parties)
4
6. There is no such thing as „perfect security“
There is no such thing as “perfect security” – A secure system makes
an attack more expensive than the value of the advantage gained by the
attacker.
6
7. Attacks & Principles
Kerckhoffs’ principle: The attacker always knows the algorithm; the only
information unknown to him/her is the key.
Brute force attack
– Exhaustive search over all keys
– Single plaintext-ciphertext-pair may be enough to determine the
correct key
– Cannot be avoided
– Goal: Make it practically infeasible, i.e. key space is so large that the
search takes more than a lifetime
Side Channel Attacks:
– Even if a cryptographic algorithm offers high level of security, its
implementation may still leak information about secrets or keys:
timing behavior, current consumption, electromagnetic radiation etc
establish so called side channels for secret information.
There is no such thing as “perfect security” – A secure system makes an
attack more expensive than the value of the advantage gained by the attacker.
11. 1. Introduction - What is Android ?
2. Platform Architecture
3. Platform Components
4. Platform Initialization
5. How to get Android sources
A bit of history…
The Caesar cipher
12. 1. Introduction - What is Android ?
2. Platform Architecture
3. Platform Components
4. Platform Initialization
5. How to get Android sources
Block Ciphers
DES
Block Chaining
14. Symmetric block ciphers: DES and AES
Plaintext is divided into blocks m1, m2, ... of the same length
Every block is encrypted under the same key.
Typical block lengths: DES – 64 bit, AES – 128 bit
Typical key lengths: DES – 56 bit; AES – 128, 192, 256 bit
Algorithm Block c2 Block c1Block m4 Block m3
14
15. DES - Data Encryption Standard
Most important example for Feistel ciphers (ie: same operations to encrypt and decrypt)
Published in 1977 as a standard for the American governmental institutions
Significant weakness: 56 bit key is too short
1999 Deep Crack: 100.000 PCs computed key within 22 hours and 15 minutes
Input 64 bit
Output 64 bit
Permutation IP
–1
round i
round 16
Round key i
Round key 16
Key 56 bit
Permutation IP
R16
F
K16
F
K1
L0 R0
L1 R1
L15 R15
L16 R16
15
16. Modes of Operation
Algorithm Block c2 Block c1Block m4 Block m3
Modes of Operation
– How to ensure that the ordering of blocks is not changed by an attacker?
– Dependencies between encrypted blocks: Cipher Block Chaining (CBC)
17. Problems of block encryption
m1
c1
m2
c2
m3
c3
(3)DES
Enciphering
(3)DES
Enciphering
(3)DES
Enciphering
Electronic Code Book Mode:
Identical blocks are identically encrypted.
ECB-Example:
17
19. Triple-DES
Triple-DES = triple encryption using DES with two or three external
keys:
DES(k1, DES-1(k2, DES(k1,m)))
1. Question: Why is the decryption DES-1 in the middle?
Compatibility: When implementing Triple-DES and choosing k1 = k2,
then one gets the single DES. Therefore, only one algorithm needs
to be implemented to get Triple-DES and single DES.
2. Question: Why is not Double-DES used instead of Triple-DES?
Meet-in-the-middle attack!
Security comparison
– Two keys – NIST estimation: effectively 80 bits
– Three keys – NIST estimation: effectively 112 bits
19
20. AES – Scheme
AES is standardized for key lengths
of 128 bit, 192 bit, 256 bit, and block
size of 128 bit.
The number of rounds depends on
key length used:
10 up to 14
Round Function:
20
plaintext
Round key 0
Round 1 (round key 1)
Round 2 (round key 2)
Round n (round key n)
ciphertext
ByteSub ShiftRow MixColumn AddRoundKey
22. Hashfunctions
Analogy: digital fingerprints
Compression: Data of arbitrary length
is mapped to n bits.
(Typical values: 128/160 bits)
Cryptographic properties
Preimage of a hash is hard to find.
Two data elements with the same hash value
are hard to find (Collisions).
Data
Hash
23. Hashfunctions
Compression: Data of arbitrary length
is mapped to n bits.
Preimage of a hash is hard to find.
One-wayness:
Given h(m) finding m is infeasible.
Two data elements with the same
hash value are hard to find (Collisions).
Collision resistance:
It is infeasible to find m and m‘ which
are mapped to the same value.
(birthday paradox; output should
be at least 160 bits)
m
m'
m
m'
m h(m)
24. Secure Hash Algorithm (SHA)
First version: SHA-0 (160 bit output) in early 90s
SHA-1 only a minor change to SHA-0
Chinese Research Group attacked SHA-1:
– On collision resistance only
expected effort: 280, real effort 263 (Birthday paradox)
– Applicability highly depends on application
SHA-224,256,512 etc … xxx giving the length of output
SHA-3 in review and selection process
25. Message Authentication Codes: MAC, HASH
At 10 at my place
Alice
At 10 at my place
Anneliese
The active attacker: Who is the origin of a
message?
Authentication
verifies
MAC = HK(m) ?
K
m, MAC
computes
MAC = HK(m)
K
Message Authentication Code (“symmetric
signature”)
A authenticates her message by computing a tag
MAC and sends it together with the message to B.
B can verify this tag by re-computing it and check
whether the two results match.
The function H can be either a hash function (SHA, MD5), or a symetric block cipher based on DES or AES
(CMAC,…).
Integrity: Message can’t be easily modified
25
m,
26. 1. Introduction - What is Android ?
2. Platform Architecture
3. Platform Components
4. Platform Initialization
5. How to get Android sources
Key Exchange
Asymmetric Crypto
27. What about the Keys?
Alice and Bob need to share the same key. How to share it
securely?
Pre distribution? (ie: keys exchanges in a “secure
environment”)
– Trust provisionning (see later)
Secured Key Exchange
– Diffie Hellman and asymetric cryptography
27
31. Principles of Asymmetric Encryption
Everyone can put a letter into Bob‘s
mailbox.
Everyone can encrypt message for
Bob.
Everyone can verify Bob’s signature
Only Bob can open his mailbox with
his private key.
Only Bob can decrypt with his private
key.
Only Bob can create his own
signature
Bob
Hello Bob,
....
...
Encryption Decryption
Hello Bob,
....
...
31
32. Comparison Symmetric - Asymmetric
Symmetric
Algorithms
Asymmetric
Algorithms
Number Many Few
Security Can be very good Can be very good
Performance In general: good Bad
Key exchange necessary? Yes No
Digital Signatures No Yes
Typical Application Encryption Digital Signatures
Key Exchange
33. 1. Introduction - What is Android ?
2. Platform Architecture
3. Platform Components
4. Platform Initialization
5. How to get Android sources
Asymmetric Crypto: RSA
34. RSA
Based on the so called factorization problem:
– Given two prime numbers, it is easy to
multiply them. Given the product, it is
difficult to find the prime numbers.
RSA Keys – Every participant has
– a modulus n = p*q (public), the
product of two large prime numbers
– a public exponent e
(for performance reasons, one often
chooses small prime numbers with few
1’s)
– a private exponent d.
A: nA,eA
B: nB,eB
C : nC,eC
dA
dC
dB
34
35. RSA - Operation
Encryption
The sender computes
c = me mod n,
where
m is the message, (n, e) is the
public key of the receiver, and c
is the cipher text.
Decryption
The receiver computes
cd mod n,
where
c is the cipher text and d is the
private key of the receiver.
It holds:
cd mod n = med mod n
= m.
For signing it is the other way round:
• Signing is the same operation as decrypting
• Verifying a signature is the same operation as encrypting
35
36. RSA – Some Math
Primes p, q ; n = p*q
Thus, φ(n) = (p-1)*(q-1) = |{ x | x and n are coprime }|.
Euler‘s Theorem: cφ(n) mod n = 1 mod n
Let e, d such that
– e and φ(n) are coprime, thus inverse of e mod φ(n) exists
– e*d = 1 mod φ(n)
Let‘s prove RSA:
– cd mod n = (me)d mod n = med mod n // substitution
= m1+k*φ(n) mod n = m1 * mk*φ(n) mod n // definition modulo
= m1 * (mφ(n)) k mod n = m * 1k mod n // Euler‘s Theorem
= m
c = me mod n and m = cd mod n - Why?
37. RSA
Size of the RSA keys
– The bit length of the modulus is called the size of an RSA key. The
public exponent is usually a lot shorter; the private exponent is of
the same length as the modulus.
– Today, everything larger than 1024 2048 bit is considered to be
secure.
Implementation
– Chinese Remainder Theorem (CRT) is a mathematical fact that
allows to make decryption and signing significantly more efficient.
Has to be carefully implemented in order to be secure.
– Implementation without CRT is often called “straight forward” –
significantly less performance, but usually less security issues as
well
39. Threat: Authenticity of Public Keys
Attack
Mr. X replaces B’s public key EB by his own public key EX.
Consequences:
– Encryption: Only X can read messages that are meant for B.
– Signature: B’s signatures are not verifiable – B’s signatures are invalid!
X can sign messages that are verified as Bob’s signatures.
A : EA
B : E B
E X
C : E C
U : E U
V : E V
39
40. Certificates
Name and public key are signed by a trustworthy institution (certification
authority, CA).
Message (name, public key) and the CA’s signature on it are called “certificate”:
Cert(A) = {A, EA}, DCA{A, EA}
Format of Certificates have to be specified – X.509 for example
Tree-like structure possible – path of trust
Banco di Santo Spirito
DCAA, EA
Cert(A)
DA
40
41. Random numbers
Facts:
– In cryptography, often “unpredictable” numbers are needed (for
keys for example).
– Example: Generate a 128 bit AES key – required is, that even if an
attacker “knows” 127 bits of this key, he should not be able to
guess the missing bit with a better probability than ½.
– There is NO mathematical way to determine whether the outcome
of an “random number generator” is unpredictable!!!!
– The best thing offered by mathematicians are statistical tests: but
they can only test whether a sequence of random numbers has a
specific structure or property (and hence is NOT unpredictable). A
statistical test never gives a POSITIVE result. Passing a test, only
means a sequence does not have one specific (of many) negative
properties.