Whitepaper: Digipass Authentication for Pulse Connect Secure Kappa Data
This whitepaper describes how to configure Pulse Connect Secure together with VASCO IDENTIKEY Authentication Server. This setup will enable securing the sign-in to the SSL VPN with two-factor authentication.
For more information contact: sales@kappadata.be
Presentation outlining the goals, design, architecture and roadmap of @exact-realty/ecmascript-sandbox.
@exact-realty/ecmascript-sandbox is an ECMAScript sandbox with the aim of providing an isolated environment to run ECMAScript code.
JavaScript Makers: How JS is Helping Drive the Maker MovementJesse Cravens
JavaScript is now running everywhere, but one of the most fascinating areas is in the crossroads of full stack JavaScript and prototyping boards. Join frog hacker, Jesse Cravens, and his 6 year old son Carter Clearwater, in a talk about how the open hardware and software revolutions are accelerating the everyday hacker's ability to innovate.
JavaScript's accessibility, friendly syntax, and asynchronous runtime, makes it the ideal programming language for makers of all levels, enabling a spectrum of entry points: those with experience in other languages can explore the more advance topics without being riddled with 'time-consuming' boilerplate, compilation, and multi-threading, while newbies and young learners can get started with a successful build in a matter of hours.
Discover newer JavaScript APIs. Explore a suite of prototyping boards, such as Arduino, Raspberry Pi, Beaglebone, and the Freescale Freedom, that are inspiring JavaScript developers to step out of the web browser and into the world of physical computing, robotics, and hardware. Leave with not only some new ideas for yourself but also your children.
Whitepaper: Digipass Authentication for Pulse Connect Secure Kappa Data
This whitepaper describes how to configure Pulse Connect Secure together with VASCO IDENTIKEY Authentication Server. This setup will enable securing the sign-in to the SSL VPN with two-factor authentication.
For more information contact: sales@kappadata.be
Presentation outlining the goals, design, architecture and roadmap of @exact-realty/ecmascript-sandbox.
@exact-realty/ecmascript-sandbox is an ECMAScript sandbox with the aim of providing an isolated environment to run ECMAScript code.
JavaScript Makers: How JS is Helping Drive the Maker MovementJesse Cravens
JavaScript is now running everywhere, but one of the most fascinating areas is in the crossroads of full stack JavaScript and prototyping boards. Join frog hacker, Jesse Cravens, and his 6 year old son Carter Clearwater, in a talk about how the open hardware and software revolutions are accelerating the everyday hacker's ability to innovate.
JavaScript's accessibility, friendly syntax, and asynchronous runtime, makes it the ideal programming language for makers of all levels, enabling a spectrum of entry points: those with experience in other languages can explore the more advance topics without being riddled with 'time-consuming' boilerplate, compilation, and multi-threading, while newbies and young learners can get started with a successful build in a matter of hours.
Discover newer JavaScript APIs. Explore a suite of prototyping boards, such as Arduino, Raspberry Pi, Beaglebone, and the Freescale Freedom, that are inspiring JavaScript developers to step out of the web browser and into the world of physical computing, robotics, and hardware. Leave with not only some new ideas for yourself but also your children.
A hybrid modified lightweight algorithm for achieving data integrity and con...IJECEIAES
Encryption algorithms aim to make data secure enough to be decrypted by an attacker. This paper combines the Speck and the Salsa20 to make it difficult for an attacker to exploit any weaknesses in these two algorithms and create a new lightweight hybrid algorithm called Speck-Salsa20 algorithm for data integrity and confidentiality (SSDIC). SSDIC uses less energy and has an efficient throughput. It works well in both hardware and software and can handle a variety of explicit plaintext and key sizes. SSDIC solves the difficulties of the Speck algorithm. The sequence generated by Speck is not random and fails to meet an acceptable success rate when tested in statistical tests. It is processed by generating a random key using the Salsa20 algorithm. Salsa20 is a high-speed secure algorithm that is faster than advanced encryption standard (AES) and can be used on devices with low resources. It uses a 256-bit key hash function. The recovery of the right half of the original key of the Speck algorithm is also handled by modifying the Speck round function and the key schedule. Simulation results show, according to a National Institute of Standards and Technology (NIST) test, the performance achieved by the SSDIC is increased by nearly 66% more than that achieved from the Speck in terms of data integrity and confidentiality.
10 Excellent Ways to Secure Your Spring Boot Application - The Secure Develop...Matt Raible
Spring Boot is an excellent way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure. This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more! You’ll learn how to add these features to a real application, using the Java language you know and love.
YouTube: https://www.thesecuredeveloper.com/post/10-excellent-ways-to-secure-your-spring-boot-application
Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
What a year it has been for Microsoft and the Java Ecosystem! In this keynote George Adams and Martijn Verburg will take you through the highlights of Microsoft's internal and external Java investments and how they impact you as a Java developer and decision maker! In particular we'll cover what Microsoft has been up to since its acquisition of jClarity last year and the subsequent formation of its very own Java Engineering Group. You'll get behind the scenes insights into our thinking with regards to Microsoft giving back to the ecosystem, through OpenJDK (such as the Windows Arm port!), AdoptOpenJDK (bringing you free Java for life!) and launching Java developer friendly services (Azure Spring Cloud to name but one). You'll also hear about how much Microsoft depends on Java and its popularity within the company. If you've always been curious about what goes on behind the scenes at a major cloud player like Microsoft, then this is the session you'll want to tune into.
Postgre sql custom datatype overloading operator and castingAndrea Adami
Come definire un nuovo tipo di dati ormai si vede tutti i giorni ma come poter fare l'overloading degli operatori e del casting penso siano grandi feature che PostgreSQL offre ai propri utenti, quelle cioè che fanno definire PostgreSQL un object-relation database.
Queste funzionalità non sono state implementate per dimostrare le capacità del team di sviluppo di PostgreSQL (che ovviamente nessuno mette in dubbio, anzi...) ma hanno risvolti importanti nella programmazione di tutti i giorni: possiamo infatti fare un lookup di una tabella con una funzione di conversione oppure manipolare i codici di errore custom tramite l'overloading degli operatori, questi (e non molto altro dato il tempo a disposizione) saranno gli esempi che porteremo per dimostrare la potenza di questi costrutti.
E' un talk con molto codice per cui ci aspettiamo grande partecipazioni di sviluppatori ansiosi di assimilare nuovi spunti, ma anche di sistemisti, che vogliono ampliare la propria visione di insieme, e a maggior ragione, i manager che vogliono capire la direzione da far prendere ai prossimi investimenti.
What do magicians and programmers have in common? They are good at juggling, have very nimble fingertips, often make things vanish, and have lovely assistants! Ok, so maybe not all of those describe your average hacker (unless your pair programmer partner happens to be Penny), but we are going to try to put on the most spectacular magic show that has ever been seen on the stage at a tech conference! [geeks only]
As proper geeks, we are going to make heavy use of embedded wearable and internet connected devices to make up for our lack of dexterity and supernatural powers. Also, all tricks will be revealed with the designs available to reproduce in the spirit of open source and creative commons. Come join us to see for yourself what real [hacker] magic looks like!
A presentation slide for recruit agent's seminar on Aug 28, 2011.
This slide describing What's WebSocket? Difference w/ Comet? How to use ? What is appreciate coding pattern :)
MySQL Tech Café #8: MySQL 8.0 for Python DevelopersFrederic Descamps
Usually it seems Python developers don't always think about MySQL as their first choice.... However when test test it with the right connector and MySQL 8.0 they love it !
Join this talk to learn how Python with mysql-connector-python can take advantages of MySQL 8.0.
This means using Standard MySQL Protocol but much nicer the X Protocol. During this session you will see how you can use MySQL Document Store and MySQL as RDBMS on the same session to benefits from both worlds.
[DefCon 2016] I got 99 Problems, but Little Snitch ain’t one!Synack
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
A hybrid modified lightweight algorithm for achieving data integrity and con...IJECEIAES
Encryption algorithms aim to make data secure enough to be decrypted by an attacker. This paper combines the Speck and the Salsa20 to make it difficult for an attacker to exploit any weaknesses in these two algorithms and create a new lightweight hybrid algorithm called Speck-Salsa20 algorithm for data integrity and confidentiality (SSDIC). SSDIC uses less energy and has an efficient throughput. It works well in both hardware and software and can handle a variety of explicit plaintext and key sizes. SSDIC solves the difficulties of the Speck algorithm. The sequence generated by Speck is not random and fails to meet an acceptable success rate when tested in statistical tests. It is processed by generating a random key using the Salsa20 algorithm. Salsa20 is a high-speed secure algorithm that is faster than advanced encryption standard (AES) and can be used on devices with low resources. It uses a 256-bit key hash function. The recovery of the right half of the original key of the Speck algorithm is also handled by modifying the Speck round function and the key schedule. Simulation results show, according to a National Institute of Standards and Technology (NIST) test, the performance achieved by the SSDIC is increased by nearly 66% more than that achieved from the Speck in terms of data integrity and confidentiality.
10 Excellent Ways to Secure Your Spring Boot Application - The Secure Develop...Matt Raible
Spring Boot is an excellent way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure. This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more! You’ll learn how to add these features to a real application, using the Java language you know and love.
YouTube: https://www.thesecuredeveloper.com/post/10-excellent-ways-to-secure-your-spring-boot-application
Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
What a year it has been for Microsoft and the Java Ecosystem! In this keynote George Adams and Martijn Verburg will take you through the highlights of Microsoft's internal and external Java investments and how they impact you as a Java developer and decision maker! In particular we'll cover what Microsoft has been up to since its acquisition of jClarity last year and the subsequent formation of its very own Java Engineering Group. You'll get behind the scenes insights into our thinking with regards to Microsoft giving back to the ecosystem, through OpenJDK (such as the Windows Arm port!), AdoptOpenJDK (bringing you free Java for life!) and launching Java developer friendly services (Azure Spring Cloud to name but one). You'll also hear about how much Microsoft depends on Java and its popularity within the company. If you've always been curious about what goes on behind the scenes at a major cloud player like Microsoft, then this is the session you'll want to tune into.
Postgre sql custom datatype overloading operator and castingAndrea Adami
Come definire un nuovo tipo di dati ormai si vede tutti i giorni ma come poter fare l'overloading degli operatori e del casting penso siano grandi feature che PostgreSQL offre ai propri utenti, quelle cioè che fanno definire PostgreSQL un object-relation database.
Queste funzionalità non sono state implementate per dimostrare le capacità del team di sviluppo di PostgreSQL (che ovviamente nessuno mette in dubbio, anzi...) ma hanno risvolti importanti nella programmazione di tutti i giorni: possiamo infatti fare un lookup di una tabella con una funzione di conversione oppure manipolare i codici di errore custom tramite l'overloading degli operatori, questi (e non molto altro dato il tempo a disposizione) saranno gli esempi che porteremo per dimostrare la potenza di questi costrutti.
E' un talk con molto codice per cui ci aspettiamo grande partecipazioni di sviluppatori ansiosi di assimilare nuovi spunti, ma anche di sistemisti, che vogliono ampliare la propria visione di insieme, e a maggior ragione, i manager che vogliono capire la direzione da far prendere ai prossimi investimenti.
What do magicians and programmers have in common? They are good at juggling, have very nimble fingertips, often make things vanish, and have lovely assistants! Ok, so maybe not all of those describe your average hacker (unless your pair programmer partner happens to be Penny), but we are going to try to put on the most spectacular magic show that has ever been seen on the stage at a tech conference! [geeks only]
As proper geeks, we are going to make heavy use of embedded wearable and internet connected devices to make up for our lack of dexterity and supernatural powers. Also, all tricks will be revealed with the designs available to reproduce in the spirit of open source and creative commons. Come join us to see for yourself what real [hacker] magic looks like!
A presentation slide for recruit agent's seminar on Aug 28, 2011.
This slide describing What's WebSocket? Difference w/ Comet? How to use ? What is appreciate coding pattern :)
MySQL Tech Café #8: MySQL 8.0 for Python DevelopersFrederic Descamps
Usually it seems Python developers don't always think about MySQL as their first choice.... However when test test it with the right connector and MySQL 8.0 they love it !
Join this talk to learn how Python with mysql-connector-python can take advantages of MySQL 8.0.
This means using Standard MySQL Protocol but much nicer the X Protocol. During this session you will see how you can use MySQL Document Store and MySQL as RDBMS on the same session to benefits from both worlds.
[DefCon 2016] I got 99 Problems, but Little Snitch ain’t one!Synack
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
7. :
Web Web
:
Bash, Git
Node.js, npm, yarn
Google Chrome and/or Firefox
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 7 / 61
8. ( )
1 &JS
2 AES
3
4 MAC
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 8 / 61
22. RSA
RSA
D PK
⇒ RSA 13
RSA
13
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 22 / 61
23. RSA 2 14
PKCS#1-v1.5 Padding
Optimal Asymmetric Encryption Padding (OAEP)
14
PKCS#1 (RFC8017) https://tools.ietf.org/html/rfc8017
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 23 / 61
24. PKCS#1-v1.5 Padding
RSA RSAES-PKCS1-v1 5
M
D = 0x00 || 0x02 || RandomSequence || 0x00 || M
15
PKCS#1 v2.2 RFC8017)
CRYPTREC
16
15
1998 Bleinchenbacher’s Attack 2018 Internet
(ROBOT Attack)
16
https://www.cryptrec.go.jp/method.html
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 24 / 61
25. Optimal Asymmetric Encryption Padding (OAEP) 17
RSA RSA-OAEP RSAES (RSA
Encryption Scheme) - OAEP
M All or Nothing Transform
(AONT) D
D = AONT(M, RandomSeed)
PKCS#1-v1.5 Padding
PKCS#1 v2.2 (RFC8017)
OAEP
RSA OAEP
17
M. Bellare and P. Rogaway, “Optimal Asymmetric Encryption,” in Proc. EUROCRYPTO 1994,
pp. 92–111, LNCS 950, 1994.
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 25 / 61
26. : OAEP
Masked Seed, Masked Data Block
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 26 / 61
27. JavaScript RSA-OAEP
sample
string
$ yarn execute rsa-oaep-demo ’hello world’
<Input Data>
hello world
<Generated RSA Key Pair (PEM Form)>
Public Key:
30820122300d06092a864....... // (DER)
Private Key:
308204bc020100300d060....... // (DER)
=======
<Encrypted Data (in Base64)>
9f28a2acbd7cd5bc748f3....... // ’hello world’ RSA-OAEP
=======
<Decrypted Data>
hello world //
=======
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 27 / 61
28. ( ):
RSA
$ yarn execute rsa-keygen
<Generated RSA Key Pair (DER Form)>
Public Key:
30820122300d06092a864886f70d010......
Private Key:
308204be020100300d06092a864886f......
RSA-OAEP (-p )
$ yarn execute rsa-oaep-encrypt ’hello world’
-p ’308201223......’
<Encrypted Data (in HexString)>
8da122191b1ec6da72afe88c96cfbb3...... //
RSA-OAEP (-s )
$ yarn execute rsa-oaep-decrypt ’8da122191b1ec6da72afe88c96cfbb3......’
-s ’308204be020100300d06092a864886f......’
<Decrypted Data>
hello world
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 28 / 61
36. JavaScript ECDH
sample 2
$ yarn execute check-ecdh
<ECC Key Pair A (DER Form)>
Public Key:
3059301306072a8648ce3d020106082... // A
Private Key:
308193020100301306072a8648ce3d0... // A
=======
<ECC Key Pair B (DER Form)>
Public Key:
3059301306072a8648ce3d020106082... // B
Private Key:
308193020100301306072a8648ce3d0... // B
=======
// A B
Shared Bits from Public Key A and Private Key B: c55393fc681811141...
// B A
Shared Bits from Public Key B and Private Key A: c55393fc681811141...
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 36 / 61
37. ECDH
src/test-api.js
const jscu = getJscu();
const jscec = getJscec(); //js-crypto-ec jscu
// DER jscu JWK
const publicKey = new jscu.Key(’der’, publicDer);
const privateKey = new jscu.Key(’der’, privateDer);
const publicJwk = await publicKey.export(’jwk’);
const privateJwk = await privateKey.export(’jwk’);
//
const derived = await jscec.deriveSecret(publicJwk, privateJwk);
jscu ECDH+AES API ECDH
ECDH
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 37 / 61
38. ECDH WebCrypto API( )
Node.js Crypto 21
21
[ ] encrypt API deriveBits( ) [Node.js]
ECDH
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 38 / 61
39. 2
AES
(=ECDH ) AES
⇒
HKDF (RFC5869)
Concat KDF (RFC8039)22
etc....
HKDF
22
JOSE https://tools.ietf.org/html/rfc8037
Jun Kurihara (Zettant Inc./U-Hyogo) E2E Security with JS 03 January 26, 2020 39 / 61