The needs of secure communication in web-based era is an inevitable aspect in order to support trustworthiness between counterparts. Maintaining trustworthiness could be achieved by providing mathematical aspects to support nonrepudiation, integrity, and confidentiality. Cryptography is one of many ways to make communication channel more secure, by preserving confidentiality and integrity aspect in C-I-A triangle. Public Key Infrastructure (“PKI”) provides the ease of cryptography key management, so that one party does not have to trust all of other entities but simply trust the Certification Authority (“CA”). By delegating trust to CA, all of other public keys that are issued by this CA are also trusted by correspondent party. If Government creates their own CA aside from commercial CAs, it could benefit a country in terms of national sovereignty. But it could also be rising up the red flag from citizen towards their privacy. This paper discusses the positioning of National PKI as friend or foe.
Index Terms—Cryptography, Digital signatures, Information security, Public key, National security
Understanding Telecom SIM and USIM/ISIM for LTEntel
SIM cards have been witnessing increasing adoption with the growing use of smartphones and other devices requiring always-on connectivity. SIM cards represent a key platform for value added services and applications, and are a core element in providing interoperability among the telecom industry players while ensuring security and safe authentication.
Key Features:
Form factors: mini-SIM (2FF), micro-SIM (3FF) and nano-SIM (4FF)
Memory size: from 32k up to 256k
High security standards and strong authentication algorithms
Over-The-Air (OTA) content management
Wide range of Value Added Services applications
Analyzing 1.2 Million Network Packets per Second in Real-timeDataWorks Summit
The document describes Cisco's OpenSOC, an open source security operations center that can analyze 1.2 million network packets per second in real time. It discusses the business need for such a solution given how breaches often go undetected for months. The solution architecture utilizes big data technologies like Hadoop, Kafka and Storm to enable real-time processing of streaming data at large scale. It also provides lessons learned around optimizing the performance of components like Kafka, HBase and Storm topologies.
The document discusses 6 myths about IPv6 and provides information on how IPv6 enables mobile devices, smart buildings, cloud computing, smart meters and more. It also discusses key concepts like the diffusion of innovations, testing IPv6 capabilities, and the technical differences and advantages of IPv6 such as larger addresses, usage of multicast, and end-to-end connectivity compared to IPv4. The document recommends steps for organizations to implement IPv6 including training, obtaining a prefix, designing an address plan, and security considerations.
This document discusses serverless applications and Ippon Technologies. It provides an overview of what serverless computing is, how a monolith application could be broken into serverless functions, best practices for serverless development including packaging code and continuous deployment, and tools for monitoring serverless applications on AWS like CloudWatch. It also advertises that Ippon Technologies is hiring for cloud-focused roles like Cloud Cost Architect and Site Reliability Engineers.
Improving business performance is never easy! The Natixis Pack is like Rugby. Working together is key to scrum success. Our data journey would undoubtedly have been so much more difficult if we had not made the move together.
This session is the story of how ‘The Natixis Pack’ has driven change in its current IT architecture so that legacy systems can leverage some of the many components in Hortonworks Data Platform in order to improve the performance of business applications. During this session, you will hear:
• How and why the business and IT requirements originated
• How we leverage the platform to fulfill security and production requirements
• How we organize a community to:
o Guard all the players, no one gets left on the ground!
o Us the platform appropriately (Not every problem is eligible for Big Data and standard databases are not dead)
• What are the most usable, the most interesting and the most promising technologies in the Apache Hadoop community
We will finish the story of a successful rugby team with insight into the special skills needed from each player to win the match!
DETAILS
This session is part business, part technical. We will talk about infrastructure, security and project management as well as the industrial usage of Hive, HBase, Kafka, and Spark within an industrial Corporate and Investment Bank environment, framed by regulatory constraints.
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
The document discusses challenges and realities of IPv6 deployment based on presentations from a security conference. Key points include:
- IPv6 deployments are growing but not yet widespread, with challenges around remote discovery, dual-stack systems, and outdated tools/firewalls.
- IPv6 support is required by PCI standards but reduces implementation risks if using new IPv6-prepared infrastructure.
- Cloud providers are starting to support IPv6 but full native support will take time and resources to implement across all network devices.
- When assessing IPv6 environments, tools need to discover addresses via various methods and monitor related IPv4 and IPv6 addresses/names.
- Organizations should evaluate their IPv6 capabilities and prepare a security
DevOps and Regulatory Compliance—Like Oil and Water or Peanut Butter and Jelly?TechWell
DevOps and regulatory compliance are two critically important ingredients in today’s connected organizations. DevOps enables you to move quickly and respond to change in an era where change is increasing at an exponential rate with no sign of slowing down. Regulatory compliance ensures that your organization takes the appropriate steps to follow relevant laws that appear to require adding burdensome processes and controls to your software development lifecycle. Brandon Carlson acknowledges that at first glance these two ideas seem incompatible, but they actually go together like peanut butter and jelly. While maintaining, analyzing, confirming, and reporting on the status of required information security, compliance, and privacy controls can be difficult, integrating these tasks within your DevOps/continuous delivery pipeline is easier than you think. Using examples from real-world projects in organizations just like yours, Brandon explains how to integrate compliance and reporting into your projects using tools you already know such as pair programming, Jenkins, Chef, Metasploit, and others. When it comes to compliance, it’s not oil and water. It’s peanut butter and jelly time.
Understanding Telecom SIM and USIM/ISIM for LTEntel
SIM cards have been witnessing increasing adoption with the growing use of smartphones and other devices requiring always-on connectivity. SIM cards represent a key platform for value added services and applications, and are a core element in providing interoperability among the telecom industry players while ensuring security and safe authentication.
Key Features:
Form factors: mini-SIM (2FF), micro-SIM (3FF) and nano-SIM (4FF)
Memory size: from 32k up to 256k
High security standards and strong authentication algorithms
Over-The-Air (OTA) content management
Wide range of Value Added Services applications
Analyzing 1.2 Million Network Packets per Second in Real-timeDataWorks Summit
The document describes Cisco's OpenSOC, an open source security operations center that can analyze 1.2 million network packets per second in real time. It discusses the business need for such a solution given how breaches often go undetected for months. The solution architecture utilizes big data technologies like Hadoop, Kafka and Storm to enable real-time processing of streaming data at large scale. It also provides lessons learned around optimizing the performance of components like Kafka, HBase and Storm topologies.
The document discusses 6 myths about IPv6 and provides information on how IPv6 enables mobile devices, smart buildings, cloud computing, smart meters and more. It also discusses key concepts like the diffusion of innovations, testing IPv6 capabilities, and the technical differences and advantages of IPv6 such as larger addresses, usage of multicast, and end-to-end connectivity compared to IPv4. The document recommends steps for organizations to implement IPv6 including training, obtaining a prefix, designing an address plan, and security considerations.
This document discusses serverless applications and Ippon Technologies. It provides an overview of what serverless computing is, how a monolith application could be broken into serverless functions, best practices for serverless development including packaging code and continuous deployment, and tools for monitoring serverless applications on AWS like CloudWatch. It also advertises that Ippon Technologies is hiring for cloud-focused roles like Cloud Cost Architect and Site Reliability Engineers.
Improving business performance is never easy! The Natixis Pack is like Rugby. Working together is key to scrum success. Our data journey would undoubtedly have been so much more difficult if we had not made the move together.
This session is the story of how ‘The Natixis Pack’ has driven change in its current IT architecture so that legacy systems can leverage some of the many components in Hortonworks Data Platform in order to improve the performance of business applications. During this session, you will hear:
• How and why the business and IT requirements originated
• How we leverage the platform to fulfill security and production requirements
• How we organize a community to:
o Guard all the players, no one gets left on the ground!
o Us the platform appropriately (Not every problem is eligible for Big Data and standard databases are not dead)
• What are the most usable, the most interesting and the most promising technologies in the Apache Hadoop community
We will finish the story of a successful rugby team with insight into the special skills needed from each player to win the match!
DETAILS
This session is part business, part technical. We will talk about infrastructure, security and project management as well as the industrial usage of Hive, HBase, Kafka, and Spark within an industrial Corporate and Investment Bank environment, framed by regulatory constraints.
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
The document discusses challenges and realities of IPv6 deployment based on presentations from a security conference. Key points include:
- IPv6 deployments are growing but not yet widespread, with challenges around remote discovery, dual-stack systems, and outdated tools/firewalls.
- IPv6 support is required by PCI standards but reduces implementation risks if using new IPv6-prepared infrastructure.
- Cloud providers are starting to support IPv6 but full native support will take time and resources to implement across all network devices.
- When assessing IPv6 environments, tools need to discover addresses via various methods and monitor related IPv4 and IPv6 addresses/names.
- Organizations should evaluate their IPv6 capabilities and prepare a security
DevOps and Regulatory Compliance—Like Oil and Water or Peanut Butter and Jelly?TechWell
DevOps and regulatory compliance are two critically important ingredients in today’s connected organizations. DevOps enables you to move quickly and respond to change in an era where change is increasing at an exponential rate with no sign of slowing down. Regulatory compliance ensures that your organization takes the appropriate steps to follow relevant laws that appear to require adding burdensome processes and controls to your software development lifecycle. Brandon Carlson acknowledges that at first glance these two ideas seem incompatible, but they actually go together like peanut butter and jelly. While maintaining, analyzing, confirming, and reporting on the status of required information security, compliance, and privacy controls can be difficult, integrating these tasks within your DevOps/continuous delivery pipeline is easier than you think. Using examples from real-world projects in organizations just like yours, Brandon explains how to integrate compliance and reporting into your projects using tools you already know such as pair programming, Jenkins, Chef, Metasploit, and others. When it comes to compliance, it’s not oil and water. It’s peanut butter and jelly time.
Michele Spagnuolo is a senior information security engineer at Google Switzerland. He has over 10 years of experience in security engineering, conducting security audits and research to identify vulnerabilities. Some of his past projects include Rosetta Flash, which demonstrated bypassing the same-origin policy, and BitIodine, which extracted intelligence from the Bitcoin blockchain. He has published papers on content security policy and cryptocurrencies.
Open Source Telecom Software Survey 2022, Alan QuayleAlan Quayle
The survey gathered responses from 120 participants in 2022 compared to 114 in 2021. It covered general topics such as DDoS attacks, security practices, STIR/SHAKEN implementation, IPv6 deployment, and expectations for major tech companies over the next two years. Key findings included that around half of participants have experienced a DDoS attack in 2022 and application-level attacks were as common as volumetric attacks. Most organizations take both reactive and proactive security approaches but more so reactive. STIR/SHAKEN implementation is ongoing with international carriers needing it to terminate traffic in North America. IPv6 deployment remains steady with no major differences between regions. This survey provides insights into trends in the open source tele
This document discusses digital transformation and securing agile environments. It covers topics like the future of firewalls, developing threats, using machine learning for malware detection, and predictive detection of threats like Cerber. It also discusses securing applications in cloud and virtual environments through techniques like application-aware security policies, microsegmentation with software-defined networking, and the vSEC product family.
Practical Cryptography and Security Concepts for DevelopersGökhan Şengün
This document summarizes Gökhan Şengün's presentation on practical cryptography and security concepts for developers at DEVOPS Zirvesi 2017. The presentation covers the history of cryptography, cryptographic hash functions, secure storage of secrets, symmetric and asymmetric encryption, public key infrastructure (PKI) and digital signatures, and techniques and use cases including HTTPS and SSL/TLS handshakes. The presentation aims to help developers understand basic cryptography concepts and how they apply to building secure systems.
Here are the key steps to build a Splunk ITSI KPI to monitor for missing event formats:
1. Define the expected event formats in a lookup table with fields like Rule_ID, Event_Name, Raw_Filter, Punct.
2. Create a Base Search that looks up the Punct field against the lookup and filters for matching rules. This will return the expected event names.
3. Build a KPI on top of the Base Search to track the count of matching events over time. Set thresholds to alert if the count drops significantly.
4. Create an alert that triggers if the KPI value breaches the threshold. This will fire if an unexpected drop in events is detected.
NodeJS Serverless backends for your frontendsCarlos Santana
The document is a presentation on OpenWhisk and serverless computing. It begins with an agenda and then covers the evolution of serverless computing towards event-driven models without servers. It introduces Bluemix as a platform and OpenWhisk as an open source serverless platform and function as a service (FaaS) offering within Bluemix. It describes OpenWhisk's key concepts of actions, triggers, and rules. It provides examples of using OpenWhisk for web actions and APIs. It concludes with encouraging attendees to learn more about OpenWhisk.
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
The promise of blockchain, or specifically distributed ledger technology, has captured the attention of business and IT leaders across multiple industries. Now is the time to move from hype to reality. This session will examine use cases of pioneering companies that apply blockchain in a multi-party entity environment with immutable smart contracts. We’ll share how some DevSecOps requirements are fundamentally different for blockchain pilots and full deployment—from getting started with the right development environment to concerns of security, encryption and operational visibility. We will also discuss integration of blockchain with existing systems of record and the use of shadow blockchain as an evolutionary step towards adoption. Join this session to learn more about developing, deploying, and securing blockchain.
For more information on Mainframe, please visit: http://ow.ly/VnBh50g66bO
The MongoDB Spark Connector integrates MongoDB and Apache Spark, providing users with the ability to process data in MongoDB with the massive parallelism of Spark. The connector gives users access to Spark's streaming capabilities, machine learning libraries, and interactive processing through the Spark shell, Dataframes and Datasets. We'll take a tour of the connector with a focus on practical use of the connector, and run a demo using both Spark and MongoDB for data processing.
MongoDB.local Dallas 2019: MongoDB and SparkMongoDB
The MongoDB Spark Connector integrates MongoDB and Apache Spark, providing users with the ability to process data in MongoDB with the massive parallelism of Spark. The connector gives users access to Spark's streaming capabilities, machine learning libraries, and interactive processing through the Spark shell, Dataframes and Datasets. We'll take a tour of the connector with a focus on practical use of the connector, and run a demo using both Spark and MongoDB for data processing.
As data gets bigger, faster and more complex, you need to arm yourself with the best tools. In this webinar we’ll see how KeyLines and ArangoDB combine to create powerful and intuitive data analysis platforms.
The document outlines Cisco Networking Academy's learning portfolio, which includes courses that align with various Cisco certifications in areas like CCNA R&S, CCNP R&S, and CCNA Security. The portfolio also includes exploratory foundational courses in networking, security, IoT, entrepreneurship, digital literacy, programming, and operating systems. Many courses are available now, while some, like advanced programming courses in C and C++, will be available within 12 months.
O futuro das empresas passa pelas constantes transformações digitais e, para isso, é fundamental manter aplicações que atendam às exigências dos clientes e, sobretudo, seguras. Nesse cenário, nasceu o conceito de DevSecOps, descrevendo um conjunto de práticas para integração entre as equipes de desenvolvimento de software. Nesta palestra, entenderemos mais sobre conceitos e como aplicar DevSecOps na prática. Provocaremos discussões “saudáveis” sobre o modelo tradicional de desenvolvimento e este modelo ágil que está trazendo uma grande mudança de paradigma na construção de aplicações.
R, Spark, Tensorflow, H20.ai Applied to Streaming AnalyticsKai Wähner
Slides from my talk at Codemotion Rome in March 2017. Development of analytic machine learning / deep learning models with R, Apache Spark ML, Tensorflow, H2O.ai, RapidMinder, KNIME and TIBCO Spotfire. Deployment to real time event processing / stream processing / streaming analytics engines like Apache Spark Streaming, Apache Flink, Kafka Streams, TIBCO StreamBase.
How to Leverage Machine Learning (R, Hadoop, Spark, H2O) for Real Time Proces...Codemotion
Big Data is key for innovation in many industries today. Large amounts of historical data are stored and analyzed in Hadoop, Spark or other clusters to find patterns, e.g. for predictive maintenance or cross-selling. However: How do you increase revenue or reduce risks in new transactions proactively? Stream processing is the solution to embed patterns into future actions in real-time. This session discusses and demos how machine learning and analytic models with R, Spark MLlib, H2O, etc. can be build and integrated into real-time event processing frameworks. The session focuses on live demos
Achieving Software Assurance with Hybrid Analysis Mapping Denim Group
Denim Group presented on their Hybrid Analysis Mapping (HAM) technology. HAM merges the results from static and dynamic application security testing to provide a more comprehensive vulnerability assessment. It builds an attack surface model and links vulnerabilities identified through different tools to their source code location. This improves results triage, vulnerability remediation, and allows discovery of new issues not found through individual tools. Denim Group has incorporated HAM into their ThreadFix software assurance platform.
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. In this workshop, participants will gain an insight into the considerations and requirements of hybrid cloud applications. We will cover how to design for capacity augmentation of existing private cloud applications in the hybrid cloud environment, as well as how to explicitly design an application for a hybrid cloud with performance, access, and availability in mind.
Facciamo il Punto su Presente e Futuro dei framework Hadoop e SparkMario Cartia
Poco più di 10 anni fa nasceva il framework opensource Hadoop rivoluzionando il mondo dei Big Data. Nato come implementazione opensource di due tecnologie di Google, MapReduce e GFS, metteva a disposizione di tutti strumenti per l'analisi di grandi quantità di dati che fino ad allora erano stati appannaggio del colosso di Mountain View. Qualche anno dopo presso l'AMPLab dell'Università di Berkeley nasceva un altro framework che avrebbe rivoluzionato il settore: Spark. Durante il webinar verrà analizzato lo "stato dell'arte" di questi due prodotti oggi nonché le features che verranno introdotte a breve disponibili attualmente in modalità "sperimentale" nelle versioni in fase di sviluppo.
Webinar: Mario Cartia - Facciamo il Punto su Presente e Futuro dei framework ...Codemotion
The document discusses the present and future of Hadoop and Spark frameworks. It provides a brief history of Hadoop and Spark and describes Spark's deploy modes including running Spark on YARN. It also distinguishes between fast and big data and describes new features in Hadoop 3.0 like HDFS erasure coding. The presentation encourages attendees to visit the speaker at the upcoming Codemotion conference in Milan.
A session in the DevNet Zone at Cisco Live, Berlin. Network Topology Visualization is an important part of many SDN applications and other domains. Easy customization and building a new component base on NeXt to adapt to different requirements is critical. This session will illustrate how to customize topology components and how to build other visualization components with the latest commercial version.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Michele Spagnuolo is a senior information security engineer at Google Switzerland. He has over 10 years of experience in security engineering, conducting security audits and research to identify vulnerabilities. Some of his past projects include Rosetta Flash, which demonstrated bypassing the same-origin policy, and BitIodine, which extracted intelligence from the Bitcoin blockchain. He has published papers on content security policy and cryptocurrencies.
Open Source Telecom Software Survey 2022, Alan QuayleAlan Quayle
The survey gathered responses from 120 participants in 2022 compared to 114 in 2021. It covered general topics such as DDoS attacks, security practices, STIR/SHAKEN implementation, IPv6 deployment, and expectations for major tech companies over the next two years. Key findings included that around half of participants have experienced a DDoS attack in 2022 and application-level attacks were as common as volumetric attacks. Most organizations take both reactive and proactive security approaches but more so reactive. STIR/SHAKEN implementation is ongoing with international carriers needing it to terminate traffic in North America. IPv6 deployment remains steady with no major differences between regions. This survey provides insights into trends in the open source tele
This document discusses digital transformation and securing agile environments. It covers topics like the future of firewalls, developing threats, using machine learning for malware detection, and predictive detection of threats like Cerber. It also discusses securing applications in cloud and virtual environments through techniques like application-aware security policies, microsegmentation with software-defined networking, and the vSEC product family.
Practical Cryptography and Security Concepts for DevelopersGökhan Şengün
This document summarizes Gökhan Şengün's presentation on practical cryptography and security concepts for developers at DEVOPS Zirvesi 2017. The presentation covers the history of cryptography, cryptographic hash functions, secure storage of secrets, symmetric and asymmetric encryption, public key infrastructure (PKI) and digital signatures, and techniques and use cases including HTTPS and SSL/TLS handshakes. The presentation aims to help developers understand basic cryptography concepts and how they apply to building secure systems.
Here are the key steps to build a Splunk ITSI KPI to monitor for missing event formats:
1. Define the expected event formats in a lookup table with fields like Rule_ID, Event_Name, Raw_Filter, Punct.
2. Create a Base Search that looks up the Punct field against the lookup and filters for matching rules. This will return the expected event names.
3. Build a KPI on top of the Base Search to track the count of matching events over time. Set thresholds to alert if the count drops significantly.
4. Create an alert that triggers if the KPI value breaches the threshold. This will fire if an unexpected drop in events is detected.
NodeJS Serverless backends for your frontendsCarlos Santana
The document is a presentation on OpenWhisk and serverless computing. It begins with an agenda and then covers the evolution of serverless computing towards event-driven models without servers. It introduces Bluemix as a platform and OpenWhisk as an open source serverless platform and function as a service (FaaS) offering within Bluemix. It describes OpenWhisk's key concepts of actions, triggers, and rules. It provides examples of using OpenWhisk for web actions and APIs. It concludes with encouraging attendees to learn more about OpenWhisk.
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
The promise of blockchain, or specifically distributed ledger technology, has captured the attention of business and IT leaders across multiple industries. Now is the time to move from hype to reality. This session will examine use cases of pioneering companies that apply blockchain in a multi-party entity environment with immutable smart contracts. We’ll share how some DevSecOps requirements are fundamentally different for blockchain pilots and full deployment—from getting started with the right development environment to concerns of security, encryption and operational visibility. We will also discuss integration of blockchain with existing systems of record and the use of shadow blockchain as an evolutionary step towards adoption. Join this session to learn more about developing, deploying, and securing blockchain.
For more information on Mainframe, please visit: http://ow.ly/VnBh50g66bO
The MongoDB Spark Connector integrates MongoDB and Apache Spark, providing users with the ability to process data in MongoDB with the massive parallelism of Spark. The connector gives users access to Spark's streaming capabilities, machine learning libraries, and interactive processing through the Spark shell, Dataframes and Datasets. We'll take a tour of the connector with a focus on practical use of the connector, and run a demo using both Spark and MongoDB for data processing.
MongoDB.local Dallas 2019: MongoDB and SparkMongoDB
The MongoDB Spark Connector integrates MongoDB and Apache Spark, providing users with the ability to process data in MongoDB with the massive parallelism of Spark. The connector gives users access to Spark's streaming capabilities, machine learning libraries, and interactive processing through the Spark shell, Dataframes and Datasets. We'll take a tour of the connector with a focus on practical use of the connector, and run a demo using both Spark and MongoDB for data processing.
As data gets bigger, faster and more complex, you need to arm yourself with the best tools. In this webinar we’ll see how KeyLines and ArangoDB combine to create powerful and intuitive data analysis platforms.
The document outlines Cisco Networking Academy's learning portfolio, which includes courses that align with various Cisco certifications in areas like CCNA R&S, CCNP R&S, and CCNA Security. The portfolio also includes exploratory foundational courses in networking, security, IoT, entrepreneurship, digital literacy, programming, and operating systems. Many courses are available now, while some, like advanced programming courses in C and C++, will be available within 12 months.
O futuro das empresas passa pelas constantes transformações digitais e, para isso, é fundamental manter aplicações que atendam às exigências dos clientes e, sobretudo, seguras. Nesse cenário, nasceu o conceito de DevSecOps, descrevendo um conjunto de práticas para integração entre as equipes de desenvolvimento de software. Nesta palestra, entenderemos mais sobre conceitos e como aplicar DevSecOps na prática. Provocaremos discussões “saudáveis” sobre o modelo tradicional de desenvolvimento e este modelo ágil que está trazendo uma grande mudança de paradigma na construção de aplicações.
R, Spark, Tensorflow, H20.ai Applied to Streaming AnalyticsKai Wähner
Slides from my talk at Codemotion Rome in March 2017. Development of analytic machine learning / deep learning models with R, Apache Spark ML, Tensorflow, H2O.ai, RapidMinder, KNIME and TIBCO Spotfire. Deployment to real time event processing / stream processing / streaming analytics engines like Apache Spark Streaming, Apache Flink, Kafka Streams, TIBCO StreamBase.
How to Leverage Machine Learning (R, Hadoop, Spark, H2O) for Real Time Proces...Codemotion
Big Data is key for innovation in many industries today. Large amounts of historical data are stored and analyzed in Hadoop, Spark or other clusters to find patterns, e.g. for predictive maintenance or cross-selling. However: How do you increase revenue or reduce risks in new transactions proactively? Stream processing is the solution to embed patterns into future actions in real-time. This session discusses and demos how machine learning and analytic models with R, Spark MLlib, H2O, etc. can be build and integrated into real-time event processing frameworks. The session focuses on live demos
Achieving Software Assurance with Hybrid Analysis Mapping Denim Group
Denim Group presented on their Hybrid Analysis Mapping (HAM) technology. HAM merges the results from static and dynamic application security testing to provide a more comprehensive vulnerability assessment. It builds an attack surface model and links vulnerabilities identified through different tools to their source code location. This improves results triage, vulnerability remediation, and allows discovery of new issues not found through individual tools. Denim Group has incorporated HAM into their ThreadFix software assurance platform.
Cisco Managed Private Cloud in Your Data Center: Public cloud experience on ...Cisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. In this workshop, participants will gain an insight into the considerations and requirements of hybrid cloud applications. We will cover how to design for capacity augmentation of existing private cloud applications in the hybrid cloud environment, as well as how to explicitly design an application for a hybrid cloud with performance, access, and availability in mind.
Facciamo il Punto su Presente e Futuro dei framework Hadoop e SparkMario Cartia
Poco più di 10 anni fa nasceva il framework opensource Hadoop rivoluzionando il mondo dei Big Data. Nato come implementazione opensource di due tecnologie di Google, MapReduce e GFS, metteva a disposizione di tutti strumenti per l'analisi di grandi quantità di dati che fino ad allora erano stati appannaggio del colosso di Mountain View. Qualche anno dopo presso l'AMPLab dell'Università di Berkeley nasceva un altro framework che avrebbe rivoluzionato il settore: Spark. Durante il webinar verrà analizzato lo "stato dell'arte" di questi due prodotti oggi nonché le features che verranno introdotte a breve disponibili attualmente in modalità "sperimentale" nelle versioni in fase di sviluppo.
Webinar: Mario Cartia - Facciamo il Punto su Presente e Futuro dei framework ...Codemotion
The document discusses the present and future of Hadoop and Spark frameworks. It provides a brief history of Hadoop and Spark and describes Spark's deploy modes including running Spark on YARN. It also distinguishes between fast and big data and describes new features in Hadoop 3.0 like HDFS erasure coding. The presentation encourages attendees to visit the speaker at the upcoming Codemotion conference in Milan.
A session in the DevNet Zone at Cisco Live, Berlin. Network Topology Visualization is an important part of many SDN applications and other domains. Easy customization and building a new component base on NeXt to adapt to different requirements is critical. This session will illustrate how to customize topology components and how to build other visualization components with the latest commercial version.
Similar to National Public Key Infrastructure: Friend or Foe? (20)
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Zilliz
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
National Public Key Infrastructure: Friend or Foe?
1.
2. What does this presentation all about
• Don’t shout at me with “cut the crap, show me the hack!”
• More academic approach rather than practical hack
• Build up the situational awareness when National Public Key Infrastructure (“PKI”) fully implemented
• Encouraging netizen to understand what National PKI is, without necessarily pushing the hard words,
such as PKCS#8 vs PKCS#12 or PKCS#10 CSR in DER vs PEM.
• Open ended question: “Friend of Foe”
IDSECCONF 2016 CFP 2 24--25 SEP 2016
3. /usr/bin/finger @tintinnya
Login: @tintinnya Name: B. Noviansyah
Directory: /Freelancers/@tintinnya Shell: /bin/bash
On since 1998—2002 (ITB) on Bachelor of Informatics
On since 2002—2012 (Many Employers) on Java EE Programmer
On since 2012—2014 (CMU Heinz) on MSISPM + Cyber Forensics and Incident Handler Track
On since 2014—now (Some Bosses) on Many activities, included AFDI
No Mail.
No Plan, just an Independent IT Researcher on night shift, an employee on morning shift.
IDSECCONF 2016 CFP 3 24--25 SEP 2016
4. Positioning of National PKI
• Digital Signature in Law of the Republic of Indonesia No. 11 of 2008 concerning Electronic Information
and Transactions
• Article 1
• Point 9: “Electronic Certificate” means a certificate in electronic nature that bears an Electronic Signature and identity,
demonstrating a status of a legal subject of parties to an Electronic Transaction issued by Certification Service
Providers.
• Point 10: “Electronic Certification Service Provider” means a legal entity that acts as a reliable party, issues and audits
Electronic Certificates.
• Point 12: “Electronic Signature” means a signature that contains Electronic Information that is attached to, associated
or linked with other Electronic Information that is used for means of verification and authentication.
• Point 13: “Signatory/Signer” means a legal subject associated or linked with an Electronic Signature.
https://www.bu.edu/bucflp/files/2012/01/Law-No.-11-Concerning-Electronic-Information-and-Transactions.pdf
IDSECCONF 2016 CFP 4 24--25 SEP 2016
5. Positioning of National PKI
• Digital Signature in Law of the Republic of Indonesia No. 11 of 2008 concerning Electronic Information
and Transactions
• Article 11 Paragraph (1):
Electronic Signatures shall have lawful legal force and legal effect to the extent satisfying the following requirements:
a. Electronic Signature-creation data shall be associated only with the Signatories/Signers;
b. Electronic Signature-creation data at the time the electronic signing process shall be only in the power of the
Signatories/Signers;
c. Any alteration in Electronic Signatures that occur after the signing time is knowable;
d. Any alteration in Electronic Information associated with the Electronic Signatures after the signing time is knowable;
e. There are certain methods adopted to identify the identity of the Signatories/Signers; and
f. There are certain methods to demonstrate that the Signatories/Signers have given consent to the associated
Electronic Information;
https://www.bu.edu/bucflp/files/2012/01/Law-No.-11-Concerning-Electronic-Information-and-Transactions.pdf
IDSECCONF 2016 CFP 5 24--25 SEP 2016
10. N = 3
• Key space = {qAB, qAC, qBC}
N = 5
• Keyspace = {qAB, qAC, qAD, qAE, qBC, qBD, qBE, qCD,
qCE, qDE}
Symmetric-key Cryptography
A
B C
qBC
A
B
C
D E
qAC
qDE
IDSECCONF 2016 CFP 10 24--25 SEP 2016
13. 24--25 SEP 2016IDSECCONF 2016 CFP
Asymmetric-key Cryptography with
Digital Signature
A B
pA
Plain
Text
qA
Cipher
Text
Plain
Text
Reply
Text
Cipher
Text
Reply
Text
pB qB
qBSignature
Hash
SignaturepB
Hashmatch?
Hashing
hashing
qA Signature Signature
Hash
pA
Hash
Hash
Hashing
Hash
match?
Hashing
13
15. IDSECCONF 2016 CFP 24--25 SEP 2016
Asymmetric-key Cryptography with
Digital Signature with Symmetric Key
A B
Plain
Text
Cipher
Text
Reply
Text
Cipher
Text
Reply
Text
pB
qB
qBSignature
Hash
SignaturepB
Hashmatch?
Hashing
hashing
qA Signature Signature
Hash
pA
Hash
Hash
Hashing
Hash
match?
Hashing
pA
qA
Plain
Text
15
16. Decentralized
• PGP system allows users to distribute their key to
their correspondents, e.g. Distribute via email, or
web page
• It could be also published on PGP Key Server such
as pgp.mit.edu
• MIT Keyserver does not guarantee the real owner
of public key, it is the user obligation to trust the
ownership of public key
Centralized
• PKI creates chain of trust, starts from Root CA
• Once user trusts the Root CA, all public keys
signed by Root CA will be automatically
trusted by user
• Public Key should only be published by
Trusted CA
Asymmetric-Key Key Management
IDSECCONF 2016 CFP 16 24--25 SEP 2016
18. IDSECCONF 2016 CFP 24--25 SEP 2016
Asymmetric-Key Signing Request
• In order to be trusted by system in PKI, user’s Public Key should be signed by Certification Authority (CA) that
is under Trusted Root CA issuance process
• After public key signed by CA, it can be used by other party, either for encryption purpose or for digital
signature verification. While the private key is never published and should only be in party A possession.
18
AqA
PKCS#10 CSR in
PEM/DER
pA
Certification
Authority
CER in X.509 format in ASN.1 Structure
pA
CA
CA
pCA
19. Target Acquired!
• Article 1
• Point 9: “Electronic Certificate” means a certificate in electronic nature that bears an Electronic Signature and identity,
demonstrating a status of a legal subject of parties to an Electronic Transaction issued by
Certification Service Providers.
• Point 10: “Electronic Certification Service Provider” means a legal entity that acts as a reliable party, issues and audits
Electronic Certificates.
• Point 12: “Electronic Signature” means a signature that contains Electronic Information that is attached to, associated
or linked with other Electronic Information that is used for means of verification and authentication.
• Point 13: “Signatory/Signer” means a legal subject associated or linked with an Electronic Signature.
24--25 SEP 2016IDSECCONF 2016 CFP 19
National PKI
20. National PKI for Digital Signature only?
• Another purposes:
• SSL certificate for official website,
• Secure Email, Internet Banking,
• e-Taxation, e-Custom
• e-Commerce, Cyber Trading, e-Banking
• IoT, FIDO
24--25 SEP 2016IDSECCONF 2016 CFP 20
Source: Riki Arif Gunawan, “Digital Signature Roadmap,” presented at the 4th
Public Key Infrastructure Awareness and EJBCA/TOOLKIT Seminar, Jakarta, Indonesia, Feb. 29, 2016.
21. Gain our Trust!
• Update all Trusted CA list in OSes
• Microsoft Trusted Root Certificate, https://technet.microsoft.com/en-us/library/cc751157.aspx
• Apple Root Certificate Program, https://www.apple.com/certificateauthority/ca_program.html
• Google Chromium Projects with Root Certificate Policy, https://www.chromium.org/Home/chromium-
security/root-ca-policy
• Mozilla Firefox Certificate Store with Mozilla CA Certificate Policy. https://www.mozilla.org/en-
US/about/governance/policies/security-group/certs/policy/
• Get audited based on Chartered Professional Accountants of Canada (previously: AICPA/CICA) WebTrust
Program for Certification Authorities http://www.webtrust.org/item64428.aspx
24--25 SEP 2016IDSECCONF 2016 CFP 21
23. Friend or Foe: Code Signing (1)
• Prevent unauthorized modification of critical applications
• Application Signing
• This certificate is intended to protect applications being tampered in application distribution process. These applications
could be application for National ID (KTP) registration process in Municipal Office (Kantor Walikota) or District Office
(Kantor Kelurahan)
• Driver/Library Signing
• This certificate is intended to protect applications being tampered in application while in operational routines. Case of
Bangladesh Heist, SWIFT Alliance Access has been tampered in library/driver level.
24--25 SEP 2016IDSECCONF 2016 CFP 23
29. Friend or Foe: SSL/TLS Interceptor (1)
• HTTPS inspection by intercepting SSL/TLS layer
• DPI, DLP, IDS/IPS, Content Filtering (!)
• Implements Transparent Web Proxy in Network Access Point (NAP)
• Enforces all web browsers to use National Root CA by applying HTTP Strict Transport Security (HSTS)
• Generic encrypted traffic via SSL/TLS, no information could be seen unless the information below:
• (i) source IP, (ii) source port, (iii) destination IP, (iv) destination port, and (v) protocol
• Using SSL/TLS Interceptor, more information are visible:
• (i) hostname, (ii) URI, (iii) POST/GET data
• Will not be working if all clients or web apps using Certificate Pinning
• Think of “MITM” in National Scale, not just in simulated network, or medium enterprise network
• Burpsuite in national Internet, if you are on “proxy” level
• Dissecting SSL/TLS using wireshark with National Private Key, for network forensics investigation
24--25 SEP 2016IDSECCONF 2016 CFP 29
40. Friend or Foe: No Protection of Private key? (1)
• Great power comes with the great responsibility. Are you responsible enough to handle it?
• Choosing of private key
• Algorithm and Keylength: RSA 4096? What about cryptographic power of embedded system? Yubico YubiKey USB
perhaps?
• RSA 1024? SRSLY? Haven’t you play any CTF that crack RSA 1024?
• Storage Security of private key
• Filesystem only? Yeah, right! Lay it on drive C:TEMP so that everyone can access it.
• PFX or P12 format password protected? Prone to be bruteforce, with no limitation of trial.
• Don’t ended in Documentary movie like Zero Days: “Olympic Games” Stuxnet with Realtek Digital Signature
• Think about things like Hardware Security Module (HSM)
24--25 SEP 2016IDSECCONF 2016 CFP 40
41. Friend or Foe: No Protection of Private key? (2)
• HSM
• Personal and low computing power: USB
• Private Key is stored in specific partition of storage, equipped with low cryptographic processor but limited in USB Bus
Speed.
• Requires password to access the partition
• Directly supported with Cryptography API using PKCS#11 or using specific driver for older OSes
• Limits bruteforce. Locked after 10 times consecutive trial with wrong password
• Dedicated processor to offloading cryptographic calculation: PCI-e Card
• Similar with USB, but high bandwidth from Card to CPU
• More powerfull (and of course more Benjamins): Network-based HSM
24--25 SEP 2016IDSECCONF 2016 CFP 41
42. Friend or Foe: No Protection of Private key? (3)
• HSM
• More powerful (and of course more Benjamins): Network-based HSM
• Multiple Layers of Access List
• Requires HSM activation using specific USB token and PIN activation before HSM can be accessed via network
• Requires Certificate exchange between server and HSM to setup Network Trusted Link (NTL) Service, hence the communication
channel is encrypted with asymmetric-key cryptography
• Has multiple partitions. Hence, requires PIN or password to access intended partitions
• Has multiple key objects in single partitions. Hence, requires specific password to access different key objects
• Could offload the cryptographic processing to HSM’s processor using provided API from manufacturers, hence lowering
down the CPU load in Server side.
24--25 SEP 2016IDSECCONF 2016 CFP 42
47. Questions that remain unanswered
• CA Hierarchy
• Root CA is maintained by Kemkominfo, while SubCA is maintained by respective Ministry
• But, How deep the level of CA? Too deep will slowing down the process. Too shallow will jeopardizing all chain
of trust, when SubCA or even RootCA’s private key is compromised
• CA requires Directory Services to attach user information in certificate.
• What will the directory services be? LDAP, Microsoft ADDS, Oracle Internet Directory, Apache Directory Server,
Sun Java System Directory Server?
• Replicate or query to http://dukcapil.kemendagri.go.id/ceknik
• What will the private key be for end-user/citizen?
• Media? Don’t tell me the e-KTP card.
24--25 SEP 2016IDSECCONF 2016 CFP 47
48. What Next?
• Strengthen the Implementation and the operational site, do not ended up with case like
DigiNortar
• New PKI with Fast IDentification Online (FIDO) and Enhanced Privacy ID (EPID)
• Blockchain in PKI to enhance the chain of trust
IDSECCONF 2016 CFP 48 24--25 SEP 2016