Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
Shai Halevi discusses new ways to protect cloud data and security. Presented at "New Techniques for Protecting Cloud Data and Security" organized by the New York Technology Council.
Cloud computing is an ever-growing field in today‘s era.With the accumulation of data and the
advancement of technology,a large amount of data is generated everyday.Storage, availability and security of
the data form major concerns in the field of cloud computing.This paper focuses on homomorphic encryption,
which is largely used for security of data in the cloud.Homomorphic encryption is defined as the technique of
encryption in which specific operations can be carried out on the encrypted data.The data is stored on a remote
server.The task here is operating on the encrypted data.There are two types of homomorphic encryption, Fully
homomorphic encryption and patially homomorphic encryption.Fully homomorphic encryption allow arbitrary
computation on the ciphertext in a ring, while the partially homomorphic encryption is the one in which
addition or multiplication operations can be carried out on the normal ciphertext.Homomorphic encryption
plays a vital role in cloud computing as the encrypted data of companies is stored in a public cloud, thus taking
advantage of the cloud provider‘s services.Various algorithms and methods of homomorphic encryption that
have been proposed are discussed in this paper
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...Cyber Security Alliance
At 28c3, Klink and Waelde demonstrated that a number of technologies (PHP, .NET, Ruby, Java, etc.) remained vulnerable to the decade-old hash-flooding DoS attacks. These attacks work by enforcing worst-case insert time in hash tables by sending many inputs hashing to the same value (a “multicollision”). Many vendors fixed the issue by replacing the weak deterministic hash function with stronger and randomized hash functions. In this presentation, we will show examples of such stronger randomized hash functions that fail to protect against hash-flooding, by presenting “universal multicollision” attacks based on differential cryptanalysis techniques. We will present demos showing how to exploit these attacks to DoS a Ruby on Rails application, as well as the latest Java OpenJDK; two technologies that chose to “fix” hash-flooding by using the MurmurHash hash functions. Finally, we will describe a reliable fix to hash-flooding with the SipHash family of pseudorandom functions: SipHash provides the adequate cryptographic strength to mitigate hash-flooding, yet is competitive in performance with the non-cryptographic hashes.
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
Shai Halevi discusses new ways to protect cloud data and security. Presented at "New Techniques for Protecting Cloud Data and Security" organized by the New York Technology Council.
Cloud computing is an ever-growing field in today‘s era.With the accumulation of data and the
advancement of technology,a large amount of data is generated everyday.Storage, availability and security of
the data form major concerns in the field of cloud computing.This paper focuses on homomorphic encryption,
which is largely used for security of data in the cloud.Homomorphic encryption is defined as the technique of
encryption in which specific operations can be carried out on the encrypted data.The data is stored on a remote
server.The task here is operating on the encrypted data.There are two types of homomorphic encryption, Fully
homomorphic encryption and patially homomorphic encryption.Fully homomorphic encryption allow arbitrary
computation on the ciphertext in a ring, while the partially homomorphic encryption is the one in which
addition or multiplication operations can be carried out on the normal ciphertext.Homomorphic encryption
plays a vital role in cloud computing as the encrypted data of companies is stored in a public cloud, thus taking
advantage of the cloud provider‘s services.Various algorithms and methods of homomorphic encryption that
have been proposed are discussed in this paper
ASFWS 2012 - Hash-flooding DoS reloaded: attacks and defenses par Jean-Philip...Cyber Security Alliance
At 28c3, Klink and Waelde demonstrated that a number of technologies (PHP, .NET, Ruby, Java, etc.) remained vulnerable to the decade-old hash-flooding DoS attacks. These attacks work by enforcing worst-case insert time in hash tables by sending many inputs hashing to the same value (a “multicollision”). Many vendors fixed the issue by replacing the weak deterministic hash function with stronger and randomized hash functions. In this presentation, we will show examples of such stronger randomized hash functions that fail to protect against hash-flooding, by presenting “universal multicollision” attacks based on differential cryptanalysis techniques. We will present demos showing how to exploit these attacks to DoS a Ruby on Rails application, as well as the latest Java OpenJDK; two technologies that chose to “fix” hash-flooding by using the MurmurHash hash functions. Finally, we will describe a reliable fix to hash-flooding with the SipHash family of pseudorandom functions: SipHash provides the adequate cryptographic strength to mitigate hash-flooding, yet is competitive in performance with the non-cryptographic hashes.
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
Talk given at the ZK Study Club by Jonathan Bootle and Katerina Sotiraki about the universality of sumcheck arguments and their importance in zero-knowledge cryptography.
This week, Luke Pearson (Polychain Capital) and Joshua Fitzgerald (Anoma) present their work on Plonkup, a protocol that combines Plookup and PLONK into a single, efficient protocol. The protocol relies on a new hash function, called Reinforced Concrete, written by Dmitry Khovratovich. The three of them will present their work together at this week's edition of zkStudyClub!
Slides:
---
To Follow the Zero Knowledge Podcast us at https://www.zeroknowledge.fm
To the listeners of Zero Knowledge Podcast, if you like what we do:
- Follow us on Twitter - @zeroknowledgefm
- Join us on Telegram - https://t.me/joinchat/TORo7aknkYNLHmCM
- Support our Gitcoin Grant - https://gitcoin.co/grants/329/zero-knowledge-podcast-2
- Support us on Patreon - https://www.patreon.com/zeroknowledge
Digital Signatures: Reassessing security of randomizable signaturesPriyanka Aash
Two signature schemes with special properties are discussed: randomizable signatures and deterministic signatures. Topic 1: Reassessing Security of Randomizable Signatures Authors: David Pointcheval; Olivier Sanders Topic 2: Differential Fault Attacks on Deterministic Signatures Authors: Christopher Ambrose; Joppe W. Bos; Bjorn Fay; Marc Joye; Manfred Lochter; Bruce Murray
(Source: RSA Conference USA 2018)
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
ZK Study Club: Sumcheck Arguments and Their ApplicationsAlex Pruden
Talk given at the ZK Study Club by Jonathan Bootle and Katerina Sotiraki about the universality of sumcheck arguments and their importance in zero-knowledge cryptography.
This week, Luke Pearson (Polychain Capital) and Joshua Fitzgerald (Anoma) present their work on Plonkup, a protocol that combines Plookup and PLONK into a single, efficient protocol. The protocol relies on a new hash function, called Reinforced Concrete, written by Dmitry Khovratovich. The three of them will present their work together at this week's edition of zkStudyClub!
Slides:
---
To Follow the Zero Knowledge Podcast us at https://www.zeroknowledge.fm
To the listeners of Zero Knowledge Podcast, if you like what we do:
- Follow us on Twitter - @zeroknowledgefm
- Join us on Telegram - https://t.me/joinchat/TORo7aknkYNLHmCM
- Support our Gitcoin Grant - https://gitcoin.co/grants/329/zero-knowledge-podcast-2
- Support us on Patreon - https://www.patreon.com/zeroknowledge
Digital Signatures: Reassessing security of randomizable signaturesPriyanka Aash
Two signature schemes with special properties are discussed: randomizable signatures and deterministic signatures. Topic 1: Reassessing Security of Randomizable Signatures Authors: David Pointcheval; Olivier Sanders Topic 2: Differential Fault Attacks on Deterministic Signatures Authors: Christopher Ambrose; Joppe W. Bos; Bjorn Fay; Marc Joye; Manfred Lochter; Bruce Murray
(Source: RSA Conference USA 2018)
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
Successive Differentiation is the process of differentiating a given function successively times and the results of such differentiation are called successive derivatives. The higher order differential coefficients are of utmost importance in scientific and engineering applications.
A presentation about the ideas of recursion and recursive functions.
This is my lecture presentation during A. Paruj Ratanaworabhan’s basic preparatory programming course for freshmen: Introduction to Programming: A Tutorial for New Comers Using Python
This file contains the contents about dynamic programming, greedy approach, graph algorithm, spanning tree concepts, backtracking and branch and bound approach.
There are two types of ciphers - Block and Stream. Block is used to .docxrelaine1
There are two types of ciphers - Block and Stream. Block is used to encrypt a block of bits at one time. Stream cipher is used to encrypt one bit at a time.
Modes of CiphersUnderstanding Modes
Electronic Code Book (ECB) Mode
This mode is a most straightforward way of processing a series of sequentially listed message blocks.
Operation
The user takes the first block of plaintext and encrypts it with the key to produce the first block of ciphertext.
He then takes the second block of plaintext and follows the same process with same key and so on so forth.
The ECB mode is deterministic, that is, if plaintext block P1, P2,…, Pm are encrypted twice under the same key, the output ciphertext blocks will be the same
Cipher Block Chaining (CBC) Mode
CBC mode of operation provides message dependence for generating ciphertext and makes the system non-deterministic.
Operation
The operation of CBC mode is depicted in the following illustration. The steps are as follows −
Load the n-bit Initialization Vector (IV) in the top register.
XOR the n-bit plaintext block with data value in top register.
Encrypt the result of XOR operation with underlying block cipher with key K.
Feed ciphertext block into top register and continue the operation till all plaintext blocks are processed.
For decryption, IV data is XORed with first ciphertext block decrypted. The first ciphertext block is also fed into to register replacing IV for decrypting next ciphertext block.
Output Feedback (OFB) Mode
It involves feeding the successive output blocks from the underlying block cipher back to it. These feedback blocks provide string of bits to feed the encryption algorithm which act as the key-stream generator as in case of CFB mode.
The key stream generated is XOR-ed with the plaintext blocks. The OFB mode requires an IV as the initial random n-bit input block. The IV need not be secret.
Counter (CTR) Mode
It can be considered as a counter-based version of CFB mode without the feedback. In this mode, both the sender and receiver need to access to a reliable counter, which computes a new shared value each time a ciphertext block is exchanged. This shared counter is not necessarily a secret value, but challenge is that both sides must keep the counter synchronized.
Operation
Both encryption and decryption in CTR mode are depicted in the following illustration. Steps in operation are −
Load the initial counter value in the top register is the same for both the sender and the receiver. It plays the same role as the IV in CFB (and CBC) mode.
Encrypt the contents of the counter with the key and place the result in the bottom register.
Take the first plaintext block P1 and XOR this to the contents of the bottom register. The result of this is C1. Send C1 to the receiver and update the counter. The counter update replaces the ciphertext feedback in CFB mode.
Continue in this manner until the last plaintext block has been encrypted.
The decryption is.
Hash based probabilistic techniques for handling large amounts of data that allow low cost architectures.
We will demonstrate that, admitting a small percentage error, an algorithm can bring substantial benefits in terms of computational complexity and memory requirements.
Growth of Functions
CMSC 56 | Discrete Mathematical Structure for Computer Science
October 6, 2018
Instructor: Allyn Joy D. Calcaben
College of Arts & Sciences
University of the Philippines Visayas
Stephan Gerling in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Stefan Zarinschi in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
Radu-Emanuel Chiscariu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Mircea Nenciu and Stefan Mitroi in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
Neil “Grifter” Wyler in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Building application security with 0 money downDefCamp
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Implementation of information security techniques on modern android based Kio...DefCamp
Muhammad Mudassar Yamin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
The challenge of building a secure and safe digital environment in healthcareDefCamp
Jelena Milosevic in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
Ionut-Cristian Bucur in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
Ioan Constantin in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Cristian Pațachia-Sultănoiu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Catch Me If You Can - Finding APTs in your networkDefCamp
Adrian Tudor & Leo Neagu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
3. History
Julius Ceasar (100-44 BC)
Message: ATTACK AT DAWN
Key: +3
Ciphertext:
↓↓↓↓↓↓ ↓↓ ↓↓↓↓
DWWDFN DW GDZQ
If you had the key, you could encrypt…
DWWDFN DW GDZQ
4. History
Julius Ceasar (100-44 BC)
Ciphertext: DWWDFN DW GDZQ
Key: -3
Message:
↓↓↓↓↓↓ ↓↓ ↓↓↓↓
ATTACK AT DAWN
If you had the key, you could decrypt…
DWWDFN DW GDZQ
5. History
Julius Ceasar (100-44 BC)
If you had the key, you could decrypt…
DWWDFN DW GDZQ
Symmetric Encryption:
Encryption and Decryption use the same key
18. Computations on Encrypted Data
Other Encryption systems were additively homomorphic
𝐸 𝑚1 + 𝐸 𝑚2 = 𝐸(𝑚1 + 𝑚2)
Additive Homomorphism
(but not multiplicatively homomorphic)
19. Computations on Encrypted Data
The ultimate goal: computations over encrypted
data…
… this requires the computation of
both sums and products …
… over the same encrypted data set!
20. Computations on Encrypted Data
XOR
0 XOR 0
1 XOR 0
0 XOR 1
1 XOR 1
0
1
1
0
AND
0 AND 0
1 AND 0
0 AND 1
1 AND 1
0
0
0
1
Why SUMs and PRODUCTs?
SUM
=
PRODUCT
=
21. Computations on Encrypted Data
XOR
0 XOR 0
1 XOR 0
0 XOR 1
1 XOR 1
0
1
1
0
AND
0 AND 0
1 AND 0
0 AND 1
1 AND 1
0
0
0
1
Considering the system {XOR,AND} is Turing-complete …
… any function is a combination of XOR and AND gates
22. Computations on Encrypted Data
Considering the system {XOR,AND} is Turing-complete …
… any function is a combination of XOR and AND gates
Example: Indexing a database
0
1
1
0
DB index
i = i1i0
return DBi
i0 i1
DB3
DB2 DB0 DB1
23. Corollary
Considering the system {XOR,AND} is Turing-complete …
… if one can compute sums and products on encrypted bits
… one can compute ANY function on encrypted inputs
E(x1) E(x2) E(x3) E(x4)
E(x3 AND x4)E(x1 XOR x2)
E(f(x1,x2,x3,x4))
35. Secret key: large odd number p
To Encrypt a bit b:
– choose a (preferably random) “large” multiple of p, say q·p
0 p 2p 3p-3p -2p -p
36. Secret key: large odd number p
To Encrypt a bit b:
– choose a (preferably random) “large” multiple of p, say q·p
– choose a (preferably random) “small” number 2·r+b
0 p 2p 3p-3p -2p -p
(this is even if b=0, and odd if b=1)
the “noise” = 2·r+b
37. Secret key: large odd number p
To Encrypt a bit b:
– choose a (preferably random) “large” multiple of p, say q·p
– choose a (preferably random) “small” number 2·r+b
– Resulting ciphertext: c = q·p+2·r+b
0 p 2p 3p-3p -2p -p
(this is even if b=0, and odd if b=1)
the “noise” = 2·r+b
38. Secret key: large odd number p
To Encrypt a bit b:
– choose a (preferably random) “large” multiple of p, say q·p
– choose a (preferably random) “small” number 2·r+b
– Resulting ciphertext: c = q·p+2·r+b
0 p 2p 3p-3p -2p -p
(this is even if b=0, and odd if b=1)
the “noise” = 2·r+b
To Decrypt a ciphertext c:
Applying the operation c mod p recovers the noise
39. How safe is this model?
If there was no noise (r=0)
0 p 2p 3p-3p -2p -p
the “noise” = 2·r+b
… and one provides two encryptions of 0 (q1p & q2p)
… then the secret key p can be recovered
GCD_attack(q1p, q2p)
Greatest common divisor
Coppersmith’s attack
40. How safe is this model?
If there is noise
0 p 2p 3p-3p -2p -p
the “noise” = 2·r+b
… the GCD attack doesn’t work
… and neither does any conventional attack
the approximate GCD assumption
41. XOR operations on two encrypted bits:
0 p 2p 3p-3p -2p -p
the “noise” = 2·r+b
– c1 = q1·p + (2·r1 + b1)
– c2 = q2·p + (2·r2 + b2)
50. 0 17 34 51-51 -34 -17
noise=-14
The noise increases!
Why does this matter?
20
51. 0 17 34 51-51 -34 -17
noise=-14
The noise increases!
Why does this matter?
20
decryption will
recover noise’=3
52. 0 17 34 51-51 -34 -17
noise=-14
The noise increases!
Why does this matter?
20
If the |noise| > p/2, then:
Decryption will output an incorrect bit!
decryption will
recover noise’=3
54. The accomplishment …
… we can do lots of additions and
… some multiplications
It is enough to do many useful tasks, such as,
database search, spam filtering etc.
(= a “somewhat homomorphic” encryption)
55. The accomplishment ...
… we can do lots of additions and
… some multiplications
… enough to do many useful tasks, e.g.,
database search, spam filtering etc.
But, there is much more …
(= a “somewhat homomorphic” encryption)
57. Fully homomorphic
MANY add
MANY mult
WE ARE HERE!
[bootstrapping]
How is this possible?
The “bootstrapping method”
Principle: If you can go a (large) part of the way,
then you can go all the way.
RSA&friends
MANY mult
ZERO add
64. Lots of new Encryption Schemes
… simpler, more secure, more efficient
Dramatic Efficiency Improvements
1 100 10000 1000000
2011
2010
2009
Time (in millisec) for a basic operation
65. Gentry’s “bootstrapping method” …
The same principle: if you can go a (large)
part of the way, you probably can go all
the way.
noise=0
noise=p/2
66. Gentry’s “bootstrapping method” …
The same principle: if you can go a (large)
part of the way, you probably can go all
the way.
noise=0
noise=p/2
Issue to address: Addition and
Multiplication increase noise
(Addition doubles, Multiplication squares
the noise)
67. Gentry’s “bootstrapping method” …
The same principle: if you can go a (large)
part of the way, you probably can go all
the way.
noise=0
noise=p/2
Issue to address: Addition and
Multiplication increase noise
(Addition doubles, Multiplication squares
the noise)
Goal: noise reduction
70. noise=0
noise=p/2
Reflection topic
What is the best noise-reduction procedure?
… To get rid of all the noise,
… and computationally optimal recover the
original message.
71. noise=0
noise=p/2
Reflection topic
… What is the best noise-reduction procedure?
… To get rid of all the noise
… and computationally optimal recover the
original message
Direct Decryption!
72. noise=0
noise=p/2
Reflection topic
… What is the best noise-reduction procedure?
… To get rid of all the noise
… and computational optimal recover the
original message
Direct Decryption!
Ctxt = Enc(b) Secret key
Decrypt
b
73. noise=0
noise=p/2
Reflection topic
… What is the best noise-reduction procedure?
… To get rid of all the noise
… and computationally optimal recover the
original message
Direct Decryption!
Secret key
Decrypt
bFunction that acts on ciphertext
and eliminates noise
Ctxt = Enc(b)
74. noise=0
noise=p/2
Reflection topic
… What is the best noise-reduction procedure?
… To get rid of all the noise
… and computationally optimal recover the
message
Decryption!
Secret key
Decrypt
b
Ctxt = Enc(b)
But I can’t
give the
secret key
out for free!
76. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
Secret key
Decrypt
b
Ctxt = Enc(b)
77. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
This is called “Circular Encryption”
Secret key
Decrypt
b
Ctxt = Enc(b)
78. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
This is called “Circular Encryption”
Decrypt
b
Ctxt = Enc(b) Enc(Secret key)
79. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
Enc(Secret key)
Decrypt
b
… Homomorphically evaluate the decryption circuit!!!
Ctxt = Enc(b)
In order to reduce noise …
80. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
Enc(Secret key)
Decrypt
… Homomorphically evaluate the decryption circuit!!!
Ctxt = Enc(b)
In order to reduce noise …
Enc(b)
81. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
Enc(Secret key)
Decrypt
… Homomorphically evaluate the decryption circuit!!!
Ctxt = Enc(b)
In order to reduce noise …
Enc(b)
82. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
Enc(Secret key)
Decrypt
The input Enc(b) and output Enc(b) have
different noise levels.
Ctxt = Enc(b)
KEY OBSERVATION:
Enc(b)
83. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
Enc(Secret key)
Decrypt
Regardless of the noise in the input Enc(b),
Ctxt = Enc(b)
KEY OBSERVATION:
Enc(b)
the noise level in the output Enc(b) is FIXED.
84. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
Enc(Secret key)
Decrypt
Regardless of the noise in the input Enc(b),
Ctxt = Enc(b)
KEY OBSERVATION:
Enc(b)
the noise level in the output Enc(b) is FIXED.
85. noise=0
noise=p/2
KEY IDEA
I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
Enc(Secret key)
Decrypt
Regardless of the noise in the input Enc(b),
Ctxt = Enc(b)
KEY OBSERVATION:
Enc(b)
the noise level in the output Enc(b) is FIXED.
86. noise=0
noise=p/2
KEY IDEA
… I cannot release the secret key (or else, everyone sees my data)
… but I can release Enc(secret key)
Enc(Secret key)
Decrypt
Regardless of the noise in the input Enc(b),
Ctxt = Enc(b)
KEY OBSERVATION:
Enc(b)
the noise level in the output Enc(b) is FIXED.
87. Long story short: whenever noise level increases
beyond a limit …
noise=0
noise=p/2
… use bootstrapping to reset it to a fixed level
90. Real world use case
Reference paper:
• R., Bocu, C., Costache, A Homomorphic Encryption-Based System
for Securely Managing Personal Health Metrics Data, IBM Journal of
Research and Development ISSN 0018-8646, Volume 62, Issue 1,
2018, pp. 1:1-1:10.
• Use case: the convenient and full privacy preserving collection,
transportation, processing, analysis, and storage of personal health
information (PHI).
• Software system: SafeBioMetrics – this system addresses the four essential
requirements, the biomedical data collection at the user’s end, its transfer
to the storage and processing backend, the proper and secure storage of
this data, and its privacy-preserving processing.
• Distinctive feature: clear separation between the long-term data storage
and data processing paths. The system can easily accommodate any use
case that involves the data collection through sensors and mobile devices at
the user’s side.
92. System features
• Data privacy assured during all four stages: data collection, data
transmission, data storage, FHE-based data processing.
• Data storage and processing backend is deployed in the cloud (in this case,
IBM Bluemix, but any other cloud platform is fine).
• The collected data is efficiently store in the cloud (in this case, the relevant
service is IBM Cloudant, but any other similar cloud service is fine).
• The FHE computations are performed using Apache Spark, but any other
computing service may be adapted and used.
• The processing events are intercepted, and the proper actions triggered
using a programming service (in this case, IBM OpenWhisk, but any other
similar service may be adapted).
• Advantages
• Any use case that involves the safe (private) processing of sensitive data can benefit from the usage of this
model.
• The approach offloads the expensive processing operations to the cloud infrastructure, while keeping intact
the data privacy.
• The model is fully customizable and adaptable to various use cases and hardware/software infrastructures.
93. FHE Core Model – Supported Operations
• Homomorphic addition (+h) – It takes as operands two ciphertexts,
which correspond to a slot wise XOR operation of the related
plaintext elements.
• Homomorphic multiplication (Xh) – It takes as operands two
ciphertexts, which correspond to a slot wise AND operation of the
related plaintext elements.
• Homomorphic rotate (<<<h, >>>h) – This essentially provides the
possibility to rotate the data elements’ slots. The concept of slots
refers to the storage bits that determine the data elements
processed by the rotate operation.
• Homomorphic select (selmask) – It has the role to correct the
potentially altered slots (bits) of the data elements after the rotate
operation. It preserves the data consistency during the fully
homomorphic encryption process.
94. FHE Core Model – The Level
• The level (L) – It must be determined before starting any computation
instruction.
• The level L is calibrated considering the depth of the multiplication
operations to be performed in the given computational context.
• This parameter assures the accuracy of the FHE operations’ results.
• The multiplication increments by 1 the level L of the operation.
• The depth of the multiplication operations determines the value of the
calibrated level L.
• This operation considers a number of NCT ciphertexts, which encrypt an
array with n bits that stores the relevant data (in the case of the
SafeBioMetrics, the cardiac rhythm data).
• The computationally expensive multiplication operations should be
reduced.
• Consequently, the depth of the multiplication operations is reduced, in
order to achieve an optimal calibration of the level L.
96. Optimized FHE Scheme (cont’d)
• The data storage and processing backend efficiently and safely computes
the received data.
• The efficient incorporation of the FHE routines into the SafeBioMetrics
system relies on the utilization of the communication data path illustrated in
the previous slide (the top data path).
• Each bit of the plaintext data is properly packed into the respective plaintext
message.
• The ciphertext is generated through an FHE model considering the top data
path steps.
• The bottom data path in the figure implies that the input data is translated
into a binary format, which is efficiently understood by the CPU. This is
achieved using the computation (fc(.)) and aggregation (fa(.)) functions from
the bottom data processing path.
• The binary data is processed using a parallel single instruction, multiple data
(SIMD) model.
• The four operations already mentioned are fully supported.
97. Test Use Case
•The detection of three medical conditions has
been considered: the average heart rate, the
delayed repolarization of the heart, the minimum
and maximum heart rates.
•Outcomes:
• The model performed well considering the detection of all three medical
conditions.
• The resulted performance metrics prove that the system is time and
resources efficient.
• The data privacy can be preserved, even if the hosting (cloud) environment
is affected by a security incident (e.g., unauthorized access by an employee
or hacker, CPU vulnerability issues, etc.).
• The amount of transferred data depends arithmetically on the size of the
encrypted data.
98. Performance Metrics (1) - Explanation
• Network capacity: XFERIN (the amount of data transferred from the
client devices to the backend), XFEROUT (the amount of data that is
transferred from the backend to the client devices).
• Storage ratio (SR): this assesses the amount of storage that is
necessary to store one byte of plaintext data in a FHE format. As an
example, if SR=500, there are necessary 500 bytes in order to store
one plaintext byte in the FHE format.
• Processing speed (PS): This is defined through the ratio PS=PTO / PIN.
Here, the numerator represents the amount of time to send the data
from the client device to the backend, while the denominator is the
amount of time that is required by the backend to process the
received data.
• NCT: The number of the involved ciphertexts.
• Level L: The value of the calibration parameter.
101. Test Use Case - Conclusions
• Flexible and decoupled architecture – the system is capable
of accommodating most of the existing and, with a high
probability, future client-side data collection devices.
• SafeBioMetrics demonstrates that it is perfectly possible to
sustain a completely secure, privacy preserving and resource
efficient data management over large amounts of data.
• This case study demonstrates that fully homomorphic
encryption is useable in order to secure a system like
SafeBioMetrics.
• This model can be adapted to any other use case, which
involves the processing of large amounts of sensitive data.
Timeline – add, already gives voting, …. Quadratic formulas, gives more efficient PIR …. That’s where we were stuck….
Gallant attempts – Fellows and Koblitz
(People believed this was impossible. … )
Show all kinds of newspaper clips.. Ref Gentry… also refer to later works.
What it is –
And what it is not – but we are getting there.
What is the simplest object that we can both add and mult?
What is the simplest object that we can both add and mult?
What is the simplest object that we can both add and mult?