Secret-in.me. A pentester design of password secret manager
|
|
- Norma Waters
- 5 years ago
- Views:
Transcription
1 Secret-in.me A pentester design of password secret manager
2 Who am I? Security engineer Working at SCRT France!
3 Password manager Password A string Secret Information shared by very few people You have to remember You should find a way to share it. To authenticate yourself Only the concerned people should access it. Others can't guess Very hard for human mind. Try to remember 4csVIus9TG82BXRedA5B5gAZjHKm7dNa Multiple services => multiple passwords Impossible to do with your mind Try to remember 235 random strings...
4 Password manager Company's headache : managing access authorization Multiple equipment Employees in and out SSO/LDAP binding KEEPASS Linked to the Active Directory Not easy to share Centralized management Centralized management One private password by employee Work with any services Multiple access to the service One private password by employee Access log rely on the service One access to the service Service should support SSO! Useless access log on the service
5 Password manager Pentest time Pick your favorite vulnerability WPAD + weak password Outdated software Default passwords... SSO/LDAP binding KEEPASS Identify user using keepass Wait for the keepass to be unlocked KeeFarce Do it for every users
6 Password manager What's a good secret manager? (from our point of view) Secret encryption with standards => Obvious Open source => To check claimed security Limited dependencies => Reduce trust surface Cryptography not written by us => Crypto is hard Double authentication standard => Obvious Sharing possibility => Needed in company Logging possibility => Needed in company Browser integration => Easier to use
7 Secret-in.me TADAAAA! Started in 2015 after Gandi 15 years anniversary Improved a lot more recently
8 Secret-in.me Reduce trust surface "We don't want to install new client software" Maintenance, backdoor We trust the browser (I hope you do) W3C wrote WebCryptoAPI Browser can do cryptography! For now, only Blink (google chrome and chromium engine) support every standards. You only have to trust your browser and secret-in.me Unfortunately not if you want a pretty UI...
9 Secret-in.me Storage JSON is easy to transport Write it on file anywhere (like keepass) Use a server to save it for you Cryptography is done client side Compromised server can't read your secrets Compromised network can't read your secrets Using server can add privileges and logging dimension Read only, Read/write, Read/Write/Share Who, what, when
10 Secret-in.me How it works Cryptographic layer
11 Registration Username SHA256 Passphrase PBKDF2 SHA bits random salt (random%255) iterations Derived Key Wrapping with AES-CBC-256 Key pair RSA-OAEP 4096 SHA256 IV + Wrapped private key Derivation parameters SHA256(username) IV + Wrapped private key Public key Insecure server
12 Server View { } "0a041b9462caa4a31bac3567e0b6e6fd db2ab433d96f6d178cabfce90": { "keys": {}, "pass": { "iterations": , "salt": "1e473abdb40125b8f07b6a f2fed862ffa4c81cbcb5db17de7aebcf48" }, "privatekey": { "iv": "ee73cf febc74d5d6f8720f4", "privatekey": "47da2b54a55198[...]9e0d64fda2db9211ad7d6394a9d7" }, "publickey": { "alg": "RSA-OAEP-256", "e": "AQAB", "ext": true, "key_ops": [ "encrypt", "wrapkey" ], "kty": "RSA", "n": "nggkuqrdlpqrggbzkmx-[...]hlt9wefh5tqrbobcffez8" } }
13 Login Username SHA256 0a041b946ef12a6... Passphrase PBKDF2 SHA256 Derived Key Derivation parameters + Public key + IV + Wrapped private key Unwrapping with AES-CBC-256 Private key "Authenticated" user Response
14 Secret creation SHA256 Title Secret ID Secret Random shared key Timestamp Encryption with AES-GCM-256 IV + Encrypted secret Public key Wrapping with RSA-OAEP Secret ID IV + Encrypted secret Wrapped shared key Wrapped shared key Insecure server
15 { } "secrets": { "0839fb4655ea32255f60e4e37fe07e207be65774d8a9255bc faeaead7": { "iv": "2e16d955f86c6589d821c7a1", "secret": "873c828e20ef4909cf[...]5640ac4b", }, }, "users": { "0a041b9462caa4a31bac3567e0b6e6fd db2ab433d96f6d178cabfce90": { "keys": { "0839fb4655ea32255f60e4e37fe07e207be65774d8a9255bc faeaead7": { "key": "98fef3afc43e7f3d[...]26b2f833b972b3d54", }, }, "pass": { "iterations": , "salt": "5dd0c60727bc84e49f0fa271bb4e7188d750e10eb0ae868df008d " }, "privatekey": { "iv": "23ddc5828a2533c1b23ca5ffa7eb4cb0", "privatekey": "6fa526a3c a8e033[...]8e9d8937c21db55b" }, "publickey": { "alg": "RSA-OAEP-256", "e": "AQAB", "ext": true, "key_ops": [ "encrypt", "wrapkey" ], "kty": "RSA", "n": "von4sq1swk9bkeqxwmkg7n[...]drk24tkxjxhj1vxldjiim" } } }
16 Secret retrieval Give me my keys List of IDs + Wrapped shared keys Give me the secret 80ae13... Private key Wrapped shared key Unwrapping with RSA-OAEP IV + Encrypted secret Shared key Decryption with AES-GCM-256 Secret
17 Secret sharing Friend username Private key SHA256 Friend ID Wrapped shared key of secret you want to share Unwrapping with RSA-OAEP Friend public key Shared key Wrapping with RSA-OAEP Wrapped shared key for friend Friend ID Secret ID Wrapped shared key
18 Secret-in.me How it works Logic layer
19 Registration / Login Username SHA256 Passphrase PBKDF2 SHA bits random salt (random%255) iterations SHA256 hashed derived key Derived Key SHA256 derived key Username: 0a041b946ef12a6... Hashed derived key 0bc12feaa12331c... Insecure server
20 Authenticated actions SHA256 Username Datas signed with RSA-PSS Action datas Datas + signature Retrieve public key from claimed hashed username Verify signature with RSA-PSS
21 Double authentication (TOTP) Activation Generate 256 bits random seed SHA256 derived key XOR seed with hashed derived key... Save it to the user datas Insecure server Verify TOTP token Username: 0a041b946ef12a6... Hashed derived key 0bc12feaa12331c TOTP Token Insecure server XOR saved seed with hashed derived key Login
22 Double authentication (Trusted device) Activation Device name Username Random protection key Wrapping with AES-CBC-256 Shortpass PBKDF2 SHA bits random salt (random%255) iterations Derived Key IV + Protected private key Wrapped protection key IV Wrapping with AES-CBC-256 Derivation parameter SHA256(Device name) Wrapped protection key without IV Insecure server
23 Double authentication (Trusted device) SHA256 Username Shortpass Device name PBKDF2 SHA256 Derived key Login 0a041b946ef12a6... cd0155eff6ef Derivation parameters + Public key SHA256 SHA256(Hashed derived key) Hashed derived key Unwrapping with AES-CBC-256 Wrapped protection key Wrapped protection key IV Unwrapping with AES-CBC-256 Wrapped private key "Authenticated" user
24 Secret-in.me Technologies Server in nodejs to stay in JavaScript world CouchDB Database Smart conflict management Made for easy replication Client side library without any dependencies Client app using ReactJS
25 Secret-in.me DEMO
26 Secret-in.me Problem How can I save my windows password in it? I need windows access to launch my browser Solution
27 Secret-in.me Available on Server (redis+couchdb+api) bundled by docker-compose Library shipped in npm github.com/secretin/secretin-lib Client github.com/secretin/secretin-server github.com/secretin/secretin-app Windows black magic github.com/secretin/secretin-windows
28 Secret-in.me roadmap Find a logo! Offline mode (in beta) React-native app for ios Improve UI:UX Add loading information Add error information Improve documentation for easy self hosting How to setup couchdbv2 with master master replication... Add application settings (auto close, secret generation options...) Obfuscate private key in memory when decrypted
A team-oriented open source password manager with a focus on transparency, usability and security.
A team-oriented open source password manager with a focus on transparency, usability and security. SCRT Who am I? Florian Gaultier Security engineer in charge of SCRT France I break things for a living,
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationDashlane Security Whitepaper
Dashlane Security Whitepaper November 2017 Contents 1. General Security Principles... 2 a. Protection of User Data in Dashlane... 2 b. Local access to User Data... 2 c. Local Data Usage after deciphering...
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationDashlane Security White Paper July 2018
Dashlane Security White Paper July 2018 Contents 1. General Security Principles... 2 a. Protection of User Data in Dashlane... 2 b. Local Access to User Data... 2 c. Local Data Usage After Deciphering...
More informationImproving Password Management. Laura Raderman, Policy and Compliance Coordinator, ISO Ole Villadsen, Research Liaison, Cybersecurity, UL
Improving Password Management Laura Raderman, Policy and Compliance Coordinator, ISO Ole Villadsen, Research Liaison, Cybersecurity, UL Password Management How many passwords do you have? Are they all
More informationAttacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)
Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication) 08 Jun 2017 K-LUG Technical Meeting Rochester, MN Presented by: Vi Grey Independent Security Researcher https://vigrey.com Who
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationDashlane Security White Paper
Dashlane Security White Paper December 2017 Contents 1. General Security Principles... 2 a. Protection of User Data in Dashlane... 2 b. Local access to User Data... 2 c. Local Data Usage after deciphering...
More information===============================================================================
We have looked at how to use public key crypto (mixed with just the right amount of trust) for a website to authenticate itself to a user's browser. What about when Alice needs to authenticate herself
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013
Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013 Digital Signatures Diagram illustrating how to sign a message Why do we use a one-way hash? How does a collision
More informationID protocols. Overview. Dan Boneh
ID protocols Overview The Setup sk Alg. G vk vk either public or secret User P (prover) Server V (verifier) no key exchange yes/no Applications: physical world Physical locks: (friend-or-foe) Wireless
More informationPassword Management. Eugene Davis UAH Information Security Club January 10, 2013
Password Management Eugene Davis UAH Information Security Club January 10, 2013 Password Basics Passwords perform service across a broad range of applications Can act as a way to authenticate a user to
More informationCS 161 Computer Security
Popa & Weaver Fall 2016 CS 161 Computer Security 10/4 Passwords 1 Passwords are widely used for authentication, especially on the web. What practices should be used to make passwords as secure as possible?
More informationSingle Sign-On Showdown
Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013
More informationCrypto for Hackers. Eijah. v1.00 August 7 th, 2015
Crypto for Hackers Eijah v1.00 August 7 th, 2015 Hello World Shall we play a game? Joshua/WOPR Who am I? Founder Programmer Hacker 4 Last year at Defcon Saving Cyberspace by Reinventing File Sharing We
More informationWHITEPAPER ON NEXT-LEVEL ACCESS MANAGEMENT
A WHITEPAPER ON NEXT-LEVEL ACCESS MANAGEMENT 1 CONTENTS INTRODUCTION OUR MINDSET TOPICUS KEYHUB PRINCIPLES CENTRAUL AUTHENTICATION DECENTRALIZED AUTHORIZATION CONNECTIVITY ENCRYPTION COMPLIANCE AND ACCOUNTABILITY
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationCopyright
This video will look at the different Terminology that is used with Federation Services. This will give you a good indication of what components make up a Federation Service in Active Directory Federation
More informationFIPS Security Policy. for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module
FIPS 140-2 Security Policy for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module Hardware Version: 88i8925, 88i8922, 88i8945, and 88i8946 Firmware Version: Solaris2-FIPS-FW-V1.0 Document Version:
More informationClient-Server Architecture PlusUltra beyond the Blockchain
1--------------------------------------------Table of Contents 2--------------------------------------------PlusUltra Single Sign On 3--------------------------------------------Client-Server Architecture
More informationCS 255: Intro to Cryptography
Programming Assignment 1 Winter 2018 CS 255: Intro to Cryptography Prof. Dan Boneh Due Monday, Feb. 12, 11:59pm 1 Introduction In many software systems today, the primary weakness often lies in the user
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationPYTHIA SERVICE BY VIRGIL SECURITY WHITE PAPER
PYTHIA SERVICE WHITEPAPER BY VIRGIL SECURITY WHITE PAPER May 21, 2018 CONTENTS Introduction 2 How does Pythia solve these problems? 3 Are there any other solutions? 4 What is Pythia? 4 How does it work?
More informationA Single-Sign-On Security Platform for Private and Decentralized Applications. William Swanson, Paul Puey
A Single-Sign-On Security Platform for Private and Decentralized Applications William Swanson, Paul Puey The Edge platform (formerly Airbitz) implements a client-side encrypted, peer-to-peer synchronized,
More informationNetwork Security Technology Project
Network Security Technology Project Shanghai Jiao Tong University Presented by Wei Zhang zhang-wei@sjtu.edu.cn!1 Part I Implement the textbook RSA algorithm. The textbook RSA is essentially RSA without
More informationCryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia
Cryptography - SSH Network Security Workshop 29-31 May 2017 Phnom Penh, Cambodia What is Safely Authentication I know who I am talking with Our communication is Encrypted Telnet Servers Terminal Routers
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationCryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography - SSH Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 What is Secure Authentication I know who I am talking to Our communication is Encrypted Telnet Servers Terminal
More informationDyadic Security Enterprise Key Management
Dyadic Security Enterprise Key Management The Secure-as-Hardware Software with a Mathematical Proof Dyadic Enterprise Key Management (EKM) is the first software-only key management and key protection system
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationWhat is Secure. Authenticated I know who I am talking to. Our communication is Encrypted
Crypto App - SSH 1 What is Secure Authenticated I know who I am talking to Our communication is Encrypted Telnet clear text Servers Terminal clear text Routers SSH encrypted channel encrypted text Servers
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationALAP - AgiLe Authentication Provider
Documentation ALAP - AgiLe Authentication Provider Description of the Agile Authentication Provider (ALAP) Version 0.1, 23.11.2015 Andreas Fitzek andreas.fitzek@egiz.gv.at Summary: This document describes
More informationIntended status: Standards Track January 13, 2015 Expires: July 17, 2015
JOSE Working Group M. Jones Internet-Draft Microsoft Intended status: Standards Track January 13, 2015 Expires: July 17, 2015 Abstract JSON Web Algorithms (JWA) draft-ietf-jose-json-web-algorithms-40 The
More informationNigori: Storing Secrets in the Cloud. Ben Laurie
Nigori: Storing Secrets in the Cloud Ben Laurie (benl@google.com) April 23, 2013 1 Introduction Secure login is something we would clearly like, but achieving it practically for the majority users turns
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationProgressive Authentication in ios
Progressive Authentication in ios Genghis Chau, Denis Plotnikov, Edwin Zhang December 12 th, 2014 1 Overview In today s increasingly mobile-centric world, more people are beginning to use their smartphones
More informationFunctional Documentation for "NFC CSP Light" Version 1.0
Functional Documentation for "NFC CSP Light" Version 1.0 Prepared by: "Vincent Le Toux" Date: 03/02/2014 1 Table of Contents Table of Contents Revision History Description... 4 System Specifications...
More informationPASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationAuthentication. Steven M. Bellovin January 31,
Authentication Another trilogy: identification, authentication, authorization ACLs and the like are forms of authorization: what you re allowed to do Identification is whom you claim to be be Authentication
More informationWHITE PAPER. Authentication and Encryption Design
WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption
More informationWhat is JOSE. Jim Schaad Co-chair JOSE August Cellars. Friday, March 15, 13
What is JOSE Jim Schaad Co-chair JOSE August Cellars 1 Overview Use JSON for data structure representations Try and meet the goal of easy to implement and use Allow for complex uses Allow for arbitrary
More informationInternet Engineering Task Force (IETF) Request for Comments: 7518 Category: Standards Track May 2015 ISSN:
Internet Engineering Task Force (IETF) M. Jones Request for Comments: 7518 Microsoft Category: Standards Track May 2015 ISSN: 2070-1721 Abstract JSON Web Algorithms (JWA) This specification registers cryptographic
More informationIKEv2-SCSI (06-449) Update
1 IKEv2-SCSI (06-449) Update David L. Black 2 IKEv2-SCSI (06-449) Plans and Status Plan Revise IKEv2-SCSI draft for approval at this meeting Reality The best laid schemes o' Mice an' Men... gang aft FCoE!!
More informationPRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT B
PRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT 800-63B MOTIVATION DATABASE LEAKAGE ADOBE 152,982,479 Encrypted with 3DES ECB Same password == same ciphertext https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
More informationCodebook. Codebook for OS X Introduction and Usage
Codebook Codebook for OS X Introduction and Usage What is Codebook Encrypted Data Vault Guards passwords and private data Keeps sensitive information organized Enables quick recall of secrets Syncs data
More informationA Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography
A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography Ashok Kumar J 1, and Gopinath Ganapathy 2 1,2 School of Computer Science, Engineering and Applications
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationDistributed Key Management and Cryptographic Agility. Tolga Acar 24 Feb. 2011
Distributed Key Management and Cryptographic Agility Tolga Acar 24 Feb. 2011 1 Overview Distributed Key Lifecycle Problem statement and status quo Distributed Key Manager Typical application scenario and
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationSecurity Policy Document Version 3.3. Tropos Networks
Tropos Control Element Management System Security Policy Document Version 3.3 Tropos Networks October 1 st, 2009 Copyright 2009 Tropos Networks. This document may be freely reproduced whole and intact
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationCore Security Services and Bootstrapping in the Cherubim Security System
Core Security Services and Bootstrapping in the Cherubim Security System Charles Willis cfwillis@uiuc.edu Technical Report 2 July 1998 University of Illinois at Urbana-Champaign Department of Computer
More informationSecurity in NVMe Enterprise SSDs
Security in NVMe Enterprise SSDs Radjendirane Codandaramane, Sr. Manager, Applications, Microsemi August 2017 1 Agenda SSD Lifecycle Security threats in SSD Security measures for SSD August 2017 2 SSD
More informationEncrypting stored data
Encrypting stored data Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 1. Scenarios 2. File encryption Outline 3. Encrypting file system 4. Full disk encryption 5. Data recovery
More informationDesigning Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
More informationIndeed Card Management Smart card lifecycle management system
Indeed Card Management Smart card lifecycle management system Introduction User digital signature, strong authentication and data encryption have become quite common for most of the modern companies. These
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More informationGuide to your CGIAR Network account Self Service tool
Guide to your CGIAR Network account Self Service tool The self-service tool allows you to: Change Password: Change your current password from anywhere using your web browser. Reset Password: Reset your
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More informationVault. Vault. End User Guide END USER GUIDE. L o r e. (For Standard, Professional & Enterprise Editions)
L o r e L END USER GUIDE (For Standard, Professional & Enterprise Editions) Table of contents 1. Introduction 2. Important terms 3. Sign up instructions 4. Basic settings Initiate sharing Configure two-factor
More informationI made a 5 minute introductory video screencast. Go ahead and watch it. Copyright(c) 2011 by Steven Shank
Introduction to KeePass What is KeePass? KeePass is a safe place for all your usernames, passwords, software licenses, confirmations from vendors and even credit card information. Why Use a Password Safe?
More informationThe Security Behind Sticky Password
The Security Behind Sticky Password Technical White Paper Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and personal information are often
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationLecture 14 Passwords and Authentication
Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Major Portions Courtesy Ryan Cunningham AUTHENTICATION Authentication
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationSolving Bigger Problems with the TPM 2.0
Chapter 21 Solving Bigger Problems with the TPM 2.0 Throughout this book, we have described examples of how you can use particular TPM commands in programs. This chapter looks at how some of those commands
More informationOpenSSL Hacks Anthony J. Stieber Abstract OpenSSL contains a command-line tool to do nearly everything possible within the OpenSSL library. Even better, it's probably already installed on your system.
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationCode42 Security. Tech Specs Data Protection & Recovery
Tech Specs Data Protection & Recovery Code42 Security Code42 provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the
More informationBIDMC Multi-Factor Authentication Enrollment Guide Table of Contents
BIDMC Multi-Factor Authentication Enrollment Guide Table of Contents Definitions... 2 Summary... 2 BIDMC Multi-Factor Authentication Enrollment... 3 Common Multi-Factor Authentication Enrollment Issues...
More informationSSH. What is Safely 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:
SSH 25-29 June 2018 PacNOG 22, Honiara, Solomon Islands Supported by: Issue Date: Revision: 1 What is Safely Authentication I am Assured of Which Host I am Talking With Authentication - The Host Knows
More informationCSC 474 Network Security. Authentication. Identification
Computer Science CSC 474 Network Security Topic 6. Authentication CSC 474 Dr. Peng Ning 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationRise Technology White Paper
Rise Technology White Paper Posted in White paper by Justin 1. Introduction 1. What is Rise We are Rise, a Lisk-based currency and distributed application platform heavily emphasizing security and ease
More informationEXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 708 data breaches 82 million personal records stolen $3.5 million average cost per breach 4 We have a PASSWORD
More informationArchitecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World
Technology for a Changing World Architecture Assessment Case Study Single Sign on Approach Document PROBLEM: Existing portal has Sign on Capabilities based on the SQL Server database and it s not having
More informationDyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Identification. AIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationPyJWT Documentation. Release José Padilla
PyJWT Documentation Release 1.6.1 José Padilla Apr 08, 2018 Contents 1 Sponsor 3 2 Installation 5 3 Example Usage 7 4 Command line 9 5 Index 11 5.1 Installation................................................
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: Authenticate each other Establish sessions keys This process may
More informationMITOCW watch?v=zlohv4xq_ti
MITOCW watch?v=zlohv4xq_ti The following content is provided under a Creative Commons license. Your support will help MIT OpenCourseWare continue to offer high-quality educational resources for free. To
More informationBackend IV: Authentication, Authorization and Sanitization. Tuesday, January 13, 15
6.148 Backend IV: Authentication, Authorization and Sanitization The Internet is a scary place Security is a big deal! TODAY What is security? How will we try to break your site? Authentication,
More informationTungsten Security Whitepaper
Tungsten Labs UG (haftungsbeschränkt) Email: contact@tungsten-labs.com Web: http://tungsten-labs.com Monbijouplatz 5, 10178 Berlin Tungsten Security Whitepaper Berlin, May 2018 Version 1 Contents Introduction
More informationCNT4406/5412 Network Security
CNT4406/5412 Network Security Authentication Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 43 Introduction Introduction Authentication is the process
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationCIS 6930/4930 Computer and Network Security. Topic 6. Authentication
CIS 6930/4930 Computer and Network Security Topic 6. Authentication 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication Allow a user to
More information