Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf
|
|
- Darren Philip James
- 6 years ago
- Views:
Transcription
1 Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf (Xiaolong Bai, Luyi Xing) (co-first authors), Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, Shi-Min Hu TNList, Tsinghua University, Indiana University Bloomington Georgia Institute of Technology, Peking University 1
2 Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf 2
3 Zero Configuration Networking (ZeroConf) 3
4 ZeroConf Bonjour 4
5 ZeroConf Bonjour protocol zero-configuration networking over IP that Apple has submitted to the IETF. Goals: With little or no configuration to add devices/services to a local network Existing devices can automatically find and connect to those new devices/services 5
6 Bonjour Administrators no need to assign IP, host names, service names to network services (e.g., printer) When first use a service, users simply ask to see what network services are automatically available and choose from the list. 6
7 How about traditional configured network? 7
8 Traditionally Must Configure: IP Printer name, e.g., lh135-soic.ads.iu.edu DNS server 8
9 Traditionally Must Configure: IP Printer name, e.g., lh135-soic.ads.iu.edu DNS server 9
10 Features of Bonjour 1. Service configures itself IP, hostname, service instance name 2. Clients automatically discover available services No pre-knowledge of the service s name, hostname or IP 10
11 1. ZeroConf Concept 2. So, how? 11
12 Add a new printer to a network 12
13 A printer configures itself Is anybody using IP fe80::abcd: ? 13
14 A printer configures itself IP fe80::abcd:1234 No? Great, I ll take it. 14
15 A printer configures itself IP fe80::abcd:1234 Anybody using hostname NPI9fe5.host.local? 15
16 A printer configures itself IP fe80::abcd:1234 Hostname HP9FE5.host.local No? Wonderful, I ll take it. 16
17 A printer configures itself IP Anybody having a printing service named HP-Service9FE5? fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 17
18 A printer finishes configuring itself IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 18
19 Features of Bonjour 1. Service configures itself IP, hostname, service instance name 2. Clients automatically discover available services No pre-knowledge of the service s name, hostname or IP 19
20 Automatically find the printer Q1: Anyone has a printer service? A1: I have HP-Service-9FE5 20
21 Automatically find the printer Q1: Anyone has a printer service? A1: I have service instance HP-Service-9FE5 Q2: So on which host is this HP-Service- 9FE5? A2: It s on host NPI9fe5.host.local 21
22 Added/Saved the printer to your list IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 22
23 Added/Saved the printer to your list Apple: Applications store service instance names, so if the IP, port, or host name changed, the application can still connect. IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 23
24 Service instance name HP-Service-9FE5 is saved IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 Saved printer = A printer who owns service name HP-Service-9FE5 24
25 Adversary On a device (malware infected) in your local network Aims to intercept secrets/files transferred between uninfected devices 25
26 Adversary Your Mac/printer are un-infected Steal your printing documents? 26
27 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Printer 27
28 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 1: Printer 28
29 A device infected by malware IP Hostname Service Instance Name HP-Service-9FE5 29
30 A device infected by malware IP Hostname Service Instance Name HP-Service-9FE5 I have a printing service instance named HP-Service-9FE5 Service Instance Name HP-Service-9FE5 30
31 A device infected by malware IP Hostname Service Instance Name HP-Service-9FE5 I have a printing service instance named HP-Service-9FE5 xf Service Instance Name HP-Service-9FE5 31
32 Saved printer = xf A printer who owns service name HP-Service-9FE5 New Service Name HP-Service-9FE5 (2) x Service Instance Name HP-Service-9FE5 32
33 Why it happens? Three Changing Attributs: IP Hostname Service Instance Name Apple: Applications store service instance names, so if the IP, port, or host name changed, the application can still connect. 33
34 Lack of authentication Three Changing Attributs: IP Hostname Service Instance Name Anyone can claim any value of the three attributes The protocol only guarantees no duplicates. 34
35 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 2: Airdrop 35
36 Airdrop between Apple devices 36
37 37
38 Attack Airdrop Jeff s Macbook: Q1: Anyone has an airdrop service? Alice s iphone: I have a service named abcd.airdrop.service 38
39 Attack Airdrop Jeff s Macbook: Q2: So on which host is Alice s service? Alice s iphone: I have a service named abcd.airdrop.service 39
40 Attack Airdrop Jeff s Macbook: Q2: So on which host is Alice s service? Alice s iphone: A2: It s on host Alices.iphone.local Bob s imac: A2: It s on host Bobs.imac.local 40
41 Alice s iphone has service named abcd.airdrop.tcp, which is on host Bobs.imac.local Jeff s Macbook: Q2: So on which host is Alice s service? Alice s iphone: A2: It s on host Alices.iphone.local Bob s imac: A2: It s on host Bobs.imac.local 41
42 Attack Airdrop Jeff s Macbook: Connect Alice s iphone: A2: It s on host Alices.iphone.local Bob s imac: A2: It s on host Bobs.imac.local 42
43 Does TLS help? Jeff s Macbook: Connect Alice s iphone: A2: It s on host Alices.iphone.local Bob s imac: A2: It s on host Bobs.imac.local 43
44 TLS in Airdrop Server certificate issued to appleid. CDEF Bob s imac Jeff s Macbook Server certificate issued to appleid.abcd Alice s iphone 44
45 So the certificate in airdrop can hardly be used for authentication. Server certificate issued to appleid.cdef Bob s imac Jeff s Macbook Server certificate issued to appleid.abcd Alice s iphone 45
46 Domain should match the certificate Server certificate issued to appleid.cdef Bob s imac Jeff s Macbook xf Certificate issued to google.com xf 46
47 Domain should match the certificate xf Server certificate issued to appleid.cdef xf Jeff s Macbook Bob s imac xf Server certificate issued to appleid.abcd xf Alice s iphone 47
48 What s wrong with TLS in Airdrop The certificate in airdrop cannot be used for authentication E.g, certificate should be issued to Alice but indeed issued to appleid.abcd Linking a human to her certificate is complicated challenge in finding any identifiable information that are well-known no privacy implication and unique 48
49 49
50 Some customized ZeroConf protocols FileDrop TCP packets for discovery elliptical curve cryptography for security Failed in authentication challenge in linking a human to her public key 50
51 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 3: Apple s Vulnerable framework 51
52 Apple s Vulnerable framework Multipeer Connectivity (MC) A framework for automatic service discovery between nearby devices across Wi-Fi and Bluetooth without configuration Object to identify each app: peerid displayname (public) & uniqueid (private) 52
53 Normally Automatic Service Discovery Without Configuration Servers advertise peerids peerid displayname: Alice uniqueid: 8573a Server peerid displayname: Bob uniqueid: 6c5b3 Server Client 53
54 Normally Automatic Service Discovery Without Configuration Servers advertise peerids, Client browse peerids (show displayname) peerid displayname: Alice uniqueid: 8573a Server Alice Bob peerid displayname: Bob uniqueid: 6c5b3 Server Client 54
55 Normally Even if servers have the same displayname Server peerid displayname: Alice uniqueid: abcde peerid displayname: Alice uniqueid: Server Client 55
56 Normally Even if servers have the same displayname uniqueids generated by MC will always be different peerid displayname: Alice uniqueid: abcde Server peerid displayname: Alice uniqueid: Server Client 56
57 Normally Even if servers have the same displayname uniqueids generated by MC will always be different peerid displayname: Alice uniqueid: abcde Server Alice Alice peerid displayname: Alice uniqueid: Server Client 57
58 What Can Go Wrong? Attacker acts as both client and server Browse and acquire peerid object from victim server peerid displayname: Alice uniqueid: abcde Server Client & Server Client 58
59 What Can Go Wrong? Attacker acts as both client and server Advertise using the same peerid object peerid displayname: Alice uniqueid: abcde Server Alice peerid displayname: Alice uniqueid: abcde Client & Server Client 59
60 What Can Go Wrong? Client can not distinguish because of same uniqueid peerid displayname: Alice uniqueid: abcde Server Alice peerid displayname: Alice uniqueid: abcde Client & Server An Update? Client 60
61 What Can Go Wrong? Client can not distinguish because of same uniqueid Client maps the only peer to attacker s address (MitM) peerid displayname: Alice uniqueid: abcde Server Alice peerid displayname: Alice uniqueid: abcde Client & Server Client 61
62 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 4: Bluetooth 62
63 All your ios notifications belong to me ZeroConf on Bluetooth: Apple Handoff Handoff creates Bluetooth channel without configuration Malicious app on Mac can steal notifications on iphone For details, please refer to our paper Bluetooth 63
64 Summary of attacks Attacks on Apple ZeroConf channels Printer (Bonjour) Airdrop (Bonjour) Multipeer Connectivity (MC) Handoff Attacks on other channels (please refer to our paper) BLE Customized ZeroConf protocols All vulnerabilities were reported to vendors, acknowledged by most vendors 64
65 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking 4. Impact 65
66 Impact Measurement We analyzed 61 popular Mac and ios apps working with ZeroConf 88.5% are vulnerable to man-in-the-middle or impersonation attacks ZeroConf Channels Vulnerable/ Sampled Bonjour 18/22 Sensitive Information Leaked files, directories and clipboard synced, documents printed, instant message MC 24/24 files and photos transferred, instant message BLE 10/13 User name and password for OS X Customized protocols 2/2 remote keyboard input and files transferred 66
67 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking 4. Impact 5. Protecting ZeroConf 67
68 Protecting ZeroConf Problem: linking a human to her certificate is complicated Speaking out Your Certificate (SPYC) Voice biometrics ties certificate to identity Human Subject Study: convenient and effective For more details, please refer to our paper 68
69 Conclusion Apple s ZeroConf techniques are not secure as expected The usability-oriented design affects security Addressing such security risks is nontrivial Challenge in binding a human to her certificate Our Defense: SPYC Voice biometrics ties certificate to identity 69
70 ZeroConf The ZEROCONF Working Group s requirements and proposed solutions for zero-configuration networking over IP essentially cover three areas: addressing (allocating IP addresses to hosts) naming (using names to refer to hosts instead of IP addresses) service discovery (finding services on the network automatically) 70
All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems
All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems Speaker: Zhe Zhou, zhouzhe@fudan.edu.cn Pre-Tenure Associate Professor, School of Computer Science, Fudan University, China This
More informationIt Just (Net)works. The Truth About ios' Multipeer Connectivity Framework. Alban
It Just (Net)works The Truth About ios' Multipeer Connectivity Framework Alban Diquet! @nabla_c0d3 About me ios Security Researcher at Data Theorem Before: Principal Security Consultant at isec Partners
More informationAirDrop Cheat Sheet. AirDrop files between your devices In OS X Yosemite, AirDrop helps you quickly transfer files between your Mac and nearby Mac
AirDrop Cheat Sheet Mac Basics: AirDrop lets you send files from your Mac to nearby Macs and ios devices AirDrop makes it easy to send files wirelessly from your Mac to other Mac computers, and with OS
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationTHE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS
SESSION ID: MBS-W04 THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS Nadir Izrael CTO & Co-Founder Armis, Inc. Ben Seri Head of Research Armis, Inc. Placeholder Slide: Image of spread of infection Placeholder
More informationSIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels
Network Security - ISA 656 Voice Over IP (VoIP) Security Simple SIP ing Alice s Bob Session Initiation Protocol Control channel for Voice over IP (Other control channel protocols exist, notably H.323 and
More informationPROTECTING THE ENTERPRISE FROM BLUEBORNE
PROTECTING THE ENTERPRISE FROM BLUEBORNE WHITE PAPER 2017 ARMIS OVERVIEW The newly discovered BlueBorne attack vector presents a new set of challenges for enterprises and their security teams. BlueBorne
More informationMASHaBLE: Mobile Applications of Secret Handshakes over Bluetooth Low-Energy. Yan Michalevsky, Suman Nath, Jie Liu
MASHaBLE: Mobile Applications of Secret Handshakes over Bluetooth Low-Energy Yan Michalevsky, Suman Nath, Jie Liu Motivation Private communication Anonymous messaging Secret communities Location-based
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationCertificates, Certification Authorities and Public-Key Infrastructures
(Digital) Certificates Certificates, Certification Authorities and Public-Key Infrastructures We need to be sure that the public key used to encrypt a message indeed belongs to the destination of the message
More informationIntroduction to SSL. Copyright 2005 by Sericon Technology Inc.
Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter
More informationMan In The Middle Project completed by: John Ouimet and Kyle Newman
Man In The Middle Project completed by: John Ouimet and Kyle Newman What is MITM? Man in the middle attacks are a form of eves dropping where the attacker relays messages that are sent between victims
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS
ANDROID PRIVACY & SECURITY GUIDE WESNET The Women s Services Network Smartphones store a lot of personal information, including email or social media accounts, reminders and notes, the number of steps
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More informationSecurity Using Digital Signatures & Encryption
Email Security Using Digital Signatures & Encryption CONTENTS. Introduction The Need for Email Security Digital Signatures & Encryption 101 Digital Signatures & Encryption in Action Selecting the Right
More informationIphone Bluetooth Setup 4s How To Use Push. Notifications >>>CLICK HERE<<<
Iphone Bluetooth Setup 4s How To Use Push Notifications When you use your device to access data, a Wi-Fi connection uses less your display with notifications, you can turn off push notifications for the
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationSoftware Version 3.3 Version 1.0 October Xerox Print Portal. Information Assurance Disclosure
Software Version 3.3 Version 1.0 October 2017 Xerox Print Portal Information Assurance Disclosure Contents 1. Introduction... 3 1.1. Purpose... 3 1.2. Target Audience... 3 1.3. Disclaimer... 4 2. Product
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationCERTIFIED SECURE COMPUTER USER COURSE OUTLINE
CERTIFIED SECURE COMPUTER USER COURSE OUTLINE Page 1 TABLE OF CONTENT 1 COURSE DESCRIPTION... 3 2 MODULE-1: INTRODUCTION TO DATA SECURITY... 4 3 MODULE-2: SECURING OPERATING SYSTEMS... 6 4 MODULE-3: MALWARE
More informationDeveloping an End-to-End Secure Chat Application
108 IJCSNS International Journal of Computer Science and Network Security, VOL.17 No.11, November 2017 Developing an End-to-End Secure Chat Application Noor Sabah, Jamal M. Kadhim and Ban N. Dhannoon Department
More informationManual Iphone 5 Bluetooth Not Working With Macbook Via
Manual Iphone 5 Bluetooth Not Working With Macbook Via Version 5. 13944 Views. Last Modified: Nov 17, 2014 4:50 PM. Bluetooth supports many different "Profiles", or methods of connecting BlueTooth The
More informationTrend Micro Guide and solution to help embrace Consumerization and BYOD. James Walker EMEA Product Marketing Manager 26 September 2012
Trend Micro Guide and solution to help embrace Consumerization and BYOD James Walker EMEA Product Marketing Manager 26 September 2012 Agenda Consumerization What is it? What should I do? Mobile Security
More informationAuthentication Part IV NOTE: Part IV includes all of Part III!
Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING
More informationA Survey of BGP Security Review
A Survey of BGP Security Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being interesting Border
More informationEnabling Apple AirPrint with Your Xerox AltaLink Multifunction Printer. White Paper
Enabling Apple AirPrint with Your Xerox AltaLink Multifunction Printer White Paper Contents 3 Background 3 AirPrint Basics Step 1: Device Discovery Apple Bonjour 3 Step 2: Device Information and Status
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationMobile Experience and Security - A Delicate Balance. Jeff Keller, CISA, CIA, CFSA SVP/Senior Audit Director, Technology, Projects, Due Diligence
Mobile Experience and Security - A Delicate Balance Jeff Keller, CISA, CIA, CFSA SVP/Senior Audit Director, Technology, Projects, Due Diligence Admin Items Please put phones on vibrate Please take calls
More informationManually Connecting To Wireless Network Macbook Pro Will Not Automatically
Manually Connecting To Wireless Network Macbook Pro Will Not Automatically It's possible to successfully connect to the Internet but not be able to load a simple Ethernet network for your home or office,
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationCourse Outline (version 2)
Course Outline (version 2) Page. 1 CERTIFIED SECURE COMPUTER USER This course is aimed at end users in order to educate them about the main threats to their data s security. It also equips the students
More informationFrequently Asked Questions
General Where can I find a user guide? When logged in, a user guide can be downloaded from within the client. Help is located in the options tab at the bottom right hand corner of the desktop client and
More informationChapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.
Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationCIP Security Pull Model from the Implementation Standpoint
CIP Security Pull Model from the Implementation Standpoint Jack Visoky Security Architect and Sr. Project Engineer Rockwell Automation Joakim Wiberg Team Manager Technology and Platforms HMS Industrial
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationNetwork Access Control and VoIP. Ben Hostetler Senior Information Security Advisor
Network Access Control and VoIP Ben Hostetler Senior Information Security Advisor Objectives/Discussion Points Network Access Control Terms & Definitions Certificate Based 802.1X MAC Authentication Bypass
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Quick Heal Total Security for Android Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-BOaRDING and Securing DEVICES IN YOUR Corporate NetWORk PrepaRING YOUR NetWORk to MEEt DEVICE DEMaND The proliferation of smartphones and tablets brings increased
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationThe Internet of Things. Steven M. Bellovin November 24,
The Internet of Things Steven M. Bellovin November 24, 2014 1 What is the Internet of Things? Non-computing devices...... with CPUs... and connectivity (Without connectivity, it s a simple embedded system)
More informationDigital Entertainment. Networking Made Easy
Digital Entertainment 2003 by TiVo Inc. Reproduction in whole or in part without written permission is prohibited. All rights reserved. Printed in the USA. TiVo, TiVo Central, and TiVolution are registered
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationSymantec Endpoint Protection Family Feature Comparison
Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per
More informationAUTHENTICATION AND LOOKUP FOR NETWORK SERVICES
Vol.5, No.1, pp. 81-90, 2014 doi: 10.7903/ijecs.1040 AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES Daniel J. Buehrer National Chung Cheng University 168 University Rd., Min-Hsiung Township, Chiayi County,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationEnabling Apple AirPrint with Your Xerox ConnectKey Device
Enabling Apple AirPrint with Your Xerox ConnectKey Device 1 Background Apple AirPrint is a printing technology introduced with ios version 4.2 in November of 2010. It enables Apple ios devices including
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationDistributed Systems 26. Mobile Ad Hoc Mesh Networks
Distributed Systems 26. Mobile Ad Hoc Mesh Networks Paul Krzyzanowski pxk@cs.rutgers.edu 12/16/2011 1 Mesh Networks Mobile Ad-hoc networks, sensor networks, Decentralized networking No need for routers
More informationKey Management and Distribution
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 10 Key Management; Other Public Key Cryptosystems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationTap BLE API Documentation
Tap BLE API Documentation Version 1.0.1 Table of contents Tap BLE API Documentation 1 Table of contents 1 General description 2 Device discovery 2 Scanning 2 Connecting & pairing 2 Usage of API 2 Types
More informationAttacking Networks. Joshua Wright LightReading LIVE! October 1, 2003
Attacking 802.11 Networks Joshua Wright Joshua.Wright@jwu.edu LightReading LIVE! October 1, 2003 Attention The material presented here reflects the personal experience and opinions of the author, and not
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationHacking challenge: steal a car!
Hacking challenge: steal a car! Your "local partner in crime" Sławomir Jasek IT security expert since 2005, and still loves this job Agenda BLE vs security How to hack the car New tool Vulnerabilities
More informationThe Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez
The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony
More informationA network is two or more computers, or other electronic devices, connected together so that they can exchange data.
Computer Networks What is a Network? A network is two or more computers, or other electronic devices, connected together so that they can exchange data. For example; a network allows computers to share
More informationPort Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
More informationA Framework for Optimizing IP over Ethernet Naming System
www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul
More informationتاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم
بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationElementary Computing CSC 100. M. Cheng, Computer Science
Elementary Computing CSC 100 1 Internet (2) TCP/IP and IP Addresses Hostnames and Domain Name System Internet Services Client/Server and Peer- 2- Peer Applications SPAMs & Phishing, Worms, Viruses & Trojans
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationPrintopia Pro Multicast DNS (mdns) Deployment and Troubleshooting Guide
Printopia Pro Multicast DNS (mdns) Deployment and Troubleshooting Guide Version 4 Feb 18, 2016 Copyright 2016 Decisive Tactics, Inc. Mac, iphone, ipad, ipod Touch, ios, OS X, and AirPrint are trademarks
More informationChapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationPCI Compliance Updates
PCI Compliance Updates PCI Mobile Payment Acceptance Security Guidelines Adam Goslin, Chief Operations Officer AGoslin@HighBitSecurity.com Direct: 248.388.4328 PCI Guidance February, 2013 - PCI Mobile
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationMobile Security Threats
Mobile Security Threats Adi Sharabani 2013 Skycure About me Adi Sharabani CEO & co-founder, Skycure Over 15 years of security experience Built and managed Watchfire's research group Built and led IBM's
More informationWireless Security and Monitoring. Training materials for wireless trainers
Wireless Security and Monitoring Training materials for wireless trainers Goals to understand which security issues are important to consider when designing WiFi networks to be introduced to encryption,
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationPrivacy, Discovery, and Authentication for the Internet of Things
Privacy, Discovery, and Authentication for the Internet of Things David J. Wu Ankur Taly Asim Shankar Dan Boneh Stanford University Google Google Stanford University The Internet of Things (IoT) Lots of
More informationSecurity Considerations for IPv6 Networks. Yannis Nikolopoulos
Security Considerations for IPv6 Networks Yannis Nikolopoulos yanodd@otenet.gr Ημερίδα Ενημέρωσης Χρηστών για την Τεχνολογία IPv6 - Αθήνα, 25 Μαίου 2011 Agenda Introduction Major Features in IPv6 IPv6
More informationHomework 5: Exam Review
CIS 331 April 18, 2017 Introduction to Networks & Security Homework 5: Exam Review Homework 5: Exam Review This homework is due Wednesday, April 26 at 10 p.m.. You will have a budget of five late days
More informationGetting ready to set up. Step 1. Note:
BYOD - Setting up Email Access on your ios mobile device This document provides step-by-step instructions for setting up Cognizant e-mail on the native e-mail app of your ios mobile device. Note: - TruMobi
More informationAIRPLAY AND AIRPRINT ON CAMPUS NETWORKS AN ARUBA AIRGROUP SOLUTION GUIDE
AIRPLAY AND AIRPRINT ON CAMPUS NETWORKS AN ARUBA AIRGROUP SOLUTION GUIDE Table of Contents Warning and Disclaimer... 3 Introduction... 4 What is Zero Configuration Networking (zeroconf)?... 5 WLANs and
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationCryptography and Network Security Chapter 10. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture out of the
More informationWhat s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services
What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services September 2017 Introduction This document is a summary of what s new in ios 11, macos
More informationSt. Augustine Macintosh User s Group (SAMUG) March 19, 2019
St. Augustine Macintosh User s Group (SAMUG) March 19, 2019 Airdrop Between Apple Devices (imac, ipad, iphone) Physical Connector Types More Photo Sharing Voice Memos Signing PDF Documents! 1 of! 6 Airdrop
More informationIPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC
IPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC Lin Tao lintao850711@sina.com Liu Wu liuwu@cernet.edu.cn Duan Haixin dhx@cernet.edu.cn Sun Donghong sdh@cernet.edu.cn Abstract IPv6 is widely
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationJune Using Apple AirPrint with Xerox ConnectKey Devices User Guide
June 2013 Using Apple AirPrint with Xerox ConnectKey Devices User Guide 2013 Xerox Corporation. All rights reserved. Xerox, Xerox and Design and ConnectKey are trademarks of the Xerox Corporation in the
More informationPrivacy, Discovery, and Authentication for the Internet of Things
Privacy, Discovery, and Authentication for the Internet of Things David J. Wu Ankur Taly Asim Shankar Dan Boneh Stanford University Google Google Stanford University The Internet of Things (IoT) Lots of
More informationMcAfee MVISION Mobile Threat Detection Android App Product Guide
McAfee MVISION Mobile Threat Detection Android App 1809.4.7.0 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,
More informationA. The portal will function as an identity provider and issue an authentication assertion
Volume: 88 Questions Question: 1 A security analyst wishes to increase the security of an FTP server. Currently, all trails to the FTP server is unencrypted. Users connecting to the FTP server use a variety
More informationConfiguring OpenVPN on pfsense
Configuring OpenVPN on pfsense Configuring OpenVPN on pfsense Posted by Glenn on Dec 29, 2013 in Networking 0 comments In this article I will go through the configuration of OpenVPN on the pfsense platform.
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationPrintopia 3 ENTERPRISE ADMINISTRATION GUIDE. Revision 10 October 9,
Printopia 3 ENTERPRISE ADMINISTRATION GUIDE Revision 10 October 9, 2017 www.decisivetactics.com/printopiapro Legal Copyright 2012-2017 Decisive Tactics, Inc. Printopia is a registered trademark of Decisive
More informationMobile IP Overview. Based on IP so any media that can support IP can also support Mobile IP
Introduction: Mobile IP Overview An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet
More informationCS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 6 Week of February 26, 2018 Question 1 TLS threats (10 min) An attacker is trying to attack the company Boogle and its users. Assume that
More informationQuick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.
Quick Heal Mobile Security Free protection for your Android phone against virus attacks, unwanted calls, and theft. Product Highlights Complete protection for your Android device that simplifies security
More informationOnce all of the features of Intel Active Management Technology (Intel
Chapter11 Connecting and Communicating with Intel Active Management Technology Disconnecting from change does not recapture the past. It loses the future. Kathleen Norris, O Magazine, January 2004 Once
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More information