Using Delegations to Protect Community Repositories. Trishank Karthik Kuppusamy, Santiago Torres- Arias, Vladimir Diaz, Justin Cappos
|
|
- Claribel Jenkins
- 5 years ago
- Views:
Transcription
1 Diplomat Using Delegations to Protect Community Repositories Trishank Karthik Kuppusamy, Santiago Torres- Arias, Vladimir Diaz, Justin Cappos
2 Community repositories 2
3 Community repositories: examples 3
4 Community repositories: definition All software by 3rd-party developers. Software organized by. A project may release many packages. > 10K, 100K packages (e.g., on PyPI). A new project/package added every few minutes (e.g., on PyPI). Projects Django Scapy Packages Django tar.gz Django tar.gz Scapy zip 4
5 Great! What is the problem? 5
6 What do these organizations share? 6
7 Users were attacked via software updates. 7
8 Repository compromise: impact High impact: malware can be installed by millions of unsuspecting users. Microsoft Windows Update (2012): Flame malware spread via MitM attack. South Korea cyberattack (2013): $756,000,000 USD in economic damage due to malware spread partly via automatic software updates. 8
9 Goal: compromise-resilience Cannot prevent a compromise. But must at least limit its impact. Attackers can compromise as few users as possible. 9
10 Previous security systems 10
11 Overview (a) repository administrators project developers packages (b) repository administrators project developers packages foo-2.0 foo-2.1 foo foo-2.0 foo-2.1 bar-1.0 GPG bar bar-1.0 (c) (d) foo foo-2.0 foo-2.1 foo foo-2.0 foo-2.1 bar bar-1.0 bar bar-1.0 legend delegates packages to signs for packages online keys offline keys developer keys package 11
12 (a) Repos sign packages with online keys Repositories sign packages with a transport mechanism (e.g., TLS, CUP). Signing private keys kept online. Not compromise-resilient. (a) repository administrators online keys project developers packages foo-2.0 foo-2.1 bar
13 (b) Devs sign packages with offline keys Developers sign packages with (e.g., GPG, RSA) offline private keys. Compromise-resilient! But, unusable key distribution & revocation. (b) repository administrators GPG project developers foo bar developer keys packages foo-2.0 foo-2.1 bar
14 Interlude: Delegations with TUF TUF (our previous system) uses delegations. Bind public keys to. Survivable key compromise in software update systems, Samuel et. al., CCS delegates packages to Django- Scapy- Metadata Alice Sue signs for packages.tar.gz Bob developer keys Django tar.gz Django tar.gz Administratormanaged Developermanaged Scapy zip Packages 14
15 Interlude: Delegations with TUF How to sign Administratormanaged Developermanaged delegations? Use online or Django- Scapy- Alice Sue.tar.gz Bob Django tar.gz Django tar.gz Scapy zip Metadata Packages offline keys? delegates packages to signs for packages developer keys 15
16 (c) Repos delegate with online keys Repositories delegate to developers with online keys. Immediate project registration! But, not compromiseresilient. (c) repository administrators delegates packages to signs for packages project developers foo bar online keys packages foo-2.0 foo-2.1 bar-1.0 developer keys 16
17 (d) Admins delegate with offline keys Administrators delegate to developers with offline keys. Compromise-resilient! But, no immediate project registration. (d) delegates packages to repository administrators signs for packages project developers foo bar offline keys packages foo-2.0 foo-2.1 bar-1.0 developer keys 17
18 Either or Previous systems force community repositories to choose either compromise-resilience, or immediate project registration. 18
19 Diplomat: a new security system 19
20 New idea What if. (e) repository administrators project developers foo bar offline keys developer keys 20
21 New idea: a middle way? What if. Sign delegations to most with offline keys... (e) repository administrators claimed project developers foo bar offline keys developer keys 21
22 New idea: a middle way? What if. Sign delegations to most with offline keys. Sign only delegations to new with online keys. (e) repository administrators online keys claimed new offline keys developer keys project developers foo bar 22
23 New idea: a middle way? Both compromiseresilience and immediate project registration via multiple delegations. (e) repository administrators claimed new project developers foo bar online keys offline keys developer keys 23
24 Ambiguous delegations What if A delegates the bar project to both B and C? Should a package manager trust B or C for the bar project? A bar- B C backtracking delegation bar-1.0 bar-1.0 bar-1.1 ambiguous delegations 24
25 Ambiguous delegations: ordering problem What if both B and C sign the same bar-1.0 package? A bar- B C bar-1.0 bar-1.0 backtracking delegation ambiguous delegations 25
26 Ambiguous delegations: failover problem What if B does not sign the bar-1.1 package, but C does? A bar- B C bar-1.1 backtracking delegation ambiguous delegations 26
27 Ambiguous delegations No clear answer. How does A say what it really means? Only trust B for bar, and C for everything else. A bar- B C backtracking delegation bar-1.0 bar-1.0 bar-1.1 ambiguous delegations 27
28 Prioritized delegations: ordering problem A prioritizes delegation to B before C. Package manager will check B before C. A (1) bar- (2) B C bar-1.0 bar-1.0 prioritized, backtracking delegation ambiguous delegations 28
29 Terminating delegations: failover problem A terminates the bar project at B. Package manager will search for bar only in B. A bar- B C bar-1.1 terminating delegation backtracking delegation ambiguous delegations 29
30 Prioritized & terminating delegations Conflict resolution with preorder DFS. If delegator signed for package, return that. Otherwise, visit delegatees in order of priority. If delegation is terminating, return after delegatee visit. A (1) bar- prioritized, backtracking delegation (2) B C terminating delegation bar-1.0 bar-1.0 bar-1.1 ambiguous delegations 30
31 Building usable security models 31
32 Usable security models Developed from collaboration with real-world community repositories. Legacy model (PEP 458). Maximum model (PEP 480). 32
33 Legacy/maximum security model administrators project developers packages claimed foo- foo Project foo-mac-1.2 foo-win-1.2 backtracking delegation Compromiseresilient foo-mac-1.3 terminating delegation online keys Projects at risk new zap- zap Project zap-1.0 zap-1.0 offline keys developer keys 33
34 Periodic task: claiming new administrators packages claimed foo- foo Project backtracking delegation Compromiseresilient terminating delegation online keys Projects at risk new zap- zap Project First, a new project will be delegated by the new- role. offline keys developer keys 34
35 Periodic task: claiming new administrators packages claimed Compromiseresilient foo- zap- foo Project zap Project Periodically, administrators will move new to the claimed role. backtracking delegation terminating delegation online keys Projects at risk new offline keys developer keys 35
36 Projects unsigned by developers Developers may not sign for various reasons e.g., project no longer actively maintained Idea: why not let administrators sign on behalf of developers? 36
37 Legacy security model administrators project developers packages claimed foo- foo Project foo-mac-1.2 foo-win-1.2 backtracking delegation Compromiseresilient foo-mac-1.3 Unclaimed are like rarely updated, but signed with online keys. terminating delegation online keys Projects at risk new zap- zap Project zap-1.0 zap-1.0 offline keys developer keys unclaimed soup
38 Legacy security model administrators project developers packages claimed foo- foo Project foo-mac-1.2 foo-win-1.2 backtracking delegation Compromiseresilient foo-mac-1.3 Unclaimed are like rarely updated, but signed with online keys. terminating delegation online keys Projects at risk new zap- zap Project zap-1.0 zap-1.0 offline keys developer keys unclaimed soup-0.1 soup
39 Maximum security model administrators project developers packages claimed Compromiseresilient soup-, nuts- rarelyupdated foo- foo Project foo-mac-1.2 foo-win-1.2 foo-mac-1.3 soup-0.1 backtracking delegation terminating delegation online keys Projects at risk new zap- zap Project zap-1.0 zap-1.0 offline keys developer keys Rarely updated are not actively maintained by developers, and signed by administrators instead. 39
40 Maximum security model administrators project developers packages claimed Compromiseresilient soup-, nuts- rarelyupdated foo- foo Project foo-mac-1.2 foo-win-1.2 foo-mac-1.3 soup-0.1 soup-0.2 backtracking delegation terminating delegation online keys Projects at risk new zap- zap Project zap-1.0 zap-1.0 offline keys developer keys Rarely updated are not actively maintained by developers, and signed by administrators instead. 40
41 Legacy vs maximum Legacy Maximum Claimed Compromise-resilient Compromise-resilient New Not compromiseresilient Not compromiseresilient online keys offline keys 41
42 Legacy vs maximum Legacy Maximum Claimed Compromise-resilient Compromise-resilient New Not compromiseresilient Not compromiseresilient Projects signed by administrators on behalf of developers Not compromiseresilient online keys offline keys 42
43 Legacy vs maximum Legacy Maximum Claimed Compromise-resilient Compromise-resilient New Not compromiseresilient Not compromiseresilient Projects signed by administrators on behalf of developers Not compromiseresilient Compromise-resilient online keys offline keys Cannot immediately release new packages 43
44 Usability UX for users, developers & administrators. Revoking/replacing project/developer keys. Smooth transition from legacy to maximum. Securely recovering from a repository compromise. Please see paper for details! 44
45 Evaluation on PyPI: TLS/GPG 1. What if PyPI was compromised undetected for a month? 2. Sanitized download log from >1m to 400K users. a. See paper for details. 3. What if PyPI had used only TLS/GPG (i.e., no compromise-resilience)? 45
46 Evaluation on PyPI: legacy (popular) 1. Claim top 1% popular : protect 73% users. 46
47 Evaluation on PyPI: legacy (hybrid) 1. Claim top 1% popular : protect 73% users. 2. Claim rarely updated : protect 75% users. 3. Claim on update: protect 94% users. 47
48 Evaluation on PyPI: maximum Protect >99% users. 48
49 Conclusion 49
50 Deployments & Integrations 50
51 Q & A Thanks! Questions? trishank@nyu.edu 51
Diplomat: Using Delegations to Protect Community Repositories
Diplomat: Using Delegations to Protect Community Repositories Trishank Karthik Kuppusamy, Santiago Torres-Arias, Vladimir Diaz, and Justin Cappos, New York University https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy
More informationin-toto -- Securing the whole software supply chain Santiago Torres-Arias, Hammad Afzali, Lukas Pühringer, Reza Curtmola, Justin Cappos
in-toto -- Securing the whole software supply chain Santiago Torres-Arias, Hammad Afzali, Lukas Pühringer, Reza Curtmola, Justin Cappos How is software made? 2 A stylized software supply chain test code
More informationSecuring our Package Distribution System
Securing our Package Distribution System Duncan Coutts and Edsko de Vries August 2015, Haskell Implementors Workshop Copyright 2015 Well-Typed LLP Well-Typed The Haskell Consultants Whither security? Why
More informationUptane. Securing Over-the-Air Updates Against Nation State Actors. Justin Cappos New York University
Uptane Securing Over-the-Air Updates Against Nation State Actors Justin Cappos New York University What do these companies have in common? What do these companies have in common? Users attacked via software
More informationUptane. Securing Over-the-Air Updates Against Nation State Actors. Justin Cappos New York University
Uptane Securing Over-the-Air Updates Against Nation State Actors Justin Cappos New York University What do these companies have in common? What do these companies have in common? Users attacked via software
More informationUptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017
Uptane: Securely Updating Automobiles Sam Weber NYU samweber@nyu.edu 14 June 2017 Credits Funded by DHS S&T CSD Work done by New York University University of Michigan Transportation Research Institute
More informationCredential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003
Credential Management in the Grid Security Infrastructure GlobusWorld Security Workshop January 16, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Credential Management Enrollment:
More informationSecuring Software Updates for IoT Devices with TUF and Uptane. Ricardo Salveti Principal Engineer
Securing Software Updates for IoT Devices with TUF and Uptane Ricardo Salveti ricardo@foundries.io Principal Engineer Foundries.io Foundries.io Established October, 2017 Backgrounds in Spin-out from, and
More informationCSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More informationInvestigating the OpenPGP Web of Trust
Investigating the OpenPGP Web of Trust Alexander Ulrich, Ralph Holz, Peter Hauck, Georg Carle Diskrete Mathematik Universität Tübingen Netzarchitekturen und Netzdienste Technische Universität München ESORICS
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationMan in the middle attack on TextSecure Signal. David Wind IT SeCX 2015
Man in the middle attack on TextSecure Signal David Wind IT SeCX 2015 $ whoami David Wind Information Security Master student @ University of Applied Science St. Pölten Working for XSEC infosec GmbH since
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More information6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename
6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename Certificate formats (DER, PEM, PKCS #12) 6.2 Certificate Authorities
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationInstallFree Application Compatibility Solution for Windows 7 Migrations
InstallFree Application Compatibility Solution for Windows 7 Migrations 1 Windows 7 and Application Compatibility Window 7 is the latest version of the Microsoft Windows operating system and is widely
More informationStaying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf
Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf (Xiaolong Bai, Luyi Xing) (co-first authors), Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, Shi-Min
More informationFuture Forests: Realistic Strategies for AD Security & Red Forest Architecture
SESSION ID: STR-R02 Future Forests: Realistic Strategies for AD Security & Red Forest Architecture Katie Knowles Security Consultant MWR InfoSecurity @_sigil Introduction: Why AD Matters How AD is Targeted
More informationA Composite Trust based Public Key Management in MANETs
USMA 6 th Network Science Workshop April 23, 2012 West Point, NY U.S. Army Research, Development and Engineering Command A Composite Trust based Public Key Management in MANETs Jin-Hee Cho and Kevin Chan
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationBrussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security
Cyber Resiliency Minimizing the impact of breaches on business continuity Jean-Michel Lamby Associate Partner - IBM Security Brussels Think Brussels / Cyber Resiliency / Oct 4, 2018 / 2018 IBM Corporation
More informationX.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationSecuring Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection
Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationGit. Christoph Matthies Software Engineering II WS 2018/19. Enterprise Platform and Integration Concepts group
Git Software Engineering II WS 2018/19 Christoph Matthies christoph.matthies@hpi.de Enterprise Platform and Integration Concepts group Outline 1. Basics 2. Local 3. Collaboration November 16, 2018 2 Centralized
More informationMeasurement and Analysis of Private Key Sharing in the HTTPS Ecosystem
Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem Frank Cangialosi, Taejoong Chung, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson How do we know with whom
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationWAVE: A decentralised authorization system for IoT via blockchain smart contracts
WAVE: A decentralised authorization system for IoT via blockchain smart contracts Michael P Andersen, John Kolb, Kaifei Chen, Gabe Fierro, David E. Culler, Raluca Ada Popa The problem Authorization mechanisms
More informationSentinet for Windows Azure VERSION 2.2
Sentinet for Windows Azure VERSION 2.2 Sentinet for Windows Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Isolated Deployment Model... 3 Collocated Deployment Model...
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationLaboratorio di Programmazione. Prof. Marco Bertini
Laboratorio di Programmazione Prof. Marco Bertini marco.bertini@unifi.it http://www.micc.unifi.it/bertini/ Code versioning: techniques and tools Software versions All software has multiple versions: Each
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationBuilding Trustworthiness The Evolution of Secure Development. Glenn Pittaway and Alex Lucas Trustworthy Computing, Microsoft Corporation
Building Trustworthiness The Evolution of Secure Development Glenn Pittaway and Alex Lucas Trustworthy Computing, Microsoft Corporation Goals Provide an understanding of the Microsoft view of security
More informationCS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD
ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas
More informationEnterprise Adoption Best Practices
Enterprise Adoption Best Practices Managing FIDO Credential Lifecycle for Enterprises April 2018 Copyright 2018 FIDO Alliance All Rights Reserved. 1 Audience This white paper is aimed at enterprises deploying
More informationPublic-Key Infrastructure NETS E2008
Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key
More informationSecurity in the CernVM File System and the Frontier Distributed Database Caching System
Security in the CernVM File System and the Frontier Distributed Database Caching System D Dykstra 1 and J Blomer 2 1 Scientific Computing Division, Fermilab, Batavia, IL 60510, USA 2 PH-SFT Department,
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationWhen HTTPS Meets CDN: A Case of Authentication in Delegated Services. J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, J. Wu
When HTTPS Meets CDN: A Case of Authentication in Delegated Services J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, J. Wu Problem statement: TLS, an End-to-End Protocol 2 Problem Statement: End-to-End Protocol
More informationRedesigning PKI To Solve Revocation, Expiration, & Rotation Problems. Brian
Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems Brian Knopf @DoYouQA WHO AM I Sr Director of Security Research & IoT Architect @Neustar @DoYouQA 20+ Home Previously years in IT, QA,
More informationBEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN
SESSION ID: GPS-R09B BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN Sid Desai Head of Business Development Remme.io @skd_desai Agenda Our relationship to our digital-selves Evolution of Authentication
More informationRethinking IoT Authentication & Authorization Models
Rethinking IoT Authentication & Authorization Models 2017 ISSA SoCal Security Symposium September 14, 2017 Hilton Orange County, Costa Mesa Brian Knopf @DoYouQA WHO AM I Sr Director of Security Research
More informationCisco Encrypted Traffic Analytics Security Performance Validation
Cisco Encrypted Traffic Analytics Security Performance Validation March 2018 DR180222D Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 About the Product Tested... 5 3.0 How We Did It...
More informationFederated AAI and the World of Tomorrow. Rion Dooley
Federated AAI and the World of Tomorrow Rion Dooley Who is this guy? Systems provider @ TACC Infrastructure provider @ iplant/xsede Service provider @ Agave Application developer @ GatewayDNA Support staff
More informationEPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use
EPRI Research Overview IT/Security Focus November 29, 2012 Mark McGranaghan VP, Power Delivery and Utilization Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use Transmission
More informationIntroduction to Cryptography Lecture 10
Introduction to Cryptography Lecture 10 Digital signatures, Public Key Infrastructure (PKI) Benny Pinkas January 1, 2012 page 1 Non Repudiation Prevent signer from denying that it signed the message I.e.,
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationVision deliver a fast, easy to deploy and operate, economical solution that can provide high availability solution for exchange server
Exchange server 2010 Interview Questions High Availability Filed under: Exchange Server 2010 exchange2k10 @ 5:04 pm 1. What are the vision and Goals of Exchange Server 2010 high availability? Vision deliver
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationCorporate IT and Business User Survey,
THE RADICATI GROUP, INC. A TECHNOLOGY MARKET RESEARCH FIRM 1900 EMBARCADERO ROAD, SUITE 206. PALO ALTO, CA 94303 TEL. 650 322-8059 FAX 650 322-8061 Corporate IT and Business User Survey, 2012-2013 Editor:
More informationCryptography: Practice JMU Cyber Defense Boot Camp
Cryptography: Practice 2013 JMU Cyber Defense Boot Camp Prerequisites This unit assumes that you have already known Symmetric-key encryption Public-key encryption Digital signature Digital certificates
More informationThe Economics of Office YTD Net Promoter Score. Microsoft Office365 10/20/2017. Paul Hoffman, CPA, CITP, CGMA CEO/President of SouthTech
The Economics of Office 365 Paul Hoffman, CPA, CITP, CGMA CEO/President of SouthTech 98 % Retention Rate Under 10 Seconds Time to Tech 54% of Issues Resoloved in Less than 1 Hour Resolution 90.6 YTD Net
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 2 Smart Licensing for the Firepower System,
More informationHow to master hybrid IT. Get the speed and agility you want, with the visibility and control you need
How to master hybrid IT Get the speed and agility you want, with the visibility and control you need The process of moving from a dedicated hosted server to the cloud was seamless. Dimension Data s platform
More informationPROVING WHO YOU ARE TLS & THE PKI
PROVING WHO YOU ARE TLS & THE PKI CMSC 414 MAR 29 2018 RECALL OUR PROBLEM WITH DIFFIE-HELLMAN The two communicating parties thought, but did not confirm, that they were talking to one another. Therefore,
More informationBreaking FIDO Yubico. Are Exploits in There?
Breaking FIDO Are Exploits in There? FIDO U2F (Universal 2nd Factor) Analyzing FIDO U2F Attack and Countermeasures Implementation Considerations Resources 2 User Experience 1. Enter username/pwd 2. Insert
More information1z0-479 oracle. Number: 1z0-479 Passing Score: 800 Time Limit: 120 min.
1z0-479 oracle Number: 1z0-479 Passing Score: 800 Time Limit: 120 min Exam A QUESTION 1 What is the role of a user data store in Oracle Identity Federation (OIF) 11g when it is configured as an Identity
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationRed Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS
Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS Daniel Riek Sr. Director Systems Design & Engineering In the beginning there was Stow... and
More informationWhy is Office 365 the right choice?
Why is Office 365 the right choice? People today want to be productive wherever they go. They want to work faster and smarter across their favorite devices, while staying current and connected. Simply
More informationCloud Security Standards and Guidelines
Cloud Security Standards and Guidelines V1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved version Review
More informationAdvanced Endpoint Protection
Advanced Endpoint Protection Protecting Endpoints and Servers Nick Levay, Chief Security Officer, Bit9 @rattle1337 2014 Bit9. All Rights Reserved About Me Chief Security Officer, Bit9
More informationNigori: Storing Secrets in the Cloud. Ben Laurie
Nigori: Storing Secrets in the Cloud Ben Laurie (benl@google.com) April 23, 2013 1 Introduction Secure login is something we would clearly like, but achieving it practically for the majority users turns
More informationNETWORKING 3.0. Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING. Remarkably Simple
NETWORKING 3.0 Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING Highly Available Remarkably Simple Radically Secure IP complexity is holding your business back As
More informationIoT Security: Hardening Services Over Connected Devices. Brian
IoT Security: Hardening Services Over Connected Devices Brian Knopf @DoYouQA WHO AM I Sr Director of Security Research & IoT Architect @Neustar @DoYouQA 20+ Home Previously years in IT, QA, Dev & Security
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationExposing The Misuse of The Foundation of Online Security
Exposing The Misuse of The Foundation of Online Security HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are like HLA tags But,
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationConfiguring SSH with x509 authentication on IOS devices
Configuring SSH with x509 authentication on IOS devices Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram Deployment considerations Configurations (Optional) Integration
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationCloud Security Standards
Cloud Security Standards Classification: Standard Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January 2018 Next
More informationMODERN WEB APPLICATION DEFENSES
MODERN WEB APPLICATION DEFENSES AGAINST DANGEROUS NETWORK ATTACKS Philippe De Ryck SecAppDev 2017 https://www.websec.be SETUP OF THE HANDS-ON SESSION I have prepared a minimal amount of slides Explain
More informationIntel Security Dev API 1.0 Production Release
1.0 Production Release Release Notes 24 August 2017 Version History/Revision History Date Revision Description August 2017 1.0 Limited Production Release March 2017 0.61 Limited External Distribution Intended
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationBlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide
BlackBerry Enterprise Server for Microsoft Office 365 Version: 1.0 Administration Guide Published: 2013-01-29 SWD-20130131125552322 Contents 1 Related resources... 18 2 About BlackBerry Enterprise Server
More informationAn Overview of DNSSEC. Cesar Diaz! lacnic.net!
An Overview of DNSSEC Cesar Diaz! cesar@ lacnic.net! 1 DNSSEC??? The DNS Security Extension (DNS SEC) attach special kind of information called criptographic signatures to the queries and response that
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationNo compromises for secure SCADA Communications even over 3rd Party Networks
No compromises for secure SCADA Communications even over 3rd Party Networks The Gamble of Using ISP Private Networks How to Stack the Odds in Your Favor Standards Certification Education & Training Publishing
More informationINFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2
Digital Signature Introduction to Computer Security Lecture 7 Digital Signature October 9, 2003 Construct that authenticates origin, contents of message in a manner provable to a disinterested third party
More informationWho am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB
@markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Active Directory Domain Services On-premises App Server Validate credentials
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationCryptography III Want to make a billion dollars? Just factor this one number!
Cryptography III Want to make a billion dollars? Just factor this one number! 3082010a0282010100a3d56cf0bf8418d66f400be31c3f22036ca9f5cf01ef614de2eb9a1cd74a0c344b5a20d5f80df9a23c89 10c354821aa693432a61bd265ca70f309d56535a679d68d7ab89f9d32c47c1182e8a14203c050afd5f1831e5550e8700e008f2
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationConsumerization. Copyright 2014 Trend Micro Inc. IT Work Load
Complete User Protection Consumerization IT Work Load 2 Then... File/Folder & Removable Media Email & Messaging Web Access Employees IT Admin 3 Now! File/Folder & Removable Media Email & Messaging Web
More informationAzure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region
Azure DevOps Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region What is DevOps? People. Process. Products. Build & Test Deploy DevOps is the union of people, process, and products to
More informationSecuring the future of mobility
Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need
More informationUnlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.
Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded
More informationExplicit Delegation using Configurable Cookies
Explicit Delegation using Configurable Cookies SPW 2016 David Llewellyn-Jones, Graeme Jenkinson, Frank Stajano {David.Llewellyn-Jones, Graeme.Jenkinson, Frank.Stajano}@cl.cam.ac.uk Pico Project, University
More informationLicensing the Firepower System
The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 1 Classic Licensing for the Firepower System,
More informationOPSWAT Metadefender. Superior Malware Threat Prevention and Analysis
OPSWAT Metadefender Superior Malware Threat Prevention and Analysis Agenda What is Metadefender How Metadefender Protects Metadefender Core Features Metadefender Product Family What s New in Metadefender
More information