Better Security for Password and Two-Factor Authentication
|
|
- Bethany Daniel
- 5 years ago
- Views:
Transcription
1 Better Security for Password ad Two-Factor Autheticatio Staislaw Jarecki (Uiversity of Califoria Irvie) Nitesh Saxea (Uiversity of Alabama Birmigham) Mai collaborators: Aggelos Kiayas (U Ediburgh) Hugo Krawczyk (IBM Research) PhD studets o the project: Maliheh Shirvaia (UA Birmigham) Jiayu Xu (UC Irvie) 1
2 Password (I)Security Passwords: MAIN autheticatio tool i the digital era Protect our lives ad social order, coveietly ad Isecurely
3 Password (I)Security Uacceptable State of Affairs Attackers routiely compromise servers Steal password-related data Recover user s password via Offlie Dictioary Attack BILLIONS of passwords stole MySpace 360M, LikedI 165M, ebay 145M,, Yahoo 3B (!!) Twitter, RSA, Google, Dropbox, PayPal, Soy, Curret Two-Factor Autheticatio schemes do ot stop this leakage TFA reduces to 2 d factor (e.g. cell phoe) security if password leaks But curret TFA s do othig to protect passwords from leakage 3
4 Cryptography Ca Help! We show ways to stregthe password ad two-factor protocols Usig simple, well-established techiques Mostly blided Diffie-Hellma [Chaum, Ford-Kaliski, Boye, ] Efficiet. Mature. Applicable to the ifrastructure used today. Ready for deploymet i the real world. Please talk to me if you are iterested to lear more (esp. if you see where we ca improve, or if you wat to trasfer this to practice). 4
5 Attacks o Password Autheticatio #1: Offlie Dictioary Attack (ODA) ODA is the mai source of password compromise: Deadly combiatio of huma memory limitatio (à low etropy passwords) ad server compromise Stealig the password file allows testig password guesses agaist stored hashes; millios++ of password per secod (from s/w to dedicated h/w) Goal: Reder these uavoidable exhaustive attacks ieffective! How: Eforce high-etropy passwords usig additioal devices/servers 5
6 Attacks o Password Autheticatio #1: Offlie Dictioary Attack (ODA) ODA is the mai source of password compromise Goal: Reder these uavoidable exhaustive attacks ieffective! How: Eforce high-etropy passwords usig additioal devices/servers What Devices? Cell phoe, USB stick: Already used i Two-Factor Autheticatio! What Servers? Ca be hosted by ay cloud service Ed-users ca utilize it trasparetly to web servers Web servers ca utilize it trasparetly to ed-users 6
7 Attacks o Password ad Two-Factor Autheticatio #2,3,4, 2. Olie dict. attacks (uavoidable): Guess password; try it olie. Works w/weak pwds ad i targeted attacks (pers. ifo, sister pwd) 2 d factor helps, but we could do better eve here! 3. Phishig/PKI attack: User tricked to sed password to the attacker paypa1.com, overwritte liks i , URL-browser maipulatio, Cert siged by rogue CA (do you kow your browser s CA s?) A certificate flagged by the browser but user accepts ( clickig through ) 4. Malware o the cliet (termial, laptop, phoe), e.g. keyloggers Goal: Elimiate, eutralize, or reduce exposure to these attacks How: Additioal devices/servers help, ad better cryptography helps! 7
8 Better Security for Password ad Two-Factor Autheticatio Staislaw Jarecki (UC Irvie), Nitesh Saxea (UA Birmigham) PASSWORD AUTHENTICATION with 2 d FACTOR Ed-to-ed security = each compoet ca be compromised: (2 d Factor Device, Cliet, Server, commuicatio liks) pwd MOTIVATION: Password autheticatio is a security bottleeck Web services routiely compromised, hashed passwords leak Hackers recover passwords via Offllie Dictioary Attack Curret Pwd/TFAuth isecure agaist this (ad other attacks) MAIN OBJECTIVES: Achieve ed-to-ed (maximal) security i all attack scearios Elimiate hashed passwords o servers Protect passwords eve if servers are compromised SECONDARY OBJECTIVES: Improve TFA usability (e.g. PIN-copyig is ot ecessary) REQUIREMENTS: Browser Extesio o Cliet Data-Coectivity o 2 d Factor Device (= Cell Phoe) SOLUTION TECHNIQUES / SPECS: Stadard Diffie-Hellma, e.g. EC groups, as i TLS/SSL Computatioal cost = 2-3 exp s/party (» TLS hadshake) SEVER-TRANSPARENT MODE: Cliet gais strog autheticatio toke from 2 d Factor Device ad/or 3 rd -party Security Service CLIENT-TRANSPARENT MODE: Server iteracts with 3 rd -party Security Service POTENTIAL ADOPTERS: Ay iteret user: PwdAuth/TFA trasparet to web server Ay iteret service: PwdAuth/TFA trasparet to ed-user FIST ADOPTERS (PILOTS): Iteret ed-users usig 3 rd party service Educatioal Istitutio logo server? Idustry PwdAuth / TFA providers as parters? TECHNOLOGY TRANSFER: Software libraries will be made available CONTACT : Staislaw Jarecki, UC Irvie, sjarecki@uci.edu Nitesh Saxea, UA Birmigham, saxea@uab.edu
Is Password InSecurity Inevitable?
Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo Krawczyk (IBM Research) Works with Stanislaw Jarecki, Jiayu Xu (UC Irvine) Aggelos Kiayas (U Edinburgh) Nitesh Saxena,
More informationMessage Integrity and Hash Functions. TELE3119: Week4
Message Itegrity ad Hash Fuctios TELE3119: Week4 Outlie Message Itegrity Hash fuctios ad applicatios Hash Structure Popular Hash fuctios 4-2 Message Itegrity Goal: itegrity (ot secrecy) Allows commuicatig
More informationCS 111: Program Design I Lecture 19: Networks, the Web, and getting text from the Web in Python
CS 111: Program Desig I Lecture 19: Networks, the Web, ad gettig text from the Web i Pytho Robert H. Sloa & Richard Warer Uiversity of Illiois at Chicago April 3, 2018 Goals Lear about Iteret Lear about
More informationBike MS: 2013 Participant Center guide
Bike MS: 2013 Participat Ceter guide bikems.org 1 Why use Olie Fudraisig Tools? Usig olie tools makes fudraisig easier Table of Cotets Participats who use persoal pages raise more moey! Bike MS $883 v.
More informationBike MS: 2014 Participant Center guide
Bike MS: 2014 Participat Ceter guide bikems.org 1 Table of Cotets Why Use Olie Fudraisig Tools... 2 Participat Ceter... 3 Guide to Olie Fudraisig... 3 Edit Persoal Page... 5 Address Book... 7 Email Messages...
More informationDevice-Enhanced Password Protocols with Optimal Online-Offline Protection
Device-Enhanced Password Protocols with Optimal Online-Offline Protection Stanislaw Jarecki Hugo Krawczyk Maliheh Shirvanian Nitesh Saxena March 29, 2017 Abstract We introduce a setting that we call Device-Enhanced
More informationPrivate Key Cryptography. TELE3119: Week2
Private Key Cryptography TELE3119: Week2 Private Key Ecryptio Also referred to as: covetioal ecryptio symmetric key ecryptio secret-key or sigle-key ecryptio Oly alterative before public-key ecryptio i
More informationSecure Software Upload in an Intelligent Vehicle via Wireless Communication Links
Secure Software Upload i a Itelliget Vehicle via Wireless Commuicatio Liks Syed Masud Mahmud, Member, IEEE, Shobhit Shaker, Studet Member, IEEE Iria Hossai, Studet Member, IEEE Abstract The demad for drive-by-wire,
More informationDevice-Enhanced Password Protocols with Optimal Online-Offline Protection
Device-Enhanced Password Protocols with Optimal Online-Offline Protection ABSTRACT Stanislaw Jarecki University of California Irvine stasio@ics.uci.edu Maliheh Shirvanian University of Alabama at Birmingham
More informationBIKE MS: 2015 PARTICIPANT CENTER GUIDE
BIKE MS: 2015 PARTICIPANT CENTER GUIDE bikems.org 1 Table of Cotets Why Use Olie Fudraisig Tools... 2 Participat Ceter... 3 Guide to Olie Fudraisig... 3 Edit Persoal Page... 5 Address Book... 7 Email Messages...
More informationn Explore virtualization concepts n Become familiar with cloud concepts
Chapter Objectives Explore virtualizatio cocepts Become familiar with cloud cocepts Chapter #15: Architecture ad Desig 2 Hypervisor Virtualizatio ad cloud services are becomig commo eterprise tools to
More informationCS 111: Program Design I Lecture 18: Web and getting text from it
CS 111: Program Desig I Lecture 18: Web ad gettig text from it Robert H. Sloa & Richard Warer Uiversity of Illiois at Chicago October 25, 2016 Goals Lear about Iteret ad how to access it directly from
More informationMessage Authentication Codes. Reading: Chapter 4 of Katz & Lindell
Message Autheticatio Codes Readig: Chapter 4 of Katz & Lidell 1 Message autheticatio Bob receives a message m from Alice, he wats to ow (Data origi autheticatio) whether the message was really set by Alice.
More informationCSC 220: Computer Organization Unit 11 Basic Computer Organization and Design
College of Computer ad Iformatio Scieces Departmet of Computer Sciece CSC 220: Computer Orgaizatio Uit 11 Basic Computer Orgaizatio ad Desig 1 For the rest of the semester, we ll focus o computer architecture:
More informationL I N U X. Unit 6 S Y S T E M DHCP & DNS (BIND) A D M I N I S T R A T I O n DPW
it 6 HCP & (B) oa Warre HCP ervice yamically assigs a P address to requestig machies P addresses are leased scope of addresses ca be assiged or excluded from assigmet HCP servers do ot talk to each other
More informationCustomer Portal Quick Reference User Guide
Customer Portal Quick Referece User Guide Overview This user guide is iteded for FM Approvals customers usig the Approval Iformatio Maagemet (AIM) customer portal to track their active projects. AIM is
More informationl-1 text string ( l characters : 2lbytes) pointer table the i-th word table of coincidence number of prex characters. pointer table the i-th word
A New Method of N-gram Statistics for Large Number of ad Automatic Extractio of Words ad Phrases from Large Text Data of Japaese Makoto Nagao, Shisuke Mori Departmet of Electrical Egieerig Kyoto Uiversity
More informationPRESENTER DISCLOSURE MEASURING HEALTH INFORMATION TECHNOLOGY USE AND EHEALTH LITERACY AMONG AFRICAN AMERICANS BACKGROUND
PRESENTER DISCLOSURE MEASURING HEALTH INFORMATION TECHNOLOGY USE AND EHEALTH LITERACY AMONG AFRICAN AMERICANS Delores James has o relatioship to disclose. Delores C.S. James, PhD, RDN/LDN, FAND, FASHA
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationn Learn how resiliency strategies reduce risk n Discover automation strategies to reduce risk
Chapter Objectives Lear how resiliecy strategies reduce risk Discover automatio strategies to reduce risk Chapter #16: Architecture ad Desig Resiliecy ad Automatio Strategies 2 Automatio/Scriptig Resiliet
More informationUniversity of North Carolina at Charlotte ECGR-6185 ADVANCED EMBEDDED SYSTEMS SMART CARDS. Sravanthi Chalasani
Uiversity of North Carolia at Charlotte ECGR-6185 ADVANCED EMBEDDED SYSTEMS SMART CARDS Overview Itroductio History of smart cards Types of smart cards Categories of smart cards Smart Card Stadards SLE4442
More informationWYSE Academic Challenge Sectional Computer Science 2005 SOLUTION SET
WYSE Academic Challege Sectioal Computer Sciece 2005 SOLUTION SET 1. Correct aswer: a. Hz = cycle / secod. CPI = 2, therefore, CPI*I = 2 * 28 X 10 8 istructios = 56 X 10 8 cycles. The clock rate is 56
More informationSecurity and Communication. Ultimate. Because Intercom doesn t stop at the hardware level. Software Intercom Server for virtualised IT platforms
Because Itercom does t stop at the hardware level by Commed Software Itercom Server for virtualised IT platforms Ready for VMware Ready for Hyper-V VoIP Ultimate availability Itercom Server as a app The
More informationBE Software Upgrades to ITALYCS 5. It s in the. Software
BE Software Upgrades to ITALYCS 5 It s i the Software UPGRADES WE OFFER Brampto Egieerig is offerig customers with ITALYCS 2 ad ITALYCS 4 systems the opportuity to upgrade their existig systems to the
More informationSecurity of Bluetooth: An overview of Bluetooth Security
Versio 2 Security of Bluetooth: A overview of Bluetooth Security Marjaaa Träskbäck Departmet of Electrical ad Commuicatios Egieerig mtraskba@cc.hut.fi 52655H ABSTRACT The purpose of this paper is to give
More informationSystem and Software Architecture Description (SSAD)
System ad Software Architecture Descriptio (SSAD) Diabetes Health Platform Team #6 Jasmie Berry (Cliet) Veerav Naidu (Project Maager) Mukai Nog (Architect) Steve South (IV&V) Vijaya Prabhakara (Quality
More informationCS 161 Computer Security
Popa & Weaver Fall 2016 CS 161 Computer Security 10/4 Passwords 1 Passwords are widely used for authentication, especially on the web. What practices should be used to make passwords as secure as possible?
More information1100 Appliances. Big security for small branches. Datasheet: Check Point 1100 Appliances FEATURES BENEFITS GATEWAY SOFTWARE BLADES
Datasheet: Check Poit 00 Appliaces 00 Big security for small braches 00 Appliaces YOUR CHALLENGE I the age of global busiess ad icreasigly more distributed workforce, remote ad brach staff demad access
More informationSession Initiated Protocol (SIP) and Message-based Load Balancing (MBLB)
F5 White Paper Sessio Iitiated Protocol (SIP) ad Message-based Load Balacig (MBLB) The ability to provide ew ad creative methods of commuicatios has esured a SIP presece i almost every orgaizatio. The
More informationOntology-based Decision Support System with Analytic Hierarchy Process for Tour Package Selection
2017 Asia-Pacific Egieerig ad Techology Coferece (APETC 2017) ISBN: 978-1-60595-443-1 Otology-based Decisio Support System with Aalytic Hierarchy Process for Tour Pacage Selectio Tie-We Sug, Chia-Jug Lee,
More information1100 Appliances. Big security for small branches. Datasheet: Check Point 1100 Appliances FEATURES BENEFITS GATEWAY SOFTWARE BLADES
Formoreiformatio,pleasecal877.449.0458,oremailusatSales@CorporateArmor.com. Datasheet: Check Poit 00 Appliaces 00 Big security for small braches 00 Appliaces YOUR CHALLENGE I the age of global busiess
More informationGuide to Applying Online
Guide to Applyig Olie Itroductio Respodig to requests for additioal iformatio Reportig: submittig your moitorig or ed of grat Pledges: submittig your Itroductio This guide is to help charities submit their
More informationTwo-Factor Authentication with End-to-End Password Security
Two-Factor Authentication with End-to-End Password Security Stanislaw Jarecki 1, Hugo Krawczyk 2, Maliheh Shirvanian 3, and Nitesh Saxena 3 1 University of California Irvine. sjarecki@uci.edu 2 IBM Research.
More informationLecture Notes 6 Introduction to algorithm analysis CSS 501 Data Structures and Object-Oriented Programming
Lecture Notes 6 Itroductio to algorithm aalysis CSS 501 Data Structures ad Object-Orieted Programmig Readig for this lecture: Carrao, Chapter 10 To be covered i this lecture: Itroductio to algorithm aalysis
More informationUnobservable Surfing on the World Wide Web: Is Private Information Retrieval an alternative to the MIX based Approach?
Uobservable Surfig o the World Wide Web: Is Private Iformatio Retrieval a alterative to the IX based Approach? Doga Kesdoga ark Borig ichael Schmeik ehrstuhl für Iformatik IV RWT Aache {kesdoga borig}@iformatik.rwth-aache.de
More informationSharing Collections. Share a Collection via . Share a Collection via Google Classroom. Quick Reference Guide
Quick Referece Guide Share a Collectio via Email Sharig your collectio with others is a great way to collaborate. You ca easily sed a lik to your colleagues, studets, classmates ad frieds. Recipiets do
More informationApplication Notes for configuring Agent AG Headsets from Corporate Telecommunications with Avaya one-x Communicator using a USB 2.0 Chord Issue 1.
Avaya Solutio & Iteroperability Test Lab Applicatio Notes for cofigurig Aget AG Headsets from Corporate Telecommuicatios with Avaya oe-x Commuicator usig a USB 2.0 Chord Issue 1.0 Abstract These Applicatio
More informationDefeating the Secrets of OTP Apps
Defeating the Secrets of OTP Apps M.A., M.Sc. Philip Polleit, Friedrich-Alexander-Universität, Erlangen Dr.-Ing., Michael Spreitzenbarth, Friedrich-Alexander-Universität, Erlangen philip@polleit.de 1 //
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationCS 111 Green: Program Design I Lecture 27: Speed (cont.); parting thoughts
CS 111 Gree: Program Desig I Lecture 27: Speed (cot.); partig thoughts By Nascarkig - Ow work, CC BY-SA 4.0, https://commos.wikimedia.org/w/idex.php?curid=38671041 Robert H. Sloa (CS) & Rachel Poretsky
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationCMSC Computer Architecture Lecture 12: Virtual Memory. Prof. Yanjing Li University of Chicago
CMSC 22200 Computer Architecture Lecture 12: Virtual Memory Prof. Yajig Li Uiversity of Chicago A System with Physical Memory Oly Examples: most Cray machies early PCs Memory early all embedded systems
More informationProceedings of the 10 th USENIX Security Symposium
USENIX Associatio Proceedigs of the 0 th USENIX Security Symposium Washigto, DC, USA August 3 7, 00 THE ADVANCED COMPUTING SYSTEMS ASSOCIATION 00 by The USENIX Associatio All Rights Reserved For more iformatio
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis H2020 Clustering
More informationWorkflow model GM AR. Gumpy. Dynagump. At a very high level, this is what gump does. We ll be looking at each of the items described here seperately.
Workflow model GM AR Gumpy RM Dyagump At a very high level, this is what gump does. We ll be lookig at each of the items described here seperately. User edits project descriptor ad commits s maitai their
More informationCS 111: Program Design I Lecture 20: Web crawling, HTML, Copyright
CS 111: Program Desig I Lecture 20: Web crawlig, HTML, Copyright Robert H. Sloa & Richard Warer Uiversity of Illiois at Chicago November 8, 2016 WEB CRAWLER AGAIN Two bits of useful Pytho sytax Do't eed
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis SAINT Workshop
More informationBasic Design Principles
+ Basic Desig Priciples + Assigmet 2: Your studet web site 1. Baer 2. Your ame 3. Your accout umber 4. A lik to aother web page, preferably oe useful to you i this class 5. A photo, preferably of you 6.
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationID protocols. Overview. Dan Boneh
ID protocols Overview The Setup sk Alg. G vk vk either public or secret User P (prover) Server V (verifier) no key exchange yes/no Applications: physical world Physical locks: (friend-or-foe) Wireless
More informationActual Cryptography at the Age of Evolving Ecosystems. Moti Yung, Google
Actual Cryptography at the Age of Evolving Ecosystems Moti Yung, Google Talk Agenda Part I: Crypto as part of general engineering projects Part II: Adx Review Part III: Adx Crypto solutions Part IV: Conclusions
More informationCreating Exact Bezier Representations of CST Shapes. David D. Marshall. California Polytechnic State University, San Luis Obispo, CA , USA
Creatig Exact Bezier Represetatios of CST Shapes David D. Marshall Califoria Polytechic State Uiversity, Sa Luis Obispo, CA 93407-035, USA The paper presets a method of expressig CST shapes pioeered by
More informationApplication Notes for Configuring JPL X400 Cordless DECT Headset with Handset Lifter from JPL Limited with Avaya 96x1 Series IP Telephones Issue 1.
Avaya Solutio & Iteroperability Test Lab Applicatio Notes for Cofigurig JPL X400 Cordless DECT Headset with Hadset Lifter from JPL Limited with Avaya 96x1 Series IP Telephoes Issue 1.0 Abstract These Applicatio
More informationApplication Notes for Configuring Dasan Electron Headsets from JPL Europe with Avaya 9600 Series IP Deskphones using a DA-30 Cord Issue 1.
Avaya Solutio & Iteroperability Test Lab Applicatio Notes for Cofigurig Dasa Electro Headsets from JPL Europe with Avaya 9600 Series IP Deskphoes usig a DA-30 Cord Issue 1.0 Abstract These Applicatio Notes
More informationAuthentication and passwords
Authentication and passwords Passwords The Key Idea Prover sends a password to a Verifier. The channel must be private If an attacker obtains a user s password, he can authenticate as her. Passwords must
More informationRandomized and Quantum Protocols in Distributed Computation
Radomized ad Quatum Protocols i Distributed Computatio Michael Be-Or The Hebrew Uiversity Michael Rabi s Birthday Celebratio Radomized Protocols Power of Radomizatio Expoetial speedup for kow algorithms
More informationCS 111: Program Design I Lecture 21: Network Analysis. Robert H. Sloan & Richard Warner University of Illinois at Chicago April 10, 2018
CS 111: Program Desig I Lecture 21: Network Aalysis Robert H. Sloa & Richard Warer Uiversity of Illiois at Chicago April 10, 2018 NETWORK ANALYSIS Which displays a graph i the sese of graph/etwork aalysis?
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationISP Systems Design. ISP Workshops
ISP Systems Desig ISP Workshops These materials are licesed uder the Creative Commos Attributio-NoCommercial 4.0 Iteratioal licese (http://creativecommos.org/liceses/by-c/4.0/) Last updated 24 th April
More informationGraphic Standards for District Identification. September, 2012
Graphic Stadards for District Idetificatio September, 2012 CASE Graphic Stadards for District Idetificatio DRAFT 12.8.14 Coucil for Advacemet ad Support of Educatio, 2012. 1 . This documet is a draft of
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationIntroduction to Information Security Miscellaneous
Introduction to Information Security Miscellaneous 1 NOP Slides 1120 RET 1000? To implement a buffer overflow, you need to know: The overflow size (from the buffer start to the return address) The stack
More informationWindows Server 2008 R2 networking
Chapter3 Widows Server 2008 R2 etworkig Orgaizatios large ad small deped o computer etworks to operate their busiesses. Employees require aywhere access to data, while cliets ad busiess parters demad ehaced
More informationData Protection: Your Choice Is Simple PARTNER LOGO
Data Protectio: Your Choice Is Simple PARTNER LOGO Is Your Data Truly Protected? The growth, value ad mobility of data are placig icreasig pressure o orgaizatios. IT must esure assets are properly protected
More informationProbability of collisions in Soft Input Decryption
Issue 1, Volume 1, 007 1 Probability of collisios i Soft Iput Decryptio Nataša Živić, Christoph Rulad Abstract I this work, probability of collisio i Soft Iput Decryptio has bee aalyzed ad calculated.
More informationCS644 Advanced Networks
Limitatios of IP CS644 Advaced Networks Lecture 7 QoS Adreas Terzis IP provides oly best effort service IP does ot participate i resource maagemet Caot provide service guaratees o a per flow basis Caot
More informationArchitectural styles for software systems The client-server style
Architectural styles for software systems The cliet-server style Prof. Paolo Ciacarii Software Architecture CdL M Iformatica Uiversità di Bologa Ageda Cliet server style CS two tiers CS three tiers CS
More informationLighting and Shading. Outline. Raytracing Example. Global Illumination. Local Illumination. Radiosity Example
CSCI 480 Computer Graphics Lecture 9 Lightig ad Shadig Light Sources Phog Illumiatio Model Normal Vectors [Agel Ch. 6.1-6.4] February 13, 2013 Jerej Barbic Uiversity of Souther Califoria http://www-bcf.usc.edu/~jbarbic/cs480-s13/
More informationΤεχνολογία Λογισμικού
ΕΘΝΙΚΟ ΜΕΤΣΟΒΙΟ ΠΟΛΥΤΕΧΝΕΙΟ Σχολή Ηλεκτρολόγων Μηχανικών και Μηχανικών Υπολογιστών Τεχνολογία Λογισμικού, 7ο/9ο εξάμηνο 2018-2019 Τεχνολογία Λογισμικού Ν.Παπασπύρου, Αν.Καθ. ΣΗΜΜΥ, ickie@softlab.tua,gr
More informationLegacy of Heartbleed: MITM and Revoked Certificates. Alexey Busygin NeoBIT
Legacy of Heartbleed: MITM and Revoked Certificates Alexey Busygin busygin@neobit.ru NeoBIT Notable Private Key Leaks 2010 DigiCert Sdn Bhd. issued certificates with 512-bit keys 2012 Trustwave issued
More informationEE123 Digital Signal Processing
Last Time EE Digital Sigal Processig Lecture 7 Block Covolutio, Overlap ad Add, FFT Discrete Fourier Trasform Properties of the Liear covolutio through circular Today Liear covolutio with Overlap ad add
More informationCIS 121 Data Structures and Algorithms with Java Fall Big-Oh Notation Tuesday, September 5 (Make-up Friday, September 8)
CIS 11 Data Structures ad Algorithms with Java Fall 017 Big-Oh Notatio Tuesday, September 5 (Make-up Friday, September 8) Learig Goals Review Big-Oh ad lear big/small omega/theta otatios Practice solvig
More informationSecuring Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016
Securing Connections for IBM Traveler Apps Bill Wimer (bwimer@us.ibm.com), STSM for IBM Collaboration Solutions December 13, 2016 IBM Technote Article #21989980 Securing Connections for IBM Traveler mobile
More informationK-NET bus. When several turrets are connected to the K-Bus, the structure of the system is as showns
K-NET bus The K-Net bus is based o the SPI bus but it allows to addressig may differet turrets like the I 2 C bus. The K-Net is 6 a wires bus (4 for SPI wires ad 2 additioal wires for request ad ackowledge
More informationTUTORIAL Create Playlist Helen Doron Course
TUTORIAL Create Playlist Hele Doro Course TUTY Tutorial Create Playlist Hele Doro Course Writte by Serafii Giampiero (INV SRL) Revised by Raffaele Forgioe (INV SRL) Editio EN - 0 Jue 0-0, INV S.r.l. Cotact:
More informationPrinciples of modern LAN design and operation. Guido Marchetto Fulvio Risso Politecnico di Torino
Priciples of moder LAN desig ad operatio Guido Marchetto Fulvio Risso Politecico di Torio 1 Copyright otice This set of trasparecies, hereiafter referred to as slides, is protected by copyright laws ad
More informationOur second algorithm. Comp 135 Machine Learning Computer Science Tufts University. Decision Trees. Decision Trees. Decision Trees.
Comp 135 Machie Learig Computer Sciece Tufts Uiversity Fall 2017 Roi Khardo Some of these slides were adapted from previous slides by Carla Brodley Our secod algorithm Let s look at a simple dataset for
More informationCNT4406/5412 Network Security
CNT4406/5412 Network Security Authentication Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 43 Introduction Introduction Authentication is the process
More informationAbstract. Avaya Solution & Interoperability Test Lab
Avaya Solutio & Iteroperability Test Lab Applicatio Notes for Cofigurig JPL X400 Cordless DECT Headset with Hadset Lifter from JPL Limited with Avaya 9400 Series Digital Telephoes Issue 1.0 Abstract These
More informationCryptography for Software and Web Developers
Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno Böck 2014-05-28 1 / 13 Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness In security
More informationIntroduction to Computing Systems: From Bits and Gates to C and Beyond 2 nd Edition
Lecture Goals Itroductio to Computig Systems: From Bits ad Gates to C ad Beyod 2 d Editio Yale N. Patt Sajay J. Patel Origial slides from Gregory Byrd, North Carolia State Uiversity Modified slides by
More informationBaan Tools User Management
Baa Tools User Maagemet Module Procedure UP008A US Documetiformatio Documet Documet code : UP008A US Documet group : User Documetatio Documet title : User Maagemet Applicatio/Package : Baa Tools Editio
More informationPCI Compliance. What is it? Who uses it? Why is it important?
PCI Compliance What is it? Who uses it? Why is it important? Definitions: PCI- Payment Card Industry DSS-Data Security Standard Merchants Anyone who takes a credit card payment 3 rd party processors companies
More informationChapter 3 Classification of FFT Processor Algorithms
Chapter Classificatio of FFT Processor Algorithms The computatioal complexity of the Discrete Fourier trasform (DFT) is very high. It requires () 2 complex multiplicatios ad () complex additios [5]. As
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationChapter 11 Web-based Information Systems
Prof. Dr.-Ig. Stefa Deßloch AG Heterogee Iformatiossysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@iformatik.ui-kl.de Chapter 11 Web-based Iformatio Systems TP Applicatio Architecture Frot-ed program
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationWelcome Guide for KT Series Token
Welcome Guide for KT Series Token Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information
More informationWho What Why
Who What Why Board Members Sponsors Associates To Change Authentication Online by: (a) Developing unencumbered Specifications that define interoperable mechanisms that supplant reliance on passwords (b)
More informationMobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013
Mobile Devices as Identity Carriers Pre Conference Workshop October 14 th 2013 Mobile Market Worldwide Smartphones Market by OS (in thousands of units) 1,400,000 1,200,000 1,000,000 800,000 600,000 400,000
More informationNetwork Security Protocols and Defensive Mechanisms
CS 155 Sprig 2017 Network Security Protocols ad Defesive Mechaisms Joh Mitchell Network security What is the etwork for? What properties might attackers destroy? Cofidetiality : o iformatio revealed to
More informationCybersecurity in 2016 and Lessons learned
Cybersecurity in 2016 and Lessons learned Dr. Yu Cai Associate Professor Program Chair, Computer Network & System Administration School of Technology Michigan Technological University cai@mtu.edu A Quick
More informationBAAN IVc/BaanERP. Conversion Guide Oracle7 to Oracle8
BAAN IVc/BaaERP A publicatio of: Baa Developmet B.V. P.O.Box 143 3770 AC Bareveld The Netherlads Prited i the Netherlads Baa Developmet B.V. 1999. All rights reserved. The iformatio i this documet is subject
More informationPyIO: Input-Output Analysis with Python. Suahasil Nazara, Dong Guo, Geoffrey J.D. Hewings and Chokri Dridi. REAL 03-T-23 October 2003
The Regioal Ecoomics Applicatios Laboratory (REAL) is a cooperative veture betwee the Uiversity of Illiois ad the Federal Reserve Bak of Chicago focusig o the developmet ad use of aalytical models for
More informationThreads and Concurrency in Java: Part 2
Threads ad Cocurrecy i Java: Part 2 1 Waitig Sychroized methods itroduce oe kid of coordiatio betwee threads. Sometimes we eed a thread to wait util a specific coditio has arise. 2003--09 T. S. Norvell
More information