Data Integrity & Security, & Privacy
|
|
- Ethel McDaniel
- 5 years ago
- Views:
Transcription
1 Data Integrity & Security, & Privacy LILUG Ilya S. (AKA dotcommie)
2 Overview Security Disk Encryption Theory Discussion of software What to encrypt Demo Data Integrity* Malicious Altering Accidental Altering Privacy Data destruction OpenVPN TOR
3 Disk Encryption Theory Basics Requirements Efficient encryption / Decryption Random Access & more ECB CBC CTR ESSIV XTS XEX
4 ECB (Electronic Code Book) C i =E k (P i ) C - Cipher P - Plaintext E - encryption Fn() k - Key i - Index Weakness Stupid Some information is recoverable Example below & more Strengths Simple Random Access
5
6 CBC (Cipher Block Chaining) C i = E k (P i C i-1 ) C - Cipher E - Encryption Fn P - Plaintext k - Key i - Index - xor = 0110 Weakness Possible to check for existence of known data (Watermarking) Change P x requires reencryption of C >x Show Stoppers No random access Strengths Who cares
7
8 CTR C i =E k (P i V N,i ) C - Cipher i - Index / Counter k - Key N - Nonce V - N merged with i EG: + Weaknesses Watermarking Strengths Random Access ESSIV Introduces special per sector IV Solves the watermarking issue Using clever active attacks data can be decrypted
9
10 LRW, XEX (Xor Encrypt Xor), XTS (XEX-TCB-CTS) Details are beyond the scope of this discussion Used in modern disk encryption XTS Yields strong security guarantee as long as key is not used for much more than 1TiB Possibility of successful attack 1 in 8E15
11 Software -- Forewarning KNOW WHAT SOFTWARE YOU ARE USING
12 Software -- Overview TrueCrypt Easy setup (windows especially) Not in kernel Very portable Cryptoloop (deprecated) Watermarking issues dm-crypt Easy to setup Native Linux support (no patching necessary) Supports LUKS Nice frontend (cryptsetup)
13 TrueCrypt VS dm-crypt How to choose: If you dualboot, use TrueCrypt Similarities: Multiple encryption algorithm support (AES, Serpent, Twofish) Support for XTS mode Multiple password/key support Key USB UMS / Smartcard support Conclusion: They are essentially the same but I like dm-crypt better. Dm-crypt wins.
14 What to encrypt Whole disk encryption Do you really care if someone gets a hold of your ls program? On the flip side Adds unnecessary complications initrd servers & etc Just put them in a vault User data /home, /tmp SWAP! Sensitive System data: /var, /tmp, /etc
15 Dm-crypt cookbook -- installation Compile in or Load following modules: Device Drivers Multiple Device Driver Support (CONFIG_MD) Device Mapper Support (CONFIG_BLK_DEV_DM) Crypt Target Support (CONFIG_DM_CRYPT) Block Devices (Optional, for loopback file encryption) Loopback Device Support (CONFIG_BLK_DEV_LOOP) Cryptographic API (CONFIG_CRYPTO) AES cipher Algorithm (CONFIG_CRYPTO_AES) Userspace: Aptitude install cryptsetup hashalot Emerge sys-fs/cryptsetup Yum -y install cryptsetup-luks
16 Dm-crypt cookbook fdisk/cfdisk and make your desired partition # shred -n 1 -v /dev/sdb1 Optional, skip if you had no sensitive data on disk # cryptsetup version cryptsetup # cryptsetup luksformat /dev/sdb1 WARNING! ======== This will overwrite data on /dev/sdb1 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: blah Verify passphrase: blah Command successful.
17 Dm-crypt cookbook # cryptsetup luksopen /dev/sdb1 blah Enter LUKS passphrase: blah key slot 0 unlocked. Command successful. # mkfs.xfs /dev/mapper/blah meta-data=/dev/mapper/rootfs isize=256 agcount=4, agsize= blks = sectsz=512 attr=2 data = bsize=4096 blocks=503303, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 log =internal log bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=0 realtime =none extsz=4096 blocks=0, rtextents=0
18 Dm-crypt cookbook Lets test mounting # mkdir /tmp/blah # mount /dev/mapper/blah /tmp/blah It works or maybe it doesn't but it should! Lets undo the test mess now # umount /tmp/blah # cryptsetup luksclose blah
19 Dm-crypt Now we are familiar with how things work Home dir example Simple method mount on boot You have to type in your partition password on boot. Not typing password is nasty! Annoying Consider enabling auto-login in KDM/GDM/XDM Pam plugin mount on login pam_mount 2 birds with one stone Same password for system account + encryption
20 Dm-crypt Cookbook WARNING THE REST OF DEMO MIGHT CONTAIN DEBIANISMS
21 Dm-crypt home mount on boot # cat /etc/crypttab # <tgt name> <src device> <key file> <options> blah /dev/sdb1 none luks,auto # cat /etc/fstab grep blah /dev/mapper/blah /home/blah xfs defaults 0 0 # adduser --home /home/blah blah
22 Dm-crypt home mount on login # cat /etc/crypttab # <tgt name> <src device> <key file> <options> blah /dev/sdb1 none luks,noauto # cat /etc/fstab grep blah /dev/mapper/blah/home/blah xfs defaults 0 0 # adduser --home /home/blah blah In the following files: /etc/pam.d/sshd /etc/pam.d/login /etc/pam.d/kdm (or gdm or xdm) Find the common-session and after it common-pammount
23 Why use LUKS Does your password look like this: ost1\lsxt7>imun?yczngwix~? haf/5e~btnh&#pxh^kwo9xjjlb$m^a&mvpo>lji GoQfy3- zu+\4v>_tk1slrzcz<caxbulf3pwa46uc_y %LwSZEq3
24 LUKS Linux Unified Key Setup Practical implementation of TKS1 & TKS2 Allows for: Multiple credentials Multiple forms of authentication Smart Card, USB UMS (Flash Drive) Credential revocation/alteration
25 Demo discussion Why use LUKS? Dm-crypt & cryptsetup don't strictly need it Dm-crypt + LUKS on windows & PDAs FreeOTFE Cryptsetup luksdump
26 HD crypto Its Perfect.. In certain cases.. In others: Cold boot attack hibernate/suspend Binary Substitution Whole disk encryption! Not quite. TPM? SWAP Rootkits, exploits... LuksDump backups $5 wrenches
27 Data Integrity Your data is only as secure as your binaries Protecting your binaries Checksums Debsum (debian-like) Veriexec (netbsd) Md5 collisions SHA-1 better but not perfect.. There are powerful machines out there. SE Linux Read only /
28 Data Theft Physical vs Virtual theft Is your valuable data: Backed up? RSYNC/AMANDA/... Encrypted? Tracking stolen laptops Data recovery/destruction Installing a secure backdoor Talk to your laptop after its stolen
29 Privacy Encryption of personal data Concealment of internet traffic Browsers TOR Anonymity OpenVPN
30 OpenVPN bridging VS routing. Bridging advantages Broadcasts traverse the VPN -- this allows software that depends on LAN broadcasts such as Windows NetBIOS file sharing and network neighborhood browsing to work. No route statements to configure Works with any protocol that can function over ethernet, including IPv4, IPv6, Netware IPX, AppleTalk, etc. Relatively easy-to-configure solution for road warriors. Bridging disadvantages Less efficient than routing, and does not scale well.
31 OpenVPN bridging VS routing. Routing advantages Efficiency and scalability. Allows better tuning of MTU for efficiency. Routing disadvantages Clients must use a WINS server (such as samba) to allow cross-vpn network browsing to work. Routes must be set up linking each subnet. Software that depends on broadcasts will not "see" machines on the other side of the VPN. Works only with IPv4 in general, and IPv6 in cases where tun drivers on both ends of the connection support it explicitly.
32 OpenVPN example configs
33 Sources & more reading material: LUKS: Veriexec: XTS: %7Erogaway/papers/offsets.pdf OpenVPN
Disk-Level Encryption
2011-2017 Percona, Inc. 1 / 19 Disk-Level Encryption http://www.percona.com/training/ 2011-2017 Percona, Inc. 2 / 19 Introduction Clients in the PCI, HIPPA, or PHI space Encrypted "at rest" MySQL 5.7 InnoDB
More informationSecure Storage with Encrypted file systems
2018/02/18 01:06 1/10 Secure Storage with Encrypted file systems Secure Storage with Encrypted file systems Encryption is done through dm-crypt using LUKS as the key setup using kernel crypto API. Linux
More informationDisk-Level Encryption
2011-2017 Percona, Inc. 1 / 25 Disk-Level Encryption http://www.percona.com/training/ 2011-2017 Percona, Inc. 2 / 25 Disk-Level Encryption OVERVIEW 2011-2017 Percona, Inc. 3 / 25 Introduction Security,
More informationiscsi storage is used as shared storage in Redhat cluster, VMware vsphere, Redhat Enterprise Virtualization Manager, Ovirt, etc.
Configure iscsi Target & Initiator on CentOS 7 / RHEL7 iscsi stands for Internet Small Computer Systems Interface, IP-based storage, works on top of internet protocol by carrying SCSI commands over IP
More informationProtecting your system from the scum of the universe
Protecting your system from the scum of the universe Gilad Ben-Yossef gilad@benyossef.com Twitter: @giladby About me My name is Gilad Ben-Yossef. I work on applied cryptography and security of the upstream
More informationProtecting your system from the scum of the universe
Protecting your system from the scum of the universe Gilad Ben-Yossef gilad@benyossef.com Twitter: @giladby About me My name is Gilad Ben-Yossef. I work on applied cryptography and security of the upstream
More informationStorage encryption... what about data integrity?
Centre for Research on Cryptography and Security Storage encryption... what about data integrity? Milan Brož mbroz@redhat.com DevConf, Brno January 28, 2017 Agenda Data integrity what it is? Encryption
More informationEncryption Security Recommendations
Basic Concepts Sensitive data should be encrypted while in transit and stored. All communication between clients and servers, and between servers (Web server to app server, app server to database server,
More informationSet Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers
Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Objective A Virtual Private Network (VPN) is a private network that is used to virtually
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationBlueprints. Protecting your data at rest with Red Hat Enterprise Linux on System x
Blueprints Protecting your data at rest with Red Hat Enterprise Linux on System x Blueprints Protecting your data at rest with Red Hat Enterprise Linux on System x Note Before using this information and
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationPOWER7+ Accelerated Encryption and Random Number Generation for Linux
POWER7+ Accelerated Encryption and Random Number Generation for Linux Kent Yoder IBM Linux Technology Center February 22, 2013 Contents 1 Introduction 2 2 Hardware Architecture
More informationMASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz II
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.893 Fall 2009 Quiz II All problems are open-ended questions. In order to receive credit you must answer
More informationAndroid Bootloader and Verified Boot
Android Bootloader and Verified Boot Lecture 7 Security of Mobile Devices 2018 SMD Android Bootloader and Verified Boot, Lecture 7 1/38 Bootloader Recovery Verified Boot Bibliography SMD Android Bootloader
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationNew RHEL 7.5 features: VDO, USBGuard, NBDE and AIDE. RHUG Q Marc Skinner Principal Solutions Architect 3/21/2018
New RHEL 7.5 features: VDO, USBGuard, NBDE and AIDE RHUG Q1.2018 Marc Skinner Principal Solutions Architect 3/21/2018 RHEL7.5beta :: New Features Storage - Virtual Data Optimizer (VDO) Security - NBDE
More informationSecurity features for UBIFS. Richard Weinberger sigma star gmbh
Richard Weinberger sigma star gmbh /me Richard Weinberger Co-founder of sigma star gmbh Linux kernel developer and maintainer Strong focus on Linux kernel, lowlevel components, virtualization, security
More information<Insert Picture Here> XFS The High Performance Enterprise File System. Jeff Liu
XFS The High Performance Enterprise File System Jeff Liu Agenda About XFS Design Journal Self-describing metadata Performance ➏ What's new && in progress 2 General
More informationEnd-to-End Encryption of Data-at-Rest for Linux on IBM Z and LinuxONE
End-to-End Encryption of Data-at-Rest for Linux on IBM Z and LinuxONE Reinhard Buendgen -- buendgen@de.ibm.com Product Owner Security for Linux on Z IBM Z / ZSP03160-USEN-38 / July 17, 2017 / 2017 IBM
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationCHAPTER 2 LITERATURE REVIEW 2.1 CRYPTOGRAPHIC FILE SYSTEMS DESIGN GOALS
CHAPTER 2 LITERATURE REVIEW This chapter presents an in-depth literature survey of existing cryptographic file systems. The chapter starts with a description of various design goals and design parameters
More informationFile Encryption. Steven M. Bellovin https://www.cs.columbia.edu/~smb
File Encryption Steven M. Bellovin https://www.cs.columbia.edu/~smb Why Encrypt Files? Theft of files Theft of media Theft of computer Cloud storage? I.e. Someone else s computer 1 Issues with File Encryption
More informationBlock Cipher Operation
Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationLinux 2.6 CryptoAPI IPSec & FileSystems
Linux 2.6 CryptoAPI IPSec & FileSystems Matthew G. Marsh President, Paktronix Systems LLC Chief Scientist, NEbraskaCERT Slide 1 Overview Linux 2.6 Kernel CryptoAPI What is it Why is it Who cares File System
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 24th March 2016 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationIndex. Ultimate Solutions, Inc Clever Drive Tewksbury, MA USA ZY1000
Quick Start Guide ZY1000 JTAG Debugger Version 2.00 March 1, 2012 ZY1000 Index 1 ZY1000...2 1.1 Warranty...2 1.2 Compliance...2 2 Basic ZY1000 setup...3 2.1 Set TCP/IP address...3 2.2 Connect the ZY1000
More informationEncryption of cardholder information. Torbjörn Lofterud Cybercom Sweden East AB.
Encryption of cardholder information Cybercom Sweden East AB 8/13/11 1 torbjorn.lofterud@cybercomgroup.com Information security consultant at Cybercom Sweden AB QSA PA-QSA PFI 8/13/11 2 PCI DSS Common
More informationLinux Kernel Cryptographic API for fun and profit
Linux Kernel Cryptographic API for fun and profit Gilad Ben-Yossef Gilad Ben-Yossef gilad.benyossef@arm.com Twitter: @giladby About me My name is Gilad Ben-Yossef. I work on upstream Linux kernel cryptography
More informationVirtual Private Networks (VPN)
CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1
More informationPASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
More informationE M S C B Milestone No. I Secure Linux Hard-Disk Encryption REQUIREMENTS SPECIFICATION
E M S C B Milestone No. I Secure Linux Hard-Disk Encryption REQUIREMENTS SPECIFICATION based on European Multilaterally Secure Computing Base (EMSCB) Abstract: The aim of this EMSCB-based security service
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More informationOracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.2 12/12/2013 Copyright 2013 Oracle Corporation Table of
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationAn Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationJSA KVM SUPPORT. Theodore Jencks, CSE Juniper Networks
JSA KVM SUPPORT Theodore Jencks, CSE KVM IMAGE SPECIFICATIONS Image is a compressed qcow2 image 16.5G in size when compressed Md5sum: Uncompressed the image is a 512G QCOW2 Ubuntu 18.04 LTS w/ KVM and
More informationEncrypting stored data
Encrypting stored data Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 1. Scenarios 2. File encryption Outline 3. Encrypting file system 4. Full disk encryption 5. Data recovery
More informationMastering Linux Security and Hardening
Donald A. Tevault Mastering Linux Security and Hardening Secure your Linux server and protect it from intruders, malware attacks, and other external threats 4 Encrypting and SSH Hardening You may work
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Block Ciphers (AES) University of Tartu Spring 2017 1 / 17 Block Ciphers Properties: Deterministic Without the key plaintext cannot be found Valid plaintext-ciphertext
More informationComparing TCP performance of tunneled and non-tunneled traffic using OpenVPN. Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef
Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef Outline Introduction Approach Research Results Conclusion
More informationEnabling DM_Crypt Functionality in SDK release 5.07
Enabling DM_Crypt Functionality in SDK release 5.07 This document lists steps to enable DM_Crypt functionality in SDK 05.07 Note: This document is intended for use with SDK release 5.07 and Ubuntu 10.04LTS.
More informationUsing ACLs with Fedora Core 2 (Linux Kernel 2.6.5)
Using ACLs with Fedora Core 2 (Linux Kernel 2.6.5) Back to Index By Van Emery Table of Contents Introduction Assumptions Getting Started Using ACLs More setfacl Details and Examples Example Scenario The
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationarxiv: v1 [cs.cr] 10 Dec 2012
SDMS-based Disk Encryption Method Dokjun An, Myongchol Ri, Changil Choe, Sunam Han, and Yongmin Kim Faculty of Mathematics, Kim Il Sung University, D.P.R.K mathcci@yahoo.com arxiv:1212.2054v1 [cs.cr] 10
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationSet up an encrypted NAS on Odroid- C2 or Rasbperry 3 with OpenMediaVault. Jens Getreu. Revision History
Set up an encrypted NAS on Odroid- C2 or Rasbperry 3 with OpenMediaVault Jens Getreu Revision 2.1 Revision History 10/07/18 JG Table of Contents 1. Hardware... 2 2. Copy Debian 9 on a micro SD card and
More informationCloudFleet Documentation
CloudFleet Documentation Release 0.1 The CloudFleet Team Sep 27, 2017 Contents 1 Table of Contents 3 1.1 Getting Started.............................................. 3 1.2 Getting Started for Hackers.......................................
More informationsecuring a host Matsuzaki maz Yoshinobu
securing a host Matsuzaki maz Yoshinobu Hardening a host Differs per operating system Windows: users can not be trusted to make security related decisions in almost all cases OS X : make
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationBitLocker Group Policy Settings
BitLocker Group Policy Settings Updated: September 13, 2013 Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2 This reference topic for the IT professional describes the function,
More informationProtecting MySQL network traffic. Daniël van Eeden 25 April 2017
Protecting MySQL network traffic Daniël van Eeden 25 April 2017 Booking.com at a glance Started in 1996; still based in Amsterdam Member of the Priceline Group since 2005 (stock: PCLN) Amazing growth;
More informationFIPS SECURITY POLICY FOR
FIPS 140-2 SECURITY POLICY FOR SPECTRAGUARD ENTERPRISE SENSOR August 26, 2011 FIPS 140-2 LEVEL-2 SECURITY POLICY FOR AIRTIGHT NETWORKS SPECTRAGUARD ENTERPRISE SENSOR 1. Introduction This document describes
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationPersistent key, value storage
Persistent key, value storage In programs, often use hash tables - E.g., Buckets are an array of pointers, collision chaining For persistant data, minimize # disk accesses - Traversing linked lists is
More informationRHCSA BOOT CAMP. Filesystem Administration
RHCSA BOOT CAMP Filesystem Administration PARTITIONING What is partitioning? Splitting up a hard drive into organizable chunks Why? Isolates filesystem corruption Simplifies/speeds backups Allows optimizing
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationCryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1
Cryptography CS 555 Topic 11: Encryption Modes and CCA Security CS555 Spring 2012/Topic 11 1 Outline and Readings Outline Encryption modes CCA security Readings: Katz and Lindell: 3.6.4, 3.7 CS555 Spring
More informationHewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0
Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.3
More informationAn Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationCryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationEnova X-Wall MX Frequently Asked Questions FAQs Ver. 4
Enova X-Wall MX Frequently Asked Questions FAQs Ver. 4 Q: What is X-Wall MX? A: X-Wall MX is the seventh generation of the X-Wall real-time full disk encryption technology. X- Wall MX equips with both
More informationComparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat
Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries
More informationFactotum Sep. 24, 2007
15-412 Factotum Sep. 24, 2007 Dave Eckhardt 1 Factotum Left Out (of P9/9P Lecture) The whole authentication thing There is an auth server much like a Kerberos KDC There is an authentication file system
More informationIf you re not a security expert and you're looking for a crypto filesystem, you may be wondering about the
COVER STORY Encrypted Filesystems Akhilesh Sharma, Fotolia Shopping for an encrypted filesystem SECRET CANDIDATES If you re not a security expert and you're looking for a crypto filesystem, you may be
More informationCrypto for Hackers. Eijah. v1.00 August 7 th, 2015
Crypto for Hackers Eijah v1.00 August 7 th, 2015 Hello World Shall we play a game? Joshua/WOPR Who am I? Founder Programmer Hacker 4 Last year at Defcon Saving Cyberspace by Reinventing File Sharing We
More informationThe Rectangle Attack
The Rectangle Attack and Other Techniques for Cryptanalysis of Block Ciphers Orr Dunkelman Computer Science Dept. Technion joint work with Eli Biham and Nathan Keller Topics Block Ciphers Cryptanalysis
More informationAdvanced Android Security APIs. KeyStore and Crypto VPN
Advanced Android Security APIs KeyStore and Crypto VPN 1 KEYCHAIN AND CRYPTO APIS Like any other OS: support for crypto operations - SecureRandom: generate cryptographically secure random data E.g., seeding
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationGELI Disk Encryption in FreeBSD
GELI Disk Encryption in FreeBSD Michal Borysiak borysiam@gmail.com November 15, 2018 Disk encryption facilities in FreeBSD GBDE (GEOM-based Disk Encryption) FreeBSD 5, 2003 Poul-Henning Kamp GEOM module
More informationCryptoTE Help. Timo Bingmann. February Introduction Summary About Encryption Weak Passwords... 2
CryptoTE Help Timo Bingmann February 2009 Contents 1 Introduction 2 1.1 Summary....................................... 2 2 About Encryption 2 2.1 Weak Passwords.................................... 2 2.2
More informationConfiguring WEP and WEP Features
CHAPTER 9 This chapter describes how to configure Wired Equivalent Privacy (WEP), Message Integrity Check (MIC), and Temporal Key Integrity Protocol (TKIP). This chapter contains these sections: Understanding
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationLast mile authentication problem
Last mile authentication problem Exploiting the missing link in end-to-end secure communication DEF CON 26 Our team Sid Rao Doctoral Candidate Aalto University Finland Thanh Bui Doctoral Candidate Aalto
More informationThe Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.
The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0 Xirrus, Inc. March 8, 2011 Copyright Xirrus, Inc. 2011. May be reproduced only in its original entirety [without revision]. Page 1 TABLE
More informationProject 3: An Introduction to File Systems. COP4610 Florida State University
Project 3: An Introduction to File Systems COP4610 Florida State University 1 Introduction The goal of project 3 is to understand basic file system design and implementation file system testing data serialization/de-serialization
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationExpert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.
Expert Reference Series of White Papers BitLocker: Is It Really Secure? 1-800-COURSES www.globalknowledge.com BitLocker: Is It Really Secure? Mark Mizrahi, Global Knowledge Instructor, MCSE, MCT, CEH Introduction:
More informationINSTALLATION. Security of Information and Communication Systems
Security of Information and Communication Systems INSTALLATION Table of contents 1.Introduction...2 2.Installation...3 2.1.Hardware requirement...3 2.2.Installation of the system...3 2.3.Installation of
More informationBlueprints. Securing Sensitive Files With TPM Keys
Blueprints Securing Sensitive Files With TPM Keys Blueprints Securing Sensitive Files With TPM Keys Note Before using this information and the product it supports, read the information in Notices on page
More informationEncrypting external USB drive on Linux
Encrypting external USB drive on Linux To prevent your important or personal information from falling into the wrong hands, you can easily encrypt the files on your USB-drive with a password. Windows,
More informationComputer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 10. Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2017 March 23, 2018 CS 419 2017 Paul Krzyzanowski 1 Question 1(a) Suppose you come across some old text in the form GEPPQ
More informationCHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))
CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationEncrypted Local, NAS iscsi/fcoe Storage with ZFS
Encrypted Local, NAS iscsi/fcoe Storage with ZFS OpenSolaris ZFS Crypto Project Darren Moffat James Hughes Anthony Scarpino Sun Microsystems Inc. ZFS Elevator Pitch To create a reliable storage system
More informationCryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu
More informationCryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi
Cryptographic Primitives A brief introduction Ragesh Jaiswal CSE, IIT Delhi Cryptography: Introduction Throughout most of history: Cryptography = art of secret writing Secure communication M M = D K (C)
More information<Insert Picture Here> XFS In Rapid Development
XFS In Rapid Development Jeff Liu We have had many requests to provide a supported option for the XFS file system on Oracle Linux... -- Oracle Linux Blog Feb
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More information