The Case of the RSA FUCK-A-DUCK certificate. Nadia Heninger Zakir Durumeric Eric Wustrow J. Alex Halderman. N=pq
|
|
|
- Barry Lloyd
- 8 years ago
- Views:
Transcription
1 The Case of the RSA FUCK-A-DUCK certificate Nadia Heninger Zakir Durumeric Eric Wustrow J. Alex Halderman N=pq
2 SSL certificates We scanned the Internet
3 SSL certificates We scanned the Internet (It was awesome)
4 SSL certificates We scanned the Internet (It was awesome) Until amazon kicked us off
5 SSL certificates We scanned the Internet (It was awesome) Until amazon kicked us off 5,845, certificates downloaded
6 SSL certificates Interesting results!
7 Interesting results! SSL certificates
8 SSL certificates Interesting results! Funny results!
9 Google no evil
10 Pastebin -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAvxBalhzKMewLvmIr1ptID1gO7EWGFyudzOAHLqm3+0+gpPbk JRfsItdn2xvp8Ye8KEcfZjb2kW80yCnkKFf4ecnzxI12m1y2IXOmu4SdWrPErabU HmK6whIlkqCZAglF11Ntd6McXMt+aEFXEZ4fv1Tzg0wT4Lm4RwLQKDlMgyvSxi6Z 8lQ8IWuzQkYkYqYiSQCfPacFsmy1tV4O4CKT4Er+5+8cVCi50ETiRixHCqEHSve9 XuRMz5LfEqFsmHNj5QkICz4oANx1Ymop4qKz+q3ePq6bZeVRVFWedv01B56sWv8f LkNekQChP5CedSuIc3N4SY7bKXUt43Z740WOqzQIBIwKCAQEAuZrbp8QyId38x5Q /FxUoTD4jb/hWFZBhTFmEBKVd8mx/1Y8tlHA0WOJdcNYSbcOjYbrTVn21mwHY1vk 8/2vjECGZypV9gJKhuVgI9/pUMvjoWA7xb7+kKPp/Cb7CUrWIaGASFVOwIsqVqXf 9NsoE4DcFeC0eOmCOwwKhRgtFmohZw/puFrsSQKBgB0LEwIjmZ4m3LEAlfbSZt5e wxgkk/ei7+en7wqctx4rlzbjxo8hwvpujwbgww65110vya9zs+4u4q/todqiw2ac RpUkk79XruzZOB5uQLMgXOLgFEz7ZZvnvMJsNbVBWUlAlKe7kZBmlGHfp8LsIhZ+ uckgbbc448hpppzbbkofwjmk+egpw8ua5vxnakl9rhqaytfyugo= -----END RSA PRIVATE KEY-----
11 Pastebin -----BEGIN RSA PRIVATE KEY----- MIICXwIBAAKBpenis1ePqHkVN9IKaGBESjV6zBrIsZc+XQYTtSlVa9R/4SAXoYpI upnrijkcld6dldqfto429xldmyo4ojzox7xincsmlbn8+tqtjf3tqajmiopgqvhj vw9is30tet7l2ynaymyvgqwr0lictomc/loltlhpifixw2akud0m5w76dwidaqab AoGBAKDl8vuA9zUn2lTDddujAzBRp8ZEoJTxw7BVdLpZtgLWLuqPcXroyTkvBJC/ rbfpgyddmgwc/lkpmuffe/-----begin RSA PRIVATE KEY----- FUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A. DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCKFUCK A DUCK5VKnb4 Psg1RMTRceI/z3d/3BiuDjiUiRICFqOXDscCQQDFea/ocg8VVLvH/6pn7oNTQfbx tkqcssne3xgjam+ea6txbio49d+3gsm3u1mghr9zbmy0o68ijhiqm7/7njtbakea jmkwip2fy0tq9heq4rx90zfmixcwf/h6jldry7kj/qg6udnpvh55mtrugppas044 7sJphlPEY8ofkwJj7K/ZKQJBAIc75HQi/Br1lRC4qPmF2vwYgwpyF9RbZWO56Eo7 ipgts4flfajgogod+jxkkt1cxtev7mqm6ihsxgvbd6uhn7i= -----END RSA PRIVATE KEY-----
12 Unfucking the duck -----BEGIN RSA PRIVATE KEY----- MIICXwIBAAKBpenis1ePqHkVN9IKaGBESjV6zBrIsZc+XQYTtSlVa9R/4SAXoYpI upnrijkcld6dldqfto429xldmyo4ojzox7xincsmlbn8+tqtjf3tqajmiopgqvhj vw9is30tet7l2ynaymyvgqwr0lictomc/loltlhpifixw2akud0m5w76dwidaqab AoGBAKDl8vuA9zUn2lTDddujAzBRp8ZEoJTxw7BVdLpZtgLWLuqPcXroyTkvBJC/ rbfpgyddmgwc/lkpmuffe/5vknb4 Psg1RMTRceI/z3d/3BiuDjiUiRICFqOXDscCQQDFea/ocg8VVLvH/6pn7oNTQfbx tkqcssne3xgjam+ea6txbio49d+3gsm3u1mghr9zbmy0o68ijhiqm7/7njtbakea jmkwip2fy0tq9heq4rx90zfmixcwf/h6jldry7kj/qg6udnpvh55mtrugppas044 7sJphlPEY8ofkwJj7K/ZKQJBAIc75HQi/Br1lRC4qPmF2vwYgwpyF9RbZWO56Eo7 ipgts4flfajgogod+jxkkt1cxtev7mqm6ihsxgvbd6uhn7i= -----END RSA PRIVATE KEY-----
13
14 Unfucking the duck -----BEGIN RSA PRIVATE KEY----- MIICXwIBAAKBpenis1ePqHkVN9IKaGBESjV6zBrIsZc+XQYTtSlVa9R/4SAXoYpI upnrijkcld6dldqfto429xldmyo4ojzox7xincsmlbn8+tqtjf3tqajmiopgqvhj vw9is30tet7l2ynaymyvgqwr0lictomc/loltlhpifixw2akud0m5w76dwidaqab AoGBAKDl8vuA9zUn2lTDddujAzBRp8ZEoJTxw7BVdLpZtgLWLuqPcXroyTkvBJC/ rbfpgyddmgwc/lkpmuffe/5vknb4 Psg1RMTRceI/z3d/3BiuDjiUiRICFqOXDscCQQDFea/ocg8VVLvH/6pn7oNTQfbx tkqcssne3xgjam+ea6txbio49d+3gsm3u1mghr9zbmy0o68ijhiqm7/7njtbakea jmkwip2fy0tq9heq4rx90zfmixcwf/h6jldry7kj/qg6udnpvh55mtrugppas044 7sJphlPEY8ofkwJj7K/ZKQJBAIc75HQi/Br1lRC4qPmF2vwYgwpyF9RbZWO56Eo7 ipgts4flfajgogod+jxkkt1cxtev7mqm6ihsxgvbd6uhn7i= -----END RSA PRIVATE KEY-----
15 Add padding -----BEGIN RSA PRIVATE KEY----- MIICXwIBAAKBpenis1ePqHkVN9IKaGBESjV6zBrIsZc+XQYTtSlVa9R/4SAXoYpI upnrijkcld6dldqfto429xldmyo4ojzox7xincsmlbn8+tqtjf3tqajmiopgqvhj vw9is30tet7l2ynaymyvgqwr0lictomc/loltlhpifixw2akud0m5w76dwidaqab AoGBAKDl8vuA9zUn2lTDddujAzBRp8ZEoJTxw7BVdLpZtgLWLuqPcXroyTkvBJC/ rbfpgyddmgwc/lkpmuffe/5vknb4aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Psg1RMTRceI/z3d/3BiuDjiUiRICFqOXDscCQQDFea/ocg8VVLvH/6pn7oNTQfbx tkqcssne3xgjam+ea6txbio49d+3gsm3u1mghr9zbmy0o68ijhiqm7/7njtbakea jmkwip2fy0tq9heq4rx90zfmixcwf/h6jldry7kj/qg6udnpvh55mtrugppas044 7sJphlPEY8ofkwJj7K/ZKQJBAIc75HQi/Br1lRC4qPmF2vwYgwpyF9RbZWO56Eo7 ipgts4flfajgogod+jxkkt1cxtev7mqm6ihsxgvbd6uhn7i= -----END RSA PRIVATE KEY-----
16 Unfucking the duck -----BEGIN RSA PRIVATE KEY----- MIICXwIBAAKBpenis1ePqHkVN9IKaGBESjV6zBrIsZc+XQYTtSlVa9R/4SAXoYpI upnrijkcld6dldqfto429xldmyo4ojzox7xincsmlbn8+tqtjf3tqajmiopgqvhj vw9is30tet7l2ynaymyvgqwr0lictomc/loltlhpifixw2akud0m5w76dwidaqab AoGBAKDl8vuA9zUn2lTDddujAzBRp8ZEoJTxw7BVdLpZtgLWLuqPcXroyTkvBJC/ rbfpgyddmgwc/lkpmuffe/5vknb4aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Psg1RMTRceI/z3d/3BiuDjiUiRICFqOXDscCQQDFea/ocg8VVLvH/6pn7oNTQfbx tkqcssne3xgjam+ea6txbio49d+3gsm3u1mghr9zbmy0o68ijhiqm7/7njtbakea jmkwip2fy0tq9heq4rx90zfmixcwf/h6jldry7kj/qg6udnpvh55mtrugppas044 7sJphlPEY8ofkwJj7K/ZKQJBAIc75HQi/Br1lRC4qPmF2vwYgwpyF9RbZWO56Eo7 ipgts4flfajgogod+jxkkt1cxtev7mqm6ihsxgvbd6uhn7i= -----END RSA PRIVATE KEY-----
17 Removing the private part penis -> gqdet Length field (known) ASN1 header field (known) AAAAAAAAAAA ->??? Half the bits of one of the primes (prime2, unknown) prime2 = modulus / prime1
18 Huzzah! -----BEGIN RSA PRIVATE KEY----- MIICXwIBAAKBgQDET1ePqHkVN9IKaGBESjV6zBrIsZc+XQYTtSlVa9R/4SAXoYpI upnrijkcld6dldqfto429xldmyo4ojzox7xincsmlbn8+tqtjf3tqajmiopgqvhj vw9is30tet7l2ynaymyvgqwr0lictomc/loltlhpifixw2akud0m5w76dwidaqab AoGBAKDl8vuA9zUn2lTDddujAzBRp8ZEoJTxw7BVdLpZtgLWLuqPcXroyTkvBJC/ rbfpgyddmgwc/lkpmuffe/tc+kgidlwo50pm/cwccham9neinbff1dqoa5gvxv6g yuwqnkvkertoh/l3opbiaparfb2aiimxudh0eigev6i6h0shakea/mcm4kwarmp9 gpy2v/9qlj1megzxmjhg4nwbfgpqe+9lq1+e6kmeppufgac5zjc8an4pc0lu5qiv XBUW2uLG0QJBAMbVClSWms3llVT5IjKFNLdz0ShSu0Fh5UzRpMkxtEGYsO5VKnb4 Psg1RMTRceI/z3d/3BiuDjiUiRICFqOXDscCQQDFea/ocg8VVLvH/6pn7oNTQfbx tkqcssne3xgjam+ea6txbio49d+3gsm3u1mghr9zbmy0o68ijhiqm7/7njtbakea jmkwip2fy0tq9heq4rx90zfmixcwf/h6jldry7kj/qg6udnpvh55mtrugppas044 7sJphlPEY8ofkwJj7K/ZKQJBAIc75HQi/Br1lRC4qPmF2vwYgwpyF9RbZWO56Eo7 ipgts4flfajgogod+jxkkt1cxtev7mqm6ihsxgvbd6uhn7i= -----END RSA PRIVATE KEY-----
19
20 Conclusion FUCK-A-DUCK is not good crypto Pastebin is not a secure cloud store Probably shouldn t put your private key in a secure cloud store anyway Probably shouldn t fuck a duck
FactHacks: RSA factorization in the real world
FactHacks: RSA factorization in the real world Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit Eindhoven Nadia Heninger Microsoft Research New England Tanja Lange Technische
RSA Keys with Common Factors
RSA Keys with Common Factors Joppe W. Bos Cryptography group extreme Computing Group, Microsoft Research 1 / 19 Outline 2 / 19 Public-Key Cryptography 3 / 19 Cryptanalysis of Public-Key Cryptography Popular
Fast Internet-wide scanning and its security applications
Fast Internet-wide scanning and its security applications J. Alex Halderman University of Michigan Based on joint work ZMap: Fast Internet-Wide Scanning and its Security Applications Zakir Durumeric, Eric
ZMap. Fast Internet-Wide Scanning and its Security Applications. Zakir Durumeric Eric Wustrow J. Alex Halderman. University of Michigan
ZMap Fast Internet-Wide Scanning and its Security Applications Zakir Durumeric Eric Wustrow J. Alex Halderman University of Michigan Internet-Wide Network Studies Previous research has shown promise of
NEW HORIZON COLLEGE OF ENGINEERING, BANGALORE CLOUD COMPUTING ASSIGNMENT-1. 1. Explain any six benefits of Software as Service in Cloud computing?
NEW HORIZON COLLEGE OF ENGINEERING, BANGALORE CLOUD COMPUTING ASSIGNMENT-1 1. Explain any six benefits of Software as Service in Cloud computing? 2. List the different cloud applications available in the
Public-Key Cryptanalysis 1: Introduction and Factoring
Public-Key Cryptanalysis 1: Introduction and Factoring Nadia Heninger University of Pennsylvania July 21, 2013 Adventures in Cryptanalysis Part 1: Introduction and Factoring. What is public-key crypto
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING
ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING Sonam Mahajan 1 and Maninder Singh 2 1 Department of Computer Science Engineering, Thapar University, Patiala, India 2 Department of Computer Science Engineering,
Neither Snow Nor Rain Nor MITM... Real World Email Delivery Security
Neither Snow Nor Rain Nor MITM... Real World Email Delivery Security Zakir Durumeric University of Michigan How is your everyday email protected? Neither Snow Nor Rain Nor MITM... An Empirical Analysis
Harden SSL/TLS v1.01. Windows hardening tool. Thierry ZOLLER. http://blog.zoller.lu http://www.g-sec.lu
Harden SSL/TLS v1.01 Windows hardening tool Thierry ZOLLER http://blog.zoller.lu http://www.g-sec.lu G-SEC is a non-commercial and independent group of Information Security Specialists based in Luxembourg.
SSL BEST PRACTICES OVERVIEW
SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%
App Operating Instructions Manual ES File Explorer
App Operating Instructions Manual ES File Explorer 2013/5 ES File Explorer (for Android only) In addition to managing local / shared / FTP / and Bluetooth file folders, you can also directly manage a variety
Factoring RSA keys from certified smart cards: Coppersmith in the wild
Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein 1,2, Yun-An Chang 3, Chen-Mou Cheng 3, Li-Ping Chou 4, Nadia Heninger 5, Tanja Lange 2, and Nicko van Someren
Novell ichain Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate
Novell ichain Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate Copyright. All rights reserved. Trustis Limited Building 273 New Greenham Park Greenham Common Thatcham
Controlling which applications can access network resources and the Internet
Controlling which applications can access network resources and the Internet In this example, you will learn how to use Application Control to monitor traffic and determine if there are any applications
CAge: Taming Certificate Authorities by Inferring Restricted Scopes
A shorter version of this paper appeared in Proc. 17th Financial Cryptography and Data Security Conference, April 2013. For updates: jhalderm.com/papers/. CAge: Taming Certificate Authorities by Inferring
QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University
QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)
POODLE. Yoshiaki Kasahara Kyushu University kasahara@nc.kyushu-u.ac.jp. 2015/3/3 APAN 39th in Fukuoka 1
POODLE Yoshiaki Kasahara Kyushu University kasahara@nc.kyushu-u.ac.jp 2015/3/3 APAN 39th in Fukuoka 1 Summary POODLE: Padding Oracle On Downgraded Legacy Encryption Discovered in October 2014 by Google
A Security Flaw in the X.509 Standard Santosh Chokhani CygnaCom Solutions, Inc. Abstract
A Security Flaw in the X509 Standard Santosh Chokhani CygnaCom Solutions, Inc Abstract The CCITT X509 standard for public key certificates is used to for public key management, including distributing them
All your private keys are belong to us
All your private keys are belong to us 1 All your private keys are belong to us Extracting RSA private keys and certificates from process memory Tobias Klein tk@trapkit.de Version 1.0, 2006/02/05. All
Analyzing the MD5 collision in Flame
Analyzing the MD5 collision in Flame Alex Sotirov Co-Founder and Chief Scientist Trail of Bits, Inc Overview of Flame Discovered sometime in 2012 Active since at least 2010 Complex malware almost 20MB
Cryptography for Software and Web Developers
Cryptography for Software and Web Developers Part 1: Web and Crypto Hanno Böck 2014-05-28 1 / 14 HTTP and HTTPS SSL Stripping Cookies Mixed content HTTPS content, HTTP images Many webpages use some kind
Internet-wide Scanning Taxonomy and Framework
Proceedings of the 13th Australasian Information Security Conference (AISC 2015), Sydney, Internet-wide Scanning Taxonomy and Framework David Myers 1 Ernest Foo 2 Kenneth Radke 3 1 Email: d1.myers@connect.qut.edu.au
Overview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
White Paper: Librestream Security Overview
White Paper: Librestream Security Overview TABLE OF CONTENTS 1 SECURITY OVERVIEW... 3 2 USE OF SECURE DATA CENTERS... 3 3 SECURITY MONITORING, INTERNAL TESTING AND ASSESSMENTS... 4 3.1 Penetration Testing
Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610
Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS
1 Overview 1 1.1 Configuration on MACH Web Portal 1
API Guide Version 2 Table of Content 1 Overview 1 1.1 Configuration on MACH Web Portal 1 1.2 Other Pre-requisites 1 1.2.1 Apple Push SSL Certificate 1 1.2.2 Android GCM Key 2 1.2.3 Enabling Push Notification
Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013
Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF
Bandwidth consumption: Adaptive Defense and Adaptive Defense 360
Contents 1. 2. 3. 4. How Adaptive Defense communicates with the Internet... 3 Bandwidth consumption summary table... 4 Estimating bandwidth usage... 5 URLs required by Adaptive Defense... 6 1. How Adaptive
Displaying SSL Certificate and Key Pair Information
CHAPTER6 Displaying SSL Certificate and Key Pair Information This chapter describes how to use the available show commands to display SSL-related information, such as the certificate and key pair files
Get Off of My Cloud : Cloud Credential Compromise and Exposure. Ben Feinstein & Jeff Jarmoc Dell SecureWorks Counter Threat Unit
Get Off of My Cloud : Cloud Credential Compromise and Exposure Ben Feinstein & Jeff Jarmoc Dell SecureWorks Counter Threat Unit 2 The Public Cloud 3 Brief Introduction to the Amazon Cloud First, some terminology
DIGITAL FORENSIC INVESTIGATION OF CLOUD STORAGE SERVICES
DIGITAL FORENSIC INVESTIGATION OF CLOUD STORAGE SERVICES Hyunji Chung, Jungheum Park, Sangjin Lee, Cheulhoon Kang Presented by: Abdiwahid Abubakar Ahmed, ID #201205820 2 OUTLINE 1. Introduction 2. Cloud
Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security
Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti, Nicholas Lidzborski, Elie Bursztein,
Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
Evaluation of Digital Signature Process
Evaluation of Digital Signature Process Emil SIMION, Ph. D. email: esimion@fmi.unibuc.ro Agenda Evaluation of digital signatures schemes: evaluation criteria; security evaluation; security of hash functions;
Email, SNMP, Securing the Web: SSL
Email, SNMP, Securing the Web: SSL 4 January 2015 Lecture 12 4 Jan 2015 SE 428: Advanced Computer Networks 1 Topics for Today Email (SMTP, POP) Network Management (SNMP) ASN.1 Secure Sockets Layer 4 Jan
Secure Key Exchange for Cloud Environment Using Cellular Automata with Triple-DES and Error-Detection
Secure Key Exchange for Cloud Environment Using Cellular Automata with Triple-DES and Error-Detection Govinda.K 1, Sathiyamoorthy.E *2, Surbhit Agarwal 3 # SCSE,VIT University Vellore,India 1 kgovinda@vit.ac.in
Thierry ZOLLER Principal Security Consultant contact@g-sec.lu http://www.g-sec.lu
Thierry ZOLLER Principal Security Consultant contact@g-sec.lu http://www.g-sec.lu G-SEC is a vendor independent Luxemburgish led security consulting group that offers IT Security consulting services on
Citrix Receiver for Mobile Devices Troubleshooting Guide
Citrix Receiver for Mobile Devices Troubleshooting Guide www.citrix.com Contents REQUIREMENTS...3 KNOWN LIMITATIONS...3 TROUBLESHOOTING QUESTIONS TO ASK...3 TROUBLESHOOTING TOOLS...4 BASIC TROUBLESHOOTING
A quick overview of the DANE WG. * DNS-based Authentication of Named Entities
A quick overview of the DANE WG * DNS-based Authentication of Named Entities Some background... When you connect to https://www.example.com you use SSL (actually TLS) to secure your connection. Need a
For example some Bookkeepers are using Dropbox to share the accounting files between them and their client.
DropBox vs SugarSync - File storage in the cloud 1 Dropbox There are a number of solutions emerging into the market, which provide users the ability to store files in the cloud, which provide a number
Welcome to an introduction to Business Model Canvas. We decided to use the Business Model Canvas to illustrate and demonstrate business models for
Welcome to an introduction to Business Model Canvas. We decided to use the Business Model Canvas to illustrate and demonstrate business models for each of the four Stride demonstrator apps. In order to
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
SESSION ID: CSV-W02 Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control David Etue VP, Business Development, Identity and Data Protection Gemalto @djetue Cloud and Virtualization Are
F-Secure Internet Security 2014 Data Transfer Declaration
F-Secure Internet Security 2014 Data Transfer Declaration The product s impact on privacy and bandwidth usage F-Secure Corporation April 15 th 2014 Table of Contents Version history... 3 Abstract... 3
WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support.
WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. 601DataPower_Security_NIST.ppt Page 1 of 17 This presentation discusses three new security features in the WebSphere DataPower
Computer and Network Security. Alberto Marchetti Spaccamela
Computer and Network Security Alberto Marchetti Spaccamela Slides are strongly based on material by Amos Fiat Good crypto courses on the Web with interesting material on web site of: Ron Rivest, MIT Dan
Insecure network services. Firewalls. Two separable topics. Packet filtering. Example: blocking forgeries. Example: blocking outgoing mail
Insecure network services NFS (port 2049) - Read/write entire FS as any non-root user given a dir. handle - Many OSes make handles easy to guess Portmap (port 111) - Relays RPC requests, making them seem
Q2. What has changed? In October 2010, VeriSign migrated its public root certification authorities from 1024 bit RSA keys to 2048-bit RSA keys.
The SSL site certificate for https://ci.tnt.com/ will be updated on Wednesday, Oct 30th 2013 at 08:00 BST onwards and this has important implications for TNT business users. Currently our root certificate,
A Study of What Really Breaks SSL HITB Amsterdam 2011
A Study of What Really Breaks SSL HITB Amsterdam 2011 v1.0 Ivan Ristic Michael Small 20 May 2011 Agenda 1. State of SSL 2. Quick intro to SSL Labs 3. SSL Configuration Surveys 4. Survey of Actual SSL Usage
SafeNet KMIP and Google Cloud Storage Integration Guide
SafeNet KMIP and Google Cloud Storage Integration Guide Documentation Version: 20130719 Table of Contents CHAPTER 1 GOOGLE CLOUD STORAGE................................. 2 Introduction...............................................................
Turning your managed Anti-Virus
Turning your managed Anti-Virus into my Botnet Jérôme NOKIN http://funoverip.net About me # id Jérôme Nokin http://funoverip.net jerome.nokin@gmail.com # job Penetration Tester Verizon Enterprise Solutions
USING GENIE REMOTELY
USING GENIE REMOTELY This document outlines the available options for using Genie in offsite logging mode (Genie single user) or remotely in real-time via a remote desktop (terminal services) connection.
Proposed Documents for JOSE: JSON Web Signature (JWS) JSON Web Encryp6on (JWE) JSON Web Key (JWK)
Proposed Documents for JOSE: JSON Web Signature (JWS) JSON Web Encryp6on (JWE) JSON Web Key (JWK) Mike Jones Standards Architect Microso@ IETF 82 November 14, 2011 Mo6va6on Clear need for industry- standard
Network Security Technology Network Management
COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission
Factoring pq 2 with Quadratic Forms: Nice Cryptanalyses
Factoring pq 2 with Quadratic Forms: Nice Cryptanalyses Phong Nguyễn http://www.di.ens.fr/~pnguyen & ASIACRYPT 2009 Joint work with G. Castagnos, A. Joux and F. Laguillaumie Summary Factoring A New Factoring
Configuring SSL Termination
CHAPTER 4 This chapter describes the steps required to configure a CSS as a virtual SSL server for SSL termination. It contains the following major sections: Overview of SSL Termination Creating an SSL
A Real-Life Man-in-the-Middle Attack on SSL
A Real-Life Man-in-the-Middle Attack on SSL Ted Shorter, Certified Security Solutions February 15, 2005 4:30pm Agenda Spyware product Analysis Work originated while helping CSS client Ways to address the
RSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
Anyone remember this old banner ad? (it was for Net Nanny Pornography? On *MY* Computer? It s more likely than you think. )
Anyone remember this old banner ad? (it was for Net Nanny Pornography? On *MY* Computer? It s more likely than you think. ) Mentioned product names may be trademarks and / or copyrighted by their respective
Analysis of the HTTPS Certificate Ecosystem
Analysis of the HTTPS Certificate Ecosystem, James Kasten, Michael Bailey, J. Alex Halderman University of Michigan HTTPS and TLS How does HTTPS and the CA ecosystem fit into our daily lives? Nearly all
Security Issues with Sharing (Cloud Storage Services) Kalyani Haridasyam EECS710: Information Security and Assurance University of Kansas
Security Issues with Sharing (Cloud Storage Services) Kalyani Haridasyam EECS710: Information Security and Assurance University of Kansas Topics Introduction Data Sharing Dropbox and Sharing Dropbox Security
Complete Website Security
Symantec TM Complete Website Security Symantec is the world s leading provider of Internet trust, authentication and security solutions. Symantec TM Complete Website Security offers you SSL management
Factoring as a Service
Factoring as a Service Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri, Nadia Heninger University of Pennsylvania Abstract The difficulty of integer factorization is fundamental
You Won t Be Needing These Any More: On Removing Unused Certificates From Trust Stores
You Won t Be Needing These Any More: On Removing Unused Certificates From Trust Stores Henning Perl 1, Sascha Fahl 1, and Matthew Smith 2 1 Leibniz University Hannover, Germany, {perl, fahl}@dcsec.uni-hannover.de
Lightweight Security using Identity-Based Encryption Guido Appenzeller
Lightweight Security using Identity-Based Encryption Guido Appenzeller Chief Technology Officer Voltage Security Inc. Identity-Based Encryption (IBE) IBE is a new public key encryption algorithm A number
Windows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
Application Detection
The following topics describe Firepower System application detection : Overview:, page 1 Custom Application Detectors, page 7 Viewing or Downloading Detector Details, page 15 Sorting the Detector List,
Frequently Asked Questions. Frequently Asked Questions. 2013 SSLPost Page 1 of 31 support@sslpost.com
Frequently Asked Questions 2013 SSLPost Page 1 of 31 support@sslpost.com Table of Contents 1 What is SSLPost Cloud? 3 2 Why do I need SSLPost Cloud? 4 3 What do I need to use SSLPost Cloud? 5 4 Which Internet
Network Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
DiamondStream Data Security Policy Summary
DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers
Microsoft IIS 7 Guide to Installing Root Certificates, Generating CSR and Installing certificate
Microsoft IIS 7 Guide to Installing Root Certificates, Generating CSR and Installing certificate Copyright. All rights reserved. Trustis Limited Building 273 New Greenham Park Greenham Common Thatcham
Crypto Lab Public-Key Cryptography and PKI
SEED Labs 1 Crypto Lab Public-Key Cryptography and PKI Copyright c 2006-2014 Wenliang Du, Syracuse University. The development of this document is/was funded by three grants from the US National Science
Release Notes for Websense Web Endpoint (32- and 64-bit OS)
Release Notes for Websense Web Endpoint (32- and 64-bit OS) Updated: 8-Feb-2013 Applies To: Websense Cloud Web Security solutions Use the Release Notes to learn about: What s new in Websense Web Endpoint?
AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES
HYBRID RSA-AES ENCRYPTION FOR WEB SERVICES AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES Kalyani Ganesh
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
Side Channels: Hardware or Software threat?
Side Channels: Hardware or Software threat? Job de Haas Riscure Who am I Job de Haas Principal Security Analyst at Riscure Testing security on: Set-top-boxes, mobile phones, smart cards, payment terminals,
Protocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
Security for Cloud & Big Data
Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 25, 2016 Awesome Project 2 Solutions Honorable mention: Vincent Wang and John Choi super-efficient updates (6-9x better
2014 IBM Corporation
2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session
Breaking the Myths of Extended Validation SSL Certificates
BlackHat Briefings, 2009 Breaking the Myths of Extended Validation SSL Certificates Alexander Sotirov phmsecurity.com Mike Zusman intrepidusgroup.com Introduction Chosen-prefix MD5 collisions allowed us
Backups and Cloud Storage
Backups and Cloud Storage Front Range PC Users Group November 1, 2011 Definitions 1 A search using Google with the search criteria: online backup returned >192 million results A search using Google with
How To Connect Your Cloud
How To Connect Your Cloud This tutorial will show you how to connect ncrypted Cloud to multiple cloud storage accounts after installation. This will allow you to apply privacy to all cloud data right from
Network Intrusion Analysis (Hands-on)
Network Intrusion Analysis (Hands-on) TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect
cs.nyu.edu/courses/fall13/csci-ua.0004-005/
cs.nyu.edu/courses/fall13/csci-ua.0004-005/ Digital Revolution Represents a shift from analog and electronic technology to digital Industrial Revolution (18th 19th c.) Electronic Media (19th 20th c.)
Cloud Computing for Education Workshop
Cloud Computing for Education Workshop 2012 Copyright REZA CURTMOLA, NJIT What Have We Learned So Far? We have learned several cloud applications (Dropbox, Google Docs, Piazza, etc.) Dropbox SugarSync
XXIntroduction. XXRequirements. XXInstallation. XXInterface. XXUsage Instructions
USERS GUIDE XXIntroduction XXRequirements XXInstallation XXInterface XXUsage Instructions XXConfigure Remote Storage Destination Amazon S3 Dropbox Google Drive FTP to another Web Server XXSteps for Setting
State of Transport Security in the E-Mail Ecosystem at Large
Aaron Zauner Overview Results Conclusion Context Joined SBA-Research in Janurary to help with an ongoing Internet-wide scanning project We ve conducted scans on e-mail related ports over the last couple
Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)
Network Security Security Crytographic algorithms Security Services Secret key (DES) Public key (RSA) Message digest (MD5) privacy authenticity Message integrity Secret Key Encryption Plain text Plain
Password Cracking in the Cloud
Password Cracking in the Cloud Gautam Korlam Department of Computer Science, UC Santa Barbara gautamkorlam@cs.ucsb.edu Report for CS290G Network Security Professor: Dr. Çetin Kaya Koç ABSTRACT Cloud computing
Using AES 256 bit Encryption
Using AES 256 bit Encryption April 16 2014 There are many questions on How To Support AES256 bit encryption in an Industrial, Medical or Military Computer System. Programmable Encryption for Solid State
Secure Cloud Computing with FlexCloud
Department of Computer Science Institute of Systems Architecture Chair of Computer Networks Secure Cloud Computing with FlexCloud Dr.-Ing. Anja Strunk DAAD Summer School CTDS 2012 Sousse, Tunisia 07.09.2012
Domestic Services Skips Skip Bags Ancillary Products Support Payments Route Management Maps SMS
Domestic Services Skips Skip Bags Ancillary Products Support Payments Route Management Maps SMS Integration Mobile Reports Statistics Social Media Security Mobile Sales Representative Commercial Waste
MD5 Considered Harmful Today
MD5 Considered Harmful Today Creating a rogue CA certificate Alexander Sotirov Marc Stevens Jacob Appelbaum Arjen Lenstra David Molnar Dag Arne Osvik Benne de Weger New York, USA CWI, Netherlands Noisebridge/Tor,
Secure Password Managers and Military-Grade Encryption on Smartphones: Oh, Really?
Secure Password Managers and Military-Grade Encryption on Smartphones: Oh, Really? Andrey Belenko and Dmitry Sklyarov Elcomsoft Co. Ltd. {a.belenko,d.sklyarov} @ elcomsoft.com 1 Agenda Authentication:
Cryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
A deeper understanding of SSH: Results from Internet-wide scans
A deeper understanding of SSH: Results from Internet-wide scans Oliver Gasser, Ralph Holz, Georg Carle Technische Universität München Faculty of Informatics Chair for Network Architectures and Services
Manual POLICY PATROL SECURE FILE TRANSFER
Manual POLICY PATROL SECURE FILE TRANSFER MANUAL Policy Patrol Secure File Transfer This manual, and the software described in this manual, are copyrighted. No part of this manual or the described software
Quantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014
Quantum Safe Security Workgroup Presentation Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014 ID Quantique Photon Counters Services Quantum Random Number Generators Technology
Extracting Certificates from Live Traffic: A Near Real-Time SSL Notary Service
Extracting Certificates from Live Traffic: A Near Real-Time SSL Notary Service Johanna Amann *, Matthias Vallentin, Seth Hall *, and Robin Sommer *ⱡ TR-12-014 November 2012 Abstract Much of the Internet's
ZMap: Fast Internet-wide Scanning and Its Security Applications
ZMap: Fast Internet-wide Scanning and Its Security Applications Zakir Durumeric, Eric Wustrow, and J. Alex Halderman, University of Michigan This paper is included in the Proceedings of the 22nd USENIX
Out-of-Band Network Management
Out-of-Band Network Management Felix Emmert Betreuer: Oliver Gasser Seminar Innovative Internet-Technologien und Mobilkommunikation WS2014 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik,