A security analysis of the SecLookOn authentication system


 Janel Goodman
 2 years ago
 Views:
Transcription
1 Institut f. Statistik u. Wahrscheinlichkeitstheorie 1040 Wien, Wiedner Hauptstr. 810/107 AUSTRIA A security analysis of the SecLookOn authentication system K. Grill Forschungsbericht MS Februar 2010 Kontakt:
2 A Security Analysis of the SecLookOn Authentication System Karl Grill May 19, 2009 Abstract We show that an attacker that is able to retrieve a sufficiently high number (in simple cases, about 100) of challenges can, with a high probability, reconstruct the secret, even without knowing the correct responses, by a bruteforce approach. With the same approach, a known plaintext attack against the simple system is likely to succeed with knowledge of about 25 challengeresponse pairs. Key words: authentication, brute force, known plaintext attack, unknown plaintext attack, password security. 1 Introduction SecLookOn, invented by Helmut Schluderbacher and marketed by MERLINnovations, replaces the classical username and password authentication method by a graphical challengeresponse system. Thus, the credentials are never completely revealed to an observer. This kind of authentication scheme may be of merit in an office situation where it is not feasible to keep costumers from watching the login process and probably memorizing the username and password and gaining access when the authorized person is absent. Marketing statements by MERLINnovations, however, seem to indicate that this system is intended to be used as an allpurpose high security authentication method, and that it is safe against all imaginable attacks. Unfortunately, up to now, there is little theoretical evidence to support these claims. Consequently, there has been some criticism[5, 6, 7, 8]. Steinkamp[8] lists some attacking scenarios that do not seem to properly handled by the SecLookOn system. A security report[1] commissioned by MERLINnovations was conducted under very tight time restrictions and thus only addresses the most obvious points. It must be mentioned, however, that it does mention the problems that make our approach work. Apart from this report, the only publicly visible effort to provide some kind of proof of Institut für Statistik und Wahrscheinlichkeitstheorie, TU Wien, 1040 Wien, Austria, Tel.: /
3 the system s security was a hack the key contest held in 2008 which promised an Apple iphone for the one who could determine the key secret from 333 challengeresponse pairs of a bloated version of the basic system that we are dealing with. After this, we will describe two attacks that can be used against this scheme: first, we will only assume that a sufficiently large number of challenges have been collected, then we will discuss the known plaintext case where the correct responses are also known. 2 The SecLookOn System The SecLookOn system presents the user with two images, each of which consists of 6 6 smaller images (in the sequel, we will number the rows and columns from 0 to 9 and use coordinate pairs (i, j) to refer to row i, column j). In the first image, the smaller images are randomly selected from a set of 9 predefined images. In the second image, the smaller images are constructed from the background, which has a color that is selected from a given set C of six colors, one or more symbols, each selected from a set of six possible shapes and having a color from the same set C, in front of all the above, a digit from the range 0 to 9, again with a color from the same set C (in each challenge, exactly six of the ten possible digits are present). The colors and shapes are jointly referred to as properties. The type of property (e.g., the top left symbol or the color of the digit) is also referred to as a dimension, and, for each dimension, its actual value is picked from a set of six possible choices which we will number from 0 to 5. The secret that is shared between the user and the system consists of a connected set of six squares in the left image (such a connected set will in the sequel be referred to as a block, and it should be noted that there are exactly 2816 such blocks) B 1, a number K {2, 3}, a set I = {I 1,..., I k } of small images (from the set of 9 mentioned above) that will be relevant for the login process, an upper bound T {1, 2} for the frequencies of the images from I that are used in constructing the response, a block B 2 in the second picture, the number D of dimensions, 2
4 for each possible combination f = (f 1,..., f K ) {0,..., T } K a property X f, which, in turn, is a pair (X f1, X f2 ) of a dimension and an associated value. In order to prove her knowledge of the hidden secret, the user has to proceed as follows: the frequencies F = (F 1,..., F K ) of the images in I inside the block B 1 are determined and truncated, i.e., a frequency greater than T is replaced by T. These frequencies determine the property X F response. associated with the right The user finds X F in the block B 2, and the digit inside that small picture constitutes the response to be returned. This procedure is repeated a number of times (4 10). Apart from these facts and a few minor details (which are not really important for our investigations), this is about all the official information that is provided by the purveyors of this system[2]. Inspection of a number of image pairs reveals the following observations (cf.[8, 1]): there are six special blocks S ij = {3i, 3i + 1, 3i + 2} {2i, 2i + 1}, i = 0, 1, j = 0, 1, 2. In each of these blocks, for each of the property dimensions, each of the six possible values occurs exactly once. In the sequel, these blocks will be called the segments. The color values inside each small picture are all different. the digits are arranged in a fixed pattern, i.e., the squares of the second image can be divided into six sets, and the squares in each of these sets will always contain identical digits (which will be different for different challenges, of course; again, this does not affect our investigations). The main problem, and the one that is behind our attack, is that the user has to be presented with a valid, unambiguous response. This means that the property X F must be present in the block B 2, and if there is more than one occurrence of this property, each of them has to show the same digit. This is not a problem if B 2 is one of the segments. Otherwise it is a nontrivial problem, and it has apparently been solved (although this is not really documented) by forcing the property X F to appear exactly once. 3 A Brute Force Attack In the view of the above, we may try the following (assuming that the parameters K, T, and D are known the last one can be found by scrutinizing a few challenges, the other two may be known from other channels or can simply be tried in turn as there are only two choices for each): 3
5 1. Fix a pattern f Successively try each possible combination B 1, B 2, I, X f0 on one challenge. If the frequency pattern F resulting from B 1 and I equals f 0 i, and if X f0 does not occur exactly once inside B 2, then we can exclude this combination from subsequent trials. 3. Repeat this process on the n challenges that we have (or until there is only one combination left). 4. Repeat the above for other patterns f, using the information from the previous rounds to reduce the search space. This method has its limitations: if the true B 2 is one of the segments, then the uniqueness condition is satisfied by design, so, if we choose a segment as our B 2, then step 2 above will not remove anything, so we will always get the segments as (probably false) positives. So, we will exclude the segments from our searches. If the blocks are chosen with equal probabilities when the user accounts are created (this has to be done if the number of bits in the key is to be used to its full extent), only a fraction 6/2816 of secrets will contain a segment as B 2, so this is not a severe restriction. In addition, there are 87 pairs of complementary blocks in the sense that the members of such a pair are disjoint and that their union coincides with the union of two adjacent segments. If one member of such a pair contains exactly one occurrence of a property, then this will also be true for the other member, so the two cannot be distinguished by this procedure. In all other cases, our approach should lead to a success, if sufficiently many challenges can be checked against. The questions that remain are how large n should be in order to be considered sufficiently large, and how expensive the computations are. Regarding the first question, we use a simple heuristic argument. Namely, first observe that going through our procedure is tantamount to checking all possible choices for B 1, B 2, I and (X f, f {0,..., T } K ) against our n challenges. Assume that our B 1 is disjoint from the true B 1 and that no segment intersects both our B 2 and the true B 2 simultaneously. Furthermore, assume that all choices that are possible for the second image (as dictated by the uniqueness condition and by the observations mentioned above) have the same probability to be chosen in constructing the challenge. This makes what happens in the blocks of the true secret independent from what happens inside the blocks that we chose. Finally, note that the probability that a given property occurs in B 2 exactly once is bounded above by p 0 = 26/36 (this maximum is attained for a block that has 5 squares inside one segment and one outside). The probability that our choice will be rejected can be estimated above by p n 0, because in any round one of our X f s will be checked and rejected with probability at least 1 p 0. Heuristically assuming that this estimate pertains in the general case, and observing that we have 2816 choices for B 1 and B 2 each (actually, for the latter there are only 2810 choices to consider because we have excluded the segments), ( 9 K) choices for I, and 6D choices for each of the (T + 1) K X f s, we 4
6 arrive at the following estimate p for the probability that there is some false choice that cannot be rejected (it can also be interpreted as an estimate for the expected number of false positives): ( ) 9 p = (6D) (T +1)K p n 0. K Our heuristic estimate for n is then determined by p = θ, where θ is any bound we wish to impose on the probability of retaining a false positive. In the simplest case K = 2, T = 1, D = 4 and for θ = 1 we obtain n = 98, for K = 2, T = 2 and T = 6 we get n = 180. As to the complexity of this scheme, first observe that if B is different from the true B 2 or X is not among the true X f s, then there is an upper bound p 1 = 11/12 for the probability that X occurs in B exactly once (this upper bound is obtained as the maximum of conditional probability that x occurs in b exactly once given that x occurs exactly once in b, over all choices (x, b ) (x, b), excluding the cases where b is a segment and where b and b are complementary, which is elementary but tedious). For these, on the average, a proportion p 2 /12 will be eliminated, where p 2 is the probability that the pattern f 0 is observed. Choosing the pattern f 0 appropriately, one can always achieve p 2 (T + 1) K. The number of combinations that we have to check against against the first challenge is ( ) 9 L = D. K Of these, M = 2816 ( 9 K) (T + 1) K 2 do not fit the above description. Of those that do, an expected number not exceeding (1 p 2 /12)L will be checked against the second challenge, and so on, constituting a geometric series. So, we arrive at the following estimate for the total number of checks: ( ) 9 N Mn + 12L/p (T + 1) K (8448D + n). K Inserting the parameters of the actual systems, we arrive at N between and This is of an order of magnitude that is accessible to personal computers, especially since the check can be very efficiently implemented using bitfield operations. 4 Practical Examples The results in the last sections are based on heuristics and so leave some doubts regarding their validity. So, we would like to complement these considerations by a few experiments. The first is a simple simulation experiment. We generated 100 samples of 1000 challenges for K = 2 and T = 1, choosing the blocks, the 2 pictures and the 4 properties uniformly from their respective ranges, generating the first picture in the obvious way and selecting the second picture uniformly among the 5
7 allowed choices. The first n challenges in each sample were processed for n = 96 and n = 128. At n = 96, 11 of the 100 secrets were not uniquely determined. At n = 128 all secrets were uniquely found, up to complementarity 8 of the samples had a member of a complementary pair as their second block, so these were only determined up to this ambiguity that cannot be avoided. Running times on an AMD 64 with 4800 MHz were below 3 minutes per sample. Encouraged by this agreement with our previous considerations, we decided to turn to a reallife example, and chose the account KeyUserD2 described in [3]. Downloading the necessary number of login screens was rather easy, the most demanding task was the conversion of the data into machinereadable form. This problem was solved at n = 96 up to complementarity. Finally, we tried to do some real hacking and crack an unknown account. We guessed a username by extrapolating the KeyUserD* sequence, obtained a number of login screens, went through another tedious conversion job and finally ran the data through our program. It turned out that this account had T = 2 and K = 2. At n = 160, all but X 22 were uniquely determined, getting this last one right needed n = 576. This is not really a surprise because the probability of obtaining the pattern F = (2, 2) is less than one percent, so it may not show up at all in 100 trials. On the other hand, it is not really needed, because the chance that it occurs during the at most ten rounds of a single login is less than 0.1, so one can easily log in without this particular knowledge. As a last proof to ourselves, we logged into this account successfully. 5 A KnownPlaintext Attack The same approach as in the last section can be used if the responses are known. Computationally, the only difference is that we also reject a combination if the digit in the uniquely determined square is different from the correct response. In this setting, the segments and complementary blocks lose their special status. Using this on the simulation data we used above, we found, that at n = 32 all but 12 of the 100 keys were uniquely determined, 5 of those could not even be determined uniquely at n = 64. The number of keys that were left in each case, however, was small enough that it would not pose a problem to try these out in sequel (at n = 32 there was one case with 10 possible keys left, one with 5, and the rest had 2 or 3; at n = 22 the maximum number of keys left was 49, the mean was 3.77, and more than half of the cases showed a unique result). Computation times were less than one minute. In addition, we simulated a set of samples containing only segments because these were excluded in the original samples. As expected, the results were similar to those for the first set of samples. 6
8 6 WebLookOn WebLookOn [9] is a reduced version of the SecLookOn system. In this variant, the choice of the two blocks is removed from the key, the user is only shown the six squares that are relevant for the determination of the response. The number of dimensions is four, and all dimensions are symbols, so the peculiarities of color dimensions are removed. Apart from that, it works the same as before: the occurrence or nonoccurrence of two small images in the first picture determines which symbol to look for in the second picture, and the digit in the square that contains this symbol is the response. This should make it clear that the results from the last section should give an upper bound to the security of this system. In fact, it has been observed (cf. the discussion in [4]) that the observation of three logins (or twelve challengeresponse pairs) is enough to reduce the number of possible keys to a handful. This system simple enough that we can do some strict mathematics. Assume that S 0 is the true key, and that we check a different key S against one challengerespond round created from S 0. If the probability that S is rejected in this round is p(s 0, S), and we have a total of n rounds (which we assume to be independently uniformly distributed among all possible choices) to check it against, then the probability that S is not rejected by the whole procedure is (1 p(s 0, S)) n, and the expected number of keys left is N(n) = S S 0 (1 p(s 0, S)) n. p(s 0, S) can be determined as follows: let X(S) = (X 1 (S), X 2 (S)) be the (random) symbol determined by strategy S for the round under consideration, with X 1 denoting its dimension and X 2 its value. Then p(s 0, S) = x,y P(X(S 0 ) = x, X(S) = y)q(x, y). Here, q(x, y) is the probability that the symbols x and y are found in the same square and can be calculated as 1 if x = y, q(x, y) = 0 if x 1 = y 1 and x 2 y 2, 1/6 otherwise. The probability P(X(S 0 ) = x, X(S) = y) is obtained as the sum of the probabilities of all frequency patterns that are associated with x in key S 0, and with y in S, which in turn can be calculated from the multinomial distribution. Our calculations showed that indeed the values of N(12) are small for all possible choices of S 0, with its maximum value, , attained for a key that uses one symbol for the both pictures absent case, and one single symbol from a different dimension for all the other cases. N(22) is less than 2 for all keys, which is very nicely in tune with the results we obtained in the previous section. 7
9 7 More Complex Systems It may be conjectured that adding more features to the basic system described above could make attacks like the ones we described above unfeasible. Unfortunately, leaving aside the fact that memorizing a system like the one described below comes close to a Vaudeville act, this is not necessarily the case. As an example, we consider the scheme that is presented as the solution of the hacking contest that was held in This scheme sports the following extensions: Instead of a single fixed block, there is a choice of ten blocks in the first picture. Which one of these is actually to be used is determined by the contents of a certain square in this picture. Similarly, in the second picture there is a choice of ten blocks which is determined by the digit in a given square. Finally, shifts are added to the final result. This means that the final answer is not found in the square where the property in question was found, but, for example, two squares above it or three to the right. The method from section 3 cannot determine the shifts, but the shifts do not interfere with it either because they only affect the position of the right response which this method does not use at all. If we can obtain about challenges, we can use a divide and conquer strategy pick one square in the first image, one in the second (due to the fact that the digits are arranged in a fixed pattern, there are only six essentially different choices for the latter), and use only those challenges that have a previously fixed image/digit combination in these places. Running the program from section 3 on these 216 samples will take about 11 hours and narrow the search space sufficiently, so that the time used for subsequent searches for other combinations will become negligible. Thus, in less than a day, almost all of the key information will be revealed, only segments, ambiguous pairs and the shifts will not be properly determined (in the solution shown, there are no segments or memebers of complimentary pairs among the secondpicture blocks, so, for this particular case, only the shifts would be missing). These remaining parts can be found if a (substantially smaller) number of correct responses is known. 8 Conclusion Summing up, it seems that SecLookOn does not really provide the amount of security that is claimed. In particular, the known plaintext attack from section 5 makes it questionable if it really fulfills its original purpose, namely to avoid revealing the login secret to observers. 8
10 References [1] T. Dübendorfer, Gutachen Sicherheitsanalyse von SecLookOn, (2008). Available: [2] MERLINnovations & Consulting GmBH, SecLookOn: Beschreibung des Verfahrens und Lösung für ManintheMiddle Attacken, (2007). Available: paper.asp [3] MERLINnovations & Consulting GmBH, SecLookOn Schlüssel für user KeyUserD2, (2008). Available: accounts.asp [4] M. Mrak, Gedankensplitter, (2009). Available: [5] R. Oppliger, esecurity Communications, vol. 5, no. 1(2008) Available: [6] R. Oppliger, esecurity Communications, vol. 5, no. 2(2008) Available: [7] R. Oppliger, esecurity Communications, vol. 6, no. 1(2009) Available: [8] M. Steinkamp. Analyse des Verfahrens SecLookOn der Firma MERLINnovations, (2008) Available: [9] WebLookOn GesmbH, WebLookOn, (2009). Available: 9
Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay
Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay Lecture  17 ShannonFanoElias Coding and Introduction to Arithmetic Coding
More informationThe Trip Scheduling Problem
The Trip Scheduling Problem Claudia Archetti Department of Quantitative Methods, University of Brescia Contrada Santa Chiara 50, 25122 Brescia, Italy Martin Savelsbergh School of Industrial and Systems
More informationE3: PROBABILITY AND STATISTICS lecture notes
E3: PROBABILITY AND STATISTICS lecture notes 2 Contents 1 PROBABILITY THEORY 7 1.1 Experiments and random events............................ 7 1.2 Certain event. Impossible event............................
More information, for x = 0, 1, 2, 3,... (4.1) (1 + 1/n) n = 2.71828... b x /x! = e b, x=0
Chapter 4 The Poisson Distribution 4.1 The Fish Distribution? The Poisson distribution is named after SimeonDenis Poisson (1781 1840). In addition, poisson is French for fish. In this chapter we will
More informationCryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur
Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)
More informationON THE COMPLEXITY OF THE GAME OF SET. {kamalika,pbg,dratajcz,hoeteck}@cs.berkeley.edu
ON THE COMPLEXITY OF THE GAME OF SET KAMALIKA CHAUDHURI, BRIGHTEN GODFREY, DAVID RATAJCZAK, AND HOETECK WEE {kamalika,pbg,dratajcz,hoeteck}@cs.berkeley.edu ABSTRACT. Set R is a card game played with a
More informationLecture 1: Systems of Linear Equations
MTH Elementary Matrix Algebra Professor Chao Huang Department of Mathematics and Statistics Wright State University Lecture 1 Systems of Linear Equations ² Systems of two linear equations with two variables
More informationGraph Security Testing
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 23 No. 1 (2015), pp. 2945 Graph Security Testing Tomasz Gieniusz 1, Robert Lewoń 1, Michał Małafiejski 1 1 Gdańsk University of Technology, Poland Department of
More informationBasic Probability Concepts
page 1 Chapter 1 Basic Probability Concepts 1.1 Sample and Event Spaces 1.1.1 Sample Space A probabilistic (or statistical) experiment has the following characteristics: (a) the set of all possible outcomes
More informationCONTINUED FRACTIONS AND FACTORING. Niels Lauritzen
CONTINUED FRACTIONS AND FACTORING Niels Lauritzen ii NIELS LAURITZEN DEPARTMENT OF MATHEMATICAL SCIENCES UNIVERSITY OF AARHUS, DENMARK EMAIL: niels@imf.au.dk URL: http://home.imf.au.dk/niels/ Contents
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture  PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationProbability. A random sample is selected in such a way that every different sample of size n has an equal chance of selection.
1 3.1 Sample Spaces and Tree Diagrams Probability This section introduces terminology and some techniques which will eventually lead us to the basic concept of the probability of an event. The Rare Event
More informationOffline sorting buffers on Line
Offline sorting buffers on Line Rohit Khandekar 1 and Vinayaka Pandit 2 1 University of Waterloo, ON, Canada. email: rkhandekar@gmail.com 2 IBM India Research Lab, New Delhi. email: pvinayak@in.ibm.com
More informationProbability Using Dice
Using Dice One Page Overview By Robert B. Brown, The Ohio State University Topics: Levels:, Statistics Grades 5 8 Problem: What are the probabilities of rolling various sums with two dice? How can you
More informationApplication of Neural Network in User Authentication for Smart Home System
Application of Neural Network in User Authentication for Smart Home System A. Joseph, D.B.L. Bong, D.A.A. Mat Abstract Security has been an important issue and concern in the smart home systems. Smart
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationFor example, estimate the population of the United States as 3 times 10⁸ and the
CCSS: Mathematics The Number System CCSS: Grade 8 8.NS.A. Know that there are numbers that are not rational, and approximate them by rational numbers. 8.NS.A.1. Understand informally that every number
More informationLinear Programming I
Linear Programming I November 30, 2003 1 Introduction In the VCR/guns/nuclear bombs/napkins/star wars/professors/butter/mice problem, the benevolent dictator, Bigus Piguinus, of south Antarctica penguins
More informationRecent progress in additive prime number theory
Recent progress in additive prime number theory University of California, Los Angeles Mahler Lecture Series Additive prime number theory Additive prime number theory is the study of additive patterns in
More informationCognitive Authentication Schemes Safe Against Spyware (Short Paper)
In Proc. IEEE Symposium on Security and Privacy (S&P), May 2006 Cognitive Authentication Schemes Safe Against Spyware (Short Paper) Daphna Weinshall School of Computer Science and Engineering The Hebrew
More informationMigration Manager v6. User Guide. Version 1.0.5.0
Migration Manager v6 User Guide Version 1.0.5.0 Revision 1. February 2013 Content Introduction... 3 Requirements... 3 Installation and license... 4 Basic Imports... 4 Workspace... 4 1. Menu... 4 2. Explorer...
More informationOn the Laziness of MonteCarlo Game Tree Search in Nontight Situations
Technical Report On the Laziness of MonteCarlo Game Tree Search in Nontight Situations September 8, 2008 Ingo Althofer Institute of Applied Mathematics Faculty of Mathematics and Computer Science FriedrichSchiller
More informationProbability, statistics and football Franka Miriam Bru ckler Paris, 2015.
Probability, statistics and football Franka Miriam Bru ckler Paris, 2015 Please read this before starting! Although each activity can be performed by one person only, it is suggested that you work in groups
More informationarxiv:1112.0829v1 [math.pr] 5 Dec 2011
How Not to Win a Million Dollars: A Counterexample to a Conjecture of L. Breiman Thomas P. Hayes arxiv:1112.0829v1 [math.pr] 5 Dec 2011 Abstract Consider a gambling game in which we are allowed to repeatedly
More information2FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec
2FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1 Motivation With the increasing
More information+ Section 6.2 and 6.3
Section 6.2 and 6.3 Learning Objectives After this section, you should be able to DEFINE and APPLY basic rules of probability CONSTRUCT Venn diagrams and DETERMINE probabilities DETERMINE probabilities
More informationFactoring & Primality
Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount
More informationColored Hats and Logic Puzzles
Colored Hats and Logic Puzzles Alex Zorn January 21, 2013 1 Introduction In this talk we ll discuss a collection of logic puzzles/games in which a number of people are given colored hats, and they try
More informationMACs Message authentication and integrity. Table of contents
MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and
More informationPROBLEM SET 7: PIGEON HOLE PRINCIPLE
PROBLEM SET 7: PIGEON HOLE PRINCIPLE The pigeonhole principle is the following observation: Theorem. Suppose that > kn marbles are distributed over n jars, then one jar will contain at least k + marbles.
More informationChapter 2: Systems of Linear Equations and Matrices:
At the end of the lesson, you should be able to: Chapter 2: Systems of Linear Equations and Matrices: 2.1: Solutions of Linear Systems by the Echelon Method Define linear systems, unique solution, inconsistent,
More informationThe Power Loader GUI
The Power Loader GUI (212) 405.1010 info@1010data.com Follow: @1010data www.1010data.com The Power Loader GUI Contents 2 Contents PreLoad ToDo List... 3 Login to Power Loader... 4 Upload Data Files to
More informationAuthentication Types. Passwordbased Authentication. OffLine Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues Systemrelated issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationVISUAL ALGEBRA FOR COLLEGE STUDENTS. Laurie J. Burton Western Oregon University
VISUAL ALGEBRA FOR COLLEGE STUDENTS Laurie J. Burton Western Oregon University VISUAL ALGEBRA FOR COLLEGE STUDENTS TABLE OF CONTENTS Welcome and Introduction 1 Chapter 1: INTEGERS AND INTEGER OPERATIONS
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide
More informationLecture 15 An Arithmetic Circuit Lowerbound and Flows in Graphs
CSE599s: Extremal Combinatorics November 21, 2011 Lecture 15 An Arithmetic Circuit Lowerbound and Flows in Graphs Lecturer: Anup Rao 1 An Arithmetic Circuit Lower Bound An arithmetic circuit is just like
More informationHigh Security Online Backup. A Cyphertite White Paper February, 2013. CloudBased Backup Storage Threat Models
A Cyphertite White Paper February, 2013 CloudBased Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256bit
More informationMATHEMATICS (CLASSES XI XII)
MATHEMATICS (CLASSES XI XII) General Guidelines (i) All concepts/identities must be illustrated by situational examples. (ii) The language of word problems must be clear, simple and unambiguous. (iii)
More informationPASSWORD MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
PASSWORD MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationUnit 19: Probability Models
Unit 19: Probability Models Summary of Video Probability is the language of uncertainty. Using statistics, we can better predict the outcomes of random phenomena over the long term from the very complex,
More informationDiscrete Math in Computer Science Homework 7 Solutions (Max Points: 80)
Discrete Math in Computer Science Homework 7 Solutions (Max Points: 80) CS 30, Winter 2016 by Prasad Jayanti 1. (10 points) Here is the famous Monty Hall Puzzle. Suppose you are on a game show, and you
More informationModels for Discrete Variables
Probability Models for Discrete Variables Our study of probability begins much as any data analysis does: What is the distribution of the data? Histograms, boxplots, percentiles, means, standard deviations
More informationCombinatorics: The Fine Art of Counting
Combinatorics: The Fine Art of Counting Week 7 Lecture Notes Discrete Probability Continued Note Binomial coefficients are written horizontally. The symbol ~ is used to mean approximately equal. The Bernoulli
More informationHow to Win the Stock Market Game
How to Win the Stock Market Game 1 Developing ShortTerm Stock Trading Strategies by Vladimir Daragan PART 1 Table of Contents 1. Introduction 2. Comparison of trading strategies 3. Return per trade 4.
More informationKenken For Teachers. Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles June 27, 2010. Abstract
Kenken For Teachers Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles June 7, 00 Abstract Kenken is a puzzle whose solution requires a combination of logic and simple arithmetic skills.
More informationPennies and Blood. Mike Bomar
Pennies and Blood Mike Bomar In partial fulfillment of the requirements for the Master of Arts in Teaching with a Specialization in the Teaching of Middle Level Mathematics in the Department of Mathematics.
More informationLinear Codes. Chapter 3. 3.1 Basics
Chapter 3 Linear Codes In order to define codes that we can encode and decode efficiently, we add more structure to the codespace. We shall be mainly interested in linear codes. A linear code of length
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationLies My Calculator and Computer Told Me
Lies My Calculator and Computer Told Me 2 LIES MY CALCULATOR AND COMPUTER TOLD ME Lies My Calculator and Computer Told Me See Section.4 for a discussion of graphing calculators and computers with graphing
More informationMath/Stats 425 Introduction to Probability. 1. Uncertainty and the axioms of probability
Math/Stats 425 Introduction to Probability 1. Uncertainty and the axioms of probability Processes in the real world are random if outcomes cannot be predicted with certainty. Example: coin tossing, stock
More informationGREEN CHICKEN EXAM  NOVEMBER 2012
GREEN CHICKEN EXAM  NOVEMBER 2012 GREEN CHICKEN AND STEVEN J. MILLER Question 1: The Green Chicken is planning a surprise party for his grandfather and grandmother. The sum of the ages of the grandmother
More information6 Scalar, Stochastic, Discrete Dynamic Systems
47 6 Scalar, Stochastic, Discrete Dynamic Systems Consider modeling a population of sandhill cranes in year n by the firstorder, deterministic recurrence equation y(n + 1) = Ry(n) where R = 1 + r = 1
More informationIntegrating Benders decomposition within Constraint Programming
Integrating Benders decomposition within Constraint Programming Hadrien Cambazard, Narendra Jussien email: {hcambaza,jussien}@emn.fr École des Mines de Nantes, LINA CNRS FRE 2729 4 rue Alfred Kastler BP
More information1 Data Encryption Algorithm
Date: Monday, September 23, 2002 Prof.: Dr JeanYves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on the Data Encryption Standard (DES) The Data Encryption Standard (DES) has been
More informationCompetitive Analysis of On line Randomized Call Control in Cellular Networks
Competitive Analysis of On line Randomized Call Control in Cellular Networks Ioannis Caragiannis Christos Kaklamanis Evi Papaioannou Abstract In this paper we address an important communication issue arising
More informationSHARP BOUNDS FOR THE SUM OF THE SQUARES OF THE DEGREES OF A GRAPH
31 Kragujevac J. Math. 25 (2003) 31 49. SHARP BOUNDS FOR THE SUM OF THE SQUARES OF THE DEGREES OF A GRAPH Kinkar Ch. Das Department of Mathematics, Indian Institute of Technology, Kharagpur 721302, W.B.,
More informationDecember 4, 2013 MATH 171 BASIC LINEAR ALGEBRA B. KITCHENS
December 4, 2013 MATH 171 BASIC LINEAR ALGEBRA B KITCHENS The equation 1 Lines in twodimensional space (1) 2x y = 3 describes a line in twodimensional space The coefficients of x and y in the equation
More informationLecture 3: Finding integer solutions to systems of linear equations
Lecture 3: Finding integer solutions to systems of linear equations Algorithmic Number Theory (Fall 2014) Rutgers University Swastik Kopparty Scribe: Abhishek Bhrushundi 1 Overview The goal of this lecture
More informationOPRE 6201 : 2. Simplex Method
OPRE 6201 : 2. Simplex Method 1 The Graphical Method: An Example Consider the following linear program: Max 4x 1 +3x 2 Subject to: 2x 1 +3x 2 6 (1) 3x 1 +2x 2 3 (2) 2x 2 5 (3) 2x 1 +x 2 4 (4) x 1, x 2
More informationProblem of the Month: Perfect Pair
Problem of the Month: The Problems of the Month (POM) are used in a variety of ways to promote problem solving and to foster the first standard of mathematical practice from the Common Core State Standards:
More informationLabeling outerplanar graphs with maximum degree three
Labeling outerplanar graphs with maximum degree three Xiangwen Li 1 and Sanming Zhou 2 1 Department of Mathematics Huazhong Normal University, Wuhan 430079, China 2 Department of Mathematics and Statistics
More informationWeek 5 Integral Polyhedra
Week 5 Integral Polyhedra We have seen some examples 1 of linear programming formulation that are integral, meaning that every basic feasible solution is an integral vector. This week we develop a theory
More informationHumanReadable BPMN Diagrams
HumanReadable BPMN Diagrams Refactoring OMG s EMail Voting Example Thomas Allweyer V 1.1 1 The EMail Voting Process Model The Object Management Group (OMG) has published a useful nonnormative document
More informationTCOM 370 NOTES 994 BANDWIDTH, FREQUENCY RESPONSE, AND CAPACITY OF COMMUNICATION LINKS
TCOM 370 NOTES 994 BANDWIDTH, FREQUENCY RESPONSE, AND CAPACITY OF COMMUNICATION LINKS 1. Bandwidth: The bandwidth of a communication link, or in general any system, was loosely defined as the width of
More informationIn mathematics, there are four attainment targets: using and applying mathematics; number and algebra; shape, space and measures, and handling data.
MATHEMATICS: THE LEVEL DESCRIPTIONS In mathematics, there are four attainment targets: using and applying mathematics; number and algebra; shape, space and measures, and handling data. Attainment target
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationLOGNORMAL MODEL FOR STOCK PRICES
LOGNORMAL MODEL FOR STOCK PRICES MICHAEL J. SHARPE MATHEMATICS DEPARTMENT, UCSD 1. INTRODUCTION What follows is a simple but important model that will be the basis for a later study of stock prices as
More informationLecture 4 Online and streaming algorithms for clustering
CSE 291: Geometric algorithms Spring 2013 Lecture 4 Online and streaming algorithms for clustering 4.1 Online kclustering To the extent that clustering takes place in the brain, it happens in an online
More informationA New Interpretation of Information Rate
A New Interpretation of Information Rate reproduced with permission of AT&T By J. L. Kelly, jr. (Manuscript received March 2, 956) If the input symbols to a communication channel represent the outcomes
More informationSECTION 81 Systems of Linear Equations and Augmented Matrices
86 8 Systems of Equations and Inequalities In this chapter we move from the standard methods of solving two linear equations with two variables to a method that can be used to solve linear systems with
More informationPigeonhole Principle Solutions
Pigeonhole Principle Solutions 1. Show that if we take n + 1 numbers from the set {1, 2,..., 2n}, then some pair of numbers will have no factors in common. Solution: Note that consecutive numbers (such
More informationPowerLoader User's Guide
PowerLoader User's Guide (212) 405.1010 info@1010data.com Follow: @1010data www.1010data.com PowerLoader User's Guide Contents 2 Contents PreLoad ToDo List... 3 Log in to PowerLoader... 4 Upload Data
More informationSession 8 Probability
Key Terms for This Session Session 8 Probability Previously Introduced frequency New in This Session binomial experiment binomial probability model experimental probability mathematical probability outcome
More informationVictor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract
Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart
More informationCS 361S  Network Security and Privacy Spring 2014. Homework #1
CS 361S  Network Security and Privacy Spring 2014 Homework #1 Due: 11am CST (in class), February 11, 2014 YOUR NAME: Collaboration policy No collaboration is permitted on this assignment. Any cheating
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur Lecture No. #06 Cryptanalysis of Classical Ciphers (Refer
More informationADO and SQL Server Security
ADO and SQL Server Security Security is a growing concern in the Internet/intranet development community. It is a constant trade off between access to services and data, and protection of those services
More informationNational Sun YatSen University CSE Course: Information Theory. Gambling And Entropy
Gambling And Entropy 1 Outline There is a strong relationship between the growth rate of investment in a horse race and the entropy of the horse race. The value of side information is related to the mutual
More informationMATHEMATICS FOR ENGINEERING BASIC ALGEBRA
MATHEMATICS FOR ENGINEERING BASIC ALGEBRA TUTORIAL 3 EQUATIONS This is the one of a series of basic tutorials in mathematics aimed at beginners or anyone wanting to refresh themselves on fundamentals.
More informationLecture 3: Linear Programming Relaxations and Rounding
Lecture 3: Linear Programming Relaxations and Rounding 1 Approximation Algorithms and Linear Relaxations For the time being, suppose we have a minimization problem. Many times, the problem at hand can
More information1. The Fly In The Ointment
Arithmetic Revisited Lesson 5: Decimal Fractions or Place Value Extended Part 5: Dividing Decimal Fractions, Part 2. The Fly In The Ointment The meaning of, say, ƒ 2 doesn't depend on whether we represent
More information3. Data Analysis, Statistics, and Probability
3. Data Analysis, Statistics, and Probability Data and probability sense provides students with tools to understand information and uncertainty. Students ask questions and gather and use data to answer
More informationEntry Level College Mathematics: Algebra or Modeling
Entry Level College Mathematics: Algebra or Modeling Dan Kalman Dan Kalman is Associate Professor in Mathematics and Statistics at American University. His interests include matrix theory, curriculum development,
More informationELEMENTARY PROBABILITY
ELEMENTARY PROBABILITY Events and event sets. Consider tossing a die. There are six possible outcomes, which we shall denote by elements of the set {A i ; i =1, 2,...,6}. A numerical value is assigned
More informationThe Conference Call Search Problem in Wireless Networks
The Conference Call Search Problem in Wireless Networks Leah Epstein 1, and Asaf Levin 2 1 Department of Mathematics, University of Haifa, 31905 Haifa, Israel. lea@math.haifa.ac.il 2 Department of Statistics,
More informationIt may look like this all has to do with your password, but that s not the only factor to worry about.
Account Security One of the easiest ways to lose control of private information is to use poor safeguards on internet accounts like webbased email, online banking and social media (Facebook, Twitter).
More informationIntroduction to the Practice of Statistics Fifth Edition Moore, McCabe
Introduction to the Practice of Statistics Fifth Edition Moore, McCabe Section 5.1 Homework Answers 5.7 In the proofreading setting if Exercise 5.3, what is the smallest number of misses m with P(X m)
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationWhite Paper. Blindfolded SQL Injection
White Paper In the past few years, SQL Injection attacks have been on the rise. The increase in the number of Database based applications, combined with various publications that explain the problem and
More informationprinceton univ. F 13 cos 521: Advanced Algorithm Design Lecture 6: Provable Approximation via Linear Programming Lecturer: Sanjeev Arora
princeton univ. F 13 cos 521: Advanced Algorithm Design Lecture 6: Provable Approximation via Linear Programming Lecturer: Sanjeev Arora Scribe: One of the running themes in this course is the notion of
More information1. LINEAR EQUATIONS. A linear equation in n unknowns x 1, x 2,, x n is an equation of the form
1. LINEAR EQUATIONS A linear equation in n unknowns x 1, x 2,, x n is an equation of the form a 1 x 1 + a 2 x 2 + + a n x n = b, where a 1, a 2,..., a n, b are given real numbers. For example, with x and
More information2. INEQUALITIES AND ABSOLUTE VALUES
2. INEQUALITIES AND ABSOLUTE VALUES 2.1. The Ordering of the Real Numbers In addition to the arithmetic structure of the real numbers there is the order structure. The real numbers can be represented by
More informationMeasurement and Modelling of Internet Traffic at Access Networks
Measurement and Modelling of Internet Traffic at Access Networks Johannes Färber, Stefan Bodamer, Joachim Charzinski 2 University of Stuttgart, Institute of Communication Networks and Computer Engineering,
More information9.2 Summation Notation
9. Summation Notation 66 9. Summation Notation In the previous section, we introduced sequences and now we shall present notation and theorems concerning the sum of terms of a sequence. We begin with a
More informationDeduplication as security issue in cloud services, and its representation in Terms of Service Agreements
Deduplication as security issue in cloud services, and its representation in Terms of Service Agreements Cecilia Wirfelt Louise Wallin Email: {cecwi155, louwa538}@student.liu.se Supervisor: JanÅke Larsson,
More informationIf A is divided by B the result is 2/3. If B is divided by C the result is 4/7. What is the result if A is divided by C?
Problem 3 If A is divided by B the result is 2/3. If B is divided by C the result is 4/7. What is the result if A is divided by C? Suggested Questions to ask students about Problem 3 The key to this question
More informationChi Square Tests. Chapter 10. 10.1 Introduction
Contents 10 Chi Square Tests 703 10.1 Introduction............................ 703 10.2 The Chi Square Distribution.................. 704 10.3 Goodness of Fit Test....................... 709 10.4 Chi Square
More information