This document discusses the importance of using more encryption on the Internet to increase privacy and security. It makes the following key points:
1) The Internet has become too easy to monitor as we have built it without sufficient security protections by default. More encryption needs to be implemented across Internet services and protocols to make eavesdropping more difficult.
2) Developers should enable encryption by default for all new Internet protocols. Opportunistic encryption techniques can provide some protections even without full authentication.
3) Individuals can help push for more encryption by requiring encrypted connections when using services and enabling tools like HTTPS Everywhere on their browsers. Transitioning to encrypted connections wherever possible raises the bar for surveillance.
This document discusses various aspects of web security including:
1. Secure Socket Layer (SSL) and Transport Layer Security (TLS) which provide secure communication over the internet.
2. Secure Electronic Transaction (SET) which is an open encryption standard that protects credit card transactions on the internet.
3. The document outlines different security considerations for the web including vulnerabilities of web servers and the need for mechanisms like SSL, TLS at the transport layer and SET at the application layer.
PGP and S/MIME are two standards for securing email. PGP provides encryption and authentication independently of operating systems using symmetric and asymmetric cryptography. S/MIME uses X.509 certificates and defines how to cryptographically sign, encrypt, and combine MIME entities for authentication and confidentiality using algorithms like RSA, DSS, and 3DES. DKIM allows a sending domain to cryptographically sign emails to assert the message's origin and prevent spoofing, while the email architecture standards like RFC 5322 and MIME define message formatting and how attachments are represented.
This document discusses email security and encryption. It explains that email travels through unprotected networks and is exposed to attacks. It describes how email privacy aims to protect email from unauthorized access. Some remedies discussed are encrypting communication between servers using TLS and SASL authentication. The document also discusses using public-key cryptography for email encryption with tools like PGP and S/MIME, which can encrypt email content and add digital signatures for authentication. S/MIME is described as a security enhancement to the MIME email standard that provides encrypted and signed data functionality.
The document discusses email security flaws and various techniques for encrypting email communications. It describes how email is currently sent in plain text over outdated protocols, revealing metadata in headers. Encryption methods like Public Key Infrastructure (PKI) and Pretty Good Privacy (PGP) aim to address these issues using public/private key encryption and decentralized authentication. Applications like GNU Privacy Guard have implemented these techniques, while future development focuses on end-to-end encryption and usability in projects like the Dark Mail Project.
This document discusses web security and Secure Sockets Layer (SSL) / Transport Layer Security (TLS). It defines key web security terminology like hackers, viruses, worms, and Trojans. It then explains what SSL/TLS is, how it provides security for web communications through encryption, message authentication codes, and authentication. The document outlines the SSL/TLS architecture, components, sessions and connections. It also discusses how SSL/TLS has been widely implemented in applications like HTTPS to secure internet traffic.
The document summarizes Pretty Good Privacy (PGP), an encryption program created by Phil Zimmerman in 1991. PGP uses a combination of algorithms, including the IDEA cipher for encryption and RSA for key exchange. It improves on the security of IDEA by generating a new random key for each session and encrypting the key with RSA. The document explains how PGP encrypts messages by encrypting the content with IDEA and encrypting the IDEA key with RSA. It also describes how PGP decrypts messages by first decrypting the IDEA key with RSA and then using the key to decrypt the IDEA ciphertext. PGP enhances security by combining the strengths of different algorithms.
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
PGP (Pretty Good Privacy) is an encryption standard that aims to provide confidentiality and authentication for communications over unsecure channels. It uses public/private key pairs to encrypt messages and digitally sign them. Users manage their public and private keys in keyrings and can look up other users' public keys to encrypt messages for them or verify their signatures. While not designed for mailing lists originally, PGP can provide security for mailing list communications through solutions like having each message encrypted for all members or using a shared group key pair.
PGP (Pretty Good Privacy) is an open source encryption software that provides security mechanisms like authentication, confidentiality, compression, and email compatibility. It uses strong cryptographic algorithms like IDEA, RSA, and SHA-1. PGP protects messages by signing them with the sender's private key, encrypting them with a random symmetric key, and encrypting that key with the recipient's public key. This ensures message integrity and confidentiality. Compression is applied before encryption to save space. Radix-64 encoding allows encrypted messages to be transmitted over email. PGP's features help secure email communications and stored files from unauthorized access.
The document provides an overview of security topics including algorithms, encryption, digital signatures, certificates, and cryptography. It discusses the need for message security, privacy, authentication, integrity and non-repudiation. It then describes symmetric key cryptography, public key cryptography, digital signatures, key management, certificates, and security at the IP, transport and application layers including SSL/TLS, IPSec, PGP and S/MIME.
This document summarizes encryption techniques for securing electronic mail. It describes Pretty Good Privacy (PGP), a popular encryption software, and S/MIME, an emerging industry standard. PGP provides authentication, confidentiality, compression, and other services. It segments long messages for transmission. S/MIME uses public-key encryption and certificates to provide encrypted and signed messages and is compatible with SMTP email.
Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) and ensures privacy and security between communicating applications on the internet. TLS encrypts data transmission, works with most browsers and servers, supports flexible encryption algorithms, and is easy to deploy on many systems transparently. It operates directly above TCP and establishes an encrypted connection by negotiating a cipher suite and exchanging certificates and keys between the client and server. Once handshake is complete, both sides can communicate securely until closing the connection. TLS version and cipher suite used can be viewed in browser.
This document discusses email security concepts and PGP. It defines email security as securing email accounts and content. Techniques mentioned include strong passwords, spam filters, and encryption. Threats to email security are loss of confidentiality, integrity, and authentication. The document also discusses specific email security threats like snowshoe spamming, hacktivism, and data breaches. It defines concepts related to PGP like public/private key encryption and how PGP can be used to encrypt emails and files.
This document provides an overview of Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It discusses the evolution of SSL/TLS, the SSL/TLS handshake process, common attacks like man-in-the-middle attacks using tools like SSLStrip, recent attacks on SSL/TLS like BEAST and CRIME, and security guidelines for configuring SSL/TLS on servers.
PGP and S/MIME are open source software packages that provide email security through encryption, authentication with digital signatures, and integrity checks. PGP uses algorithms like RSA, IDEA, and SHA-1, while S/MIME provides the same security functions as an extension to the MIME email format standard using technologies like digital signatures, encryption, and authentication. Both aim to ensure privacy, data security, and non-repudiation of email messages.
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
The infrastructure that deploys and manages digital certificates, known as a Public Key Infrastructure (PKI), is often the center for cryptography in an organization. It is also in service for 10+ years, which means that one must carefully consider design options before implementation. In this presentation, Frank will cover modern standards for cryptography, how they apply to a Microsoft PKI infrastructure, and share recommendations based on he has seen in the field.
PGP (Pretty Good Privacy) is an open-source email security software that provides authentication through digital signatures, confidentiality through symmetric encryption of messages, compression using ZIP, and compatibility with email systems through base64 encoding. It uses public-key cryptography for encrypting symmetric session keys and signing messages. Keys are stored in private and public key rings along with metadata for easy management. Messages contain encrypted data, signature, and encrypted session key components.
Kamailio is the leading Open Source SIP Server - a SIP proxy, registrar, location server, presence server, IMS server and much more. Find out more by viewing this quick presentation! (Updated June 2014)
The document discusses how credit unions have an advantage in appealing to Generation Y members based on member satisfaction surveys. It also defines consumer-generated media as any content posted online by consumers, including opinions, experiences, and advice. Consumer-generated media is an important technology for credit unions to engage with Generation Y members.
My 2nd Grader's App Idea - Who wants in ? The road puzzle gameShashi Bellamkonda
My son is trying to pitch this idea to my friends. I think he has a good idea. send me an email if youa re interested and I will make the connection with this in-house entrepreneur shashib@gmail.com
This document is a message for a special person expressing how much they appreciate and care for them. It says that the recipient's positive light and behavior makes others feel appreciated. It thanks them for the emails that have brought smiles and good moods. It acknowledges that the recipient is important and appreciated. It offers a flower and says their friendship makes them a better person. It hopes this message makes the recipient smile and that they will share smiles with other friends who love them.
Presentation I originally put together in 2007 to introduce agile (scrum) to my team and suggest ways for us to adapt to this increasingly used methodology.
The Realtime Cloud - unified or isolated islands on the net?Olle E Johansson
The document discusses the transition of communication technologies to cloud-based platforms using open standards. Key points addressed include the maturity of voice over IP and open-source solutions, the capabilities of current servers, the role of open standards and protocols like SIP and XMPP in enabling unification and interoperability, and the importance of IPv6 in connecting users and services in the emerging cloud-based communication landscape. The presentation argues that unified communication platforms should not focus only on legacy telephony features and should embrace the opportunities of the real-time internet.
The document summarizes a clinical assessment of chronic pelvic pain (CPP) in females of reproductive age. It includes an introduction on CPP, objectives to assess CPP and compare health seeking behavior in government and private sectors. The methodology section describes the study design, sampling, inclusion/exclusion criteria and data collection. The results section presents demographic data, presenting complaints, comparisons of symptoms between government and private sectors, associated complaints, pain intensity, and abortion history. It concludes with recommendations.
NRG Software provides shipping software solutions built on the FileMaker platform. They have over 10 years of experience developing shipping solutions for UPS and FedEx, and currently have over 300 business customers. Their solutions allow customers to obtain rates, print labels, track shipments, and access shipment history for UPS and FedEx shipping. They also offer custom integrations that allow shipping from other existing systems and across multiple carriers.
The Black List - Vol. 1 - Social Media MastersMichael Street
A list of top African-American voices in the social media space. So in order to drive awareness of the vast array of diversity in tech and social media space we have created 'The Black List.' Use this as a directory of who's who in the tech, startup, and social media business.
The document discusses establishing home groups and expert groups to learn about areas offered on the Online Curriculum Centre (OCC). Students are split into home groups and then choose expert groups to research different OCC content areas like e-library, forums, news, and more. They have 15 minutes to explore as an expert group before returning to their home groups to share what they learned. The goal is for each student to become an expert in an area and teach their home group members.
The document discusses clustered architecture patterns for delivering scalability and availability. It describes using network attached memory and JVM-level clustering to eliminate bottlenecks. This allows state to be shared across multiple servers for improved performance and reliability. An example application called HelloClusteredWorld is provided to demonstrate how state can be clustered in memory across multiple JVMs. Configuring Hibernate and enabling its second level cache can further reduce database load.
I was on a panel with Mike Whaling and Jun Loyaza at the Optimization summit. We had a very interesting discussion and a lot of fun with audience questions including a dating app discussion. The Luncheon took a look at the most powerful changes and opportunities driving and shaping the direction and growth of this dynamic realm—in both the near and long-term future. You’ll get a first-hand and far-reaching look at the New Media landscape; hear about the hottest changes happening now and how to capitalize on them; get clued in to important opportunities that are about to emerge; and walk away with insider knowledge that will help you position your company years ahead of the competition.
We need to protect our Internet communication - from basic web surfing to IP telephony, E-mail and Internet of things. This presentation gives some background and introduces one of the core security protocols - TLS, Transport Layer Security. This presentation is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
Update: See http://www.slideshare.net/oej/morecrypto-with-tis-version-20
The tools at our disposal today for deploying HTTPS are tremendously powerful, and easy to use. Initiatives like Let's Encrypt offer certificates, and new security policies like HSTS and HPKP allow you to protect against extremely powerful attacks. HTTPS, Here and Now!
This was an invited talk at the ICT Security Happening, organized by the VDAB Competence Center in Leuven.
TLS provides confidentiality, identity, and integrity for internet communication. It is used for HTTPS web pages and applications on computers and phones. TLS is based on SSL and uses asymmetric encryption where the server sends a public key to set up the secure connection. The client then challenges the server, which responds using its private key to prove its identity. Certificates bind a public key to an identity and are signed by a Certification Authority. They contain information like the key, owner identity, and validity period.
Morecrypto in the world of SIP - the Session Initiation ProtocolOlle E Johansson
The Internet is under attack and we need more encryption everywhere. This applies to the world of realtime communication too. This talk briefly goes through what can be done today and what needs to be done in the future. Originally delivered at Kamailio World 2014 in Berlin.
SSL Certificate is a very common term that we definitely heard but there is only limited number of people who know it is meaning or what is it? Actually SSL stands for Secure Socket Layer Protocol which helps to secure more safety in the internet world. it was developed by Netscape and issued by the Certificate Authorities.
Lesson 1. General Introduction to IT and Cyber Security.pptxJezer Arces
This document provides an introduction to information and cyber security concepts. It defines information security as protecting data from all threats, while cyber security specifically addresses cyber threats. The three pillars of cybersecurity are outlined as confidentiality, integrity, and availability of data. Common computer protocols like HTTP, HTTPS, FTP, and protocols that make up the TCP/IP model are explained. Basic security terminology and functions of cookies are also covered to introduce fundamental IT and cyber security concepts.
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
To guarantee data integrity and confidentiality in Alfresco, we need to implement authentication and encryption at-rest and in-transit. With micro services proliferation, orchestrating platforms, complex topologies of services and multiple programming languages, there is a demand of new ways to manage service-to-service communication, and in some cases, without the application needing to be aware. In addition to that, compliance requirements around encryption and authentication come to the picture requiring new ways to handle them. This talk will review encryption at-rest solutions for ADBP, and will be also discuss about solutions for encryption and authentication between services. This will be an introduction to service mesh and TLS/mTLS. We will see a demo of ACS running with Istio over EKS along with tools like WaveScope, Kiali, Jaeger, Grafana, Service Graph and Prometheus.
This document discusses SSL/TLS protocols and how to set up your own certificate authority (CA) or use Let's Encrypt for free SSL certificates.
It provides a brief history of SSL and TLS protocols, outlines the key differences between versions, and lists common TLS implementations like OpenSSL. It then explains how to set up your own CA by generating root and intermediate certificates and signing server/client certificates.
Finally, it introduces Let's Encrypt as a free and automated CA that aims to promote SSL security. It explains how Let's Encrypt validates domain ownership and issues certificates to ensure communications are private, integrity is maintained, and parties can be trusted.
PKI(Public Key Infrastructure) is used for security mechanism on internet.SSL(Secure Socket Layer).The SSL protocol is an internet protocol for secure exchange of information between a web browser and web server.
Some thoughts on a small step to make the Internet harder to monitor, to raise the cost of listening in to how we use services and how we communicate with each other on the net.
The document is an introduction to cryptography and digital signatures by Ian Curry from March 2001. It discusses the history of cryptography and the problem of key management. It then describes how public-key cryptography helped address key management issues for large networks by allowing secure distribution of public keys. The document also provides an overview of how Entrust uses a combination of symmetric and public-key cryptography to provide encryption, authentication, integrity, and non-repudiation for electronic communications like sending a secure electronic check. This includes digitally signing the check with a private key, encrypting it with a symmetric key, and securely delivering the symmetric key to the recipient using the recipient's public key.
This document provides an overview of SSL/TLS (Secure Sockets Layer/Transport Layer Security) and how it works to secure data transmission over the internet. It discusses why SSL is important for encrypting data and verifying identities. It then explains the basic process of how SSL works, including how a client encrypts requests using a server's public key and how the server decrypts with its private key. The document outlines the requirements to implement SSL, including generating a key and obtaining a certificate. It differentiates between self-signed and authorized certificates. Finally, it provides steps to create a certificate using OpenSSL and configure the Apache web server to use SSL.
The document is a technical presentation on computer security and cryptography by Alex.C.P. It discusses topics such as viruses, firewalls, hackers, the definition of computer security, confidentiality, integrity and availability. It then covers the basics of cryptography including symmetric and asymmetric algorithms. Application areas like ensuring identity through digital signatures and the role of trust are explained. Finally, techniques to provide confidentiality, integrity and defend against viruses through cryptography are summarized.
The document provides an overview of encryption, digital signatures, and SSL certificates. It discusses how public key encryption uses a private key and public key to encrypt messages. Digital signatures authenticate the identity of the sender and ensure messages remain intact. SSL certificates allow browsers and servers to establish an encrypted connection by containing a public key and verifying identity with a Certificate Authority. The client's browser verifies the server's certificate with the CA to trust the secure connection.
International Refereed Journal of Engineering and Science (IRJES)irjes
International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications
This document discusses network security and the Kerberos authentication protocol. It provides an introduction to Kerberos, describing how it works to allow users and services to authenticate over a network. Kerberos uses secret key cryptography and issues tickets to allow users to securely access remote services without sending passwords over the network in clear text. The document outlines the initialization process when a user requests a ticket-granting ticket from the Kerberos server, and how that ticket is then used to request and access remote services. It also discusses some of the limitations of Kerberos and enhancements being made.
TLS (Transport Layer Security) is a cryptographic protocol that provides encryption and security for data sent over the internet. It is used by HTTPS to encrypt communication between web browsers and servers. TLS 1.2, the previous standard, had security flaws in how it exchanged encryption keys. TLS 1.3 improves security by using Diffie-Hellman key exchange so keys are not sent directly over the network. To upgrade a website from HTTP to HTTPS, an SSL certificate must be purchased and installed, all links on the site must be changed to HTTPS, and HTTP traffic should be redirected to HTTPS.
Certificate pinning in android applicationsArash Ramez
Certificate pinning is a security mechanism where an app specifies certificates from trusted authorities and only accepts connections signed by those certificates. This prevents man-in-the-middle attacks. The document discusses implementing certificate pinning in Android apps by configuring the network security configuration file or using third party libraries like OkHttp that have CertificatePinner classes to restrict which certificates an app will accept. It also describes how to retrieve a server's public key hashes to include in the pinning configuration.
The document discusses certificates and alternatives to the hierarchical trust model used for SSL certificates. It describes how SSL works using certificates authorities (CAs) to validate website certificates. Problems are discussed with this approach, including vulnerabilities of the CA system. Alternatives presented include PGP's web of trust model, where users decide who to trust, and the Perspectives browser add-on, which keeps a record of certificate changes to detect attacks. The document advocates for a decentralized trust model rather than relying solely on CAs.
Similar to #Morecrypto (with tis) - version 2.2 (20)
Cybernode.se: Securing the software supply chain (CRA)Olle E Johansson
The document discusses the Cybersecurity Resilience Act (CRA) and its implications for software development. The CRA aims to improve software supply chain security and vulnerability management. It requires companies to implement processes for identifying vulnerabilities, reporting them, and informing customers. Companies will need to provide documentation like a Software Bill of Materials (SBOM) and regularly assess dependencies for vulnerabilities to comply with the new regulations. The CRA is intended to help secure software and transparency to customers.
This document summarizes a vulnerability handling process. It describes classifying vulnerabilities using identifiers like CVE and CVSS. It outlines steps to receive reports, verify issues, remediate problems by fixing or mitigating, then publishing information. The process emphasizes communicating with reporters, updating customers, and retrospective learning to improve processes.
Introduction to the proposed EU cyber resilience act (CRA)Olle E Johansson
A short introduction to the proposed EU Cyber Resilience Act. It's a large document to parse, so please don't take my words as a truth, just indications of what will come. The CRA will impact everyone that distributes software and connected devices on the EU market, so it's important to stay up to date with this regulation.
This document discusses the history and future of telecommunications networks as the traditional telephone network (PSTN) declines. It notes that in 2050, efforts will still be underway to improve security in SIP and create new open source projects. Small independent communication networks may emerge if federation between networks breaks down as the PSTN dies. Key questions are how users can maintain a global identity, how sessions can be trusted without federation, and whether networks can survive without interconnecting.
WebRTC and Janus intro for FOSS Stockholm January 2019Olle E Johansson
This document discusses WebRTC and how it allows audio and video communication directly in the browser without plugins. It describes how WebRTC can be used for more than just calls, including games, dating sites, and more. It also summarizes how WebRTC uses secure protocols for media transfer and network discovery. Janus is introduced as a WebRTC gateway that can connect WebRTC applications to other protocols and services like SIP and RTSP. Examples of WebRTC applications are given and directions provided on how to connect to and use the Janus gateway.
A talk about me discovering new architectures, new ways of building scalable realtime platforms #SIP #WebRTC #Kamailio #MQTT #NODERED
Watch it live at https://www.youtube.com/watch?v=BbfUXUWtxIg
This document discusses how a public radio broadcaster in Sweden transitioned to using open source software like Kamailio, Baresip, Asterisk, and Homer for their IP-based broadcast infrastructure. It describes their journey from using proprietary ISDN equipment to building a flexible system using SIP, RTP, and IP that supports live broadcasting from mobile devices. The broadcaster is now working to share their work through the open source IRIS Broadcast project to help other public broadcasters transition to open standards and share best practices.
WebRTC allows browsers to communicate directly through peer-to-peer connections without plugins. It uses protocols like SRTP for secure media, ICE for network traversal, and SDP for session description. Signaling can be done through any protocol that supports SDP exchange. WebRTC addresses issues like NAT traversal using STUN, TURN servers, and trickle ICE. RTP bundling allows multiple media streams to be multiplexed over a single port.
Realtime communication over a dual stack networkOlle E Johansson
Fosdem 2017: A short talk about dual stack (IPv4 and IPv6) issues when using SIP, WebRTC, XMPP and other realtime platforms in a dual stack world - where both client and server is connecting to the new and the old Internet.
Side note: Uploads to slide share doesn't work on IPv6-only networks.
My talk at Voip2day 2016 in Madrid (organised by Avanzada 7 in Malaga).
This talks cover recent trends in realtime communication, from VoIP to WebRTC and Internet of Things
A presentation covering work that needs to happen. We jokingly came up with a non-existing organisation that maintains a reference profile for SIP. While the organisation is just a joke, the work is quite serious.
Sips must die, die, die - about TLS usage in the SIP protocolOlle E Johansson
SIPS: is problematic because it implies end-to-end security that cannot be guaranteed or verified. TLS usage is preferable but SIPS: has led some developers to see it as the only solution. RFC 5630 deprecates SIPS: and outlines using TLS for all hops instead of just the last hop. Removing SIPS: and focusing on TLS for the first hop under a client's control may be better approaches. End-to-end security remains an open issue that solutions like S/MIME could potentially address if its challenges were re-examined.
This document discusses problems with SIP outbound and proposes a "half-outbound" approach to allow connection reuse for SIP over TLS. It notes that SIP UAs often use TCP for TLS or mobile networks, but this prevents servers from reusing connections for outbound requests. A half-outbound approach would allow the client to indicate support for connection reuse after a TLS connection is established, and the server could then reuse that connection for outbound SIP requests associated with the registration. This would simplify connection reuse compared to full SIP outbound while still addressing issues with SIP over TLS.
The document discusses updates needed for SIP to work effectively in modern environments. It recommends: 1) requiring support for SIP Outbound and TLS/DTLS key exchange to address challenges of NAT and encryption; 2) requiring full support for Opus codec and RTCP feedback to optimize media; and 3) supporting IETF work on standards like STIR, SIPCORE, and stronger authentication. The document also outlines upcoming SIP features from the IETF and SIP Forum around improved identities, dual-stack support, and TLS in SIPConnect 2.0.
2015 update: SIP and IPv6 issues - staying Happy in SIPOlle E Johansson
What's the state of SIP and IPv6?
- An update I gave at the Netnod spring Meeting 2015.
Nothing much is happening, despite the fact that we have proven real issues with dual stacks in SIP.
A quick introduction to Kamailio - the leading Open Source SIP server (based on OpenSER and SER). Kamailio is quite different than Asterisk, FreeSwitch and many other VoIP platforms - why is that and how do you start getting your head around Kamailio?
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxSynapseIndia
Your comprehensive guide to RPA in healthcare for 2024. Explore the benefits, use cases, and emerging trends of robotic process automation. Understand the challenges and prepare for the future of healthcare automation
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...Toru Tamaki
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
Comparison Table of DiskWarrior Alternatives.pdfAndrey Yasko
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
Mitigating the Impact of State Management in Cloud Stream Processing SystemsScyllaDB
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Best Programming Language for Civil EngineersAwais Yaseen
The integration of programming into civil engineering is transforming the industry. We can design complex infrastructure projects and analyse large datasets. Imagine revolutionizing the way we build our cities and infrastructure, all by the power of coding. Programming skills are no longer just a bonus—they’re a game changer in this era.
Technology is revolutionizing civil engineering by integrating advanced tools and techniques. Programming allows for the automation of repetitive tasks, enhancing the accuracy of designs, simulations, and analyses. With the advent of artificial intelligence and machine learning, engineers can now predict structural behaviors under various conditions, optimize material usage, and improve project planning.
1. #MoreCrypto
A small step to make it harder
to listen to IP based activity.
V2.2 TLS - oej@edvina.net - slideshare.net/oej - Twitter @oej
Ⓒ Olle E. Johansson, Stockholm, Sweden 2014-2015
This work is licensed under
2015-01-02
2. The problem
We have built an information network
that is too easy to monitor. We simply
trusted everyone too much in a naive way.
Sadly, we can’t do
that any more.
3. #MoreCrypto
The Internet mirrors society
When the Internet was small, there was a select group
of people using it. They felt is was a safe place.
5. #MoreCrypto
The developers sets new
directions
All new Internet protocols should
have crypto turned on by default.
IAB November 2014
Internet is under attack. We need to
respond.
IETF 2013
7. #MoreCrypto
Changing the Internet
is too hard.
We are not using the
security tools we have in the
way they are meant to be
used today. In some cases, like e-mail and
IP telephony, most of us do not
use any security tools at all.
8. #MoreCrypto
How do we change?
The users must require change. Otherwise,
very few things happen. It is up to you and me.
9. #MoreCrypto
What needs to be done?
A lot of changes needs to be done in how we build
services, operate them and use them.
More crypto Easy to use authentication
Enhanced privacy Stronger confidentiality
…and much more
12. #MoreCrypto
Some encryption
most of the time
“Protocol designs based on
Opportunistic Security use encryption
even when authentication is not
available, and use authentication when possible,
thereby removing barriers to
the widespread use of encryption
on the Internet"
IETF RFC 7435
Viktor Dukhovni
13. #MoreCrypto
All or nothing?
“Historically, Internet security protocols have emphasized
comprehensive "all or nothing" cryptographic protection against both
passive and active attacks. With each peer, such a protocol achieves
either full protection or else total failure to communicate (hard
fail). As a result, operators often disable these security protocols
when users have difficulty connecting, thereby degrading all
communications to cleartext transmission.”
Full
protection
Failure????
Is there an alternative
between full protection and
failure?
RFC 7435 Viktor Dukhovni
15. #MoreCrypto
TLS is an important tool
TLS
Transport
Layer
Security
TLS provides confidentiality, identity
and integrity to Internet communication.
TLS is used in HTTPS:// web pages, but can also be
used from applications on a computer as well as a cell
phone.
TLS is based on SSL, that was a provider-specific
technology. TLS is maintained by the IETF and is still
being improved.
The second part
covers this!
18. #MoreCrypto
Why?
More crypto on the Internet
raise the cost of listening in to
our information flows, our
conversations. It does not solve all the issues,
we have a lot of work
ahead of us.
Using more TLS is not very
complicated and can be used in
most applications today.
19. #MoreCrypto
Starting points.
Enable HTTPS for Facebook,
Google and other services
when you can.
Use EFF HTTPS ANYWHERE
in your web browser.
If you are a sysadmin, enable
TLS and follow new advice on
choice of algorithms.
20. #MoreCrypto
What does TLS give you?
Browser ServerConfidential path
Other people in the same network (or IT management)
can see where you go (server address), but not what you do.
Example:
Hotel staff can’t see what you write
or read on Facebook.
21. #MoreCrypto
What about VPN tunnelling?
Computer Confidential path
Example: Other people in the same
network (or IT management)
can see that you are using a VPN,
but not what you do.
Web
Server
Mail
Server
VPN = Virtual private network
On the other side of the VPN
server your connections
become visible again -
unless you are using TLS.
VPN
server
Example:
Hotel staff can’t see which web
sites you are connecting to.
22. #MoreCrypto
The work ahead of us
Mobile
apps
Web
IP
Telephony
E-mail
Cloud
Services
Internet of
things
The Digital
home
Chat
Video
Services
Require
#MoreCrypto!
25. #MoreCrypto
TLS is an important tool
TLS
Transport
Layer
Security
TLS provides confidentiality, identity
and integrity to Internet communication.
TLS is used in HTTPS:// web pages, but can also be
used from applications on a computer as well as a cell
phone.
TLS is based on SSL, that was a provider-specific
technology. TLS is maintained by the IETF and is still
being improved.
26. #MoreCrypto
Encryption
Using the same key for
encryption and decryption
Using two different keys for
encryption and decryption
SYMMETRIC ASYMMETRIC
Simple for the CPU,
supports streaming data
More computations,
easier for data blocks
27. Using a private
and a public key
• TLS use a keypair to set up a secure connection
• The server sends the public key at connection
setup
• The client challenges the server to verify that it
has the private key
• The server responds to the challenge using the
server private key
• Now the client knows that the server has the
private key that matches the public key
private
Step 1.
28. TLS Usage
• TLS is used for
• authentication of servers and
clients
• initiating encryption of a session
• digital signatures on messages to
ensure integrity and provide
authentication
Authentication"
Who are you? Prove it!
Encryption"
Providing confidentiality
Integrity"
Making sure that the receiver get
what the sender sent
29. #MoreCrypto
Crypto
TLS is a framework for
crypto
TLS & DTLS
TCP or UDP
IP, Internet Protocol - v4 & v6
KEY EXCHANGE ALGORITHM CHECKSUMS
30. #MoreCrypto
TLS & DTLS
Who’s there, really?
TCP or UDP
IP, Internet Protocol - v4 & v6
Digital
ID
Digital
ID
Real"
ID
Real"
ID
Person
Phone
Server
Person
Phone
Server
PKI, Certificate infrastructure
Bare keys, certs in DNSsec
Orga-
nization
Orga-
nization
31. Adding a certificate
to the mix
• A certificate is nothing more complicated than a
passport or an ID card
• It contains the public key and some administrative
data
• And is signed (electronically) by someone you
might trust ... or not.
• This is part of the complex structure called PKI,
which you might want or just disregard
• A PKI is not needed to get encryption for the
signalling path!
• You can however use a PKI to only set up
connections that you trust
Digital
ID
Real"
ID
32. The PKIX certificate
• An PKIX certificate is the standardised way to
bind a public key to an identity
• The certificate is issued and signed by a
Certification Authority (CA)
• A PKIX (also called X.509v3) certificate is an
electronic document with a specific layout
• Standard: documented in IETF PKIX RFC:s
Version
Serial number
Issuer identity
Validity period
User identity
Public key
Extension fields
33. X509.v3
contents
• Version number
• Certificate serial number
Used for validation
• Identity of the issuer
• Validity period
• Identity of the public key owner
• Public key
• Extension fields
• A digital signature, created by the issuer
Internet
Explorer
Certificate
Manager
34. Example: SIP certificates
• SubjectAltName contains a list of
identities that are valid for this
certificate - SIP domains
• RFC 5922 outlines a SIP event package
to distribute and manage certificates
• The domain cert is used to sign the
NOTIFY payload
TLS is more than the
world wide web!
35. x.509 cert for SIP
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:08:00:79:00:15:00:43
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, O=sipit, OU=SipitTest Certificate Authority
Validity
Not Before: Sep 16 17:17:00 2009 GMT
Not After : Sep 15 17:17:00 2012 GMT
Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a7:96:65:6e:b6:ba:3a:48:a1:bd:a3:ae:21:dc:
a8:92:97:3c:43:ea:24:e6:9f:93:2f:61:7e:d3:2d:
30:1e:21:42:b9:d6:59:87:f1:b1:f8:c8:39:8e:43:
64:9a:31:2c:18:3d:cd:d8:03:64:bb:14:38:44:05:
20:30:d8:e1:db:a7:4d:c3:47:a2:49:73:d1:10:ed:
2f:cf:74:26:57:91:64:af:b0:f2:5d:3f:88:9f:df:
65:6c:ba:65:3f:66:99:52:6b:20:d2:0e:e3:65:18:
b1:8e:3d:ca:f2:4a:45:c5:4d:85:ef:82:54:f8:54:
54:db:96:90:9b:c5:1b:2a:1e:60:3c:43:71:55:60:
30:93:8f:fd:d8:d9:3d:a1:32:e3:56:4b:e2:73:b6:
cc:18:93:8a:d8:8b:68:81:c7:fd:cd:d5:dc:4c:a2:
86:61:9f:ad:d0:b1:d3:3c:4c:6c:07:54:b2:43:b4:
a7:0a:0a:f2:e3:6d:12:43:16:70:63:c9:e9:1a:78:
66:9d:ee:30:94:7b:ab:f2:e9:67:4a:66:6d:8c:ed:
a8:a4:98:51:77:0b:a7:60:55:73:85:87:4a:57:6b:
24:fe:27:00:02:79:70:da:5a:45:ad:aa:3d:d5:40:
5b:5c:85:63:93:56:af:c7:e8:e3:b6:1a:25:b6:a2:
2d:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
27:F7:A9:96:F5:B2:8F:0B:5E:A9:C7:F5:0F:AC:3D:AB:3D:8D:F0:30
Signature Algorithm: sha1WithRSAEncryption
1a:fe:1f:af:86:99:82:e5:14:97:8d:64:9a:d1:5c:ea:6c:96:
f5:c6:0c:7d:20:5f:4e:70:05:24:3a:de:b5:b9:cf:66:8d:4c:
74:d5:6a:a9:52:74:17:bc:b4:79:a0:58:32:78:a9:70:7c:6a:
15:ac:07:29:77:13:06:55:53:3f:0b:4c:3d:da:55:6e:ad:74:
56:01:55:c8:4c:19:8d:06:0b:f3:4c:04:d5:9a:6f:44:ad:7a:
fd:3b:aa:e8:4b:84:6e:f1:c4:34:f4:a0:6a:f6:81:ae:74:b4:
46:6e:b9:2f:a6:59:f1:02:e9:58:7c:a1:8d:08:31:2b:39:ee:
eb:7e
Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net
X509v3 Subject Alternative Name:
DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net
Notice the URI in the certificate!
36. Process for a server
Generate
Keys
Pack public key
in CSR
Send CSR
to CA
CA validation
process
CA issues
Certificate
Install cert
in server with
private key
The private key
should never leave your hands.
38. Checking the cert
Get cert Ask CA if cert is valid
If revoked, close
connection
continue
Way too slow…
(In SIP we measure milliseconds at
call setup).
39. OCSP stapling
Get cert
Get certificate validity
statement, signed by CA continue
The signed validity statement needs to
be refreshed by server.
40. Protocol specifics
• Given a protocol request - how do we match the
request address to a certificate
• SIP Uri, E-mail address, HTTPS
• Make sure this validation happens when a
secure connection is requested.
sip:oej@namn.se https://edvina.se
mailto:info@iis.se Your protocol
41. #MoreCrypto
TLS and SSL
SSL v1.0 - 2.0
Created by Netscape
Communications
Deemed insecure.
SSL v3.0
Last version. No support for
extensions and not for modern
crypto algorithms. Deemed
insecure.
TLS 1.x
Open standard defined by the
IETF. Keeps being updated.
It’s time to try to stop
using SSL.
42. Issues
Certificate can validate correctly
with the CA store, but still be the
wrong certificate.
Certificate private key can be
copied and certificate
revocated.
DNS was spoofed, so we
reached the wrong service
Something new and even more
scary than Heartbleed and
Poodle…
43. Man in the middle
• How do we prevent and discover TLS proxys?
• Quite commonly used
Client ServerMITM
44. #MoreCrypto
Certificate Fingerpinning
Certificates have a fingerprint, a
checksum of the cert and key.
Embed last, current and next
certificate fingerprint in the code
Verify that you are talking with
the expected server.
TLS verification may work with a
bad server cert too.
Client ServerMITM
Client Server
45. #MoreCrypto
Trust on first use
Save certificate fingerprint on
first connection
If another certificate shows up,
warn the user
Don’t block, the first connection
could be bad
Certificates gets updates
so save expiry time and
accept new.
Client ServerMITM
Client Server
46. #MoreCrypto
DANE - using DNSsec
Save cert in DNS, signed by
DNSsec
If another certificate shows up,
do not continue. Disconnect.
Certificates that expired or was
revoked has no NS records
Client ServerMITM
Client Server
Client DNS
DNS query
TLS connection
47. DANE step by step
I want to speak with edvina.net using
http
Query DNS for a public key, fingerprint
or certificate
If response is validated using DNSsec,
trust it for verification
Connect and get cert from server
CA: Make sure cert is from the CA in
DNS, verify as before
Key/fingerprint: Make sure the cert or
key given by the server matches.
1.
2.
3.
4.
5. 5.
48. ?
User specifics
• Which CAs do we trust?
• How do we check validity of certificate, even if
we trust the CA?
• Do we have time for validation?
49. Toward new solutions
• Anchoring the certificate in DNS
• Validating the certificate in DNS
• No certificate - bare keys
• Opportunistic Security with TLS
DNSsec
50. Heartbleed
• Programming error in OpenSSL
• OpenSSL is used in too many
places
• Opened up for private key
distribution and a lot of other
in-memory data.
51. Security is a process
• There will be other issues with
TLS libraries, protocols and
implementations
• Surviving these is better than
having no security, integrity,
privacy or confidentiality
56. Advice:
• Use encrypted communication with TLS and
DTLS by default
• Authenticated sessions are more secure than
non-authenticated
• If you really need confidentiality, check ciphers
and checksum algorithms
#MoreCrypto
57. #MoreCrypto
The new solution
Opportunistic security
Separate identity and confidentiality
Some network sessions are better
without identity (OTR)
Make it harder to listen in
Always try crypto - regardless if
certificate validates
Never show a lock to the user
for opportunistic crypto 🔒
58. #MoreCrypto
To-do list
New projects:
Always build secure platforms. Encrypt all communication.1.
Users:
Use EFF HTTPS Everywhere, Require TLS sessions. Ask web site owners.2.
When buying new services/products:
Require use of TLS/DTLS. You will help us developers.3.
61. Join us!
• IETF peerpass mailing list, UTA working group
and more.
• Hashtag #MoreCrypto
• http://internetsociety.org
62. Feedback?
• Feedback and suggestions for improvements to this presentation is
more than welcome! Send to oej@edvina.net!
• Feel free to use this presentation yourself - Notice the Creative
commons license on this presentation!
• Please tell me if you use it! It’s always fun to know.
#MoreCrypto
Author: oej@edvina.net - slideshare.net/oej
Ⓒ Olle E. Johansson, Stockholm, Sweden 2014-2015.
This work is licensed under
Olle E. Johansson