tide proactive threat detection introduction
play

TIDE: Proactive threat detection Introduction Ph.D. student from - PowerPoint PPT Presentation

Nov 27, 2022 •515 likes •1.6k views

2019-06-20 Olivier van der Toorn <o.i.vandertoorn@utwente.nl> University of Twente, Design and Analysis of Communication Systems TIDE: Proactive threat detection Introduction Ph.D. student from the University of Twente System

  1. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days)

  2. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 30705 Δ t < 2 days

  3. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  4. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 1154 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  5. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 1105 1154 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  6. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 971 1105 1154 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  7. 17 RBL comparison (2 month period) 100000 ains 10000 ber of detected dom 1000 100 10 1 0 10 20 30 40 50 60 70 80 Num Detection in advance (days) 949 971 1105 1154 30705 1972 Δ t < 2 days Δ t ≥ 2 days

  8. 18 RBL comparison (9 month period) Number of detected domains 10000 1000 100 10 1 0 20 40 60 80 100 120 140 160 180 Detection in advance (days) 205 1305 57724 6710 Δ t < 2 days Δ t ≥ 2 days

  9. 19 SURFnet evaluation daadzgam.com Domain names realdrippy.com coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates

  10. 20 SURFnet evaluation daadzgam.com Domain names realdrippy.com coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates

  11. 20 SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates

  12. • 45% of received emails fall in this category 20 • 18% of observed domains fall in this category SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates Δ t < 2 days

  13. • 17% of received emails fall in this category 20 • 26% of observed domains fall in this category SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates Δ t ≥ 2 days

  14. • 38% of received emails fall in this category • 57% of observed domains fall in this category 20 SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates ? domain not on existing blacklist yet

  15. • 59% of these emails have not been marked as spam • 41% of emails were received in the purple areas 20 SURFnet evaluation daadzgam.com Domain names Detected realdrippy.com Blacklisted coachspoke.com stillscratch.com homerope.com quittradition.com 2017-05-24 2017-06-23 2017-07-23 Observation dates

  16. Use case: DDoS domains

  17. In DDoS attacks the amplification factor is important. Domains crafted for DDoS attacks typically have: • Many records • Long (TXT) records 21 DDoS domains

  18. In DDoS attacks the amplification factor is important. Domains crafted for DDoS attacks typically have: • Many records • Long (TXT) records 21 DDoS domains

  19. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  20. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  21. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  22. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  23. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  24. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  25. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  26. Possible methodology could be: 1. Filter domains with more than average number of records, or longer than average TXT record 2. Gather the records for the past X days 3. Determine trend lines 4. Predict the size of the domain, say, ten days from now 5. Flag the domain if the predicted size is above a certain threshold 22 Lifetime of a DDoS domain 4000 A NS 3500 SOA Estimated ANY size (bytes) 3000 TXT 2500 Attacks observed 2000 1500 1000 500 0 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 - - - - - - - - 5 5 5 5 5 5 5 5 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

  27. Use case: DNS TXT records

  28. • 1.2% falls in the ‘other’ category 23 • Majority of TXT records are related to email (~70%) DNS TXT records 80 M Crypto Coins 70 M Email TXT records Number of Encoded 60 M Miscellaneous 50 M Other 40 M Patterns Verification 30 M 20 M 2015-07 2016-01 2016-07 2017-01 2017-07 2018-01 2018-07 Date

  29. • 1.2% falls in the ‘other’ category 23 • Majority of TXT records are related to email (~70%) DNS TXT records 80 M Crypto Coins 70 M Email TXT records Number of Encoded 60 M Miscellaneous 50 M Other 40 M Patterns Verification 30 M 20 M 2015-07 2016-01 2016-07 2017-01 2017-07 2018-01 2018-07 Date

  30. • 1.2% falls in the ‘other’ category 23 • Majority of TXT records are related to email (~70%) DNS TXT records 80 M Crypto Coins 70 M Email TXT records Number of Encoded 60 M Miscellaneous 50 M Other 40 M Patterns Verification 30 M 20 M 2015-07 2016-01 2016-07 2017-01 2017-07 2018-01 2018-07 Date

  31. One of the hightlights of this ‘other’ category is single character records. • More than 278K TXT records consisting of a single charcter • Majority contains a ~ • Almost all of these domains are hosted in the same AS 24 DNS TXT records

  32. One of the hightlights of this ‘other’ category is single character records. • More than 278K TXT records consisting of a single charcter • Majority contains a ~ • Almost all of these domains are hosted in the same AS 24 DNS TXT records

  33. One of the hightlights of this ‘other’ category is single character records. • More than 278K TXT records consisting of a single charcter • Majority contains a ~ • Almost all of these domains are hosted in the same AS 24 DNS TXT records

  34. One of the hightlights of this ‘other’ category is single character records. • More than 278K TXT records consisting of a single charcter • Majority contains a ~ • Almost all of these domains are hosted in the same AS 24 DNS TXT records

  35. 25 DNS TXT records

  36. • Generally, no Are these records useful for threat detection? • The ‘~’; case could be an identifier for domains from a specific AS 26 DNS TXT records

  37. Use case: Combo-squat domains

  38. Many types of squatting domains: Type Example (target: utwente.nl) Typosquatting utwent.nl Combosquatting utwente-login.nl Bitsquatting utwenpe.nl Homograph-Based squatting utvvente.nl 27 Combo-squat: What is a combo-squat domain?

  39. We started out by developing a general machine-learning based detection model. Feeding the detection model a list of trademarks worked a lot better! Trademark Number of domains Apple 8751 Paypal 1241 Microsoft 711 28 Combo-squat: A general approach?

  40. We started out by developing a general machine-learning based detection model. Feeding the detection model a list of trademarks worked a lot better! Trademark Number of domains Apple 8751 Paypal 1241 Microsoft 711 28 Combo-squat: A general approach?

  41. We started out by developing a general machine-learning based detection model. Feeding the detection model a list of trademarks worked a lot better! Trademark Number of domains Apple 8751 Paypal 1241 Microsoft 711 28 Combo-squat: A general approach?

  42. 29 However, a larger problem is the life time of a combosquat domain. Combo-squat: The problems with a generic approach

  43. 29 However, a larger problem is the life time of a combosquat domain. Combo-squat: The problems with a generic approach

  44. Where it works: • Snowshoe spam domains Where it might work: • DDoS Domains • Malicious TXT records Where it doesn’t work: • Combo-squat domains 30 Use cases

  45. Where it works: • Snowshoe spam domains Where it might work: • DDoS Domains • Malicious TXT records Where it doesn’t work: • Combo-squat domains 30 Use cases

  46. Where it works: • Snowshoe spam domains Where it might work: • DDoS Domains • Malicious TXT records Where it doesn’t work: • Combo-squat domains 30 Use cases

  47. Reflection

  48. What have we learned from these use cases? • The data needs to contain hints • This approach works for relatively long setup times (in our case >1d) 31 Reflection

  49. What have we learned from these use cases? • The data needs to contain hints • This approach works for relatively long setup times (in our case >1d) 31 Reflection

  50. What have we learned from these use cases? • The data needs to contain hints • This approach works for relatively long setup times (in our case >1d) 31 Reflection

  51. 32 We realize that our solution is not perfect. Improvement?

  52. We think the “ultimate” solution is to combine passive and active measurements. We realize that our solution is not perfect. 32 Improvement?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Layered Approach to Insider Threat Detection and Proactive Forensics Phillip G. Bradford, Ning

A Layered Approach to Insider Threat Detection and Proactive Forensics Phillip G. Bradford, Ning

A Layered Approach to Insider Threat Detection and Proactive Forensics Phillip G. Bradford, Ning Hu University of Alabama Tuscaloosa, AL 35487 ACSAC Dec. 5-9, 2005 Insider threats Definition Menaces to computer security as a result of

131 views • 11 slides
Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and Challenges Challenges Mission critical information = High value target Threatens Government organizations and large corporations

435 views • 39 slides
Counterintelligence &amp; Insider Threat Detection National Insider Threat Special Interest Group

Counterintelligence &amp; Insider Threat Detection National Insider Threat Special Interest Group

Counterintelligence &amp; Insider Threat Detection National Insider Threat Special Interest Group July 18, 2017 Douglas D. Thomas Director, Counterintelligence Operations &amp; Corporate Investigations Lockheed Martin Counterintelligence

706 views • 16 slides
Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick

Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick

Analysis of Bypassing Detection by Microsoft Advanced Threat Analytics Edgar Bohte and Nick Offerman Research Project 2 #72 Introduction - Advanced Threat Analytics (ATA) Microsoft Active Directory (AD) On-premise Post-Infiltration

439 views • 25 slides
Highest Astronomical Tide for Pacific Countys SMP update HIGHEST ASTRONOMICAL TIDE (HAT) The

Highest Astronomical Tide for Pacific Countys SMP update HIGHEST ASTRONOMICAL TIDE (HAT) The

Highest Astronomical Tide for Pacific Countys SMP update HIGHEST ASTRONOMICAL TIDE (HAT) The elevation of the highest predicted astronomical tide expected to occur at a specific time station over the National Tidal Datum Epoch (NTDE) (NOAA;

813 views • 4 slides
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss Post CERT Botconf 2016 | Advanced Incident Detection and Threat Hunting using Sysmon and Splunk | Tom Ueltschi | TLP-WHITE Seite 1 C:\&gt; whoami /all

1.34k views • 115 slides
Detection of topological order with quantum simulators EU FET-Proactive QUIC a FNP i n o f

Detection of topological order with quantum simulators EU FET-Proactive QUIC a FNP i n o f

AvH Feodor Lynen EU IP SIQS Advanced ERC Grant: Advanced ERC Grant: MPG QUAGATUA OSYRIS MPI Garching SGR 874 CERCA/Program Detection of topological order with quantum simulators EU FET-Proactive QUIC a FNP i n o f Polish

890 views • 73 slides
Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai Zhang Michael D. Ernst Google Research University of Washington Goal : helping developers improve software error diagnostic messages Input data

806 views • 38 slides
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss Post CERT FIRST-TC 2018 | Advanced Incident Detection and Threat Hunting using Sysmon and Splunk | Tom Ueltschi | TLP-WHITE Seite 1 C:\&gt; whoami

1.73k views • 128 slides
Differentiating tide-influenced and tide-dominated deltas: Devonian Baltic Basin Piret

Differentiating tide-influenced and tide-dominated deltas: Devonian Baltic Basin Piret

Differentiating tide-influenced and tide-dominated deltas: Devonian Baltic Basin Piret Plink-Bjorklund MAIN POINTS: - facies, architecture &amp; stratigraphy of tide-influenced and dominated deltas - the nature of tidal signatures in both

624 views • 28 slides
Preparing For The Rising Tide Designing with Water Preparing For The Rising Tide Published

Preparing For The Rising Tide Designing with Water Preparing For The Rising Tide Published

Preparing For The Rising Tide Designing with Water Preparing For The Rising Tide Published February 2013 Maps Bostons vulnerability to coastal flooding Encourages property owners in today and tomorrows flood zone to know

283 views • 26 slides
High Tide Technologies, LLC Advances In Telemetry- Satellite Telemetry COMPANY INTRODUCTION

High Tide Technologies, LLC Advances In Telemetry- Satellite Telemetry COMPANY INTRODUCTION

High Tide Technologies, LLC Advances In Telemetry- Satellite Telemetry COMPANY INTRODUCTION High Tide Technologies, LLC Satellite SCADA Provider Easy to Install Hardware Web-based Software Satellite Communications 24x7

310 views • 27 slides
53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats every minute* * Merrill Lynch ...Causing $3T USD in costs, and expected to double by 2021* * CyberSecurity Ventures (2015) Todays threat

508 views • 35 slides
C The TIDE Project www.mbl.edu/tide Whole-ecosystem manipulations in Plum Island Estuary, MA

C The TIDE Project www.mbl.edu/tide Whole-ecosystem manipulations in Plum Island Estuary, MA

Ecosystem Services C The TIDE Project www.mbl.edu/tide Whole-ecosystem manipulations in Plum Island Estuary, MA Target conc. NO 3 - : (70 uM; 1 mg/L) 15x reference creeks May September, Since 2004 Reference Creek System 8 Years after

279 views • 8 slides
Proactive Detection of Network Security Incidents A Study Andrea Dufkova (ENISA) Piotr

Proactive Detection of Network Security Incidents A Study Andrea Dufkova (ENISA) Piotr

Proactive Detection of Network Security Incidents A Study Andrea Dufkova (ENISA) Piotr Kijewski (CERT Polska/NASK) FIRST 2012 Conference 21st June 2012, Malta www.enisa.europa.eu OUR TALK TODAY i. Links with ENISA work ii. Facts

701 views • 38 slides
ACCELERATING CYBER THREAT DETECTION WITH GPU Joshua Patterson | Director of Applied Solutions

ACCELERATING CYBER THREAT DETECTION WITH GPU Joshua Patterson | Director of Applied Solutions

ACCELERATING CYBER THREAT DETECTION WITH GPU Joshua Patterson | Director of Applied Solutions Engineering | GTC Israel 2017 @datametrician RULES &amp; PEOPLE DONT SCALE Current methods are too slow Right now, financial services reports it

685 views • 57 slides
Side Channel Analysis Chester Rebeiro IIT Madras CR Modern ciphers designed with very strong

Side Channel Analysis Chester Rebeiro IIT Madras CR Modern ciphers designed with very strong

Side Channel Analysis Chester Rebeiro IIT Madras CR Modern ciphers designed with very strong assumptions Kerckhoffs Principle The system is completely known to the attacker. This includes e ncryption &amp; decryption algorithms,

1.25k views • 85 slides
in Searchable Symmetric Encryption Kaoru Kurosawa and Yasuhiro Ohtaki Ibaraki University, Japan

in Searchable Symmetric Encryption Kaoru Kurosawa and Yasuhiro Ohtaki Ibaraki University, Japan

How to Update Documents Verifiably in Searchable Symmetric Encryption Kaoru Kurosawa and Yasuhiro Ohtaki Ibaraki University, Japan Outline (1) Introduction (2) Our (previous) verifiable SSE scheme (3) Extend it to a dynamic SSE scheme (but

1.13k views • 70 slides
Security Notions for Bidirectional Channels Giorgia Azzurra Marson Bertram Poettering FSE 2017

Security Notions for Bidirectional Channels Giorgia Azzurra Marson Bertram Poettering FSE 2017

Security Notions for Bidirectional Channels Giorgia Azzurra Marson Bertram Poettering FSE 2017 Tokyo, Japan 1 / 11 Outline Secure channels and how they are modeled Security notions for bidirectional channels Analysis of bidirectional

602 views • 39 slides
BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr hrea eats ts of inte of intern rnet et Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets?

722 views • 35 slides
AuthenticationOverview(NSchapter9)

AuthenticationOverview(NSchapter9)

AuthenticationOverview(NSchapter9) Largesetofprincipalsattachedtoanopenchannel(eg,Internet). ComputerandNetworkSecurity

875 views • 20 slides
Active Adversary Lecture 7 CCA Security MAC Active Adversary An active adversary can inject

Active Adversary Lecture 7 CCA Security MAC Active Adversary An active adversary can inject

Active Adversary Lecture 7 CCA Security MAC Active Adversary An active adversary can inject messages into the channel Eve can send ciphertexts to Bob and get them decrypted Chosen Ciphertext Attack (CCA) If Bob decrypts all ciphertexts for Eve,

352 views • 14 slides
Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography. Security. Falko Strenzke 2020 For evaluation purposes only Please do not distribute August 4, 2020 Dr. Falko Strenzke Attacks and Defenses For

531 views • 30 slides
Cryptanalysis of Symmetric-Key Primitives: Automated Techniques Nicky Mouha ESAT/COSIC, KU

Cryptanalysis of Symmetric-Key Primitives: Automated Techniques Nicky Mouha ESAT/COSIC, KU

Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Cryptanalysis of Symmetric-Key Primitives: Automated Techniques Nicky Mouha ESAT/COSIC, KU Leuven, Belgium IBBT, Belgium Summer School on Tools, Mykonos

886 views • 77 slides

More recommend