tls security where do we stand
play

TLS Security - Where Do We Stand? Kenny Paterson Information Security - PowerPoint PPT Presentation

Apr 06, 2023 •361 likes •1.37k views

TLS Security - Where Do We Stand? Kenny Paterson Information Security Group 1 Outline TLS overview TLS attacks and proofs Lucky 13 TLS Record Protocol and RC4 Discussion 2 TLS Overview SSL = Secure Sockets Layer.

  1. Ensuring Uniform Errors For instance, if the pad appears to be incorrect, the implementation might assume a zero-length pad and then compute the MAC. • This approach is adopted in many implementations, including OpenSSL, NSS (Chrome, Firefox), BouncyCastle, OpenJDK, … • One alternative (GnuTLS and others) is to remove as many bytes as are indicated by the last byte of plaintext and compute the MAC on what’s left. 23 23

  2. Ensuring Uniform Errors … This leaves a small timing channel, since MAC performance depends to some extent on the size of the data fragment, but it is not believed to be large enough to be exploitable, due to the large block size of existing MACs and the small size of the timing signal. 24 24

  3. Ensuring Uniform Errors … This leaves a small timing channel, since MAC performance depends to some extent on the size of the data fragment, but it is not believed to be large enough to be exploitable, due to the large block size of existing MACs and the small size of the timing signal. 25 25

  4. Lucky 13 – Plaintext Recovery XOR 2-byte Δ here and submit for decryption IV R 1 R 2 C t-1 C t d K d K d K d K P t Produces valid patterns “ 01 01 ” or “00”, (HMAC-SHA-1 + AES-CBC) OR bad pad. 26 26

  5. Case: “01 01” (or longer valid pad) XOR 2-byte Δ here and submit for decryption IV R 1 R 2 C t-1 C t d K d K d K d K P t SQN||HDR 20 bytes “ 01 01 ” 13 + 16 + 16 + 10 = 55 bytes (or longer 4 SHA-1 compression valid pad) function evaluations 27 27

  6. Case: “00” XOR 2-byte Δ here and submit for decryption IV R 1 R 2 C t-1 C t d K d K d K d K P t SQN||HDR “ 00 ” 56 bytes 20 bytes 5 SHA-1 compression function evaluations 28 28

  7. Case: Bad padding XOR 2-byte Δ here and submit for decryption IV R 1 R 2 C t-1 C t d K d K d K d K P t SQN||HDR 57 bytes 20 bytes zero-length pad 5 SHA-1 compression function evaluations 29 29

  8. Lucky 13 – Plaintext Recovery • The injected ciphertext causes bad padding and/or a bad MAC. – This leads to a TLS error message – The attacker times its appearance on the network. • There is a timing difference between “01 01” case and the other 2 cases. – A single SHA-1 compression function evaluation. – Roughly 1000 clock cycles, 1µs range on typical processor. – Measurable difference on same host, LAN, or a few hops away. • Detecting the “01 01” case allows last 2 plaintext bytes in the target block C t to be recovered. – Using some standard CBC algebra. • Attack then extends easily to all bytes. 30 30

  9. Experimental Results 1.292 ⇤ 10 6 � Calculated by Adversary ⇥ 1.291 ⇤ 10 6 Hardware Cycles 1.290 ⇤ 10 6 1.289 ⇤ 10 6 1.288 ⇤ 10 6 ⇥ 15 � 0xFE 1.287 ⇤ 10 6 1.286 ⇤ 10 6 0 50 100 150 200 250 � 15 • Byte 14 of plaintext set to 01; byte 15 set to FF. • OpenSSLv1.0.1 on server running at 1.87Ghz. • 100 Mbit LAN. • Median times (noise not shown). 31 31

  10. Lucky 13 – Countermeasures • We really need constant-time decryption for TLS-CBC. • Add dummy hash compression function computations when padding is good to ensure total is the same as when padding is bad . • Add dummy padding checks to ensure number of iterations done is independent of padding length and/or correctness of padding. • Watch out for length sanity checks too. – Need to ensure there’s enough space for some plaintext after removing padding and MAC, but without leaking any information about amount of padding removed. • TL;DR: – It’s a bit of a nightmare. 32 32

  11. Lucky 13 – Impact • OpenSSL patched in versions 1.0.1d, 1.0.0k and 0.9.8y, released 05/02/2013. • NSS (Firefox, Chrome) patched in version 3.14.3, released 15/02/2013. • Opera patched in version 12.13, released 30/01/2013 • Oracle released a special critical patch update of JavaSE, 19/02/2013. • BouncyCastle patched in version 1.48, 10/02/2013 • Also GnuTLS , PolarSSL , CyaSSL , MatrixSSL . • Microsoft “determined that the issue had been adequately addressed in previous modifications to their TLS and DTLS implementation”. • Apple: status unknown. (Full details at: www.isg.rhul.ac.uk/tls/lucky13.html) 33 33

  12. Other Lucky 13 Countermeasures? • Introduce random delays during decryption. – Surprisingly in effective, analysis in [AP13]. • Redesign TLS: – Pad-MAC-Encrypt or Pad-Encrypt-MAC. – Currently, some discussion on TLS mailing lists. – TLS 1.3? • Switch to TLS 1.2 – Has support for AES-GCM and AES-CCM. – Some encouraging signs of increasing adoption. • Use RC4? 34

  13. Outline • TLS overview • TLS attacks and proofs • Lucky 13 • TLS Record Protocol and RC4* • Discussion *AlFardan, Bernstein, Paterson, Poettering, Schudlt, On the Security of RC4 in TLS. USENIX Security Symposium, 2013. (www.isg.rhul.ac.uk/tls) 35

  14. TLS Record Protocol: MEE SQN || HDR Payload MAC MAC tag Padding Payload Encrypt HDR Ciphertext HMAC-MD5, HMAC-SHA1, HMAC-SHA256 MAC CBC-AES128, CBC-AES256, CBC-3DES, RC4-128 Encrypt “00” or “01 01” or “02 02 02” or … . or “FF FF … .FF” Padding 36

  15. TLS Record Protocol: RC4-128 SQN || HDR Payload MAC MAC tag Payload Encrypt HDR Ciphertext HMAC-MD5, HMAC-SHA1, HMAC-SHA256 MAC CBC-AES128, CBC-AES256, CBC-3DES, RC4-128 Encrypt 37

  16. TLS Record Protocol: RC4-128 SQN || HDR Payload RC4 State Byte permutation and indices i and j MAC RC4 Keystream generation RC4 Key scheduling MAC tag Payload MAC tag Encrypt HDR Ciphertext HMAC-MD5, HMAC-SHA1, HMAC-SHA256 HDR MAC CBC-AES128, CBC-AES256, CBC-3DES, RC4-128 Encrypt 38

  17. Use of RC4 in TLS • In the face of the attacks on CBC-based ciphersuites in TLS, switching to RC4 has been a recommended mitigation (e.g. Qualys, F5). • Use of RC4 in the wild: ICSI Certificate Notary Recent survey of 16 billion TLS connections: Approx. 50% protected via RC4 ciphersuites • Problem: • RC4 is known to have statistical weaknesses. • (RC4 widely considered weak because of WEP debacle.)

  18. Single-byte Biases in the RC4 Keystream Z i = value of i -th keystream byte • [Mantin-Shamir 2001]: • [Mironov 2002]: – Described distribution of (bias away from 0, sine-like distribution) • [Maitra-Paul-Sen Gupta 2011]: for • [Sen Gupta-Maitra-Paul-Sakar 2011]: l = keylength

  19. Complete Keystream Byte Distributions • Our approach in [ABPPS13]: – Based on the output from 2 45 random independent 128-bit RC4 keys, estimate the keystream byte distribution of the first 256 bytes .. ... ... ... Z 1 Z 2 Z 3 • Revealed many new biases in the RC4 keystream. – (Some of these were independently discovered by [Isobe et al. 2013].)

  20. Keystream Distribution at � Position 1 0.003950 Probability 0.003906 0.003878 Byte value

  21. Keystream Distribution at � Position 2 0.003950 Probability 0.003906 0.003878 Byte value

  22. Keystream Distribution at � Position 3 0.003950 Probability 0.003906 0.003878 Byte value

  23. Keystream Distribution at � Position 4 0.003950 Probability 0.003906 0.003878 Byte value

  24. Keystream Distribution at � Position 5 0.003950 Probability 0.003906 0.003878 Byte value

  25. Keystream Distribution at � Position 6 0.003950 Probability 0.003906 0.003878 Byte value

  26. Keystream Distribution at � Position 7 0.003950 Probability 0.003906 0.003878 Byte value

  27. Keystream Distribution at � Position 8 0.003950 Probability 0.003906 0.003878 Byte value

  28. Keystream Distribution at � Position 9 0.003950 Probability 0.003906 0.003878 Byte value

  29. Keystream Distribution at � Position 10 0.003950 Probability 0.003906 0.003878 Byte value

  30. Keystream Distribution at � Position 11 0.003950 Probability 0.003906 0.003878 Byte value

  31. Keystream Distribution at � Position 12 0.003950 Probability 0.003906 0.003878 Byte value

  32. Keystream Distribution at � Position 13 0.003950 Probability 0.003906 0.003878 Byte value

  33. Keystream Distribution at � Position 14 0.003950 Probability 0.003906 0.003878 Byte value

  34. Keystream Distribution at � Position 15 0.003950 Probability 0.003906 0.003878 Byte value

  35. Keystream Distribution at � Position 16 0.003950 Probability 0.003906 0.003878 Byte value

  36. Keystream Distribution at � Position 17 0.003950 Probability 0.003906 0.003878 Byte value

  37. Keystream Distribution at � Position 18 0.003950 Probability 0.003906 0.003878 Byte value

  38. Keystream Distribution at � Position 19 0.003950 Probability 0.003906 0.003878 Byte value

  39. Keystream Distribution at � Position 20 0.003950 Probability 0.003906 0.003878 Byte value

  40. Keystream Distribution at � Position 21 0.003950 Probability 0.003906 0.003878 Byte value

  41. Keystream Distribution at � Position 22 0.003950 Probability 0.003906 0.003878 Byte value

  42. Keystream Distribution at � Position 23 0.003950 Probability 0.003906 0.003878 Byte value

  43. Keystream Distribution at � Position 24 0.003950 Probability 0.003906 0.003878 Byte value

  44. Keystream Distribution at � Position 25 0.003950 Probability 0.003906 0.003878 Byte value

  45. Keystream Distribution at � Position 26 0.003950 Probability 0.003906 0.003878 Byte value

  46. Keystream Distribution at � Position 27 0.003950 Probability 0.003906 0.003878 Byte value

  47. Keystream Distribution at � Position 28 0.003950 Probability 0.003906 0.003878 Byte value

  48. Keystream Distribution at � Position 29 0.003950 Probability 0.003906 0.003878 Byte value

  49. Keystream Distribution at � Position 30 0.003950 Probability 0.003906 0.003878 Byte value

  50. Keystream Distribution at � Position 31 0.003950 Probability 0.003906 0.003878 Byte value

  51. Keystream Distribution at � Position 32 0.003950 Probability 0.003906 0.003878 Byte value

  52. Plaintext Recovery • Based on the keystream byte distribution, we can construct a plaintext recovery attack. – Exploits all single-byte biases in the initial part of the RC4 keystream. • The attack requires the same plaintext to be encrypted under many different keys. – Applicable when using TLS?

  53. Targeting Secure HTTP Cookies TLS Secure cookie TLS HTTP request (cookie attached) Malicious https://secure.com Client server • Javascript – Uses XMLHttpRequest objects to generate POST requests. – Request to secure site possible due to Cross-Origin Resource Sharing. – Number of requests generated by script must be balanced to avoid browser overload.

  54. Plaintext Recovery Encryptions of plaintext Plaintext candidate under different keys byte P r r Induced C 1 P r distribution on Z r C 2 P r combine with C 3 P r ... ... C n P r ⇒ Likelihood of P r being Recovery algorithm: correct plaintext byte Compute most likely plaintext byte

  55. Success Probability 2 20 Sessions

  56. Success Probability 2 21 Sessions

  57. Success Probability 2 22 Sessions

  58. Success Probability 2 23 Sessions

  59. Success Probability 2 24 Sessions

  60. Success Probability 2 25 Sessions

  61. Success Probability 2 26 Sessions

  62. Success Probability 2 27 Sessions

  63. Success Probability 2 28 Sessions

  64. Success Probability 2 29 Sessions

  65. Success Probability 2 30 Sessions

  66. Success Probability 2 31 Sessions

  67. Success Probability 2 32 Sessions

  68. Limitations of Attack • Requires 2 28 ~ 2 32 TLS connections for reliable recovery. • Attacker has to force TLS session renegotiation / resumption. – No known mechanism from within Javascript. • Only the first 220 bytes of application data can be targeted. • Initial 36 bytes used to encrypt last message of Handshake protocol. • In reality, first 220 bytes of application data usually contain uninteresting HTTP headers.

  69. A Second Attack • Fluhrer and McGrew identified biases for consecutive keystream i : keystream byte position mod 256 bytes. – Persistent throughout keystream. • Based on these, we construct an attack which: – Can target any plaintext byte positions; – Does not require session renegotiation / resumption.

  70. A Second Attack • Align plaintext with repeating Fluhrer-McGrew biases RC4 Keystream P P P Plaintext copies TLS Ciphertexts C 1 C 3 C 2 • Exploit overlapping nature of plaintext byte pairs to obtain approximate likelihood for plaintext candidates. ... P 3 P 4 Recovery algorithm: Approximate P 2 P 3 Viterbi-style algorithm to likelihood for ⇒ determine P with highest P = P 1 P 2 P 3 P 4 P 5 P 6 P 1 P 2 approximate likelihood P 1 P 2 P 3 P 4 P 5 P 6

  71. Success Probability Recovery of individual bytes Recovery of 16 byte cookie

  72. Countermeasures • Possible countermeasures against the attacks – Discard initial keystream bytes. – Fragment initial records at the application layer. – Add random length padding to records. – Limit lifetime of cookies or number of times cookies can be sent. – Stop using RC4 in TLS. • Vendor response – Opera has been implementing a combination of countermeasures. – Google seems focused on implementing TLS 1.2 and AES-GCM in Chrome. – RC4 is disabled by default for TLS in Windows Preview 8.1. – Draft RFC for Salsa20 just published.

  73. Summary of RC4 in TLS • Plaintext recovery attacks against RC4 in TLS are feasible although not truly practical. – 2 28 ~ 2 32 sessions for reliable recovery of initial bytes. – 2 33 ~ 2 34 encryptions for reliable recovery of 16 bytes anywhere in plaintext. • The attacks illustrate that RC4 in TLS provides a security level far below the strength suggested by the key size of 128 bits. • Furthermore, attacks only becomes better with time. • Our recommendation: phase out the use of RC4 in TLS as soon as possible.

  74. Outline • TLS overview • TLS attacks and proofs • Lucky 13 • TLS Record Protocol and RC4 • Discussion 96

  75. Discussion • TLS’s ad hoc MAC-Encode-Encrypt construction is hard to implement securely and hard to prove positive security results about. – Long history of attacks and fixes for CBC-mode, culminating in this year’s “Lucky 13” attack. – Each fix was the “easiest option at the time”. – Now reached point where a 500 line patch to OpenSSL was needed to fully eliminate the Lucky 13 attack on CBC-mode. – Attacks show that small details matter. – Suitably detailed analysis for MEE-TLS-CBC only completed in 2011. 97 97

  76. Discussion • RC4 was known to be weak for many years. – Actual exploitation of its weaknesses in a TLS context went unexplored. – Needed multi-session mechanism (BEAST technology) to make the attack plausible. – Borrowing tools from outside cryptography. • Once a bad cryptographic choice is out there in implementations, it’s very hard to undo . – Old versions of TLS hang around for a long time. – There is no TLS product recall programme! – Slow uptake of TLS 1.1, 1.2. 98 98

  77. Discussion • TLS is coming under sustained pressure from attacks. – BEAST, Lucky 13 and RC4 attacks are providing incentives to move to TLS 1.2. – Good vendor response to BEAST, CRIME, Lucky 13, less so to RC4 attack. • First three are fixable, the other not (really). • Having a cool name for your attack is important. • Attacks really do improve with age. – BEAST (1995 – 2011), Lucky 13 (Feb. 2013 – Mar. 2013). – RC4 attacks are currently only “semi-practical” but we ignore such attacks at our peril. 99 99

  78. Research Directions? • TLS Record Protocol cryptography has now been heavily analysed. – Still some mileage in looking at AE implementations? • Major recent progress in analysing TLS Handshake protocol. – [JKSS12], [KPW13], [GKS12]. • Can still expect implementation issues to emerge. – Check the “OpenSSL Fact” twitter feed regularly! • TLS’s complex system of interacting protocols can still throw up surprises. – Alert Protocol desynchronisation attack [BFKPS13]. – TLS Renegotiation attack [RD09]. 100 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Cybersecurity security Wher here do w e do we stand? e stand? HUMAN HUMAN FACT

Cyber Cybersecurity security Wher here do w e do we stand? e stand? HUMAN HUMAN FACT

Cyber Cybersecurity security Wher here do w e do we stand? e stand? HUMAN HUMAN FACT CTOR OR Hussein Hassanali Chief Information Security Officer, Bank AL Habib Limited & President, ISACA Karachi Chapter UBL Funds Culture

376 views • 19 slides
9/3/2020 Pretest What does NRS stand for? What does EFL stand for? What does PoP stand

9/3/2020 Pretest What does NRS stand for? What does EFL stand for? What does PoP stand

9/3/2020 Pretest What does NRS stand for? What does EFL stand for? What does PoP stand for? When does a new PoP begin? Why do we collect data on barriers to employment? What is the difference between a reportable individual

397 views • 5 slides
Stand and deliver! Your money or your data. James Burchell Sophos Security Specialist Endpo

Stand and deliver! Your money or your data. James Burchell Sophos Security Specialist Endpo

Stand and deliver! Your money or your data. James Burchell Sophos Security Specialist Endpo Endpoin int sec secur urit ity has r has reac eached a hed a ti tipping po poin int Trumpings on Cyber Now the cyber is so big and you

509 views • 29 slides
Welcome to Tronsec Security, an industry leader in Security Management Solutions Melbourne I

Welcome to Tronsec Security, an industry leader in Security Management Solutions Melbourne I

Welcome to Tronsec Security, an industry leader in Security Management Solutions Melbourne I Sydney I Canberra I Brisbane I Adelaide I Perth I Darwin I Hobart Who We Are & What We Stand For? Established in 2002 - Directors have over 20 Years

540 views • 11 slides
How to Stand Out from the Crowd on How to Stand Out from the Crowd on LinkedIn LinkedIn Maureen

How to Stand Out from the Crowd on How to Stand Out from the Crowd on LinkedIn LinkedIn Maureen

How to Stand Out from the Crowd on How to Stand Out from the Crowd on LinkedIn LinkedIn Maureen Coogan April 7, 2020 Objectives Objectives Create a professional profile on the LinkedIn platform Detail the different methods to

833 views • 25 slides
Ma Mark 1 k 12:30-31 31 I I STAN STAND D AM AMAZED AZED I I stand d ama mazed d in

Ma Mark 1 k 12:30-31 31 I I STAN STAND D AM AMAZED AZED I I stand d ama mazed d in

Ma Mark 1 k 12:30-31 31 I I STAN STAND D AM AMAZED AZED I I stand d ama mazed d in the pr presenc nce Of Of J Jesus us the the Na Nazarene ne And wonde And w onder how how H He c could ould love love m me A s A

1.3k views • 107 slides
Pilot Sit-Stand Workstation- Tools to Sell 1 6 Pilot-Value Proposition The Pilot

Pilot Sit-Stand Workstation- Tools to Sell 1 6 Pilot-Value Proposition The Pilot

Pilot Sit-Stand Workstation- Tools to Sell 1 6 Pilot-Value Proposition The Pilot Sit-Stand Workstation is the only ergonomic rear-mounted sit- stand height adjustable workstation that meets the ANSI/BIFMA and HFES requirements with

1.34k views • 27 slides
INTRODUCTION Mr. Speaker, I am honoured once again to stand in this Honourable House to report on

INTRODUCTION Mr. Speaker, I am honoured once again to stand in this Honourable House to report on

INTRODUCTION Mr. Speaker, I am honoured once again to stand in this Honourable House to report on the performance of the Ministry of Labour and Social Security over the last financial year and our plans for the next year. I want to thank the

599 views • 28 slides
West Elkton Friends Meeting August 4, 2019 Stand to sing if able #181 Stand by Me New Socks A

West Elkton Friends Meeting August 4, 2019 Stand to sing if able #181 Stand by Me New Socks A

Welcome to West Elkton Friends Meeting August 4, 2019 Stand to sing if able #181 Stand by Me New Socks A Publishers Weekly Top 10 in Religion selection. This is nothing less than the gospel itselfa much - needed book. FR.

949 views • 40 slides
Adversity is sometimes hard upon a man; but for one man who can stand prosperity, there are a

Adversity is sometimes hard upon a man; but for one man who can stand prosperity, there are a

Adversity is sometimes hard upon a man; but for one man who can stand prosperity, there are a hundred who will stand adversity. Thomas Carlyle Not every man can carry a full cup. J. Oswald Sanders When two full years had passed,

657 views • 47 slides
What do we believe about collaboration? 1 Stand and Declare Collaboration with

What do we believe about collaboration? 1 Stand and Declare Collaboration with

Community Engagement USBC Summer Pre Institute Washington DC Tom Wolff Ph.D. Tom Wolff & Associates Stand and Declare What do we believe about collaboration? 1 Stand and Declare Collaboration with representatives from all parts

693 views • 29 slides
162 163 Si Sit/St t/Stand and Assessm Assessmen ent 5x sit/stand test 60 69 y/o 11.4 sec

162 163 Si Sit/St t/Stand and Assessm Assessmen ent 5x sit/stand test 60 69 y/o 11.4 sec

162 163 Si Sit/St t/Stand and Assessm Assessmen ent 5x sit/stand test 60 69 y/o 11.4 sec 70 79 y/o 12.6 sec 80 89 y/o 14.8 sec 164 Tw Two Mi Minute te St Step ep in in Place Place Te Test Ri Rikl kli RE, E, Jones Jones CJ

429 views • 7 slides
the RAL Front End Test Stand David Lee Outline The RAL Front End Test Stand The Need for

the RAL Front End Test Stand David Lee Outline The RAL Front End Test Stand The Need for

A Laser-Based Beam Density Distribution Diagnostic for the RAL Front End Test Stand David Lee Outline The RAL Front End Test Stand The Need for Non-Destructive, Non-Interceptive Diagnostics Laser-Based H Beam Diagnostics: Basic Principle

787 views • 30 slides
UNSW Engineering Scholarships Presentation 13 May 2015 Never Engineering Stand Still Order

UNSW Engineering Scholarships Presentation 13 May 2015 Never Engineering Stand Still Order

UNSW Engineering Scholarships Presentation 13 May 2015 Never Engineering Stand Still Order of Proceedings Q: What does M in MRI scan stand for? Q: A team of fjve biomedical engineers in Edinburgh, Scotland created the fjrst working bionic

313 views • 5 slides
Testing temperature measuring system for security and gas self-extinguishing for MPD detector

Testing temperature measuring system for security and gas self-extinguishing for MPD detector

Master rack fire protection HFC-236fa refrigerant Measurement stand Received data Testing temperature measuring system for security and gas self-extinguishing for MPD detector Author: Patryk Marcola Supervised by: mgr in. Marek Peryt

245 views • 9 slides
VETERANS STAND DOWN 2019 OUTCOMES PRESENTATION BY SHALIMAR T. CABRERA EXECUTIVE DIRECTOR,

VETERANS STAND DOWN 2019 OUTCOMES PRESENTATION BY SHALIMAR T. CABRERA EXECUTIVE DIRECTOR,

VETERANS STAND DOWN 2019 OUTCOMES PRESENTATION BY SHALIMAR T. CABRERA EXECUTIVE DIRECTOR, U.S.VETS LAS VEGAS CHAIR, LAS VEGAS VETERANS STAND DOWN Las Vegas Veterans Stand Down 2019 PROGRAMMING : Client-centered approach Service

377 views • 14 slides
Rural Sector Working Group Welcome AGENDA Welcome and introductions Chair, Graham Peters and

Rural Sector Working Group Welcome AGENDA Welcome and introductions Chair, Graham Peters and

Rural Sector Working Group Welcome AGENDA Welcome and introductions Chair, Graham Peters and Mario Caccamo, MD, NIAB/EMR Tour of site (45 mins) brief overview of key projects Ross Newham, Operations Director, NIAB/EMR Update:

630 views • 33 slides
Adult Equivalent Methodology and Tools MLA Project B.NBP.0779 Shane Blakeley & Ian McLean

Adult Equivalent Methodology and Tools MLA Project B.NBP.0779 Shane Blakeley & Ian McLean

Adult Equivalent Methodology and Tools MLA Project B.NBP.0779 Shane Blakeley & Ian McLean Bush AgriBusiness Pty Ltd AE Methodology & Tools Why is this important? How was it developed? What does it do? What is an Adult

283 views • 27 slides
A Strategy for ICT R&D and Innovation in Europe: Raising the Game K. Rouhana Head of

A Strategy for ICT R&D and Innovation in Europe: Raising the Game K. Rouhana Head of

A Strategy for ICT R&D and Innovation in Europe: Raising the Game K. Rouhana Head of Unit, Strategy for ICT research and innovation DG INFSO European Commission 1 Outline 1 Proposed strategy: objectives and context

771 views • 39 slides
3D Computer Vision Dmitry Chetverikov, Levente Hajder Etvs Lrnd University, Faculty of

3D Computer Vision Dmitry Chetverikov, Levente Hajder Etvs Lrnd University, Faculty of

3D Computer Vision Dmitry Chetverikov, Levente Hajder Etvs Lrnd University, Faculty of Informatics Chetverikov, Hajder (ELTE IK) 3D Computer Vision 1 / 44 Multi-view reconstruction Principles of multi-view reconstruction 1

489 views • 44 slides
Authenticated Encryption in TLS Kenny Paterson DIAC 2013 Information Security Group Outline

Authenticated Encryption in TLS Kenny Paterson DIAC 2013 Information Security Group Outline

Authenticated Encryption in TLS Kenny Paterson DIAC 2013 Information Security Group Outline TLS and the TLS Record Protocol Theory for TLS Attacks: The BEAST Padding oracles Lucky 13 (More theory for TLS) RC4 attack

909 views • 70 slides
Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH

Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH

Provable Security Meets the Real World Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH Binary Packet Protocol IPsec MAC-then-Encrypt Lessons learned? 2 Outline RSA encryption in PKCS#1

948 views • 61 slides
Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline

Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline

Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline TLS overview TLS Record Protocol Theory Attacks Security analysis TLS Handshake Protocol Security analysis Discussion 2

1.78k views • 173 slides
Objectives Brief introduction to: Digital Audio CS529 Digital Video Multimedia

Objectives Brief introduction to: Digital Audio CS529 Digital Video Multimedia

1/31/2013 Objectives Brief introduction to: Digital Audio CS529 Digital Video Multimedia Networking Perceptual Quality Network Issues Introduction Get you ready for research papers! Introduction to: Silence

599 views • 22 slides

More recommend