This document discusses block ciphers and their implementation. It begins with an overview of block cipher history and components like block size and round keys. It then examines the AES block cipher standard and how to efficiently implement it using table lookups and processor instructions. Finally, it covers modes of operation like CBC, CTR, and their security, as well as potential attacks like padding oracles and meet-in-the-middle.
CNIT 126 6: Recognizing C Code Constructs in Assembly Sam Bowne
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_S17.shtml
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Website: https://samsclass.info/129S/129S_F16.shtml
CNIT 126 Ch 7: Analyzing Malicious Windows ProgramsSam Bowne
The Windows API allows programs to interact with operating system functions. It includes data types, handles, file system calls, and registry functions. Malware uses these APIs to load DLLs, create processes and threads, communicate over networks, and persist across reboots by modifying registry keys. The Native API provides lower-level access and is used by malware to evade detection by antivirus software and debuggers.
The document discusses how replacing certain Windows accessibility tool binaries, like sethc.exe, with cmd.exe allows gaining command prompt access on Windows systems. The authors developed a tool called Sticky Key Slayer that scans networks for systems vulnerable to this issue by automating the process of connecting via RDP, triggering the accessibility tools, and checking for command prompts. When tested on a large network, over 500 vulnerable systems were found. The document recommends remediation steps and warns that this technique is a sign of potential compromise.
This document discusses techniques for analyzing malware network signatures and developing effective network countermeasures. It describes using firewalls, proxies, and intrusion detection systems to filter malicious traffic. Deep packet inspection can detect malware beacons hidden in layers like HTTP user-agents. The document advises passively monitoring real infected networks to understand malware without tipping off attackers. It also provides methods for safely investigating attackers online anonymously. Analyzing how malware generates domain names and URLs can reveal signatures to detect similar strains. The goal is to create general signatures that still work if the malware evolves while avoiding false positives.
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_S17.shtml
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
DES (Data Encryption Standard) is a symmetric block cipher that uses a 56-bit key. It works by encrypting data blocks through 16 rounds of substitution and transposition. DES has several modes of operation including ECB (Electronic Code Book), CBC (Cipher Block Chaining), CFB (Cipher Feedback), OFB (Output Feedback), and CTR (Counter Mode). ECB encrypts each block independently, revealing patterns, while CBC chains blocks together using an initialization vector to add randomness. CFB and OFB allow encrypting smaller amounts of data. CTR operates independently without chaining blocks.
This chapter discusses stack overflows in Linux. It explains buffers, the stack, functions and how the stack is used. It shows how a stack buffer overflow can be exploited by overwriting the return address on the stack to redirect program flow. The document demonstrates this by having a program read user input into a buffer without bounds checking, allowing input longer than the buffer to overwrite the return address and cause a crash. gdb is used to debug the program and examine the stack.
Practical Malware Analysis: Ch 4 A Crash Course in x86 Disassembly Sam Bowne
This document provides an overview of six levels of abstraction in computing from hardware to interpreted languages. It then focuses on machine code and disassembly, explaining that disassembly converts binary malware into human-readable assembly language. Basic x86 architecture concepts are introduced, including CPU components, memory layout, instructions, registers, and basic operations like arithmetic, branching, and function calls.
This document discusses various techniques used by covert malware to launch and conceal itself, including using launchers, process injection, process replacement, and hooks. It describes how malware uses these techniques to inject malicious code into running processes in order to gain privileges and evade detection. Process injection techniques like DLL injection and APC injection are commonly used to force the loading of malicious payloads.
Block ciphers like AES encrypt data in fixed-size blocks and use cryptographic keys and rounds of processing to encrypt the data securely. AES is the current standard, using 128-bit blocks and keys of 128, 192, or 256 bits. Modes of operation like ECB, CBC, CTR are used to handle full messages. ECB is insecure as identical plaintext blocks produce identical ciphertext, while CBC and CTR provide security if nonces and IVs are not reused. Implementation details like padding and side channels must be handled carefully to prevent attacks.
A college lecture at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_S17.shtml
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S18.shtml
Kaldi-voice: Your personal speech recognition server using open source codeXavier Anguera
This document provides an overview of automatic speech recognition (ASR) technologies. It discusses the challenges of ASR processing including speaker and language variability as well as noise. It describes pattern-based and statistical approaches to ASR, including hidden Markov models, Gaussian mixture models, and deep neural networks. The document lists some open source and commercial ASR engines and provides steps to build an online ASR system using open source tools like Kaldi, Kaldi gstreamer server, and Dictate.js. It concludes with a live demo of a personal ASR system built with these tools.
The slide consists of:
An explanation for SQL injections.
First order and second order SQL injections.
Methods: Normal and Blind SQL injections with examples.
Examples: Injection using true/false, drop table and update table commands.
Prevention using dynamic embedded SQL queries.
Conclusion and References.
Block ciphers encrypt data in fixed-size blocks and use a symmetric key. AES is the current standard, using 128-bit blocks and rounds of substitution and permutation with different round keys. Modes of operation like CBC and CTR are needed to encrypt multiple blocks securely. Implementations aim for efficiency but must avoid leaks that enable attacks like meet-in-the-middle or padding oracle attacks.
This document provides an overview of block ciphers and the Advanced Encryption Standard (AES). It discusses what block ciphers are, how they are constructed using techniques like substitution-permutation networks and Feistel ciphers, the importance of round keys, and AES itself. It also covers implementing AES in code, modes of operation like CBC and CTR, and potential issues like padding oracle attacks.
Triple-DES and AES are contemporary symmetric ciphers that were developed to replace the aging DES standard. Triple-DES uses three rounds of DES encryption with two or three distinct keys to strengthen security. AES is now the preferred alternative. Modes of operation like CBC, CFB, OFB, and CTR are used to encrypt arbitrary amounts of data with block ciphers by chaining blocks or using the output as a stream. Stream ciphers like RC4 encrypt data bit-by-bit using a pseudo-random keystream combined with the plaintext. RC4 is a simple but effective stream cipher that is widely implemented despite some security analyses.
Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure the contents have not been altered. We continue to use block ciphers because they are comparatively fast, and because we know a fair amount about how to design them.
This document provides an introduction to symmetric block ciphers. It discusses how symmetric block ciphers use the same secret key for encryption and decryption. The key must be securely distributed and kept secret. Examples of symmetric block ciphers include the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES). The document also covers cryptanalysis techniques, the principles of confusion and diffusion, block cipher structure, encryption modes like ECB and CBC, and compares block ciphers to stream ciphers.
The document discusses block ciphers and the Data Encryption Standard (DES). It covers the basic principles of block cipher design, including Feistel networks, confusion and diffusion, key scheduling, and the substitution-permutation network. It then describes DES in detail, including its history, design, encryption process, strength and limitations. Finally, it examines various modes of operation for block ciphers like DES, including ECB, CBC, CFB, OFB and CTR.
This document provides an overview of cryptography concepts including symmetric and asymmetric key algorithms, cryptographic hashes, and tools for cryptanalysis. It defines common terminology like plaintext, ciphertext, encryption, and decryption. Symmetric algorithms discussed include the Vernam cipher, A5/1, DES, AES, and RC4. Asymmetric algorithms covered are RSA and Diffie-Hellman key exchange. Cryptographic hashes like MD5 and SHA-1 are also summarized along with resources for cryptanalysis.
This document provides an overview of cryptography concepts including symmetric and asymmetric key algorithms, cryptographic hashes, and tools for cryptanalysis. It defines common terminology like plaintext, ciphertext, encryption, and decryption. Symmetric algorithms discussed include the Vernam cipher, A5/1, DES, AES, and RC4. Asymmetric algorithms covered are RSA and Diffie-Hellman key exchange. Cryptographic hashes like MD5 and SHA-1 are also summarized along with resources for cryptanalysis.
This document provides an overview of the Advanced Encryption Standard (AES). It discusses how AES was created through an encryption algorithm competition organized by the National Institute of Standards and Technology to replace the aging Triple DES standard. AES is a symmetric block cipher that encrypts 128-bit blocks using 128, 192, or 256-bit keys and 10, 12, or 14 rounds respectively. The AES encryption process takes the plaintext through several stages - substitution, shifting rows, mixing columns, and adding the round key - with the inverse being applied for decryption. Some potential security attacks on AES are also mentioned, such as related-key and XSL attacks, but it remains secure if implemented correctly.
Cryptography is the process of securing communication and information. This document discusses several methods of cryptography including symmetric and public key cryptography. It provides examples of classical cryptography techniques like the Caesar cipher, transposition cipher, substitution cipher and the Vigenere cipher. It also discusses modern symmetric key algorithms like the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) which are widely used today. The one-time pad is described as theoretically unbreakable but impractical to implement. Block ciphers and padding methods are also summarized.
This document summarizes a chapter about block ciphers and the Data Encryption Standard (DES) from the textbook "Cryptography and Network Security". It begins by defining block ciphers and differentiating them from stream ciphers. It then explains the Feistel cipher structure used in many symmetric block ciphers, including the concepts of confusion and diffusion. The document focuses on DES, describing its design, encryption process using Feistel rounds and subkeys, and analyses of its security including differential and linear cryptanalysis. It concludes by noting basic design principles for block ciphers.
The document discusses several modes of operation for block ciphers and stream ciphers. It explains that block cipher modes like CBC, CFB, OFB, and Counter Mode require an initialization vector (IV) to provide randomization and prevent identical plaintext blocks from encrypting to the same ciphertext. The IV must be transmitted along with the ciphertext and never reused with the same key. Stream ciphers like RC4 generate a pseudorandom key stream that is XORed with plaintext bytes to produce ciphertext.
This document provides a summary of key topics covered in Chapter 4, Part 2 of the CNIT 125 course on information security and CISSP preparation. It discusses cornerstone cryptographic concepts like encryption, decryption, and cryptanalysis. It then covers the history of cryptography, from early techniques like the Caesar cipher and Vigenere square to modern algorithms like AES and RSA. The document also examines types of cryptography like symmetric, asymmetric, hashing and steganography. It analyzes cryptographic attacks such as brute force, social engineering and side-channel attacks. Finally, it discusses implementing cryptography through techniques including digital signatures, SSL/TLS, IPSec and steganography.
Cryptography and network security Nit701Amit Pathak
Cryptography and network security descries the security parameter with the help of public and private key. Digital signature is one of the most important area which we apply in our daily life for transferring the data.
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
Symmetric encryption uses the same key for both encryption and decryption. Common symmetric algorithms include DES, Triple DES, and AES. DES encrypts data in 64-bit blocks using a 56-bit key. Triple DES applies DES three times with three different keys to strengthen it against attacks. AES has a variable block size of 128 bits and key size of 128, 192, or 256 bits. It performs multiple rounds of substitution and permutation functions to encrypt the data securely.
This document provides an overview of cryptographic techniques, including:
- Basic terminology related to cryptography like plaintext, ciphertext, encryption, decryption, etc.
- Conventional encryption principles like the use of algorithms and secret keys.
- Characteristics of cryptographic techniques like symmetric vs asymmetric encryption.
- Classical symmetric encryption algorithms like the Caesar cipher, monoalphabetic cipher, Playfair cipher, polyalphabetic ciphers like the Vigenère cipher, and transposition ciphers.
- Principles of modern block ciphers like DES, including the use of Feistel networks, confusion and diffusion properties, and encryption/decryption processes.
The document discusses various topics related to cyberwar including Mastodon, Lockheed-Martin's kill chain model, and Mitre's ATT&CK framework. It notes that China, Russia, Iran, and North Korea pose major cyber threats according to the FBI and CISA. China is described as the broadest cyber espionage threat. Russia conducts destructive malware and ransomware operations. Iran's growing cyber expertise makes it a threat. North Korea's program poses an espionage, cybercrime, and attack threat and continues cryptocurrency heists.
- DNS vulnerabilities can arise from configuration errors, architecture mistakes, vulnerable software implementations, protocol weaknesses, and failure to use security extensions.
- Common mistakes include single points of failure, exposure of internal information, leakage of internal queries, unnecessary recursiveness, failure to restrict access, and unprotected zone transfers.
- Software vulnerabilities have included buffer overflows and flaws in randomization of source ports, transaction IDs, and domain name ordering that enable cache poisoning and man-in-the-middle attacks.
This chapter discusses software development security. It covers topics like programming concepts, compilers and interpreters, procedural vs object-oriented languages, application development methods like waterfall vs agile models, databases, object-oriented design, assessing software vulnerabilities, and artificial intelligence techniques. The key aspects are securing the entire software development lifecycle from initial planning through operation and disposal, using secure coding practices, testing for vulnerabilities, and continually improving processes.
This document discusses attacking iOS applications by exploiting vulnerabilities in the iOS runtime, interprocess communication, and through injection attacks. Specifically, it covers instrumenting the iOS runtime using method swizzling, attacking applications using interprocess communication techniques like application extensions, and exploiting entry points like UIWebViews, client-side data stores, and file handling routines to perform injection attacks on iOS apps.
This document provides an overview of elliptic curve cryptography including what an elliptic curve is, the elliptic curve discrete logarithm problem (ECDLP), Diffie-Hellman key agreement and digital signatures using elliptic curves. It discusses NIST standard curves like P-256 and Curve25519 as well as choosing appropriate curves and potential issues like attacks if randomness is not properly implemented or an invalid curve is used.
The document discusses the Diffie-Hellman key exchange protocol. It describes how Diffie-Hellman works by having two parties agree on a shared secret over an insecure channel without transmitting the secret itself. It also covers potential issues like using proper cryptographic techniques to derive keys from the shared secret and using safe prime numbers to prevent attacks.
This document provides an overview of analyzing iOS apps, including jailbreaking mobile devices. It discusses iOS security features like code signing and sandboxing. It explains how to set up a test environment for analyzing apps by jailbreaking a device and using Unix tools. Key files like property lists and databases that can be explored are also outlined.
This document discusses various techniques for writing secure Android apps, including minimizing unnecessary permissions and exposure, securing data storage and communication, and making apps difficult to reverse engineer. It provides examples of implementing essential security mechanisms like permission protection and securing activities, content providers, and web views. It also covers more advanced techniques such as protection level downgrades, obfuscation, and tamper detection.
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
The document discusses investigating Windows systems by analyzing the Windows Registry. It describes the purpose and structure of the Registry, including the main hive files and user-specific hives. It provides an overview of important Registry keys that can contain forensic artifacts, such as system configuration keys, network information keys, user and security information keys, and auto-run keys that can indicate malware persistence. Specific Registry keys and values are highlighted that are most useful for analyzing evidence on a compromised system, including ShellBags, UserAssist, MRU lists, and Internet Explorer TypedURLs and TypedPaths. Tools for Registry analysis like RegRipper, AutoRuns, and Nirsoft utilities are also mentioned.
This document provides an overview of the RSA cryptosystem. It begins with the mathematical foundations of RSA, including the group ZN* and Euler's totient function. It then covers the RSA trapdoor permutation using modular exponentiation and key generation. The document discusses encrypting and signing with RSA, as well as implementations using libraries and algorithms like square-and-multiply. It concludes with topics like side-channel attacks, optimizations for speed, and ways implementations can fail like the Bellcore attack on RSA-CRT.
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
This document provides an overview of analyzing the Windows file system, NTFS metadata, and logs to investigate security incidents and recover deleted files. It discusses the Master File Table (MFT) structure, timestamps, alternate data streams, prefetch files, event logs, and scheduled tasks. The MFT stores file metadata including attributes, timestamps, and data runs. File deletion only marks the MFT entry inactive, allowing recovery of deleted file contents and metadata. Event and security logs can reveal lateral movement and suspicious processes. Prefetch files indicate program execution history. Scheduled tasks configure automated programs through .job files logged by Task Scheduler.
This document discusses computational hardness and complexity classes related to cryptography. It covers the computational complexity of problems like factoring large numbers and the discrete logarithm problem. These problems are assumed to be hard, even for quantum computers, and form the basis for cryptographic techniques. The document also discusses how cryptography could be broken if faster algorithms were found for these problems or if the key sizes used were too small.
This document discusses exploiting vulnerabilities in Android devices. It covers identifying pre-installed apps that could provide access, techniques for remotely or locally exploiting devices, and the different privilege levels an attacker may obtain including non-system app access, installed package access, ADB shell access, system user access, and root user access. Specific exploitation techniques mentioned include exploiting update mechanisms, remote code loading, webviews, listening services, and messaging apps. Tools discussed include Drozer, Ettercap, and Burp.
This document provides an overview of the incident response analysis methodology process. It discusses defining objectives, understanding the situation and available resources, identifying leadership, avoiding impossible tasks like proving a negative, asking why to define scope, knowing where data is stored, accessing raw data, selecting analysis methods like searching for malware or using tools like VirusTotal, manual review, filtering data, statistical analysis using tools like Sawmill, string searching, analyzing unallocated space, and file carving. It stresses periodically evaluating results to ensure progress and only making definitive statements if supported by evidence.
This document discusses authenticated encryption, which both encrypts messages and authenticates them with a tag. It covers several authenticated encryption schemes:
1. Authenticated Encryption with Associated Data (AEAD) which encrypts a plaintext and authenticates additional associated data with a tag.
2. AES-GCM, the standard authenticated cipher, which uses AES in Galois/Counter Mode. It has two layers - encryption then authentication.
3. OCB, faster than GCM but limited by licensing. It blends encryption and authentication into one layer.
4. SIV, considered the safest as it is secure even if nonces are reused, but it is not streamable.
This document summarizes part 2 of a course on attacking Android applications. It discusses how application components like activities and services can be exploited if not properly protected. Specific vulnerabilities in the Sieve password manager application are demonstrated, including insecure content providers, SQL injection, and an insecure file-backed content provider. The document also covers how services and broadcast receivers can be abused if not protected correctly.
This document discusses attacking Android applications through their components. It covers exploiting vulnerabilities in an app's security model, intercepting communications, and compromising application containers or internet servers that apps rely on. Specific attacks examined include bypassing the lock screen, tapjacking, accessing private app data through recently used screenshots, and changing a PIN without knowing the old one using fragment injection. The document provides examples of how to interact with an app's activities, services, content providers and permissions through intents and other techniques.
The document discusses stream ciphers and how they can be implemented in either hardware or software. It describes how stream ciphers work by generating a pseudorandom bitstream from a key and nonce that is XOR'd with the plaintext. Hardware-oriented stream ciphers were initially more efficient to implement than block ciphers using dedicated circuits like LFSRs. However, LFSR-based designs are insecure and modern software-oriented stream ciphers like Salsa20 are more efficient on CPUs. The document cautions that stream ciphers can be broken if the key and nonce are reused or if there are flaws in the implementation.
Live data collection on Windows systems can be done using prebuilt kits like Mandiant Redline or Velociraptor, by creating your own scripted toolkit using built-in and free tools to collect processes, network connections, system logs and other volatile data, while following best practices like testing your methods first and being cautious of malware on investigated systems.
How to Manage Line Discount in Odoo 17 POSCeline George
This slide will cover the management of line discounts in Odoo 17 POS. Using the Line discount approach, we can apply discount for individual product lines.
How To Create a Transient Model in Odoo 17Celine George
Models are the basic building block of Odoo. Generally we use models to store the data in the database in the form of table. Transient models are particularly used for handling data that needs to be stored temporarily.
Benchmarking Sustainability: Neurosciences and AI Tech Research in Macau - Ke...Alvaro Barbosa
In this talk we will review recent research work carried out at the University of Saint Joseph and its partners in Macao. The focus of this research is in application of Artificial Intelligence and neuro sensing technology in the development of new ways to engage with brands and consumers from a business and design perspective. In addition we will review how these technologies impact resilience and how the University benchmarks these results against global standards in Sustainable Development.
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...Murugan Solaiyappan
Title: Relational Database Management System Concepts(RDBMS)
Description:
Welcome to the comprehensive guide on Relational Database Management System (RDBMS) concepts, tailored for final year B.Sc. Computer Science students affiliated with Alagappa University. This document covers fundamental principles and advanced topics in RDBMS, offering a structured approach to understanding databases in the context of modern computing. PDF content is prepared from the text book Learn Oracle 8I by JOSE A RAMALHO.
Key Topics Covered:
Main Topic : DATA INTEGRITY, CREATING AND MAINTAINING A TABLE AND INDEX
Sub-Topic :
Data Integrity,Types of Integrity, Integrity Constraints, Primary Key, Foreign key, unique key, self referential integrity,
creating and maintain a table, Modifying a table, alter a table, Deleting a table
Create an Index, Alter Index, Drop Index, Function based index, obtaining information about index, Difference between ROWID and ROWNUM
Target Audience:
Final year B.Sc. Computer Science students at Alagappa University seeking a solid foundation in RDBMS principles for academic and practical applications.
About the Author:
Dr. S. Murugan is Associate Professor at Alagappa Government Arts College, Karaikudi. With 23 years of teaching experience in the field of Computer Science, Dr. S. Murugan has a passion for simplifying complex concepts in database management.
Disclaimer:
This document is intended for educational purposes only. The content presented here reflects the author’s understanding in the field of RDBMS as of 2024.
Feedback and Contact Information:
Your feedback is valuable! For any queries or suggestions, please contact muruganjit@agacollege.in
New Features in Odoo 17 Sign - Odoo 17 SlidesCeline George
The Sign module available in the Odoo ERP platform is exclusively designed for sending, signing, and approving documents digitally. The intuitive interface of the module with the drag and drop fields helps us to upload our pdf easily and effectively. In this slide, let’s discuss the new features in the sign module in odoo 17.
What is Rescue Session in Odoo 17 POS - Odoo 17 SlidesCeline George
In this slide, we will discuss the rescue session feature in Odoo 17 Point of Sale (POS). Odoo POS allows us to manage our sales both online and offline. The rescue session helps us recover data in case of internet connectivity issues or accidental session closure.
How to Manage Shipping Connectors & Shipping Methods in Odoo 17Celine George
Odoo 17 ERP system enables management and storage of various delivery methods for different customers. Timely, undamaged delivery at fair shipping rates leaves a positive impression on clients.
How to Manage Early Receipt Printing in Odoo 17 POSCeline George
This slide will represent how to manage the early receipt printing option in Odoo 17 POS. Early receipts offer transparency and clarity for each customer regarding their individual order. Also printing receipts as orders are placed, we can potentially expedite the checkout process when the bill is settled.
Odoo 17 Events - Attendees List ScanningCeline George
Use the attendee list QR codes to register attendees quickly. Each attendee will have a QR code, which we can easily scan to register for an event. You will get the attendee list from the “Attendees” menu under “Reporting” menu.
How to Manage Access Rights & User Types in Odoo 17Celine George
In Odoo, who have access to the database they are called users. There are different types of users in odoo and they have different accesses into the database. Access rights are permissions that can be set for the individual or group of users. This slide will show How to Manage Access Rights & User Types in Odoo 17.
(T.L.E.) Agriculture: Essentials of GardeningMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏.𝟎)-𝐅𝐢𝐧𝐚𝐥𝐬
Lesson Outcome:
-Students will understand the basics of gardening, including the importance of soil, water, and sunlight for plant growth. They will learn to identify and use essential gardening tools, plant seeds, and seedlings properly, and manage common garden pests using eco-friendly methods.
View Inheritance in Odoo 17 - Odoo 17 SlidesCeline George
Odoo is a customizable ERP software. In odoo we can do different customizations on functionalities or appearance. There are different view types in odoo like form, tree, kanban and search. It is also possible to change an existing view in odoo; it is called view inheritance. This slide will show how to inherit an existing view in Odoo 17.
2. Topics
• What is a Block Cipher
• How to Construct Block Ciphers
• The Advanced Encryption Standard (AES)
• Implementing AES
• Modes of Operation
• How Things Can Go Wrong
3. History
• US: Federal standard: DES (1979 - 2005)
• KGB: GOST 28147-89 (1990 - present)
• in 2000, NIST selected AES, developed in
Belgium
• They are all block ciphers
5. Block Cipher
E Encryption algorithm
K Key
P Plaintext block
C Ciphertext block
C = E(K, P)
D Decryption algorithm
P = D(K, C)
6. Security Goals
• Block cipher should be a pseudorandom
permutation (PRP)
• Attacker can't compute output without the
key
• Attackers should be unable to find patterns in
the inputs/output values
• The ciphertext should appear random
7. Block Size
• DES: 64 bit
• AES: 128 bit
• Chosen to fit into registers of CPUs for speed
• Block sizes below 64 are vulnerable to a
codebook attack
• Encrypt every possible plaintext, place in a
codebook
• Look up blocks of ciphertext in the codebook
10. Rounds
• R is a round --in practice, a simple
transformation
• A block cipher with three rounds:
• C = R3(R2(R1(P)))
• iR is the inverse round function
• I = iR1(iR2(iR3(C)))
11. Round Key
• The round functions R1 R2 R3 use the same
algorithm
• But a different round key
• Round keys are K1, K2, K3, ... derived from
the main key K using a key schedule
12. The Slide Attack and Round Keys
• Consider a block cipher with three rounds, and
with all the round keys identical
13. The Slide Attack and Round Keys
• If an attacker can find plaintext blocks with
P2 = R(P1)
• That implies C2 = R(C1)
• Which often helps to deduce the key
14. The Slide Attack and Round Keys
• The solution is to make all round keys different
• Note: the key schedule in AES is not one-way
• Attacker can compute K from any Ki
• This exposes it to side-channel attacks, like
measuring electromagnetic emanations
15. Substitution-Permutation
Networks
• Confusion means that each ciphertext bit
depends on several key bits
• Provided by substitution using S-boxes
• Diffusion means that changing a bit of
plaintext changes many bits in the ciphertext
• Provided by permutation
16. Feistel Schemes
• Only half the plaintext is
encrypted in each round
• By the F substitution-
permutation function
• Halves are swapped in each
round
• DES uses 16 Feistel rounds
19. DES
• DES had a 56-bit key
• Cracked by brute force in 1997
• 3DES was a stronger version
• Still considered strong, but slower than AES
• AES approved as the NIST standard in 2000
26. Improving Efficiency
• Implementing each step
as a separate function
works, but it's slow
• Combining them with
"table-based
implementations" and
"native instructions" is
faster
• Using XORs and table
lookups
28. Timing Attacks
• The time required for encryption depends on
the key
• Measuring timing leaks information about the
key
• This is a problem with any efficient coding
• You could use slow code that wastes time
• A better solution relies on hardware
29. Native Instructions
• AES-NI
• Processor provides
dedicated assembly
instructions that perform
AES
• Plaintext in register
xmm0
• Round keys in xmm5 to
xmm15
• Ten times faster with NI
30. Is AES Secure?
• AES implements many good design principles
• Proven to resist many classes of
cryptoanalytic attacks
• But no one can foresee all possible future
attacks
• So far, no significant weakness in AES-128
has been found
32. Electronic Code Book
(ECB)
• Each plaintext block is
encrypted the same
way
• Identical plaintext
blocks produce identical
ciphertext blocks
33. AES-ECB
• If plaintext repeats, so does ciphertext
plaintext = "DEAD MEN TELL NODEAD MEN TELL NO"
ciphertext = cipher.encrypt(plaintext)
print ciphertext.encode("hex")
37. Cipher Block Chaining (CBC)
• Uses a key and an initialization vector (IV)
• Output of one block is the IV for the next block
• IV is not secret; sent in the clear
39. Choosing IV
• If the same IV is used every time
• The first block is always encrypted the same
way
• Messages with the same first plaintext block
will have identical first ciphertext blocks
40. Parallelism
• ECB can be computed in parallel
• Each block is independent
• CBC requires serial processing
• Output of each block used to encrypt the
next block
41. Message Length
• AES requires 16-byte blocks of plaintext
• Messages must be padded to make them long
enough
42. PKCS#7 Padding
• The last byte of the plaintext is always
between 'x00' and '10'
• Discard that many bytes to get original
plaintext
43. Padding Oracle Attack
• Almost everything uses PKCS#7 padding
• But if the system displays a "Padding Error"
message the whole system shatters like glass
• That message is sufficient side-channel
information to allow an attacker to forge
messages without the key
44. Ciphertext Stealing
• Pad with zeroes
• Swap last two blocks of ciphertext
• Discard extra bytes at the end
• Images on next slides from Wikipedia
47. Security of Ciphertext
Stealing
• No major problems
• Inelegant and difficult to get right
• NIST SP 800-38A specifies three different
ways to implement it
• Rarely used
49. C1
K E
C2
K E
C3
K E
Counter (CTR) Mode
• Produces a pseudorandom byte stream
• XOR with plaintext to encrypt
50. Nonce
• Nonce (N) used to produce C1, C2, C3, etc.
• C1 = N ^ 1
• C2 = N ^ 2
• C3 = N ^ 3
• etc.
• Use a different N for each message
• N is not secret, sent in the clear
51. No Padding
• CTR mode uses a block cipher to produce a
pseudorandom byte stream
• Creates a stream cipher
• Message can have any length
• No padding required
52. Parallelizing
• CTR is faster than any other mode
• Stream can be computed in advance, and in
parallel
• Before even knowing the plaintext
58. Attacking 2DES
• Make a list of E(K1, P) for all 2^56 values of K1
• Make a list of D(K2, P) for all 2^56 values of K2
• Find the item with the same values in each list
• This finds K1 and K2 with 2^57 computations