1 / 28

OWASP Global AppSec Asia 2011 ( Beijing 8-11 Nov 2011 )

OWASP Global AppSec Asia 2011 ( Beijing 8-11 Nov 2011 ) . Daniel Ng, C-PISA Date/time ??. Profile

paniz
Download Presentation

OWASP Global AppSec Asia 2011 ( Beijing 8-11 Nov 2011 )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. OWASP Global AppSec Asia 2011 (Beijing 8-11 Nov 2011) Daniel Ng, C-PISA Date/time ??

  2. Profile NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, Financial Accounting and Auditing after millennium. Recently, he starts his PhD (Security & Forensics) in a UK reputable institute and The Hong Kong Polytechnic University, after earning a good stock options as a corporate director in a listed entity. His interest is Cyber Security, Health Informatics, FaceBook investigation, Digital Evidence standard for forensics laboratory, and Network Forensics. Professionally, he is a committee member HTCIA Asia Pacifc, Chairperson of Professional Internet Security Professional (HK/China), Founder of China PIS Alliance (C-PISA), Director of ISACA China, and Expert Advisor to HKSAR Legco Councillor Samson Tam, ISC2 CSSLP evangelist and authorized trainer. Under the strong influence of knowledge intensive works, Daniel branches into the topic of e-learning, in particular, mobile learning. This research is working with Malaysia Government MIMOS, the national organization for ontology and semantic web. Academically, Daniel is strong in Knowledge Management with a master degree graduated at GPA 3.8.

  3. Internet Article (through Google) List of Fellows - The Hong Kong Computer Society www.hkcs.org.hk/en_hk/intro/lofellows.asp - 頁庫存檔2011年5月26日 – Mr. Ng Cheung Shing. 吳長勝先生. Mr. Ng ChingWa, Daniel. 吳靖華先生. Ms.ShenShukChing, Susanna. 孫淑貞女士. Mr. Sin Chung Kai, SBS, ... NG, CHING WA (Daniel) - Overview Program https://www.swisscyberstorm.com/speakers/chingwa - 頁庫存檔30 May 2011 – NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, ... [PDF] Cyber Warfare Prediction media.hacking-lab.com/scs3/.../SCS3_2011_Weng.pdf - 翻譯這個網頁 檔案類型: PDF/Adobe Acrobat - HTML 版 Daniel Ng (ChingWa). •. PhD Researcher (KM, Forensics, Surveillance,. eHR, Textile Dying & Colorimetery). •. Corporate Director, CPA (Aust) in listed Family ... OWASP Global AppSec Asia 2011 - OWASP https://www.owasp.org/.../OWASP_Global_AppSec_Asia_2... - 頁庫存檔Daniel_ng.jpg, NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, ... Daniel NG ChingWa, PH.D | microlearning.org www.microlearning.org/.../daniel-ng-ching-w... - 頁庫存檔 - 翻譯這個網頁 NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, Financial ...

  4. Research Focus Social Semantics Physio Economics & Innovation Store & Forward Messaging & ontology Machine Leaning on EigenValues Network Coding Hidden Markov Chain with Genetic Programming GPU Clustering & OpenCL

  5. Encryption – Code pages in keys • Shift of alphabet • e.g. Caesar cipher A=D, B=E, C=F • Probably never fooled anybody(except Caesar) • Many more sophisticated systems developed from 1500s to mid-20th century • Substitution and transposition of letters • Some essentially unbreakable by manual means • Made obsolete by computers circa 1940

  6. Encryption – Code pages in keys Enigma vs. Human – Enigma wins! Turing's machine Enigma vs. Computer – computer wins! Weakest part of cryptosystem Desch's machines – even faster

  7. Encryption – Code pages in keys

  8. Encryption – Code pages in keys • One: hard problems in mathematics • Breaking the system requires an efficient algorithm for solving a hard problem – e.g. Factoring large numbers, discrete logarithms • Examples: RSA, El Gamal • Used in public key systems • Slow • Two: information theory • Texts scrambled by repeated application of bit shifts and permutations • Examples: DES, AES • Used in private key systems • Fast

  9. Encryption – photon level (but complicate) C = Me mod n d = e-1 mod ((p-1) (q-1)) RSA Cryptosystem RSA vs. supercomputer: 40 Tflop/s (4 x 1012 flop/sec) – RSA wins! RSA vs. Quantum Computer – computer wins!

  10. Encryption – photon level (but complicate)

  11. Encryption – photon level (but complicate)

  12. Quantum Encryption Fast, Complicate, Expensive

  13. Network Coding??

  14. DEFINITION Network coding is a particular in-network data processing technique that exploits the characteristics of the medium (in particular, the broadcast communication channel) in order to increase the capacity or the throughput of the network

  15. Without network coding • Simple store and forward • Multicast rate of 1.5 bits per time unit

  16. With network coding • X-OR  is one of the simplest form of data coding • Multicast rate of 2 bits per time unit • Disadvantages • Coding/decoding scheme has to be agreed upon beforehand

  17. Network Coding happens at optical fiber and/or OSI Layer2.

  18. Multi-level XOR encryption* * Engineering of Encryption, Bruce Schneider

  19. Network Coding prototyping tool

  20. Resilience and accuracy through Hidden Markov Chain

  21. Hidden Markov Chain Used in Kinect (Microsoft) on Motion Command • A random sequence has the Markov property ifits distribution is determined solely by itscurrent state. Any random process having thisproperty is called a Markov random process. • For observable state sequences (state is knownfrom data), this leads to a Markov chain model. • For non-observable states, this leads to aHidden Markov Model (HMM).

  22. Hidden Markov Chain Used in Kinect (Microsoft) on Motion Command • The term “hidden” - we can only access to visible symbols (observations) - drawing conclusions without knowing the hidden sequence ofstates • Causal: Probabilities depend on previous states • Ergodic if every state is visited in transition sequence for any given initial state • Final or absorbing state: the state which, if entered, is never left

  23. Hidden Markov Chain

  24. Hidden Markov Chain • A Hidden Markov Model (HMM) is a discrete-time finite-state Markov chain coupled with a sequence of letters emitted when the Markov chain visits its states. States (Q): q1 q2 q3 ... Letters (O): O1 O2 O3

  25. Hidden Markov Chain • Modeling protein families: (1) construct multiple sequence alignments (2) determine the family of a query sequence • Gene finding through semi-Hidden Markov Models (semiHMM)

  26. Hidden Markov Chain [HMM for Sequence Alignment] Consider the following Markov chain underlying a HMM, with three types of states:  “match”; “insert”;  “delete”

  27. Recap • Cloud secure data movement • Use standard hardware • Open to common tools, like Python

  28. Questions?

More Related