290 likes | 429 Views
OWASP Global AppSec Asia 2011 ( Beijing 8-11 Nov 2011 ) . Daniel Ng, C-PISA Date/time ??. Profile
E N D
OWASP Global AppSec Asia 2011 (Beijing 8-11 Nov 2011) Daniel Ng, C-PISA Date/time ??
Profile NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, Financial Accounting and Auditing after millennium. Recently, he starts his PhD (Security & Forensics) in a UK reputable institute and The Hong Kong Polytechnic University, after earning a good stock options as a corporate director in a listed entity. His interest is Cyber Security, Health Informatics, FaceBook investigation, Digital Evidence standard for forensics laboratory, and Network Forensics. Professionally, he is a committee member HTCIA Asia Pacifc, Chairperson of Professional Internet Security Professional (HK/China), Founder of China PIS Alliance (C-PISA), Director of ISACA China, and Expert Advisor to HKSAR Legco Councillor Samson Tam, ISC2 CSSLP evangelist and authorized trainer. Under the strong influence of knowledge intensive works, Daniel branches into the topic of e-learning, in particular, mobile learning. This research is working with Malaysia Government MIMOS, the national organization for ontology and semantic web. Academically, Daniel is strong in Knowledge Management with a master degree graduated at GPA 3.8.
Internet Article (through Google) List of Fellows - The Hong Kong Computer Society www.hkcs.org.hk/en_hk/intro/lofellows.asp - 頁庫存檔2011年5月26日 – Mr. Ng Cheung Shing. 吳長勝先生. Mr. Ng ChingWa, Daniel. 吳靖華先生. Ms.ShenShukChing, Susanna. 孫淑貞女士. Mr. Sin Chung Kai, SBS, ... NG, CHING WA (Daniel) - Overview Program https://www.swisscyberstorm.com/speakers/chingwa - 頁庫存檔30 May 2011 – NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, ... [PDF] Cyber Warfare Prediction media.hacking-lab.com/scs3/.../SCS3_2011_Weng.pdf - 翻譯這個網頁 檔案類型: PDF/Adobe Acrobat - HTML 版 Daniel Ng (ChingWa). •. PhD Researcher (KM, Forensics, Surveillance,. eHR, Textile Dying & Colorimetery). •. Corporate Director, CPA (Aust) in listed Family ... OWASP Global AppSec Asia 2011 - OWASP https://www.owasp.org/.../OWASP_Global_AppSec_Asia_2... - 頁庫存檔Daniel_ng.jpg, NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, ... Daniel NG ChingWa, PH.D | microlearning.org www.microlearning.org/.../daniel-ng-ching-w... - 頁庫存檔 - 翻譯這個網頁 NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, Financial ...
Research Focus Social Semantics Physio Economics & Innovation Store & Forward Messaging & ontology Machine Leaning on EigenValues Network Coding Hidden Markov Chain with Genetic Programming GPU Clustering & OpenCL
Encryption – Code pages in keys • Shift of alphabet • e.g. Caesar cipher A=D, B=E, C=F • Probably never fooled anybody(except Caesar) • Many more sophisticated systems developed from 1500s to mid-20th century • Substitution and transposition of letters • Some essentially unbreakable by manual means • Made obsolete by computers circa 1940
Encryption – Code pages in keys Enigma vs. Human – Enigma wins! Turing's machine Enigma vs. Computer – computer wins! Weakest part of cryptosystem Desch's machines – even faster
Encryption – Code pages in keys • One: hard problems in mathematics • Breaking the system requires an efficient algorithm for solving a hard problem – e.g. Factoring large numbers, discrete logarithms • Examples: RSA, El Gamal • Used in public key systems • Slow • Two: information theory • Texts scrambled by repeated application of bit shifts and permutations • Examples: DES, AES • Used in private key systems • Fast
Encryption – photon level (but complicate) C = Me mod n d = e-1 mod ((p-1) (q-1)) RSA Cryptosystem RSA vs. supercomputer: 40 Tflop/s (4 x 1012 flop/sec) – RSA wins! RSA vs. Quantum Computer – computer wins!
Quantum Encryption Fast, Complicate, Expensive
DEFINITION Network coding is a particular in-network data processing technique that exploits the characteristics of the medium (in particular, the broadcast communication channel) in order to increase the capacity or the throughput of the network
Without network coding • Simple store and forward • Multicast rate of 1.5 bits per time unit
With network coding • X-OR is one of the simplest form of data coding • Multicast rate of 2 bits per time unit • Disadvantages • Coding/decoding scheme has to be agreed upon beforehand
Multi-level XOR encryption* * Engineering of Encryption, Bruce Schneider
Hidden Markov Chain Used in Kinect (Microsoft) on Motion Command • A random sequence has the Markov property ifits distribution is determined solely by itscurrent state. Any random process having thisproperty is called a Markov random process. • For observable state sequences (state is knownfrom data), this leads to a Markov chain model. • For non-observable states, this leads to aHidden Markov Model (HMM).
Hidden Markov Chain Used in Kinect (Microsoft) on Motion Command • The term “hidden” - we can only access to visible symbols (observations) - drawing conclusions without knowing the hidden sequence ofstates • Causal: Probabilities depend on previous states • Ergodic if every state is visited in transition sequence for any given initial state • Final or absorbing state: the state which, if entered, is never left
Hidden Markov Chain • A Hidden Markov Model (HMM) is a discrete-time finite-state Markov chain coupled with a sequence of letters emitted when the Markov chain visits its states. States (Q): q1 q2 q3 ... Letters (O): O1 O2 O3
Hidden Markov Chain • Modeling protein families: (1) construct multiple sequence alignments (2) determine the family of a query sequence • Gene finding through semi-Hidden Markov Models (semiHMM)
Hidden Markov Chain [HMM for Sequence Alignment] Consider the following Markov chain underlying a HMM, with three types of states: “match”; “insert”; “delete”
Recap • Cloud secure data movement • Use standard hardware • Open to common tools, like Python