OWASP GLOBAL APPSEC ASIA 2011 (BEIJING 8-11 NOV 2011)

Daniel Ng, C-PISADate/time ??

Profile

NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, Financial Accounting and Auditing after millennium. Recently, he starts his PhD (Security & Forensics) in a UK reputable institute and The Hong Kong Polytechnic University, after earning a good stock options as a corporate director in a listed entity. His interest is Cyber Security, Health Informatics, FaceBook investigation, Digital Evidence standard for forensics laboratory, and Network Forensics. Professionally, he is a committee member HTCIA Asia Pacifc, Chairperson of Professional Internet Security Professional (HK/China), Founder of China PIS Alliance (C-PISA), Director of ISACA China, and Expert Advisor to HKSAR Legco Councillor Samson Tam, ISC2 CSSLP evangelist and authorized trainer. Under the strong influence of knowledge intensive works, Daniel branches into the topic of e-learning, in particular, mobile learning. This research is working with Malaysia Government MIMOS, the national organization for ontology and semantic web. Academically, Daniel is strong in Knowledge Management with a master degree graduated at GPA 3.8.

Internet Article (through Google)

List of Fellows - The Hong Kong Computer Societywww.hkcs.org.hk/en_hk/intro/lofellows.asp - 頁庫存檔 2011 年 5 月 26 日 – Mr. Ng Cheung Shing. 吳長勝先生 . Mr. Ng Ching Wa, Daniel. 吳靖華先生 . Ms. Shen Shuk Ching, Susanna. 孫淑貞女士 . Mr. Sin Chung Kai, SBS, ...

NG, CHING WA (Daniel) - Overview Programhttps://www.swisscyberstorm.com/speakers/chingwa - 頁庫存檔 30 May 2011 – NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, ...[PDF]

Cyber Warfare Predictionmedia.hacking-lab.com/scs3/.../SCS3_2011_Weng.pdf - 翻譯這個網頁檔案類型 : PDF/Adobe Acrobat - HTML 版Daniel Ng (Ching Wa). •. PhD Researcher (KM, Forensics, Surveillance,. eHR, Textile Dying & Colorimetery). •. Corporate Director, CPA (Aust) in listed Family ...

OWASP Global AppSec Asia 2011 - OWASPhttps://www.owasp.org/.../OWASP_Global_AppSec_Asia_2... - 頁庫存檔 Daniel_ng.jpg, NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, ...

Daniel NG Ching Wa, PH.D | microlearning.orgwww.microlearning.org/.../daniel-ng-ching-w... - 頁庫存檔 - 翻譯這個網頁NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, Financial ...

Research Focus

1. Social Semantics

2. Physio Economics & Innovation

3. Store & Forward Messaging & ontology

4. Machine Leaning on EigenValues

5. Network Coding

6. Hidden Markov Chain with Genetic Programming

7. GPU Clustering & OpenCL

Encryption – Code pages in keys● Shift of alphabet

– e.g. Caesar cipher A=D, B=E, C=F– Probably never fooled anybody

(except Caesar)

● Many more sophisticated systems developed from 1500s to mid-20th century– Substitution and transposition of letters– Some essentially unbreakable by manual means

● Made obsolete by computers circa 1940

Encryption – Code pages in keys

Enigma vs. Computer – computer wins!

Turing's machine

Desch's machines – even faster

Enigma vs. Human – Enigma wins!

Weakest part of cryptosystem

Encryption – Code pages in keys

Encryption – Code pages in keys• One: hard problems in mathematics

– Breaking the system requires an efficient algorithm for solving a hard problem – e.g. Factoring large numbers, discrete logarithms

– Examples: RSA, El Gamal– Used in public key systems– Slow

• Two: information theory – Texts scrambled by repeated application of bit shifts and

permutations– Examples: DES, AES– Used in private key systems– Fast

Encryption – photon level (but complicate)

RSA vs. Quantum Computer – computer wins!

C = Me mod n

d = e-1 mod ((p-1) (q-1))

RSA vs. supercomputer: 40 Tflop/s (4 x 1012 flop/sec)– RSA wins!

RSA Cryptosystem

Encryption – photon level (but complicate)

Encryption – photon level (but complicate)

Quantum EncryptionFast, Complicate, Expensive

Network Coding??

DEFINITIONNetwork coding is a particular in-

network data processing technique that exploits the characteristics of the

medium (in particular, the broadcast

communication channel) in order to increase the capacity or the

throughput of the network

• Without network coding– Simple store and forward

– Multicast rate of 1.5 bits per time unit

• With network coding– X-OR is one of the simplest form of data coding

– Multicast rate of 2 bits per time unit– Disadvantages

• Coding/decoding scheme has to be agreed upon beforehand

Network Coding happens at optical fiber and/or OSI Layer2.

Multi-level XOR encryption*

* Engineering of Encryption, Bruce Schneider

Network Coding prototyping tool

Resilience and accuracy

through Hidden Markov Chain

Hidden Markov ChainUsed in Kinect (Microsoft) on Motion Command

A random sequence has the Markov property if its distribution is determined solely by its current state. Any random process having this property is called a Markov random process.

For observable state sequences (state is known from data), this leads to a Markov chain model.

For non-observable states, this leads to a Hidden Markov Model (HMM).

Hidden Markov ChainUsed in Kinect (Microsoft) on Motion Command

The term “hidden” - we can only access to visible symbols (observations)- drawing conclusions without knowing the hidden sequence of states

Causal: Probabilities depend on previous states

Ergodic if every state is visited in transition sequence for any given initial state

Final or absorbing state: the state which, if entered, is never left

Hidden Markov Chain

• A Hidden Markov Model (HMM) is a discrete-time finite-state Markov chain coupled with a sequence of letters emitted when the Markov chain visits its states.

States (Q): q1 q2 q3 ...

Letters (O): O1 O2 O3

Hidden Markov Chain

Hidden Markov Chain

• Modeling protein families: (1) construct multiple sequence alignments(2) determine the family of a query sequence

• Gene finding through semi-Hidden Markov Models (semiHMM)

Hidden Markov Chain[HMM for Sequence Alignment] Consider the following Markov chain underlying a HMM, with three types of states:

“match”; “insert”; “delete”

Recap• Cloud secure data

movement • Use standard

hardware• Open to common

tools, like Python

QUESTIONS?