Viewing 0 current events matching “cryptography” by Date.

Sort By: Date Event Name, Location , Default
No events were found.

Viewing 17 past events matching “cryptography” by Date.

Sort By: Date Event Name, Location , Default
Tuesday
Oct 12, 2010
Galois Tech Talk: Application of Computer Algebra Techniques in Verification of Galois Field Multipliers: Potential + Challenges
Galois, Inc

Presented by Priyank Kalla.

Applications in Cryptography require multiplication and exponentiation operations to be performed over Galois fields GF(2^k). Therefore, there has been quite an interest in the hardware design and optimization of such multipliers. This has led to impressive advancements in this area — such as the use of composite field decomposition techniques, use of Montgomery multiplication, among others.

My research group has recently begun investigations in the verification of such Galois Field multipliers. Unfortunately, the word-length (k) in such multipliers can be very large: typically, k = 256. Due to such large word-lengths, verification techniques based on decision diagrams, SAT and contemporary SMT solvers are infeasible. We are exploring the use of Computer Algebra techniques, mainly Groebner bases theory, to tackle this problem. In this talk, we will see why Groebner bases techniques look promising, while at the same time also studying the challanges that have to be overcome.

Website
Wednesday
Aug 22, 2012
OWASP Chapter Meeting
Portland State University Fourth Avenue Building (FAB)

Double Feature! For this chapter meeting, we have two protocol-oriented talks at PSU. Basic refreshments will be provided.

Kevin P. Dyer presents:
What Encryption Leaks and Why Traffic Analysis Countermeasures Fail

As more applications become web-based, an increasing amount of client-server interactions are exposed to our networks and vulnerable to Traffic Analysis (TA) attacks. In one form, TA attacks exploit the lengths and timings of packets in a protocol's flow to infer sensitive information about communications. In the context of encrypted HTTP connections, such as HTTP over SSH, this means an adversary can determine which website a user is visiting. In the context of a specific web application, an adversary can determine user input by viewing only a few client-server interactions.

Recent advances in the application of Machine Learning tools demonstrate that TA attacks are possible despite industry-standard encryption such as TLS, SSH or IPSec. What is more, even if a protocol uses stronger countermeasures, such as fixed-length per-packet padding, this incurs significant overhead but only provides limited security benefit. These types of security vs. efficiency trade-offs are of immediate concern to security-aware applications such as Tor, and performance-sensitive application features such as Google Search Autocomplete.

In this talk, Kevin will address the state-of-the-art TA attacks and proposed countermeasures in the context of network and web application security. Most importantly, he will discuss open problems in this area and why a general-purpose TA countermeasure remains elusive.

Timothy D. Morgan presents:
HTTPS, Cookies, and Men-in-the-Middle: Why You Shouldn't Allow Marketing Departments to Design Your Security Protocols

Login session management in modern web applications is largely dominated by use of HTTP cookies. However, HTTP cookies were never designed for secure applications, which has led to a significant number of protocol security problems.

In this talk, Tim will start with a brief background on why HTTP cookies are a poorly-conceived mechanism to begin with, and continue with a discussion of how this impacts security. He will describe several lesser-known cookie-based session management problems that remain wide spread and allow for session hijacking through a variety of clever attacks.


Kevin P. Dyer is a PhD student at Portland State University. His research focuses on building protocols that are resistant to Traffic Analysis attacks. Prior to his academic life, Kevin worked as an engineer on various projects in telecommunications security, web security and network security. Kevin holds an MSc in the Mathematics of Cryptography and Communications from Royal

Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.

Timothy D. Morgan is a consultant at Virtual Security Research, LLC (VSR). As an application security specialist and digital forensics researcher, Tim has been taking deep technical dives in security for over a decade. Tim resides in Oregon and works at VSR where he helps to secure his customers' environments through penetration testing, training, and forensics investigations. His past security research has culminated in the release of several responsibly disclosed vulnerabilities in popular software products. Tim also develops and maintains several open source digital forensics tools which implement novel data recovery algorithms.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Jul 2, 2013
OWASP Chapter Meeting
Portland State University Fourth Avenue Building (FAB)

Kevin P. Dyer presents:

P0wning DPI with Format-Transforming Encryption

Deep packet inspection (DPI) technologies provide much-needed visibility and control of network traffic using port- independent protocol identification (PIPI), where a network flow is labeled with its application-layer protocol based on packet contents. In many cases PIPI can be used for good. As one example, it allows network administrators to elevate priority of time-sensitive (e.g., VoIP) data streams. In other cases PIPI can be used for harm, nation-states employ PIPI to block censorship circumvention tools such as Tor. There are many ways to perform PIPI, however, at the core of nearly all modern PIPI systems are regular expressions --- an expressive tool to compactly specify sets of strings.

In this talk, Kevin reviews the state-of-the-art research on the capabilities of state-level DPI, then presents a novel cryptographic primitive called format-transforming encryption (FTE.) An FTE scheme, intuitively, extends conventional symmetric encryption with the ability to transform the ciphertext into a user-defined format using regular expressions. An FTE-based record layer will be presented that can encrypt arbitrary TCP traffic and coerce modern DPI systems into misclassifying any data stream as a target protocol (e.g., HTTP, SMB, RSTP, etc.) of the user's choosing. What's more, this work is not only theoretical in nature --- an open-source FTE prototype is publicly available and has had success in subverting modern DPI systems, including the Great Firewall of China.

PSU is kindly providing coffee, tea, and cookies for us.


Kevin P. Dyer is a PhD student at Portland State University. His research focuses on building protocols that are resistant to traffic-analysis attacks and discriminatory routing policies.. Previously, Kevin worked as a software engineer in telecommunications security, web security and network security. He holds an MSc in the Mathematics of Cryptography and Communications from Royal Holloway, University of London, and a BS in Computer Science and Mathematics from Santa Clara University.

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list:

 https://lists.owasp.org/mailman/listinfo/owasp-portland

Meetings are free and open to the public.

Website
Tuesday
Jul 30, 2013
CryptoParty PDX
Theo's Restaurant

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

If you want to learn about how to encrypt your files and communicate securely, this is the event to come to!

Look for the people with laptops.

Website
CryptoParty PDX
Theo's Restaurant

CryptoParty is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, TrueCrypt, Linux, and virtual private networks to the general public.

This is a free skill-sharing event with other Cryptography and Privacy technology experts, working along side and sharing information with people new to Crypto and Privacy.

Everyone is welcome regardless of experience, bring a Laptop if you have one, if not, bring a USB thumbdrive, a pen and a pad of paper.

If you want to learn about how to encrypt your files and communicate securely, this is the event to come to!

Look for the people with laptops.

Website
Wednesday
Sep 25, 2013
Portland JavaScript Admirers' Monthly Meeting
Janrain Headquarters

The monthly meeting of Portland's first JavaScript and ECMAscript users' group. We host presentations and discussions on everything JavaScript-related - including JavaScript frameworks, node.js, CoffeeScript, and whatever else comes up.

This will be a lightning talk meeting! I encourage everyone to give a short presentation - five minutes or less - especially if you have not presented at pdxjs before. The talk can be on anything you want.

Pick a topic and make some slides, if you want to use slides. A five minute talk works well with ten or fewer slides, which gives you 30 seconds per slide. Add your name and a link to your slides (if any) to the signup sheet.

In addition, Kyle Drake will be presenting on Coinpunk, the future of browser cryptography, why he thinks server-side encryption and password hashing is going away, and how to use HTML5/JS/Node to develop secure applications for Bitcoin, a technology Rickard Falkvinge called "the Napster of banking".

Feel free to join our mailing list at http://groups.google.com/group/pdxjs if you too are a JavaScript admirer.

If you're interested in making a presentation at this or at a future meet-up, please e-mail [email protected].

Website
Friday
Feb 28, 2014
Bitcoin - A Technical Introduction.
Portland State University Fourth Avenue Building (FAB) Room FAB 86-01

"Bitcoin is the world's first decentralized, peer-to-peer, digital currency and payment system. At its heart is an open source value-transfer protocol that facilitates currency transfers among users without relying on a trusted third party. The protocol employs provable-cryptography to prevent counterfeiting, censorship, double-spending, and account seizures.

We'll learn how the bitcoin protocol works, discuss some of its strengths and weaknesses, and dispel some common misperceptions. No prior knowledge of cryptography is required, but a basic understanding of mathematical functions (ie: surjectivity, injectivity, domains, images, preimages, etc) will be assumed."

Website
Tuesday
Apr 1, 2014
Galois tech talk: Practical Challenges to Secure Computation
Galois, Inc

Presented by John Launchbury.

In secure computation, one or more parties collaborate to compute a result while keeping all the inputs private. That is, no-one can gain knowledge about the inputs from the other parties, except what can be determined from the output of the computation. Methods of secure computation include fully homomorphic encryption (where one party owns the input data and the other party performs the whole computation), and secure multiparty computation (where multiple parties collaborate in the computation itself). The underlying methods are still exceedingly costly in time, space, and communication requirements, but there are also many other practical problems to be solved before secure computation can be usable. For programmers, the algorithm construction is often nonintuitive; for compiler writers, the machine assumptions are very different from usual; and for application designers, the application information flow has to match the security architecture. In this talk we will highlight these challenges, and indicate promising research directions.

Website
Tuesday
Apr 8, 2014
Galois tech talk
Galois, Inc

Presented by Morgan Miller.

Cryptographic tools have become more powerful in the last three decades. With that power has come complexity. To use or even understand most security tools you need a thorough understanding of mathematics which makes them inaccessible to the general public. The discipline of usability has been growing as well in the past three decades. There have been few but promising overlaps in usability and security which may provide vital tools for managing our digital selves, upholding the principal of privacy, and preserving freedom of speech.

Website
Friday
Apr 25, 2014
Galois tech talk: A Gentle Introduction to Hiding Usage Patterns
Galois, Inc

abstract: What if you want to store encrypted files on an untrusted Cloud Server in such a way that Server does not even know if you are editing the same file today as you were yesterday, or anything else about your usage patterns other than total amount of traffic to the Server? Clearly, no matter how strong of an encryption you use, access pattern is revealed: Cloud Server can simply track where on the hard drive you read/write from – clearly encryption does not hide that information. One naive solution to prevent revealing access pattern to the Server is to simply read all your data back from the Server and re-write your entire data back to Server in its entirety for each read/write. This works, but it is clearly impractical. Oblivious Random Access Memory (ORAM) is an algorithm that allows you to completely hide arbitrary access pattern in an efficient manner. In this talk, I will describe Oblivious RAM from the ground up, starting from my own Ph.D. thesis work on this topic (STOC 1990, MIT Ph.D. 1992) which showed the first efficient ORAM. The Journal Version of this work gained over 450 references according to Google Scholar [Ostrovsky-Goldreich JACM 1996] and ORAM became an important area of research in Cryptography in the last 5 years. I will describe surprising connections of ORAM to (1) tamper-proof embedded systems, (2) Software Protection (3) Secure Multi-Party and Secure Two Party Computation as well as (4) ways to securely compile programs with loops, “goto” statements, recursion, etc. into Garbled programs without “unrolling” the execution path, yet not revealing anything about the execution path. I will also compare and contrast ORAM to Single-Server Private Information Retrieval (Single-server PIR), which I co-invented with Kushilevitz in 1997, and explain important differences of these two models. The talk will be self-contained and accessible to the general audience.

Speaker bio: Rafail Ostrovsky is a Professor of Computer Science and Professor of Mathematics at UCLA and co-founder of Stealth Software Technologies, Inc. He has over 200 papers published in refereed journals and conferences and has 11 U.S. Patents issued. In 2013, Dr. Ostrovsky was inducted as an IACR (International Association of Cryptologic Research) Fellow. He currently serves as Vice-Chair of the IEEE Technical Committee on Mathematical Foundations of Computing and has served on 38 international conference Program Committees including serving as a PC chair of FOCS 2011. He is a member of the Editorial Board of JACM, the Editorial Board of Algorithmica; and the Editorial Board of Journal of Cryptology; he serves on the Editorial and Advisory Board of the International Journal of Information and Computer Security and is a member of the steering committee of the international symposium of Security in Communication Networks (SCN). He is a recipient of multiple academic awards and honors and has google h-index factor of 55. At UCLA, Prof. Ostrovsky heads security and cryptography multi-disciplinary Research Center (http://www.cs.ucla.edu/security/) at Henry Samueli School of Engineering and Applied Science.

Website
Friday
Aug 22, 2014
Tech Talk: Verified Cryptographic Implementations
Galois, Inc. Auxiliary Meeting Room

Galois is pleased to host the following tech talk. These talks are free and open to the interested public--please join us! (There is no need to pre-register for the talk.)

Abstract

EasyCrypt is a computer-assisted framework for proving the security of cryptographic constructions. However, there is a significant gap between security proofs done in the usual provable security style and cryptographic implementations used in practice; as a consequence, real-world cryptography is sometimes considered as “one of the many ongoing disaster areas in security. We have recently extended EasyCrypt with support for reasoning about C implementations, and exploited the CompCert verified compiler to carry the security proof to executable code. Moreover, we have developed verified type-based information flow analyses on assembly code to ensure that executable code is protected against cache-based side-channel attacks.

Bio

Gilles Barthe received a Ph.D. in Mathematics from the University of Manchester, UK, in 1993, and an Habilitation à diriger les recherches in Computer Science from the University of Nice, France, in 2004. He joined the IMDEA Software Institute in April 2008. Previously, he was head of the Everest team on formal methods and security at INRIA Sophia-Antipolis Méditerranée, France. He also held positions at the University of Minho, Portugal; Chalmers University, Sweden; CWI, Netherlands; University of Nijmegen, Netherlands. He has published more than 100 refereed scientific papers. He has been coordinator/principal investigator of many national and European projects, and served as the scientific coordinator of the FP6 FET integrated project “MOBIUS: Mobility, Ubiquity and Security” for enabling proof-carrying code for Java on mobile devices (2005-2009). He has been a PC member of many conferences (CSF, ESORICS, FM, ICALP, ITP…), and served as PC (co-)chair of VMCAI’10, ESOP’11, FAST’11, and SEFM’11. He is a member of the editorial board of the Journal of Automated Reasoning.

His research interests include formal methods, programming languages and program verification, software and system security, and cryptography, and foundations of mathematics and computer science.

Website
Tuesday
Dec 16, 2014
Galois tech talk: Common crypto mistakes in Android – and how we can make it better
Galois Inc

abstract: If you do a web search for “encrypting Strings in Android”, you’ll find a lot of example code, and they all look pretty similar. They definitely input a String and output gibberish that looks like encrypted text, but they are often incorrect. Crypto is tricky: it’s hard to tell that the gibberish that’s being printed is not good crypto, and it’s hard to tell that the code example you picked up from Stack Overflow has serious flaws.

The problem here is that sites like Google and Stack Overflow rank results based on popularity, but the correctness of crypto isn’t something we can vote about. It’s not a popularity contest. To use it correctly, you have to understand the properties of the algorithm and the security goals of your code. Maybe the bad crypto someone pasted up on the Internet was acceptable for their needs, but there’s a good chance it’s completely unacceptable for yours.

In this talk, we’ll discuss the use of a very common crypto algorithm, AES, and show how code examples on the Internet usually make serious mistakes in how they use AES libraries. What are the consequences of these mistakes and what are more reasonable defaults. We’ll also talk a bit about our simple Android library that tries to do AES right.

More information on the Tozny blog: http://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/

bio: Isaac is a security researcher at Galois where he has lead authentication and collaboration projects for the DoD and IC. Isaac earned his master’s degree in Cybersecurity from the University of Maryland, University College, and his B.S. in Computer Science from Ohio State University. In 2013, Isaac founded Tozny, a Galois spin-off company aimed at solving the password conundrum. Easier and more secure than passwords, Tozny replaces passwords with an easy-to-use cryptographic key on a user’s mobile phone.

Website
Monday
May 4, 2015
The History of Cryptography
Taborspace

The History of Cryptography at Portland Underground Grad School

With the rise of privacy concerns in digital spaces, encryption technology has become an increasingly important modern topic. But the practice of secure communications, and the practice of breaking it, have been around for centuries. Come examine the origins of cryptography, from Caesar ciphers to modern day techniques and even learn some basic crypto methods that can be done by hand.

This is a four week class and requires reservations. See the website!

Website
Tuesday
Apr 18, 2017
OpenBazaar Decentralized Market
PDX Sliders

Bring your laptop, or Raspberry Pi and get help installing and running OB. Runs on Windows, OSX and Linux. It can also be run on a server elsewhere while maintaining it from a client.

We'll be meeting at the PDX Sliders (upstairs) so food and drinks are available if people want.

OpenBazaar is a decentralized / peer-to-peer market that can't be controlled, or regulated by corporations or governments. And it's completely free to use (assuming you have a computer and internet access.)

Become a Bazaarian, and trade free!

This meeting is happening concurrently with the Portland Bitcoin Meetup.

Website
Tuesday
Dec 19, 2017
Portland Enterprise Blockchain Meetup - Enterprise Blockchain Meetup for December
NedSpace

We have scheduled our next gathering on December 19th! Please RSVP and add us to your calendar.

We'll have folks heading up technology for Cover US, a project that recently won the health category at the Blockchain for Social Impact Hackathon in mid-November. In a nutshell, CoverUS is a tool and an incentive system to help people navigate getting access to healthcare, and making lasting changes that improve their health.

https://www.coverus.io/

https://www.blockchainforsocialimpact.com/hackathon/

Preso's and Q&A from the hackathon demo day on 11/17: CoverUS is at about 0:49
https://www.facebook.com/ethereum4impact/videos/1451155681669160/

Information for our Meet-up on December 19th:

• Doors open at 6PM; Speakers start at 6:30PM

• Located at NedSpace office (707 Southwest Washington Street, Portland, OR)

• Refreshments will be provided

• We will have more details about presentations shortly; there will also be meet & greet and informal evening discussions

Looking forward to seeing everyone!

Website
Wednesday
Dec 20, 2017
Blockstack Portland - Blockstack Holiday Meetup
Nedspace

• What we'll do
We'll do a quick intro to Blockstack, and then use the rest of the time socialization, food, fun, swag. Tell us what you're working on!

• What to bring
A laptop, if you want to install Blockstack.

• Important to know

Website
Wednesday
Sep 26, 2018
Blockstack Portland - Blockstack Development - Getting Started
Beaverton City Library

This will be a development-focused workshop on Blockstack development. Bring your laptops, questions, existing projects, etc.

The format will be:
1) Quick overview of the Blockstack development platform
2) Start coding

For the coding portion, in parallel we'll be doing a walkthrough for new developers, or coding on new/existing projects for experienced developers. We'll have a few tables set up where we can organize around experience levels.

Website