A trip to Bletchley Park

IMG_3807

For everyone interested in history of information security I highly recommend visiting Bletchley Park. Among other things, visitors can explore legendary British WW2 Codebreaking Huts, learn more about the cryptography and the Enigma machine in particular.

IMG_3803

There is even a computer simulation available that explains in simple terms the basic principles behind the device.

IMG_3808

Some interesting facts about Alan Turing and more modern exhibitions definitely sparkle the curiosity of any visitor.


Won the UK Cyber Security Challenge

UK cyber

I participated in UK Cyber Security Challenge.

Our university team won the competition.

It was an interesting experience and through teamwork we solved all the challenging puzzles other universities had submitted.

Try to crack Christmas Cipher 2012 to practice for upcoming UK Cyber Security challenges.


Cryptography

crypto=mindmap13.58.04

Enigma Machine Spreadsheet

You can try encrypting your own messages using this spreadsheet

How AES encryption works –  a flash clip demonstrating Rijndael cipher in action

A Stick Figure Guide to the Advanced Encryption Standard

Public Key Cryptography: Diffie-Hellman Key Exchange


Information security e-learning

The Internet gives us unlimited opportunities to educate ourselves. Here I want to share with you some free resources, which can help you understand information security concepts better.

1. For those of you who want to familiarize yourself with ISO 27001 standard  I recommend free e-learning course

“The purpose of this course is to enable information security practitioners to successfully implement an ISO 27001 compatible information security management system in their respective organizations. This course is made freely available to interested candidates and is modeled on ISO 27001 Lead Implementer courses.” (c) ISQ

2. Designing and Executing Information Security Strategies course provides you with opportunities to integrate and apply your information security knowledge. Following the case-study approach, you will be introduced to current, real-world cases developed and presented by the practitioner community. You will design and execute information assurance strategies to solve these cases. A term-long capstone project leads you through an actual consulting engagement with a local organisation  adding experience to your resume before you even complete the program.

3. Stanford University provides free online cryptography courses.

Basic

“This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field.” (c) Dan Boneh

Advanced

“The course begins with constructions for digital signatures and their applications.   We will then discuss protocols for user authentication and zero-knowledge protocols.    Next we will turn to privacy applications of cryptography supporting anonymous credentials and private database lookup.  We will conclude with more advanced topics including multi-party computation and elliptic curve cryptography” (c) Dan Boneh

4. One-hour seminar by Xeno Kovah (Mitre) on rootkits highlights the few weaknesses in detection methodologies and many weaknesses in tools

5. Using buffer overflows

– Understanding the Stack – The beginning of this video explain Intel x86 function-call conventions when C code is compile

– Buffer Overflow Exploitation Megaprimer for Linux video series

6. Series of videos introducing wireless networking and the application of penetration testing tools to WLANs