Li Dong – WindowsTechs.com

Ways to make white-box cryptography AES implementation more difficult to be broken [migrated]

Posted on June 3, 2019 by Li Dong

Background: I want to use white-box cryptographic to hiding the keys stored in the client application.

I am looking for existing implementations of white-box cryptography, such as AES 128 or 256. But I found that almost all … Continue reading Ways to make white-box cryptography AES implementation more difficult to be broken [migrated]→

How link flooding DDoS attack remain undetected?

Posted on December 9, 2018 by Li Dong

I read some explains or paper about link flooding DDoS attack, which is new relatively.

For example

“employs legitimate, low-density flows to flood a group of selected links. Therefore, these malicious flows can hardly be … Continue reading How link flooding DDoS attack remain undetected?→

How link flooding DDoS attack remain undetected?

Posted on December 9, 2018 by Li Dong

I read some explains or paper about link flooding DDoS attack, which is new relatively.

For example

“employs legitimate, low-density flows to flood a group of selected links. Therefore, these malicious flows can hardly be … Continue reading How link flooding DDoS attack remain undetected?→

What are the state-of-art top challenges of DDoS mitigation? [on hold]

Posted on December 7, 2018 by Li Dong

I am reading different latest mitigations to defend Internet or inter-domain network DDoS attack.

Some of my findings (challenges) include, e.g.

where to deploy DDoS countermeasure, such as IXP
ability to defend increasing… Continue reading What are the state-of-art top challenges of DDoS mitigation? [on hold]→

Cyber security specialist vs. consultant vs. architect

Posted on September 12, 2018 by Li Dong

I have a general understand of these 3 roles, but no working experience (actually I work in security R&D). For example (I know some details may vary in different companies):

[Specialist] – design solution /implement secu… Continue reading Cyber security specialist vs. consultant vs. architect→

How to securely generate and store the salting for password hash? [duplicate]

Posted on July 6, 2018 by Li Dong

This question already has an answer here:

How to securely hash passwords?

12 answers

Assume a client authenticates using … Continue reading How to securely generate and store the salting for password hash? [duplicate]→

how to write a snort rule to alert traffic that does not find any matched rules

Posted on April 12, 2018 by Li Dong

Snort in IDS mode:

If there is some traffic that does NOT find any matched rule against all existing Snort rules, how would you write a bottom rule to alert this traffic?

Continue reading how to write a snort rule to alert traffic that does not find any matched rules→

What are the functional similarities and differences between TPM and SGX in trusted computing?

Posted on December 19, 2017 by Li Dong

I know about the TPM (Trusted Platform Module). In recent years, more researchers start to develop on Intel SGX, which I do not have any experience with.

They are both crypto chips, but what are their functional similarities and differen… Continue reading What are the functional similarities and differences between TPM and SGX in trusted computing?→

How a risk assessment impacts information security policy?

Posted on September 19, 2017 by Li Dong

I usually do the technical part of security, so I’m not familiar with security policy area.

Risk assessment (measurement and evaluation) is always taken in an organization, such as to identify vulnerabilities, threats, the impact of threa… Continue reading How a risk assessment impacts information security policy?→

Google SSO uses both OpenID and SAML?

Posted on March 2, 2017 by Li Dong

I read some papers about SSO security recently. Then I found that there are both OpenID-based Google ID SSO and SAML-based Google Apps SSO in the paper. Google.com is the IDP in both cases.

I know that the lastest version is… Continue reading Google SSO uses both OpenID and SAML?→