쥐스킨트의 작은 서재

Temporal Key Integrity Protocol

Temporal Key Integrity Protocol or TKIP was a stop gap security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim solution to replace WEP without requiring there placement of legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware. TKIP is no longer considered secure and was deprecated in the 2012 revision of the 802.11 standard.

Security

TKIP uses the same underlying mechanism as WEP, and consequently is vulnerable to a number of similar attacks. The message integrity check, per-packet key hashing, broadcast key rotation, and a sequence counter discourage many attacks. The key mixing function also eliminates the WEP key recovery attacks.

CCMP

Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. It was created to address the vulnerabilities presented by WEP, a dated, insecure protocol.

Replay attack

A replay attack (also known as play back attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution.

System in package

A system in package (SiP) or system-in-a-package is a number of integrated circuits enclosed in a single module (package). The SiP performs all or most of the functions of an electronic system, and is typically used inside a mobile phone, digital music player, etc. Dies containing integrated circuits may be stacked vertically on a substrate. They are internally connected by fine wires that are bonded to the package. Alternatively, with a flip chip technology, solder bumps are used to join stacked chips together.

SiP dies can be stacked vertically or tiled horizontally, unlike slightly less dense multi-chip modules, which place dies horizontally on a carrier. SiP connects the dies with standard off-chip wire bonds or solders bumps, unlike slightly denser three-dimensional integrated circuits which connect stacked silicon dies with conductors running through the die.

Many different 3-D packaging techniques have been developed for stacking many more-or-less standard chip dies into a compact area.

An example SiP can contain several chips –such as a specialized processor, DRAM, flash memory – combined with passive components– resistors and  capacitors – all mounted on the same substrate. This means that a complete functional unit can be built in a multi-chip package, so that few external components need to be added to make it work.

Systemon a chip

A system on a chip or system on chip (SoC or SOC) is an integrated circuit (IC) that integrates all components of a computer or other electronic system into a single chip. It may contain digital, analog, mixed-signal, and often radio-frequency functions – all on a single chip substrate. SoCs are very common in the mobile electronics market because of their low power consumption. A typical application is in the area of embedded systems.

Locator/Identifier Separation Protocol

Locator/ID Separation Protocol (LISP) is a “map-and-encapsulate” protocol which is developed by the Internet Engineering Task Force LISP WorkingGroup. The basic idea behind the separation is that the Internet architecture combines two functions, routing locators (where a client is attached to the network) and identifiers (who the client is) in one number space: the IP address. LISP supports the separation of the IPv4 and IPv6 address space following a network-based map-and-encapsulate scheme. In LISP, both identifiers and locators can be IP addresses or  arbitrary elements like a set of GPS coordinates or MAC address.

Dictionary attack

In cryptanalysis and computer security, adictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or pass phrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.

Pre-computed dictionary attack/ Rainbow table attack

It is possible to achieve a time-space trade off by pre-computing a list of hashes of dictionary words, and storing these in a database using the hash as the key. This requires a considerable amount of preparation time, but allows the actual attack to be executed faster.

Denial-of-service attack

In computing, a denial-of-service (DoS)attack is an attempt to make a machine or network resource unavailable to itsintended users, such as to temporarily or indefinitely interrupt or suspendservices of a host connected to the Internet. Denial of service is typicallyaccomplished by flooding the targeted machine or resource with superfluousrequests in an attempt to overload systems and prevent some or all legitimaterequests from being fulfilled.

A distributed denial-of-service (DDos) iswhere the attack source is more than one, often thousands of, unique IPaddresses. It is analogous to a group of people crowding the entry door or gateto a shop or business, and not letting legitimate parties enter into the shopor business, disrupting normal operations. The scale of DDoS attacks hascontinued to rise over recent years, even reaching over 400Gbit/s.

Criminal perpetrators of DoS and DDoSattacks often target sites or services hosted on high-profile web servers suchas banks, credit card payment gateways.

Attacktechniques

A denial-of-service attack is characterizedby an explicit attempt by attackers to prevent legitimate users of a servicefrom using that service. There are two general forms of DoS attacks: those thatcrash services and those that flood services.

The most serious attacks are distributedand in many or most cases involve forging of IP sender addresses so that thelocation of the attacking machines cannot easily be identified, nor canfiltering be done based on the source address.

Defensetechniques

Defensive responses of denial-of-service attackstypically involve the use of a combination of attack detection, trafficclassification and response tools, aiming to block traffic that they identifyas illegitimate and allow traffic that they identify as legitimate.

Single-board computer

A single-board computer (SBC) is a completecomputer built on a single circuit board, with microprocessor, memory,input/output and other features required of a functional computer.

Single-board computers were made asdemonstration or development systems, for educational systems, or for use asembedded computer controllers. Many types of home computer or portable computerintegrated all their functions onto a single printed circuit board.

Unlike a desktop personal computer, singleboard computers often do not rely on expansion slots for peripheral functionsor expansion. Some single-board computers are made to plug into a backplane forsystem expansion. Single board computers have been built using a wide range ofmicroprocessors. Simple designs, such as built by computer hobbyists, often usestatic RAM and low-cost 8 or 16 bit processors.

Software-definednetworking

Software-defined networking (SDN) is anapproach to computer networking that allows network administrators is managenetwork services through abstraction of lower-level functionality. SDN is meantto address the fact that the static architecture of traditional networks doesn’tsupport the dynamic, scalable computing and storage needs of more moderncomputing environments such as data centers. This is done by decoupling ordisassociating the system that makes decisions about where traffic is sent fromthe underlying systems that forward traffic to the selected destination.

Concept

Software-defined networking (SDN) is an architecturepurporting to be dynamic, manageable, cost-effective, and adaptable, seeking tobe suitable for the high-bandwidth, dynamic nature of today’s applications. SDNarchitectures decouple network control and forwarding functions, enablingnetwork control to become directly programmable and the underlying infrastructureto be abstracted from applications and network services.