Computation on Encrypted Data (Industry day)

On Friday, the COSIC research group of KU Leuven organised an event arranged by professor Nigel P. Smart in Leuven about computation on encrypted data. More specifically, it was about secure multi-party computation (MPC) and fully homomorphic encryption (FHE).

I learnt a lot about the concepts, the existing and potential use cases of these practical data protection tactics. As a researcher interested in middleware, cloud computing and applied cryptography, it was a fruitful day for me!

Continue reading

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Spring Boot application secured by self-signed HTTPS

In this article we secure our Spring Boot application with HTTPS. First of all we become familiar with TLS/SSL  briefly. Then we see how we can generate a self-signed certificate and secure a simple Spring Boot application. We call this project Spring Boot HTTPS Seed and you can grab the code from my Github. Continue reading

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

OAuth 2.0 authentication of a Native Application to a Secured Web API using Azure AD

In this article we briefly explains how a Native Application client can authenticate itself against Azure AD and obtain access token in order to safely gain access to a secured Web API. Then, a very short example is given using Java and CURL. Continue reading

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Security threats in Uploadify

I have a Plugin installed in my WordPress which gives me a nice statistical overview of the blog. There is a section in this plugin reporting “Top Links”. Surprisingly, these are the top links:

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.

Well, number 2 explains that many people are interested in my backend rather than actual content in the blog.

Interesting links are the ones from number 6 onwards! These links just do not exist in my blog; meaning that there are bots somewhere trying to discover these links on the web. In other words, there is a Uploadify thing somewhere which may have some vulnerabilities!! And guess which country is mainly behind these attacks?! Let’s look at the distribution of the visitors of the blog:

Visitors map

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

How PGP works? A simple introduction

The Pretty Good Privacy (PGP) is an encryption strategy for (de)encrypting and signing data in general and email/messages in specific. While doing PGP, two other well-known cryptography algorithms are going to be used: Public-Key (Asymmetric), and Symmetric cryptography. So we firstly discuss these two ingredients, and then the PGP recipe.
Continue reading

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather