Ed's Big Plans

Brief: This is a technical briefing I made for fellow students in a Computer Security class (Winter 2011) about Secure Socket Layer [SSL] (now Transport Layer Security [TLS]). These briefings fit in nicely since it came after Dr. Obimbo explained the number theory behind RSA (modulus prime exponentiation). I went to the primary source on this topic to write this document: thanks to the Internet Engineering Task Force. I’ve posted this document as a consumable reference for anyone who needs it.

>>> Download: A Network Security Spotlight on SSL/TLS and HTTPS (pdf) <<<

Figure $_: A Schematic of the SSL/TLS Handshaking Procedure.

This document is licensed under Creative Commons Attribution 3.0 Unported. The enclosed figures are further released into the public domain.

I was asked to deploy a means to fight spam account registration on a phpBB3 installation. I tried the advice posted by Nadav Samet, but the version of phpBB3 we use doesn’t seem to respond to changes made to profile_add_body.tpl. I settled on an approach that’s similar to the one posted by Steve Maury, but is slightly improved as you can request any exact string for an answer from the registrant.

This method should work with phpBB3 version 3.0.x.

This method results in a mandatory field to be completed by the registrant during registration time. You can assign it any question you like where the answer is a string of text that you decide. I’ve given a really simple question in this example. Use a more difficult question that a bot would have trouble with but that your typical registrants can answer.

We do this with a custom profile field in the registration screen as in the below screen capture.

The above is a screen capture of an example mandatory question (choose a more secure question).

There are two steps to setting this up.

First, set up a custom question that must be answered — you can find such a setting in the administrative control panel (ACP) as in the following screen capture.

Add a mandatory question in user and groups → custom profile fields → create new field.
Here, I’ve named mine guelph_question.

After you click Create new field, you will be presented with a screen where you can create the question of your choosing — be sure to make the field mandatory by using the radio button labelled Required field listed under Visibility options.

Second, add the following code indicated below in includes/ucp/ucp_register.php – Notice that I’ve placed my custom code after existing code to check for a valid password and e-mail. This is commented under validate custom profile fields ( — just checked — starts at line 247 in the 3.0.9 source code). Replace the simple question and answer I’ve placed there with your own question and answer. Notice that you also have full control over the error message that the registrant sees if they answer the question incorrectly.

// validate custom profile fields
$cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error);

if (!sizeof($error))
{
	if ($data['new_password'] != $data['password_confirm'])
	{
		$error[] = $user->lang['NEW_PASSWORD_ERROR'];
	}

	if ($data['email'] != $data['email_confirm'])
	{
		$error[] = $user->lang['NEW_EMAIL_ERROR'];
	}
}

// Anti-spam code below ...
if (!sizeof($error)) {
	if (!isset($_POST['pf_guelph_question']) ||
	$_POST['pf_guelph_question'] != 'Gryphon') {
		$error[] = 'Incorrect answer to Guelph question.';
	}
}
// ... EOAnti-spam code

And you’re done.

I hope this works for you! Enjoy

Here’s a script I threw together to do grey-level segmentation using fuzzy c-means. This appeared as a small part of a project in the image processing course I took. The algorithm deployed was really a proof of concept meant to replicate and verify the results of another author — as such, I don’t recommend ever using fuzzy c-means for this task as it’s pretty inefficient. This software will handle any number of grey-level-segments you desire, but I recommend eight as a maximum.

The code and course project paper are originally dated April 20th, 2011.

>>> Download: FCMProjectPaper.pdf | FCMProject.tgz <<<

( Requires pypng – Python PNG encoder/decoder )

Here are the examples included in the above archive. I like pictures.

Sunny in 8-bit greyscale, 3-bit greyscale, 2-bit greyscale.

Auryo in 8-bit greyscale, 3-bit greyscale, 2-bit greyscale.

Enjoy

I’ve just finished my presentation in Adelaide. This is the first real biology-heavy conference I’ve been to. Sujeevan has brought me along with the BOLD team from BIO in order to present my work — and more importantly — to acquire some resolution about the barcoding culture and its biological significance. The Consortium for The Barcode of Life (CBOL) co-hosted this event with many biodiversity parties in Australia. Another huge group present was the International Barcode of Life (iBOL) project. The Barcode of Life Conference is held every other year and is attended by researchers interested in the concerted international barcoding effort. I presented my preliminary findings with a data analysis session and had excellent feedback — it’s pretty clear where to go next with my thesis! My talk describes the first steps to automating barcode (contig-like) assembly from ab1 sequencer trace files. This talk describes the present need for automation, trends that we can readily detect in currently assembled data and most importantly — detectable patterns in how human experts perform manual barcode assembly.

The full name of the conference is Fourth International Barcode of Life Conference.

>>> Download: ( pdf: EddieMaBOL2011Adelaide.pdf | zip: EddieMaBOL2011Adelaide.pdf.zip ) <<<

Slides 6, 16, 24 from my presentation — The need for automation; Compositional bias and human edits [null hypothesis]; Where are human edits occurring [in Lepidoptera]?

This has been a very enjoyable conference

Brief: While I was preparing for the Complex Adaptive Systems 2011 in Chicago, I bumped into a little problem. The Elsevier LaTeX template for journal papers renders page numbers, but page numbers were not to be included in the final revision for the conference proceedings.

We needed to (1) remove page numbers, but (2) continue to include page headers that have the paper title and author names.

To do this, I mashed together the horrible block of markup below

% declarations for front matter

%%%%% hack -- remove page numbers
\pagestyle{empty}
\usepackage{fancyhdr}
\lhead{}
\chead{\emph{\footnotesize
Primary Author and Secondary Author / Procedia Computer Science 00 (2011)
}}
\cfoot{}
\renewcommand{\headrulewidth}{0pt}
\pagestyle{fancy}
%%%%%

\begin{document}

The above example requires the fancy header package (\usepackage{fancyhdr}), we get an italicized, small text header (\emph{\footnotesize{…}}) with arbitrary text. Since I don’t explicitly define page numbers, they won’t appear. We also don’t need footers (\cfoot{}).

Note that you can create your own arbitrary headers with this package, or — if you’re in a rush like I was — just use the above as is, and replace the arbitrary text

Hope this helps!

I’ve just returned from the Complex Adaptive Systems conference on Wednesday after an eight hour drive — well, most of the driving was done by Dr. Obimbo and Haochen. I presented my paper An evolutionary computation attack on one-round TEA. This paper is built on top of my course project in Computer Security (University of Guelph, Winter 2011). This is my first cryptanalysis paper, and is an aside to the bioinformatics focus of my thesis.

My slides introduce Tiny Encryption Algorithm (TEA) pretty well, along with Genetic Algorithm (GA) and Harmony Search (HS). The slides detailing the results aren’t quite as self-explanatory, but are bearable since the theme is fairly easy to establish: simpler keys are easier to break than more complicated ones.

>>> Download: CAS2011Chicago.pdf – my presentation from Chicago. <<<

I might look at cryptanalysis again in future — but I’ll certainly use Evolutionary Computation (EC) again. It’s just too readily available in my toolkit, and is far too easy to deploy. One of the major lessons of this project that became very clear through during discussion with the audience is that the operators that are part of an EC algorithm should reflect the kind of problem we’re trying to solve. This might seem obvious at first, but I think it’s more subtle than that. For this project, HS enabled the EC to probe a keyspace with many repetitions — something that GA operators alone didn’t provide us.

In general however, the solution space is lumpy enough that using ECs against stronger encryption schemes is just not viable — unless the EC had some magic to overcome the linearly inseparable lumps. I haven’t yet met such an operator and am not convinced one way or another about its existence. I’ll certainly introduce you if I ever do bump into it