Language-Based Anomaly Detection in Client-Cloud Interaction

Total Page:16

File Type:pdf, Size:1020Kb

Language-Based Anomaly Detection in Client-Cloud Interaction Author Harald Lampesberger, MSc Submission Christian Doppler Laboratory for Client-Centric Cloud Computing, Institute for Application Oriented Knowledge Processing First Supervisor Prof. Dr. Klaus-Dieter Schewe LANGUAGE-BASED Second Supervisor Prof. Dr. Joachim Biskup ANOMALY DETECTION April 2016 IN CLIENT-CLOUD INTERACTION Doctoral Thesis to confer the academic degree of Doktor der technischen Wissenschaften in the Doctoral Program Technische Wissenschaften JOHANNES KEPLER UNIVERSITY LINZ Altenberger Str. 69 4040 Linz, Austria www.jku.at DVR 0093696 Sworn Declaration I hereby declare under oath that the submitted Doctoral Thesis has been written solely by me without any third-party assistance, information other than provided sources or aids have not been used and those used have been fully documented. Sources for literal, paraphrased and cited quotes have been accurately credited. The submitted document here present is identical to the electronically submitted text document. Linz, 20th April 2016 Harald Lampesberger iii iv Abstract For consuming a cloud service, clients and services need to communicate using a variety of languages and protocols. The Extensible Markup Language (XML) is the foundation of electronic data exchange in many existing and upcoming cloud standards and subject of this thesis. XML-based protocols are usually declared in the industry standard XML Schema (XSD), and schema validation is a first line of defense against syntactically undesirable protocol messages. However, schemas are not enforced in some XML-based protocols and may not be available, and XSD best practices recommend extension points for loose composition. Schema extension points are in fact wildcards. They exist in many protocol specifications, and they break schema validation. An attacker can add arbitrary content into a document at an extension point without being rejected by schema validation. This is exploited by various attacks, i.e., the signature wrapping attack, and in the last years, several signature wrapping attacks were successfully executed against cloud management interfaces and identity providers. Syntactic schema validation can be effective against this attack but requires a language representation without extension points. In this thesis, I propose a security monitor for language-based anomaly detection in XML-based interaction. The security monitor has a learner and validator component. The learner infers an automaton from syntactically acceptable messages, and the validator utilizes the automaton for identifying syntactically non-acceptable messages in an inter- action. Only learning from positive examples is considered because XML attacks are highly service specific, and violating examples are usually not available. The first contribution is extending XML visibly pushdown automata (XVPAs) toward datatyped XVPAs (dXVPAs) for representing mixed-content XML in the learner. A dXVPA is translated to a character-data XVPA (cXVPA) for efficient stream validation in the validator. The second contribution is a lexical datatype system for generalizing text contents in mixed-content XML by inferring datatypes according to lexical subsumption and a preference heuristic. The third contribution is a set of algorithms for an incremental and set-driven learner. For dealing with poisoning attacks in realistic deployments, the learner has unlearning and sanitization capabilities for removing once-learned examples and trimming low-frequent states and transitions. A prototype has been experimentally evaluated in two synthetic and two simulated scenarios. Realistic data was generated from an Apache Axis2 web service by simulating state-of-the-art XML attacks. The proof of concept showed promising results: the learner only needed a few examples to converge to a stable language representation. Detection rates for all datasets were between 82.35% and 100% without false positives and outperformed traditional schema validation. Poisoning attacks were also successfully removed by unlearning and sanitization. Use cases for integrating the proposed security monitor are, e.g., a middleware security component, an anomaly detection component in XML firewalls, and a client browser plug-in for filtering XML-based resources. v vi Kurzfassung Für die Nutzung eines Cloud-Services müssen Klienten und Services mit einer Vielfalt an Sprachen und Protokollen kommunizieren. Die Extensible Markup Language (XML) nimmt hier eine spezielle Rolle ein, da viele aktuelle und zukünftige Standards im Cloud Computing auf XML-basierten Protokollen aufbauen. XML steht deshalb im Zentrum dieser Arbeit. XML-basierte Protokolle sind typischerweise im Industriestandard XML-Schema (XSD) spezifiziert. Schema-Validierung ist daher eine erste Instanz um syntaktisch unerwünschte Protokollnachrichten zu filtern. Schemas sind in manchen Protokollen jedoch nicht zwingend erforderlich und daher möglicherweise nicht verfügbar, und sogenannte Erweiterungspunkte haben sich in XSD für die lose Komposition von Schemas durchgesetzt. Schema-Erweiterungspunkte sind Platzhalter, die in vielen Protokollspezifikationen auftreten und letztendlich Schema- Validierung aushebeln. Konkret kann ein Angreifer trotz Validierung beliebigen Inhalt in einem XML-Dokument platzieren. Das kann für verschiedene Angriffe ausgenützt werden, z.B. für einen Signature-Wrapping-Angriff. In den letzten Jahren wurden mehre- re erfolgreiche Signature-Wrapping-Agriffe auf Cloud-Management-Schnittstellen und Identitätsprovider demonstriert. Syntaktische Validierung von Dokumenten könnte den Signature-Wrapping-Angriff verhindern, wenn keine Erweiterungspunkte in der Sprach- repräsentation sind. Diese Dissertation beschreibt einen Sicherheitsmonitor für sprachbasierte Anoma- lieerkennung in XML-basierter Interaktion. Der Sicherheitsmonitor hat eine Lern- und eine Validierungskomponente. Die Lernkomponente erlernt einen Automaten aus syntak- tisch akzeptablen Protokollnachrichten, und die Validierungskomponente benützt diesen Automaten, um syntaktisch nicht-akzeptable Protokollnachrichten in der Interaktion zu identifizieren. Das Lernverfahren konzentriert sich ausschließlich auf Positivbeispiele, da XML-Angriffe sehr servicespezifisch sind und dadurch die Verfügbarkeit von Gegenbei- spielen üblicherweise nicht gegeben ist. Der erste Beitrag umfasst Erweiterungen des XML Visibly Pushdown Automaten (XVPA) mittels Datentypen (dXVPAs) als Sprachdarstellung von mixed-content XML in der Lernkomponente. Ein dXVPA lässt sich wiederum in einen character-data XVPA (cXVPA) übersetzen, welcher für effiziente Stream-Validierung in der Validierungskom- ponente herangezogen wird. Der zweite Beitrag ist ein lexikalisches Datentypensystem für das Generalisieren von Textinhalten in mixed-content XML durch Datentypen. Pas- sende Datentypen für einen Textinhalt werden durch lexikalische Subsumtion und einer Präferenzheuristik ermittelt. Der dritte Beitrag umfasst Algorithmen für einen schrittwei- sen und mengenbasierten Lerner. Um den praktischen Umgang mit Poisoning-Angriffen in realistischen Umgebungen zu erleichtern, hat der Lerner zusätzliche Fähigkeiten: er kann bereits gelernte Beispiele wieder vergessen, und durch das Entfernen von wenig frequentierten Zuständen und Zustandsübergängen können versteckte Poisoning-Angriffe bereinigt werden. vii Ein Softwareprototyp wurde experimentell in zwei synthetischen und zwei simulierten Szenarios evaluiert. Mithilfe eines Apache-Axis-2-Webservices und durch Simulation von aktuellen XML-Angriffen wurden realistische Daten erzeugt. Die Experimente zeig- ten vielversprechende Ergebnisse. Der Lerner benötigte in allen Szenarien nur wenige Beispiele für die Konvergenz zu einer stabilen Sprachrepräsentation. Des Weiteren waren die Erkennungsraten in allen Szenarien zwischen 82,35% und 100%, frei von Falschalar- men und übertrafen traditionelle Schema-Validierung. Poisoning-Angriffe konnten durch gezieltes Vergessen und Bereinigen erfolgreich entfernt werden. Anwendungsfälle für die Integration des vorgeschlagenen Sicherheitsmonitors wären eine Middleware-Sicherheitskomponente, eine Anomalieerkennungskomponente in einer XML Firewall, und ein klientenseitiges Browser Plug-In für die Analyse von XML- basierten Webressourcen. viii Acknowledgments First and foremost, I wish to thank my advisor Prof. Dr. Klaus-Dieter Schewe for his excellent guidance, continuous support, and patience over the last four years. He has taught me the rigorous way, sparked my interest in theoretical computer science, and given me the scientific freedom to pursue my ideas. Becoming a scientist under your supervision was a great experience, and I will forever be thankful to you. I would also like to express my gratitude to Prof. Dr. Joachim Biskup who kindly agreed to act as a co-advisor and to examine my work. Thank you for having given me the opportunity to discuss my research at TU Dortmund and for the invaluable feedback at an important stage of my dissertation project. Many thanks also go to fellow labmates and friends, Dr. Károly Bósa, Andreea Buga, Ursula Haiberger, Roxana Holom, Tania Nemes, Mariam Rady, Mircea Boris Vleju, and Ciprian Zavoianu.˘ Thank you for all the fruitful discussions, the funny moments, the nice atmosphere in the laboratory, and all the mental support during writing this thesis. Furthermore, I would like to thank my friends Matthias Pfötscher, Florian Wex, and Philipp Winter for the inspiring discussions in- and outside academia. Lastly, and most importantly, I send my sincerest gratitude to Verena,
Recommended publications
  • Evaluating DDS, MQTT, and Zeromq Under Different Iot Traffic Conditions
    Evaluating DDS, MQTT, and ZeroMQ Under Different IoT Traffic Conditions Zhuangwei Kang Robert Canady Abhishek Dubey Vanderbilt University Vanderbilt University Vanderbilt University Nashville, Tennessee Nashville, Tennessee Nashville, Tennessee [email protected] [email protected] [email protected] Aniruddha Gokhale Shashank Shekhar Matous Sedlacek Vanderbilt University Siemens Technology Siemens Technology Nashville, Tennessee Princeton, New Jersey Munich, Germany [email protected] [email protected] [email protected] Abstract Keywords: Publish/Subscribe Middleware, Benchmark- ing, MQTT, DDS, ZeroMQ, Performance Evaluation Publish/Subscribe (pub/sub) semantics are critical for IoT applications due to their loosely coupled nature. Although OMG DDS, MQTT, and ZeroMQ are mature pub/sub solutions used for IoT, prior studies show that their performance varies significantly under different 1 Introduction load conditions and QoS configurations, which makes Distributed deployment of real-time applications and middleware selection and configuration decisions hard. high-speed dissemination of massive data have been hall- Moreover, the load conditions and role of QoS settings in marks of the Internet of Things (IoT) platforms. IoT prior comparison studies are not comprehensive and well- applications typically adopt publish/subscribe (pub/- documented. To address these limitations, we (1) propose sub) middleware for asynchronous and cross-platform a set of performance-related properties for pub/sub mid- communication. OMG Data Distribution Service (DDS), dleware and investigate their support in DDS, MQTT, ZeroMQ, and MQTT are three representative pub/sub and ZeroMQ; (2) perform systematic experiments under technologies that have entirely different architectures (de- three representative, lab-based real-world IoT use cases; centralized data-centric, decentralized message-centric, and (3) improve DDS performance by applying three and centralized message-centric, respectively).
    [Show full text]
  • Specification for JSON Abstract Data Notation Version
    Standards Track Work Product Specification for JSON Abstract Data Notation (JADN) Version 1.0 Committee Specification 01 17 August 2021 This stage: https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.md (Authoritative) https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.html https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/jadn-v1.0-cs01.pdf Previous stage: https://docs.oasis-open.org/openc2/jadn/v1.0/csd02/jadn-v1.0-csd02.md (Authoritative) https://docs.oasis-open.org/openc2/jadn/v1.0/csd02/jadn-v1.0-csd02.html https://docs.oasis-open.org/openc2/jadn/v1.0/csd02/jadn-v1.0-csd02.pdf Latest stage: https://docs.oasis-open.org/openc2/jadn/v1.0/jadn-v1.0.md (Authoritative) https://docs.oasis-open.org/openc2/jadn/v1.0/jadn-v1.0.html https://docs.oasis-open.org/openc2/jadn/v1.0/jadn-v1.0.pdf Technical Committee: OASIS Open Command and Control (OpenC2) TC Chair: Duncan Sparrell ([email protected]), sFractal Consulting LLC Editor: David Kemp ([email protected]), National Security Agency Additional artifacts: This prose specification is one component of a Work Product that also includes: JSON schema for JADN documents: https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/schemas/jadn-v1.0.json JADN schema for JADN documents: https://docs.oasis-open.org/openc2/jadn/v1.0/cs01/schemas/jadn-v1.0.jadn Abstract: JSON Abstract Data Notation (JADN) is a UML-based information modeling language that defines data structure independently of data format.
    [Show full text]
  • This Paper Must Be Cited As
    Document downloaded from: http://hdl.handle.net/10251/64607 This paper must be cited as: Luzuriaga Quichimbo, JE.; Pérez, M.; Boronat, P.; Cano Escribá, JC.; Tavares De Araujo Cesariny Calafate, CM.; Manzoni, P. (2015). A comparative evaluation of AMQP and MQTT protocols over unstable and mobile networks. 12th IEEE Consumer Communications and Networking Conference (CCNC 2015). IEEE. doi:10.1109/CCNC.2015.7158101. The final publication is available at http://dx.doi.org/10.1109/CCNC.2015.7158101 Copyright IEEE Additional Information © 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. A comparative evaluation of AMQP and MQTT protocols over unstable and mobile networks Jorge E. Luzuriaga∗, Miguel Perezy, Pablo Boronaty, Juan Carlos Cano∗, Carlos Calafate∗, Pietro Manzoni∗ ∗Department of Computer Engineering Universitat Politecnica` de Valencia,` Valencia, SPAIN [email protected], jucano,calafate,[email protected] yUniversitat Jaume I, Castello´ de la Plana, SPAIN [email protected], [email protected] Abstract—Message oriented middleware (MOM) refers to business application [6]. It works like instant messaging or the software infrastructure supporting sending and receiving email, and the difference towards these available
    [Show full text]
  • Open Message Queue Mq.Dev.Java.Net
    Open Message Queue mq.dev.java.net Jason Huang Technical Consultant Sun Microsystems, Inc. 1 Objective Understand basic of JMS API and OpenMQ products Copyright 2007 Sun Microsystems Inc. 2 Agenda • Introduction to JMS • What's OpenMQ • Features of OpenMQ • Demo Copyright 2007 Sun Microsystems Inc. 3 What is Java Message Service? • A Java API for Message Oriented Middleware(MOM) > JMS is a specification developed under the Java Community Process as JSR 914. > http://www.jcp.org/en/jsr/detail?id=914 Copyright 2007 Sun Microsystems Inc. 4 What Is Java Message Service? • The Java 2 Platform, Enterprise Edition (J2EE™platform) specification for MOM products • Defines provider-neutral APIs and administered objects that allow client applications to be portable across Java Message Service providers • Is defined as part of the J2EE 1.3 and later specification Copyright 2007 Sun Microsystems Inc. 5 What Is Java Message Service (continued)? • Supports two different messaging models: point-to-point and publish-subscribe • Supports asynchronous messaging and message-driven beans (MDBs) on a J2EE application server • Allows providers to implement additional provider-specific features • Provides the ability to tune applications for performance and reliability Copyright 2007 Sun Microsystems Inc. 6 Point to Point Messaging Message Service Producers Consumers Sender Receiver Queue 1 Queue 2 Receiver Queue 3 Receiver Messages from producers delivered to consumers Held in Queue Delivered, in order – Guaranteed Copyright 2007 Sun Microsystems Inc. 7 Publish and Subscribe Messaging Message Service Producers Consumers Publisher Subscriber Topic Subscriber Subscriber Publishers are independent from subscribers Message expiration is configured Subscriptions may be “durable” Copyright 2007 Sun Microsystems Inc.
    [Show full text]
  • Eclipse Glassfish Server Release Notes, Release 5.1 Table of Contents
    Eclipse GlassFish Server Release Notes, Release 5.1 Table of Contents Eclipse GlassFish Server . 1 Preface. 2 GlassFish Server Documentation Set. 2 Related Documentation. 4 Typographic Conventions. 5 Symbol Conventions . 5 Default Paths and File Names . 6 1 Eclipse GlassFish Server 6.1 Release Notes . 8 Revision History . 8 What’s New in the GlassFish Server 5.1 Release?. 9 Hardware and Software Requirements . 10 Known Issues in GlassFish Server 5.1 . 15 Restrictions and Deprecated Functionality . 17 Documentation Errata . 20 Features Available Only in the Full Platform . 20 Java EE Standards Support . 21 Java EE SDK . 23 How to Report Problems and Provide Feedback . 24 Additional Resources. 24 Eclipse GlassFish Server Eclipse GlassFish Server Release Notes Release 5.1 Contributed 2018, 2019 These Release Notes provide late-breaking information about GlassFish Server 5.1 software and documentation. Also included are a summary of new product features in the 5.1 release, and descriptions and workarounds for known issues and limitations. Eclipse GlassFish Server Release Notes, Release 5.1 Copyright © 2013, 2019 Oracle and/or its affiliates. All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse Public License v. 2.0, which is available at http://www.eclipse.org/legal/epl-2.0. SPDX-License-Identifier: EPL-2.0 Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc.
    [Show full text]
  • Understanding JSON Schema Release 2020-12
    Understanding JSON Schema Release 2020-12 Michael Droettboom, et al Space Telescope Science Institute Sep 14, 2021 Contents 1 Conventions used in this book3 1.1 Language-specific notes.........................................3 1.2 Draft-specific notes............................................4 1.3 Examples.................................................4 2 What is a schema? 7 3 The basics 11 3.1 Hello, World!............................................... 11 3.2 The type keyword............................................ 12 3.3 Declaring a JSON Schema........................................ 13 3.4 Declaring a unique identifier....................................... 13 4 JSON Schema Reference 15 4.1 Type-specific keywords......................................... 15 4.2 string................................................... 17 4.2.1 Length.............................................. 19 4.2.2 Regular Expressions...................................... 19 4.2.3 Format.............................................. 20 4.3 Regular Expressions........................................... 22 4.3.1 Example............................................. 23 4.4 Numeric types.............................................. 23 4.4.1 integer.............................................. 24 4.4.2 number............................................. 25 4.4.3 Multiples............................................ 26 4.4.4 Range.............................................. 26 4.5 object................................................... 29 4.5.1 Properties...........................................
    [Show full text]
  • Efficient Sorting of Search Results by String Attributes
    Efficient sorting of search results by string attributes Nicholas Sherlock Andrew Trotman Department of Computer Science Department of Computer Science University of Otago University of Otago Otago 9054 New Zealand Otago 9054 New Zealand [email protected] [email protected] Abstract It is sometimes required to order search In addition, the search engine must allocate memory results using textual document attributes such as to an index structure which allows it to efficiently re- titles. This is problematic for performance because trieve those post titles by document index, which, using of the memory required to store these long text a simplistic scheme with 4 bytes required per docu- strings at indexing and search time. We create a ment offset, would require an additional 50 megabytes method for compressing strings which may be used of storage. for approximate ordering of search results on textual For search terms which occur in many documents, attributes. We create a metric for analyzing its most of the memory allocated to storing text fields like performance. We then use this metric to show that, post titles must be examined during result list sorting. for document collections containing tens of millions of As 550 megabytes is vastly larger than the cache mem- documents, we can sort document titles using 64-bits ory available inside the CPU, sorting the list of docu- of storage per title to within 100 positions of error per ments by post title requires the CPU to load that data document. from main memory, which adds substantial latency to query processing and competes for memory bandwidth Keywords Information Retrieval, Web Documents, with other processes running on the same system.
    [Show full text]
  • Advanced Architecture for Java Universal Message Passing (AA-JUMP)
    The International Arab Journal of Information Technology, Vol. 15, No. 3, May 2018 429 Advanced Architecture for Java Universal Message Passing (AA-JUMP) Adeel-ur-Rehman1 and Naveed Riaz2 1National Centre for Physics, Pakistan 2School of Electrical Engineering and Computer Science, National University of Science and Technology, Pakistan Abstract: The Architecture for Java Universal Message Passing (A-JUMP) is a Java based message passing framework. A- JUMP offers flexibility for programmers in order to write parallel applications making use of multiple programming languages. There is also a provision to use various network protocols for message communication. The results for standard benchmarks like ping-pong latency, Embarrassingly Parallel (EP) code execution, Java Grande Forum (JGF) Crypt etc. gave us the conclusion that for the cases where the data size is smaller than 256K bytes, the numbers are comparative with some of its predecessor models like Message Passing Interface CHameleon version 2 (MPICH2), Message Passing interface for Java (MPJ) Express etc. But, in case, the packet size exceeds 256K bytes, the performance of the A-JUMP model seems to be severely hampered. Hence, taking that peculiar behaviour into account, this paper talks about a strategy devised to cope up with the performance limitation observed under the base A-JUMP implementation, giving birth to an Advanced A-JUMP (AA- JUMP) methodology while keeping the basic workflow of the original model intact. AA-JUMP addresses to improve performance of A-JUMP by preserving its various traits like portability, simplicity, scalability etc. which are the key features offered by flourishing High Performance Computing (HPC) oriented frameworks of now-a-days.
    [Show full text]
  • Dcamp: Distributed Common Api for Measuring
    DCAMP: DISTRIBUTED COMMON API FOR MEASURING PERFORMANCE A Thesis presented to the Faculty of California Polytechnic State University San Luis Obispo In Partial Fulfillment of the Requirements for the Degree Master of Science in Computer Science by Alexander Paul Sideropoulos December 2014 c 2014 Alexander Paul Sideropoulos ALL RIGHTS RESERVED ii COMMITTEE MEMBERSHIP TITLE: dCAMP: Distributed Common API for Measuring Performance AUTHOR: Alexander Paul Sideropoulos DATE SUBMITTED: December 2014 COMMITTEE CHAIR: Michael Haungs, Ph.D. Associate Professor of Computer Science COMMITTEE MEMBER: Aaron Keen, Ph.D. Assistant Professor of Computer Science COMMITTEE MEMBER: John Bellardo, Ph.D. Associate Professor of Computer Science iii ABSTRACT dCAMP: Distributed Common API for Measuring Performance Alexander Paul Sideropoulos Although the nearing end of Moore's Law has been predicted numerous times in the past [22], it will eventually come to pass. In forethought of this, many modern computing systems have become increasingly complex, distributed, and parallel. As software is developed on and for these complex systems, a common API is necessary for gathering vital performance related metrics while remaining transparent to the user, both in terms of system impact and ease of use. Several distributed performance monitoring and testing systems have been proposed and implemented by both research and commercial institutions. How- ever, most of these systems do not meet several fundamental criterion for a truly useful distributed performance monitoring system: 1) variable data delivery mod- els, 2) security, 3) scalability, 4) transparency, 5) completeness, 6) validity, and 7) portability [30]. This work presents dCAMP: Distributed Common API for Measuring Per- formance, a distributed performance framework built on top of Mark Gabel and Michael Haungs' work with CAMP.
    [Show full text]
  • [MS-LISTSWS]: Lists Web Service Protocol
    [MS-LISTSWS]: Lists Web Service Protocol Intellectual Property Rights Notice for Open Specifications Documentation . Technical Documentation. Microsoft publishes Open Specifications documentation (“this documentation”) for protocols, file formats, data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships and interactions. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop implementations of the technologies that are described in this documentation and can distribute portions of it in your implementations that use these technologies or in your documentation as necessary to properly document the implementation. You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications documentation. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that might cover your implementations of the technologies described in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by the Microsoft Open Specifications Promise or the Microsoft Community Promise. If you would prefer a written license, or if the technologies described in this documentation are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting [email protected].
    [Show full text]
  • V10.5.0 (2013-07)
    ETSI TS 126 234 V10.5.0 (2013-07) Technical Specification Universal Mobile Telecommunications System (UMTS); LTE; Transparent end-to-end Packet-switched Streaming Service (PSS); Protocols and codecs (3GPP TS 26.234 version 10.5.0 Release 10) 3GPP TS 26.234 version 10.5.0 Release 10 1 ETSI TS 126 234 V10.5.0 (2013-07) Reference RTS/TSGS-0426234va50 Keywords LTE,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
    [Show full text]
  • FIDO Technical Glossary
    Client to Authenticator Protocol (CTAP) Implementation Draft, February 27, 2018 This version: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id- 20180227.html Previous Versions: https://fidoalliance.org/specs/fido-v2.0-ps-20170927/ Issue Tracking: GitHub Editors: Christiaan Brand (Google) Alexei Czeskis (Google) Jakob Ehrensvärd (Yubico) Michael B. Jones (Microsoft) Akshay Kumar (Microsoft) Rolf Lindemann (Nok Nok Labs) Adam Powers (FIDO Alliance) Johan Verrept (VASCO Data Security) Former Editors: Matthieu Antoine (Gemalto) Vijay Bharadwaj (Microsoft) Mirko J. Ploch (SurePassID) Contributors: Jeff Hodges (PayPal) Copyright © 2018 FIDO Alliance. All Rights Reserved. Abstract This specification describes an application layer protocol for communication between a roaming authenticator and another client/platform, as well as bindings of this application protocol to a variety of transport protocols using different physical media. The application layer protocol defines requirements for such transport protocols. Each transport binding defines the details of how such transport layer connections should be set up, in a manner that meets the requirements of the application layer protocol. Table of Contents 1 Introduction 1.1 Relationship to Other Specifications 2 Conformance 3 Protocol Structure 4 Protocol Overview 5 Authenticator API 5.1 authenticatorMakeCredential (0x01) 5.2 authenticatorGetAssertion (0x02) 5.3 authenticatorGetNextAssertion (0x08) 5.3.1 Client Logic 5.4 authenticatorGetInfo (0x04)
    [Show full text]