公开(公告)号：US09674210B1

公开(公告)日：2017-06-06

申请号：US14554492

申请日：2014-11-26

Applicant: EMC Corporation ,  The University of North Carolina at Chapel Hill

Inventor： Alina M. Oprea ,  Ting-Fang Yen ,  Viktor Heorhiadi ,  Michael Kendrick Reiter ,  Ari Juels

IPC: G06F21/00 ,  G06F21/56 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1425 ,  H04L63/0272 ,  H04L63/1433 ,  H04L67/22

Abstract: A processing device comprises a processor coupled to a memory and is configured to obtain data characterizing host devices of a computer network of an enterprise. The data is applied to a logistic regression model to generate malware infection risk scores for respective ones of the host devices. The malware infection risk scores indicate likelihoods that the respective host devices will become infected with malware. The logistic regression model incorporates features of the host devices including at least user demographic features, virtual private network (VPN) activity features and web activity features of the host devices, and the data characterizing the host devices comprises data for the incorporated features. Proactive measures are taken to prevent malware infection in a subset of the host devices based at least in part on the malware infection risk scores. The processing device may be implemented in the computer network or an associated network security system.

公开(公告)号：US09325499B1

公开(公告)日：2016-04-26

申请号：US14041150

申请日：2013-09-30

Applicant: EMC Corporation

Inventor： Ari Juels ,  Kevin D. Bowers

IPC: H04L9/30

CPC classification number: H04L9/30 ,  H04L9/002 ,  H04L9/0861

Abstract: In one embodiment, a first message is obtained and encrypted to produce a ciphertext. The first message is encrypted such that decryption of the ciphertext utilizing a first key yields the first message, and decryption of the ciphertext utilizing a second key different than the first key yields a second message that is distinct from the first message but shares one or more designated characteristics with the first message. Encrypting the first message may more particularly comprise mapping the first key to a first seed, mapping the first message to a second seed, determining an offset between the first and second seeds, and generating the ciphertext based on the determined offset. Such an arrangement prevents an attacker from determining solely from the second message if decryption of the ciphertext has been successful or unsuccessful. Other embodiments include decryption methods, apparatus for encryption and decryption, and associated articles of manufacture.

Abstract translation: 在一个实施例中，获得并加密第一消息以产生密文。 第一消息被加密，使得利用第一密钥的密文的解密产生第一消息，并且使用不同于第一密钥的第二密钥对密文进行解密产生与第一消息不同的第二消息，但是共享一个或多个 指定特征与第一个消息。 加密第一消息可以更具体地包括将第一密钥映射到第一种子，将第一消息映射到第二种子，确定第一和第二种子之间的偏移量，以及基于所确定的偏移量生成密文。 如果密文的解密已经成功或不成功，则这种安排防止攻击者仅仅从第二消息中确定。 其他实施例包括解密方法，用于加密和解密的装置以及相关联的制品。

公开(公告)号：US09323765B1

公开(公告)日：2016-04-26

申请号：US14202767

申请日：2014-03-10

Applicant: EMC Corporation

Inventor： Emil P. Stefanov ,  Marten E. Van Dijk ,  Alina M. Oprea ,  Ari Juels

IPC: G06F17/30

CPC classification number: G06F17/30091 ,  G06F11/1088 ,  G06F17/30197 ,  G06F21/64

Abstract: Example embodiments of the present invention provide authenticated file system that provides integrity and freshness of both data and metadata more efficiently than existing systems. The architecture of example embodiments of the present invention is natural to cloud settings involving a cloud service provider and enterprise-class tenants, thereby addressing key practical considerations, including garbage collection, multiple storage tiers, multi-layer caching, and checkpointing. Example embodiments of the present invention support a combination of strong integrity protection and practicality for large (e.g., petabyte-scale), high-throughput file systems. Further, example embodiments of the present invention support proofs of retrievability (PoRs) that let the cloud prove to the tenant efficiently at any time and for arbitrary workloads that the full file system (i.e., every bit) is intact, leveraging integrity-checking capabilities to achieve a property that previous PoRs lack, specifically efficiency in dynamic settings (i.e., for frequently changing data objects).

Abstract translation: 本发明的示例性实施例提供经认证的文件系统，其比现有系统更有效地提供数据和元数据的完整性和新鲜度。 本发明的示例性实施例的架构对于涉及云服务提供商和企业级租户的云设置是自然的，由此解决关键的实际考虑，包括垃圾收集，多个存储层，多层缓存和检查点。 本发明的示例性实施例支持强大的完整性保护和大型（例如，PB级）高吞吐量文件系统的实用性的组合。 此外，本发明的示例性实施例支持使得云在任何时候有效地向租户提供证明的可检索证据（PoR），以及完整文件系统（即，每一位）完整的任意工作负载，利用完整性检查能力 实现以前的PoR缺少的属性，特别是动态设置的效率（即，频繁更改数据对象）。

公开(公告)号：US09230114B1

公开(公告)日：2016-01-05

申请号：US14308949

申请日：2014-06-19

Applicant: EMC Corporation

Inventor： Ari Juels ,  Alina M. Oprea ,  Marten Erik van Dijk ,  Emil P. Stefanov

IPC: G06F17/30 ,  G06F21/57

CPC classification number: G06F21/577 ,  G06F2211/007 ,  G06F2221/2107

Abstract: A client device or other processing device comprises a file processing module, with the file processing module being operative to provide a file to a file system for encoding, to receive from the file system a proof of correct encoding of the file, and to verify the proof of correct encoding. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.

Abstract translation: 客户端设备或其他处理设备包括文件处理模块，文件处理模块可操作以将文件提供给文件系统进行编码，从文件系统接收文件的正确编码证明，并验证文件 证明正确的编码。 文件系统可以包括与云存储提供商相关联的一个或多个服务器。 有利地，一个或多个说明性实施例允许客户端设备验证其文件由加密形式的云存储提供商或其他适当的保护来存储。

公开(公告)号：US20150089609A1

公开(公告)日：2015-03-26

申请号：US14036225

申请日：2013-09-25

Applicant: EMC Corporation

Inventor： Ari Juels

IPC: H04L29/06

Abstract: A password-hardening system comprises at least first and second servers. The first server is configured to store a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user. The second server is configured to store at least a portion of valid password indication information indicating for each of the sets which of the passwords in that set is a valid password. The first and second servers are further configured to proactively update the sets of passwords and the valid password indication information in each of a plurality of epochs. The valid password indication information may comprise, for example, valid password index values for respective ones of the users, with the index values being stored as a shared secret across the first and second servers.

公开(公告)号：US09935770B1

公开(公告)日：2018-04-03

申请号：US13922718

申请日：2013-06-20

Applicant: EMC Corporation

Inventor： Ari Juels ,  Nikolaos Triandopoulos ,  Kevin D. Bowers

IPC: H04L9/32

CPC classification number: H04L9/32 ,  G06F21/554 ,  G06F2221/2101 ,  G06F2221/2107 ,  H04L9/0861 ,  H04L9/3242 ,  H04L2209/38

Abstract: A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System indicating a potential compromise of a protected resource is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer, wherein a size of the buffer is based on a connection history of the Security Alerting System; and transmitting the buffer to the server. The alert message can optionally be encrypted. The buffer can be increased in proportion to a duration of a disruption of a connection. The size of the buffer can be increased by adding buffer slots at a location of a current write pointer index. Techniques are also disclosed for detecting truncation attacks and alert message gaps. The alert messages can have a variable size by writing alert message into consecutive buffer slots.

公开(公告)号：US09516039B1

公开(公告)日：2016-12-06

申请号：US14139047

申请日：2013-12-23

Applicant: EMC Corporation

Inventor： Ting-Fang Yen ,  Alina Oprea ,  Kaan Onarlioglu ,  Todd Leetham ,  William Robertson ,  Ari Juels ,  Engin Kirda

IPC: H04L29/06

CPC classification number: H04L63/14 ,  H04L63/0245 ,  H04L63/1425

Abstract: Methods, apparatus and articles of manufacture for behavioral detection of suspicious host activities in an enterprise are provided herein. A method includes processing log data derived from one or more data sources associated with an enterprise network over a given period of time, wherein the enterprise network comprises multiple host devices; extracting one or more features from said log data on a per host device basis, wherein said extracting comprises: determining a pattern of behavior associated with the multiple host devices based on said processing; and identifying said features representative of host device behavior based on the determined pattern of behavior; clustering the multiple host devices into one or more groups based on said one or more features; and identifying a behavioral anomaly associated with one of the multiple host devices by comparing said host device to the one or more groups across the multiple host devices.

Abstract translation: 本文提供了企业中可疑主机活动行为检测的方法，装置和制造。 一种方法包括处理在给定时间段内从与企业网络相关联的一个或多个数据源导出的日志数据，其中所述企业网络包括多个主机设备; 基于每个主机设备从所述日志数据中提取一个或多个特征，其中所述提取包括：基于所述处理确定与所述多个主机设备相关联的行为模式; 以及基于所确定的行为模式来识别代表主机设备行为的所述特征; 基于所述一个或多个特征将所述多个主机设备聚类成一个或多个组; 以及通过将所述主机设备与所述多个主机设备中的所述一个或多个组进行比较来识别与所述多个主机设备之一相关联的行为异常。

公开(公告)号：US09330727B1

公开(公告)日：2016-05-03

申请号：US14143174

申请日：2013-12-30

Applicant: EMC Corporation

Inventor： Ari Juels

IPC: G06F12/00 ,  G11B27/36

CPC classification number: G11B20/00188 ,  G11B20/00086 ,  G11B20/00963

Abstract: A method of determining whether a data object is stored on a storage device such as a disk includes a write operation that partitions the data object into sub-objects according to a random sequence of control bits, by (a) assigning a first block of the data object to an initially selected sub-object, and (b) assigning successive blocks to a currently selected sub-object or to a next selected sub-object based on the value of the corresponding control bit. The sub-objects are written to distinct physical regions of the storage device so that differential read latencies are experienced depending on the pattern of block access. An object read/verify operation includes reading the blocks of the data object sequentially, recording respective latencies, constructing a result word to record latency values, and calculating a difference between the control word and the result word.

Abstract translation: 一种确定数据对象是否存储在诸如盘的存储设备上的方法包括：根据随机的控制比特序列将数据对象划分为子对象的写入操作，通过以下步骤：（a） 数据对象到最初选择的子对象，以及（b）基于相应的控制位的值，将连续的块分配给当前选择的子对象或下一个所选择的子对象。 子对象被写入到存储设备的不同物理区域，以便根据块访问的模式来经历差分读取延迟。 对象读取/验证操作包括顺序地读取数据对象的块，记录相应的延迟，构造结果字以记录等待时间值，以及计算控制字和结果字之间的差异。

公开(公告)号：US09305161B1

公开(公告)日：2016-04-05

申请号：US13925289

申请日：2013-06-24

Applicant: EMC Corporation

Inventor： Ari Juels ,  Kenneth D. Ray ,  Gareth Richards

IPC: G06F21/46 ,  H04L29/06 ,  G06F21/30

CPC classification number: G06F21/46 ,  G06F21/31 ,  H04L9/085 ,  H04L9/0863 ,  H04L63/083 ,  H04L2463/062

Abstract: A password hardening system is arranged between one or more clients and a domain controller or other authentication entity. The password hardening system comprises a plurality of servers configured to store in a distributed manner respective shares of at least one of a hardened surrogate password and a corresponding user password. The password hardening system is configured to intercept a first set of one or more communications based at least in part on the user password and directed to an authentication entity external to the password hardening system, and to provide to the authentication entity in place of at least a portion of the intercepted first set of one or more communications a second set of one or more communications based at least in part on the hardened surrogate password. The password hardening system may be configured to serve as a proxy between an authenticating client and the authentication entity.

Abstract translation: 在一个或多个客户端和域控制器或其他认证实体之间设置密码强化系统。 密码硬化系统包括多个服务器，其被配置为以分布式方式存储硬化代理密码和对应的用户密码中的至少一个的相应共享。 密码强化系统被配置为至少部分地基于用户密码拦截第一组一个或多个通信，并指向密码硬化系统外部的认证实体，并且至少提供给认证实体 截取的第一组一个或多个通信的一部分至少部分地基于硬化的代理密码，一个或多个通信的第二组。 密码强化系统可以被配置为用作认证客户端和认证实体之间的代理。

公开(公告)号：US09230092B1

公开(公告)日：2016-01-05

申请号：US14036239

申请日：2013-09-25

Applicant: EMC Corporation

Inventor： Ari Juels

IPC: H04L29/06 ,  G06F21/45 ,  G06F21/31 ,  G06F21/46

CPC classification number: G06F21/46 ,  G06F21/31 ,  H04L63/083

Abstract: A password-hardening system comprises at least first and second servers. The first server is configured to store a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user. The second server is configured to generate valid password indication information indicating for each of the sets which of the passwords in that set is a valid password. The valid password indication information comprises index values computed for respective ones of the password sets by the second server to identify respective valid passwords in the respective password sets. The second server may be further configured to compute the index values utilizing a keyed pseudorandom function, and to send the index values to the first server in association with respective values of a user number counter maintained in the second server.

Abstract translation: 密码硬化系统至少包括第一和第二服务器。 第一服务器被配置为为相应用户存储多组密码，其中每个这样的集合包括用于相应用户的至少一个有效密码和用于该用户的多个密码。 第二服务器被配置为生成有效的密码指示信息，其指示针对每个集合，该组中的哪个密码是有效密码。 有效的密码指示信息包括由第二服务器为相应的密码集计算的索引值，以识别相应密码集中的相应有效密码。 第二服务器还可以被配置为利用键控伪随机函数来计算索引值，并且将索引值与维护在第二服务器中的用户号码计数器的相应值相关联地发送到第一服务器。