We offer Training Programs in three levels:

Introductory Level, Intermediate Level and Advanced Level including Data Security, Cryptography, Data Communications, FPGA-based Digital Design and Hardware Description Language (HDL) Programming.

Trial Classes are free. 

Presently, we offer these programs in Malaysia and Singapore.

  • Basic Level:
    •  Digital Logic
    • Programming in C, C++
  • Advanced Level:
  • Specialized Client’s Training
    Depending on the client’s specific needs, we provide special training programs.

Courses presently offered in Malaysia:

We provide full range of IT courses with our experienced Prof. Magdy Saeb.Free Trial Class available.Please contact +6011-16618000 for more information.Early bird discount available.

Posted by Michelle Chan on Friday, May 20, 2016

Sample Training Courses

_________________________________________

 1. Digital Circuit Design with Field Programmable Gate Arrays (FPGA)

Moore’s Law, which observes that semiconductor technology advances exponentially has been valid for over three decades. To keep up with Moore’s Law, design techniques of digital circuits have changed dramatically. Now designers generate circuits from high-level descriptions. To introduce trainees to these concepts, the course is grounded in basic principles of digital design that do not change with technology. However, the course introduces students to new tools and practical techniques that teach how to design for today’s technology. The course introduces Verilog and VHDL design languages to implement Field Programmable Gate Arrays (FPGA) Circuits.

2. A Course in Cryptography and Information Security

The course introduces students to the theory and practice of cryptography and Information Security. Present day digital threats and risk management in information security are discussed. The viewpoint taken throughout the course is to emphasize the theory of cryptography as it can be applied in practice. This is an approach that is pursued in the state-of-the-art techniques in information security taking into consideration to be also a pedagogically desirable approach path.

_________________________________________________________

3. Data Breach and Defensive Measures

The course discusses present-day data breach threats. It demonstrates how ineffective a typical data breach prevention system can be and the typical delay time before discovering it. The students will be familiar with the concept that the attacker has to be successful only once while the company’s IT security personnel have to be successful every single time. This course introduces the students to what constitutes an advanced threat. The student will be able to learn how these advanced persistent threats (APT) work and how they can penetrate your system from any mobile end point.  In this respect, the course hashes out in what way or manner the knowledgeable attacker can circumvent traditional controls and avoid other security measures. 

_________________________________________________________

4. Encrypted Traffic Management

Preventing advanced digital threats is becoming more challenging every day. Cyber adversaries are hiding their attacks within Secure Sockets Layer (SSL) traffic to overcome porous perimeter security devices. The course discusses how to inspect SSL traffic for these threats while maintaining the privacy of user’s online security-critical activities.

The course demonstrates some of the difficulties of monitoring and enforcing compliance with internal and external standards for acceptable use of SSL. Implementation of weak encryption keys and below average cipher algorithms often contribute to the organizations’ delusive sense of security. The course discusses methods to equip the organization security devices to scrutinize SSL traffic while applying SSL‐usage standards and asserting user privacy. 

_________________________________________________________

5. PenTest

Pen Test to Avoid a Mess

Intelligently manage vulnerabilities through penetration testing.You can proactively identify the most exploitable vulnerabilities and eliminate false positives. This allows your organization to prioritize remediation efforts, apply needed security patches, and efficiently allocate security resources. Avoid the cost of network downtime. Recovering from a security breach can cost your organization big time–customer protection and retention, legal activities, discouraged business partners, lowered employee productivity, and reduced revenue–just to name a few pitfalls. Pen testing helps you avoid these financial drawbacks by identifying and addressing risks before attacks or security breaches occur. Meet regulatory requirements and avoid fines.

Penetration testing helps organizations address regulatory requirements such as PCIDSS. This can be a formidable task requiring a combination of resources, time, and a little bit of planning. Detailed reports showing test results and validating remediation efforts can help you avoid significant fines for non-compliance and allow you to illustrate ongoing due diligence to assessors. Preserve corporate image and customer loyalty. Even a single incident of compromised customer data can be costly in terms of lost revenue and a tarnished brand image. With customer retention costs higher than ever, no one wants to lose the loyal users that they’ve worked hard to earn, and data breaches are likely to impact new business efforts. Penetration testing helps you dodge these avoidable incidents that put your organization’s reputation and trustworthiness at stake. A pen test can be broadly carried out by following a six-phase methodology:

  • Planning and Preparation,
  • Discovery,
  • Penetration Attempt,
  • Analysis and Reporting,
  • Clean Up, and
  • Finally Remediation

_________________________________________________________

6. Computer Forensics

Computer Forensics can be defined simply, as a process of applying scientific and analytical techniques to computer Operating Systems and File Structures in determining the potential for Legal Evidence. Evidence might be required for a wide range of computer crimes and misuses. Methods of Computer Forensics: •Discovering data on computer system •Recovering deleted, encrypted, or damaged file information •Monitoring live activity •Detecting violations of corporate policy •Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity

_________________________________________________________

7. Insider Threat

Careless, negligent  or malicious employees constitute one of the main causes of data breaches. Using cryptography jargon, this type of behvior is called  “Evil Bob”. 

Insiders are the new threat and managers have to learn what to do to avoid these issues. Having a secure data is similar to having a healthy established custom. However, new maladies can strike even if your organization is in the best “health”. Managers need to be ready. The course provides the contingents to avoid these threats.

Depending on the client’s specific needs, we provide special training programs.

Information Security Training

The journey of a lifelong  further study is a repaying experience.  It exposes you to the trends and knowledge in your field of interest and offers you the opportunity to gain the skills necessary for the competitive job market.  It also contributes to your sense of self-worth. Supported by career experience, a relevant qualification gives you a competitive edge and will surely assist your advancement  opportunities. 

A further study will create an opportunity to spend time doing something you really love and to explore a subject area that has always fascinated you. This will enrich your life and boost your self-confidence and sense of self-worth.

Employer surveys indicate that the conveyable and improved skills are imperative for survival and success in the competitive job market. These skills include the developing of:

  • Update computer literacy
  • Understanding of Information Security
  • Practical and logical thinking
  • Understanding of Data Networking
  • Willingness to learn
  • Resourcefulness
  • Interpersonal skills
  • Commitment
http://www.sumobrain.com/result.html?p=1&from_ss=&srch_id=&search_name=&srch=xprtsrch&search=Search&query_txt=Cipher+Saeb&uspat=on&pct=on&date_range=all&stemming=on&sort=chron
IP Disclosure/ Title D09Y0672/ Protocol produces 
a Secure Key Distribution 
Based on Hash function & Utilizing 6DP Quantum -authenticated Channel (KDP-6DP)

Filing Number/date PI 20094827/
13-Nov-2009


http://www.wipo.int/patentscope/search/en/detail.jsf? docId=WO2011059306&recNum=1&docAn= MY2010000190&queryString= FP:(Saeb%20Magdy%20)&maxRec=1
IP Disclosure/Title      D09Y0540/
A Polymorphic Cipher

Filing Number /Date
PI 20092762/
28-june-2009

http://www.wipo.int/pctdb/en/wo.jsp?WO=2011002274
 
IP Disclosure/Title    D09Y0541/
Cryptographic Hash Function

Filing Number/Date
PCT/MY2009/000075/
22-june-2009


http://www.wipo.int/pctdb/en/wo.jsp?WO=2010151098    
IP Disclosure/Title The Stone Cipher-192 (SC-192):  A metamorphic Cipher IP Disclosure D09Y0705
Filing Number/Date 
PI 201004950
20 October 2010
http://www.wipo.int/patentscope/search/en/ detail.jsf?docId=WO2012053882&recNum=1&docAn=MY2010000271 &queryString=ALLNAMES:(Magdy%20Saeb)&maxRec=1
IP Disclosure/TitleD09Y0546
Making AES stronger by introducing  a key-dependent factor which introduces  non-deterministic  operations in each rounding stage
Filing Number/Date
PI 20093553, 
26-August-2009
http://www.wipo.int/pctdb/en/wo.jsp?WO=2011025361

Powerful Encryption for Secure Information in a New World 

Cryptographic Algorithms:

Chameleon Polymorphic Cipher

The Chameleon Cipher-192 is a polymorphic cipher that utilizes a variable word size and variable-size user’s key. In the preprocessing stage, the user key is extended into a larger table or bit-level S-box using a specially developed hash-function. The generated table is used in a special configuration to substantially increase the substitution addressing space. Accordingly, we call this table the S-orb. We show that the proposed cipher provides concepts of a key-dependent number of rotations, key-dependent number of rounds and key-dependent addresses of substitution tables. Moreover, the parameters used to generate the different Sorb words are likewise key-dependent. 

We establish that the self-modifying proposed cipher, based on the aforementioned key dependencies, provides an algorithm polymorphism and adequate security. The ideas incorporated in the development of this cipher may pave the way for key-driven encryption rather than merely using the key for a sub-key generation. The cipher is adaptable to both hardware and software implementations. 

Stone Metamorphic Cipher

The Stone Cipher-192 is a metamorphic cipher that utilizes a variable word size and variable-size user’s key. In the preprocessing stage, the user key is extended into a larger table or bit-level S-box using a specially developed one-way function. However, for added security, the user key is first encrypted using the cipher encryption function with agreed-upon initial values. The generated table is used in a special configuration to considerably increase the substitution addressing space. Accordingly, we call this table the S-orb. Four bit-balanced operations are pseudorandomly selected to generate the sequence of operations constituting the cipher. These operations are XOR, INV, ROR, NOP for bitwise xor, invert, rotate right and no operation respectively. The resulting keystream is used to generate the bits required to select these operations. We show that the proposed cipher furnishes concepts of a key-dependent pseudo-random sequence of operations that even the cipher designer cannot predict in advance. In this approach, the sub-keys act as program instructions not merely as a data source. Moreover, the parameters used to generate the different S-orb words are likewise key-dependent. 

We establish that the self-modifying proposed cipher, based on the aforementioned key-dependencies, provides an algorithm metamorphism and adequate security with a simple parallelizable structure. The ideas incorporated in the development of this cipher may pave the way for key-driven encryption rather than merely using the key for a sub-key generation. The cipher is adaptable to both hardware and software implementations. Potential applications include voice and image encryption.

Pyramids Cipher

The “PYRAMIDS” Block Cipher is a symmetric encryption algorithm of a 64, 128, 256-bit plaintext block, that accepts a variable key length of 128, 192, 256 bits. The algorithm is an iterated cipher consisting of repeated applications of simple round transformations with different operations and different sequences in each round.

A Metamorphic Enhanced Twofish Cipher

The Metamorphic-Enhanced Twofish Cipher is a metamorphic cipher that uses a variable word size and variable-size user’s key. The cipher merged two ciphers by defining a new function using four bit-balanced operations. These operations are XOR, INV, ROR, NOP for bitwise xor, invert, rotate right and no operation respectively. The new function replaces the h-function, previously used in the Twofish Cipher, and thus creating a Meta h-function. The aim of this alteration is to provide an improvement to the Twofish cipher that introduces high confusion into the enhanced Twofish without disturbing the linear and differential diffusion criteria. In this work, we discuss the Metamorphic-Enhanced Twofish Cipher and provide a Field Programmable Gate Array (FPGA) hardware implementation of the enhanced algorithm.

Twofish

Twofish is Counterpane Systems’ AES submission. Designed by the Counterpane Team (Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson), Twofish has undergone extensive analysis by the Counterpane Team. There is a paper available from the Twofish web page and source is provided in optimized C and assembly.

Blowfish

Blowfish is a block cipher designed by Bruce Schneier, author of Applied Cryptography. Blowfish combines a Feistel network, key-dependent S-Boxes, and a non-invertible F function to create what is perhaps one of the most secure algorithms available. Schneier’s paper is available here. Blowfish is also described in the Concepts of Cryptography page. The only known attacks against Blowfish are based on its weak key classes.

DES

Designed at IBM during the 1970s and officially adopted as the NIST standard encryption algorithm for unclassified data in 1976, DES has become the bastion of the cryptography market. However, DES has since become outdated, its long reign as official NIST algorithm ending in 1997. Though DES accepts a 64-bit key, the key setup routines effectively discard 8 bits, giving DES a 56-bit effective key length. DES remains widely in use. During the design of DES, the NSA provided secret S-Boxes. After differential cryptanalysis had been discovered outside the closed fortress of the NSA, it was revealed that the DES S-boxes were designed to be resistant to differential cryptanalysis. DES is becoming weaker and weaker over time; modern computing power is fast approaching the computational horsepower needed to easily crack DES. DES was designed to be implemented only in hardware and is therefore extremely slow in software. A recent successful effort to crack DES took several thousand computers several months. The EFF has sponsored the development of a crypto chip named “Deep Crack” that can process 88 billion DES keys per second and has successfully cracked 56 bit DES in less than 3 days.

GOST

GOST is a cryptographic algorithm from Russia that appears to be the Russian analog to DES both politically and technologically. Its designers took no chances, iterating the GOST algorithm for 32 rounds and using a 256-bit key. Although GOST’s conservative design inspires confidence, John Kelsey has discovered a key-relation attack on GOST, described in a post to sci.crypt on 10 February 1996. There are also weak keys in GOST, but there are too few to be a problem when GOST is used with its standard set of S-boxes. You can read the official GOST algorithm description (translated from Russian) here. There is also a description of the GOST algorithm here.

Rijndael

Rijndael is an AES winner by Joan Daemen and Vincent Rijmen. The cipher has a variable block and key length, and the authors have demonstrated how to extend the block length and key length by multiples of 32 bits. The design of Rijndael was influenced by the SQUARE algorithm. The authors provide a Rijndael specification and a more theoretical paper on their design principles. The authors have vowed to never patent Rijndael.

Attribute Chameleon Polymorphic (CC-192) AES
Algorithm Polymorphic (changes with user key) Fixed Algorithm
Known Attacks No Known Attacks Broken
Key-dependent Polymorphic Algorithm Yes (key-dependent algorithm) No (Fixed Algorithm)
S-box User-key dependent S-ORB Fixed S-box (public)
Variable word size (by the user) Yes No
Variable Minimum Number of rounds (by the user) Yes No
Number of rounds are key-dependent Yes No
Key Size Variable 192 bits Variable 128, 192, 256 bits
Key Set-up  Time 1849  ( This relatively large set-up time while the user will not even feel it, yet it is important to prevent Brute Force Attacks since the attacker will spend almost double the time of AES trying to find the key) 850 cycles
Encryption Time 28 cycles per byte with a total of 672 cycles 440 cycles
Execution time  (0n Intel Core2 Duo CPU E6550 @ 2.33 GHz, 4 GB RAM, 32-bit operating system) (on  Processor   Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz, 2.601 Ghz, 2 Core(s), 4 Logical Processor(s), Installed Physical Memory (RAM) 8.00 GB, 64-bit operating system)   171-203 milli- seconds (depending on word size)       16 milli seconds   88-101 milli seconds (Estimate)         8.2 milli seconds (Estimate)    
Hardware/software Implementation Suitable Suitable
Probability of guessing the algorithm used Much Less than 89.68 x 10-45 (user key-dependent and is smaller than brute force attack using 128-bit key) Well-known algorithm (Probability =1.0)
Passed all NIST Tests Yes Yes
Statistical Parameters of cipher text available to user after encryption Yes No
Variable throughput depending on word size Yes No
Security Very High High (Broken)
Modes for multimedia applications Can be used in any mode including the default ECB (no information leakage) Requires other modes beyond ECB ( with ECB information leakage is possible)

*The cipher was implemented using C# language under MS window operating system. This is a brief comparison between CC-192 and AES; other features such as ASM language, device performance dependency, and other operating system implementations are not included.

Cryptography

Next to human resources, information is the most important asset of an organization. Security and risk management correlate to the right and effective administering of information. To protect the systems and networks of an organization, information security personnel attempt to achieve three outcomes: information availability, integrity, and confidentiality. However, one should always keep in mind that the concept of total security is an elusive one. Frequent breaching of information security is an expected unpleasant fact. In a layered security model, it is often necessary to implement one leakage prevention tool enwrapped around sensitive information. “Encryption” is the major instrument and the last line-of-defense against digital threats and data leakage. Encrypting information means hiding its meaning to an attacker by temporarily scrambling it using a shared secret between the sender or initiator and the receiver or terminator. Encryption is not a security nostrum. It will not solve all the information security issues of an organization. Rather, it is simply one, however important, ascendance among many other. In the next few lines, we investigate the history of encryption, its challenges, and its functionality in information security architectures.

Cryptography is a science, which applies mathematical and logical rationality to design strong encryption methods. Achieving strong encryption that thwarts cryptographic attacks requires intuitive and creative leaps to improve known algorithms or to develop entirely new methods. Therefore, cryptography is also an art. The driving force behind hiding the meaning of information was war. Sun Tzu wrote,

“Of all those in the army close to the commander none is more intimate than the secret agent; of all rewards none more liberal than those given to secret agents; of all matters none is more confidential than those relating to secret operations.”

Human elements of war require information. Keeping the shared information secret, ensures appreciable advantages of maneuvering, timing, and above all, the element of surprise. Hiding the meaning of information guarantees its secrecy. The history of cryptography goes back to the times of Ancient Egyptians. Early cryptographers used three methods to encrypt information: substitution, transposition, and codes. By the mid-nineties, it was obvious that the field of Cryptography had changed in a very impressive way. Regardless of some governments’ attempts, Cryptography, driven by the ever heightening of computer performance, new discoveries by worldwide researchers was moving at an astounding fast pace. However, rationales remained the same no matter the resulting cryptographic wide-open state where codes multiply ungoverned. No institution could ever hope to handle the antediluvian encounter of cryptographic design and cryptographic analysis or attacks. Emerging concepts in Cryptography such as Polymorphic and Metamorphic cipher design, Hash functions, Key Distribution and Key Hopping Techniques are among the ever-expanding field of Cryptography.  

With communications evolving at a phenomenal pace it’s essential that you effectively respond to this changing marketplace and answer to the growing demand for information security. You need to offer globally accessible, flexible and innovative services  to maintain competitive advantage, while simultaneously reacting rapidly to new markets and delivering value-added services. Our advanced encryption techniques can help you confidently meet the multiple challenges of the 21st Century communications environment.

With communications evolving at a phenomenal pace it’s essential that you effectively respond to this changing marketplace and answer to the growing demand for information security. You need to offer globally accessible, flexible and innovative services. 

With type-1 encryption, geographically distributed corporate teams can work securely together.

Type-1 encryption is your last line of defense against Advanced Persistent Threats (APT) that target your organization and your people with the highest-level access to the most valuable assets and resources.

Risk Assessment Calculator

ISO IEC 27002 is a comprehensive information security standard.

It takes a very broad approach. In the context of this standard, 

the term information includes all forms of data, documents, 

communications, conversations, messages, recordings, and photographs. 

It includes all forms of information.

Security Policy Management

Provide management direction and support

Develop your information security policies

Review your information security policies

Corporate Security Management

Establish an internal information security organization

Allocate information security roles and responsibilities

Segregate conflicting duties and responsibilities

Personnel Security Management

Emphasize security prior to employment

Verify the backgrounds of all new personnel

Use contracts to protect your information

Emphasize security during employment

Expect your managers to emphasize security

Deliver information security awareness programs

Set up a disciplinary process for security breaches

Emphasize security at termination of employment

Emphasize post-employment security requirements

Organizational Asset Management

Establish responsibility for corporate assets                                                  

Compile an inventory of assets associated with information

Select owners for all assets associated with your information

Prepare acceptable use rules for assets associated with information

Return all assets associated with information upon termination

Develop an information classification scheme

Classify your organization’s information

Establish information labeling procedures

Develop asset handling procedures

Control how physical media are handled

Manage removable media

Manage the disposal of media Manage the transfer of media

Information security infractions and digital threats are more dominant than ever before. The “Target” Department Store in the US has suffered a massive Information security infraction in Dec 2013.  Hackers have stolen about forty million credit-card details. This is the latest high profile public commotion. However, organizations of all sizes suffer infractions on a daily basis. It is estimated that about 97 % of Fortune 500 companies have been hacked and probably the other 3% have too, they just do not know it. According to a survey on Information Security, the number of organizations reporting losses of more than $10 million per incident is up 75% from just two years ago. Increasing digital threats mean an information breach or cyber-attack is inevitable, regardless of the size of your business. A few years ago, hackers were attacking information systems mainly to prove their skills and abilities but now they are more organized and they are after your company’s assets.  The question is how to protect your company assets and reputation from such Digital Threats?

The only way to ensure your readiness for a digital threat is to build digital resilience into your information system. By combining the commonly accepted standards for cyber-security, ISO 19790, ISO 27001, ISO/IEC 24759 and business continuity, ISO 22301, organizations are able to follow a comprehensive approach to being resilient to digital attacks. These standards include recommendations for firewalls and encryption algorithms utilized. Would-be hackers are quite familiar with standard firewall procedures. They exchange and update their information almost daily through different communication channels. Some of your security personnel may have become complacent while the challenges are enormous. The same thing can be said regarding “standard encryption algorithms” where their keyspace has been dramatically reduced. The technologies developed in the nineties may prove to be inadequate for the type of computers available now in the marketplace. Therefore, Digital Resilience Preparedness Gear, we will call it DRPG, is essential for your organization information security. These standards will help your organization to implement an information security measures to operate in cyberspace while extenuating digital threats and risks.

In addition, state-of-the-art type-1 encryption algorithms such as Polymorphic and Metamorphic Ciphers surely guarantee better defense against nowadays’ digital threats. In Polymorphic and Metamorphic Ciphers, one can imagine the algorithm as a pseudo random sequence of operations that are totally key-dependent. Accordingly, most known attacks will be extremely difficult to launch since the attackers have no statistical clues. The algorithms utilize randomly selected low-level operations. Even the cipher designer has no clear idea what would be the employed sequence of these bitwise operations. The result of such an approach will be the creation of an immense number of wrong messages that conceal the only correct one. In these unexampled ciphers, designers have taken extraordinary care to thwart related key attacks and all known other cipher attacks. Designers have developed the ciphers and their associated one-way hash functions to be suitable for hardware implementation. This hardware implementation lends itself to voice and video real-time encryption applications. Thus ensuring that your digital communications are safe and secure. All of these measures will surely help your organization secure its information and prevent any data leakage.