[
  {
    "instruction": "Context: Customer identity access management\n\n==Introduction==\nCustomer (or consumer) identity and access management (CIAM) is a subset of the larger concept of identity access management (IAM) that focuses on managing and controlling external parties' access to a business' applications, web portals and digital services.The biggest difference between typical IAM and CIAM is that CIAM gives its users (consumers) significantly more control over their identity. Unlike traditional (or inside-out) IAM, which is generally driven by operational efficiency, CIAM is built on a user-first, outside-in approach that gives customers the agency to make changes to their security, privacy and personalization settings. At its most basic level, CIAM is a system for establishing and maintaining persistent customer data, authenticating legitimate users, denying access to threat actors and authorizing customers to access digital assets. While there is a vast number of additional functions that CIAM solutions can provide, they are secondary to external-facing authentication and authorization.\n\n== CIAM functionality ==\nCIAM can be composed of a wide array of tools and applications, often combining software from multiple vendors to achieve the desired functionality. For this reason, businesses often take a phased approach to CIAM by implementing technologies that suit their most immediate needs rather than attempting to roll out a comprehensive solution.Rather than being defined by a specific set of tools, CIAM is more accurately described based on its capabilities. Generally speaking, a CIAM environment includes: \n\nIdentity administration\nUser privacy and consent management\nFraud prevention capabilitiesCIAM solutions may also include but are not limited to: secured APIs, SDKs for mobile apps, single sign-on (SSO), social logins (BYOI) and fraud detection or behavior monitoring. CIAM environments are designed to scale far beyond the typical scenarios of internal IAM, with millions of concurrent users.\n\n\n*** CRM ***\nCIAM environments can also work adjunctively with a Customer Relationship Management (CRM) system to provide personalized content or manage user behavior. The digital identities managed by a CIAM solution are used to give access to different business applications, portals and webshops. Due to the fact that all these transactions are logged, the data can be used for profiling purposes. Transaction data can be correlated to the digital identities of the customers, and that data can be seen as a relevant component of CRM systems.\n\n\n*** CIAM and cybersecurity ***\nCustomer identity and access management (CIAM) is a IAM technology which helps organizations to manage customer identities, providing security and an enhanced experience. The primary purpose of Customer identity and access management is to help organizations deliver a great experience to customers and to protect their user data.\nCIAM environments protect their owners from a different set of cyber threats than traditional IAM solutions. Financially motivated threat actors attacking a CIAM solution will steal services or make illegitimate purchases rather than ransom business infrastructure.CIAM solutions are tasked with protecting customer accounts without significantly compromising a smooth or convenient experience. They do not have the benefit of dealing with internal users like employees, and thus CIAM environments are typically designed to contain self-service components for account maintenance or troubleshooting. For example, a CIAM customer might be able to easily reset their account's password through automated dialogues. However, this has led to self-service mechanisms becoming frequent targets for fraud schemes.\nBecause of this, many CIAM implementations are designed to authorize users based on their perceived level of trust, only enforcing a secondary step-up authentication when the user tries to take a particularly sensitive action.\n\n\n*** Privacy and consent management ***\nBecause of the nature of CIAM \u2014 which involves a user logging in, managing their profile and accessing services \u2014 CIAM solutions collect personally identifiable information. Privacy laws, such as the GDPR in the European Union, hold CIAM providers accountable for processing this kind of data, hence the providers have taken steps to restrict the processing of these data by implementing Consent Management services. For every data element, users can define whether a provider can process or transfer the personal data. For instance, a user can give or revoke consent to process transaction data for marketing purposes.\n\n== CIAM market ==\nVendors primarily identify their products and services as CIAM components as a way to appeal to potential clients. CIAM is still relatively new as a market apart from IAM, and few providers offer comprehensive solutions, or those that include all of the proposed functions of a CIAM implementation. Analysts are still divided on what the terminology includes, but it is generally accepted that CIAM represents an external and user-centric alternative to legacy IAM.\nQuestion: What are some of the additional functions that CIAM solutions can provide beyond external-facing authentication and authorization?. Whats the answer?",
    "context": "",
    "output": "Some of the additional functions that CIAM solutions can provide include fraud detection or behavior monitoring, social logins, and secured APIs for mobile apps.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "What are some of the additional functions that CIAM solutions can provide beyond external-facing authentication and authorization?",
      "answer": "Some of the additional functions that CIAM solutions can provide include fraud detection or behavior monitoring, social logins, and secured APIs for mobile apps.",
      "context": "Customer identity access management\n\n==Introduction==\nCustomer (or consumer) identity and access management (CIAM) is a subset of the larger concept of identity access management (IAM) that focuses on managing and controlling external parties' access to a business' applications, web portals and digital services.The biggest difference between typical IAM and CIAM is that CIAM gives its users (consumers) significantly more control over their identity. Unlike traditional (or inside-out) IAM, which is generally driven by operational efficiency, CIAM is built on a user-first, outside-in approach that gives customers the agency to make changes to their security, privacy and personalization settings. At its most basic level, CIAM is a system for establishing and maintaining persistent customer data, authenticating legitimate users, denying access to threat actors and authorizing customers to access digital assets. While there is a vast number of additional functions that CIAM solutions can provide, they are secondary to external-facing authentication and authorization.\n\n== CIAM functionality ==\nCIAM can be composed of a wide array of tools and applications, often combining software from multiple vendors to achieve the desired functionality. For this reason, businesses often take a phased approach to CIAM by implementing technologies that suit their most immediate needs rather than attempting to roll out a comprehensive solution.Rather than being defined by a specific set of tools, CIAM is more accurately described based on its capabilities. Generally speaking, a CIAM environment includes: \n\nIdentity administration\nUser privacy and consent management\nFraud prevention capabilitiesCIAM solutions may also include but are not limited to: secured APIs, SDKs for mobile apps, single sign-on (SSO), social logins (BYOI) and fraud detection or behavior monitoring. CIAM environments are designed to scale far beyond the typical scenarios of internal IAM, with millions of concurrent users.\n\n\n*** CRM ***\nCIAM environments can also work adjunctively with a Customer Relationship Management (CRM) system to provide personalized content or manage user behavior. The digital identities managed by a CIAM solution are used to give access to different business applications, portals and webshops. Due to the fact that all these transactions are logged, the data can be used for profiling purposes. Transaction data can be correlated to the digital identities of the customers, and that data can be seen as a relevant component of CRM systems.\n\n\n*** CIAM and cybersecurity ***\nCustomer identity and access management (CIAM) is a IAM technology which helps organizations to manage customer identities, providing security and an enhanced experience. The primary purpose of Customer identity and access management is to help organizations deliver a great experience to customers and to protect their user data.\nCIAM environments protect their owners from a different set of cyber threats than traditional IAM solutions. Financially motivated threat actors attacking a CIAM solution will steal services or make illegitimate purchases rather than ransom business infrastructure.CIAM solutions are tasked with protecting customer accounts without significantly compromising a smooth or convenient experience. They do not have the benefit of dealing with internal users like employees, and thus CIAM environments are typically designed to contain self-service components for account maintenance or troubleshooting. For example, a CIAM customer might be able to easily reset their account's password through automated dialogues. However, this has led to self-service mechanisms becoming frequent targets for fraud schemes.\nBecause of this, many CIAM implementations are designed to authorize users based on their perceived level of trust, only enforcing a secondary step-up authentication when the user tries to take a particularly sensitive action.\n\n\n*** Privacy and consent management ***\nBecause of the nature of CIAM \u2014 which involves a user logging in, managing their profile and accessing services \u2014 CIAM solutions collect personally identifiable information. Privacy laws, such as the GDPR in the European Union, hold CIAM providers accountable for processing this kind of data, hence the providers have taken steps to restrict the processing of these data by implementing Consent Management services. For every data element, users can define whether a provider can process or transfer the personal data. For instance, a user can give or revoke consent to process transaction data for marketing purposes.\n\n== CIAM market ==\nVendors primarily identify their products and services as CIAM components as a way to appeal to potential clients. CIAM is still relatively new as a market apart from IAM, and few providers offer comprehensive solutions, or those that include all of the proposed functions of a CIAM implementation. Analysts are still divided on what the terminology includes, but it is generally accepted that CIAM represents an external and user-centric alternative to legacy IAM."
    }
  },
  {
    "instruction": "Broker injection\n\n==Introduction==\nBroker injection attack is a type of vulnerability that exploits misconfigured brokers, potentially allowing an attacker to read, write and inject information from/into their flow.\n\n\n\n== Description ==\nThere are many scenarios in which a broker is used to transport the information between tasks.\nOne of the most typical use cases is send e-mails in background. In this scenario we'll have two actors:\n\nAn information producer (a website, for example).\nA worker or background process who actually sends the e-mail.The producer needs an asynchronous and non-blocking way to send the email information to the worker.\nThis system is usually a broker. It takes the information from the web front-end and passes it to the worker, generating a new task in the worker. So, the worker has all the information to send the e-mail.\nTaking the above scenario as an example, if we could access the broker, we would be able to make the worker generate new tasks with arbitrary data, unleashing a broker injection.\n\n== Attacks ==\nWith this in mind, we could make the following attacks:\n\nListing remote tasks.\nReading a remote task's contents.\nInjection of tasks into remote processes.\nRemoving remote outstanding tasks.\n\n== Origin ==\nThe broker injection attack is not new, but it didn't have a name. This name was coined by Daniel Garc\u00eda (cr0hn) at the RootedCON 2016 conference in Spain. Answer this question using the following article:\n\nIn what ways can an attacker access a broker?",
    "context": "",
    "output": "An attacker can access a broker by exploiting misconfigurations in the system. The text does not provide specific techniques for gaining access to a broker, but it is implied that a vulnerable broker may have insufficient security measures in place to protect against unauthorized access.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "In what ways can an attacker access a broker?",
      "answer": "An attacker can access a broker by exploiting misconfigurations in the system. The text does not provide specific techniques for gaining access to a broker, but it is implied that a vulnerable broker may have insufficient security measures in place to protect against unauthorized access.",
      "context": "Broker injection\n\n==Introduction==\nBroker injection attack is a type of vulnerability that exploits misconfigured brokers, potentially allowing an attacker to read, write and inject information from/into their flow.\n\n\n\n== Description ==\nThere are many scenarios in which a broker is used to transport the information between tasks.\nOne of the most typical use cases is send e-mails in background. In this scenario we'll have two actors:\n\nAn information producer (a website, for example).\nA worker or background process who actually sends the e-mail.The producer needs an asynchronous and non-blocking way to send the email information to the worker.\nThis system is usually a broker. It takes the information from the web front-end and passes it to the worker, generating a new task in the worker. So, the worker has all the information to send the e-mail.\nTaking the above scenario as an example, if we could access the broker, we would be able to make the worker generate new tasks with arbitrary data, unleashing a broker injection.\n\n== Attacks ==\nWith this in mind, we could make the following attacks:\n\nListing remote tasks.\nReading a remote task's contents.\nInjection of tasks into remote processes.\nRemoving remote outstanding tasks.\n\n== Origin ==\nThe broker injection attack is not new, but it didn't have a name. This name was coined by Daniel Garc\u00eda (cr0hn) at the RootedCON 2016 conference in Spain."
    }
  },
  {
    "instruction": "Cyberwarfare in the United States\n\n==Introduction==\nCyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.\nThe United States Department of Defense recognizes the use of computers and the Internet to conduct warfare in cyberspace as a threat to national security, but also as a platform for attack.The United States Cyber Command centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks. It is an armed forces Unified Combatant Command. A 2021 report by the International Institute for Strategic Studies placed the United States as the world's foremost cyber superpower, taking into account its cyber offense, defense, and intelligence capabilities.\n\n\n\n== The Department of Defense Cyber Strategy ==\nIn April 2015, the U.S. Department of Defense (DoD) published its latest Cyber Strategy building upon the previous DoD Strategy for Operating in Cyberspace published in July 2011. The DoD Cyber strategy focuses on building capabilities to protect, secure, and defend its own DoD networks, systems and information; defend the nation against cyber attacks; and support contingency plans. This includes being prepared to operate and continue to carry out missions in environments impacted by cyber attacks.\nThe DoD outlines three cyber missions:\n\nDefend DoD networks, systems, and information.\nDefend the United States and its interests against cyber attacks of significant consequence.\nProvide integrated cyber capabilities to support military operations and contingency plans.In addition, the Cyber Strategy emphasizes the need to build bridges to the private sector, so that the best talent and technology the United States has to offer is at disposal to the DoD.\n\n\n*** The Five Pillars ***\n\nThe five pillars is the base of the Department of Defense's strategy for cyber warfare. The first pillar is to recognize that the new domain for warfare is cyberspace and that it is similar to the other elements in the battlespace. The key objectives of this pillar are to build up technical capabilities and accelerate research and development to provide the United States with a technological advantage. The second pillar is proactive defenses as opposed to passive defense. Two examples of passive defense are computer hygiene and firewalls. The balance of the attacks requires active defense using sensors to provide a rapid response to detect and stop a cyber attack on a computer network. This would provide military tactics to backtrace, hunt down and attack an enemy intruder. The third pillar is critical infrastructure protection (CIP) to ensure the protection of critical infrastructure by developing warning systems to anticipate threats. The fourth pillar is the use of collective defense which would provide the ability of early detection, and incorporate it into the cyber warfare defense structure. The goal of this pillar is to explore all options in the face of a conflict, and to minimize loss of life and destruction of property. The fifth pillar is building and maintaining international alliances and partnerships to deter shared threats, and to remain adaptive and flexible to build new alliances as required. This is focused on \"priority regions, to include the Middle East, Asia-Pacific, and Europe\".\n\n\n*** Trump Administration's National Cyber Strategy ***\nShortly after his election, U.S. President Donald Trump pledged to deliver an extensive plan to improve U.S. cybersecurity within 90 days of his inauguration. Three weeks after the designated 90-day mark, he signed an executive order that claimed to strengthen government networks. By the new executive order, federal-agency leaders are to be held responsible for breaches on their networks and federal agencies are to follow the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity in consolidating risk management practices. In addition, the federal departments were to examine cyber defense abilities of agencies within 90 days, focusing on \"risk mitigation and acceptance choices\" and evaluating needs for funding and sharing technology across departments. Experts in cybersecurity later claimed that the order was \"not likely\" to have a major impact.In September, President Trump signed the National Cyber Strategy- \"the first fully articulated cyber strategy for the United States since 2003.\" John Bolton, the National Security Advisor, claimed in September 2018 that the Trump administration's new \"National Cyber Strategy\" has replaced restrictions on the use of offensive cyber operations with a legal regime that enables the Defense Department and other relevant agencies to operate with a greater authority to penetrate foreign networks to deter hacks on U.S. systems. Describing the new strategy as an endeavor to \"create powerful deterrence structures that persuade the adversary not to strike in the first place,\" Bolton added that decision-making for launching attacks will be moved down the chain of command from requiring the president's approval.The Defense Department, in its strategy document released in September 2018, further announced that it would \"defend forward\" U.S. networks by disrupting \"malicious cyber activity at its source\" and endeavor to \"ensure there are consequences for irresponsible cyber behavior\" by \"preserving peace through strength.\"The National Cyber Strategy has also garnered criticisms that evaluating acts of cyberwarfare against the United States still remains ambiguous, as the current U.S. law does not specifically define what constitutes an illegal cyber act that transcends a justifiable computer activity. The legal status of most information security research in the United States is governed by 1986 Computer Fraud and Abuse Act, which was derided to be \"poorly drafted and arbitrarily enforced\" by enabling prosecution of useful information security research methods such as Nmap or Shodan. As even the needed services fall into prohibition, top-level information security experts find it challenging to improve the infrastructure of cyberdefense.\n\n== Cyberattack as an act of war ==\nIn 2011, The White House published an \"International Strategy for Cyberspace\" that reserved the right to use military force in response to a cyberattack:\n\nIn 2013, the Defense Science Board, an independent advisory committee to the U.S. Secretary of Defense, went further, stating that \"The cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War,\" and recommending, in response to the \"most extreme case\" (described as a \"catastrophic full spectrum cyber attack\"), that \"Nuclear weapons would remain the ultimate response and anchor the deterrence ladder.\"\n\n== Attacks on other nations ==\n\n\n*** Iran ***\n\nIn June 2010, Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyber-worm 'Stuxnet', said to be the most advanced piece of malware ever discovered and significantly increased the profile of cyberwarfare. It destroyed perhaps over 1,000 nuclear centrifuges and, according to a Business Insider article, \"[set] Tehran's atomic program back by at least two years.\"Despite a lack of official confirmation, Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, made a public statement, in which he said, \"we're glad they [the Iranians] are having trouble with their centrifuge machine and that we\u2014the US and its allies\u2014are doing everything we can to make sure that we complicate matters for them\", offering \"winking acknowledgement\" of US involvement in Stuxnet.\n\n\n*** China ***\n\nIn 2013, Edward Snowden, a former systems administrator for the Central Intelligence Agency (CIA) and a counterintelligence trainer at the Defense Intelligence Agency (DIA), revealed that the United States government had hacked into Chinese mobile phone companies to collect text messages and had spied on Tsinghua University, one of China's biggest research institutions, as well as home to one of China's six major backbone networks, the China Education and Research Network (CERNET), from where internet data from millions of Chinese citizens could be mined. He said U.S. spy agencies have been watching China and Hong Kong for years.According to classified documents provided by Edward Snowden, the National Security Agency (NSA) has also infiltrated the servers in the headquarters of Huawei, China's largest telecommunications company and the largest telecommunications equipment maker in the world. The plan is to exploit Huawei's technology so that when the company sold equipment to other countries\u2014including both allies and nations that avoid buying American products\u2014the NSA could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations.\n\n\n*** Russia ***\nIn June 2019, Russia said that its electrical grid could be under cyber-attack by the United States. The New York Times reported that American hackers from the United States Cyber Command planted malware potentially capable of disrupting the Russian electrical grid.\n\n\n*** Others ***\nAccording to Thomas C. Reed's account in his 2004 autobiographical book At the Abyss: An Insider's History of the Cold War, in 1982, a computer control system stolen from a Canadian company by Soviet spies caused a Soviet gas pipeline to explode. He alleged that code for the control system had been modified by the CIA to include a logic bomb which changed the pump speeds to cause the explosion, but this is disputed.\nA 1 April 1991 article in InfoWorld Magazine \"Meta-Virus Set to Unleash Plague on Windows 3.0 Users\" by John Gantz was purported to be an extremely early example of cyber warfare between 2 countries. In fact the \"AF/91 virus\" was an April Fools Joke that was misunderstood and widely re-reported as fact by credulous media.\n\n== Cyber threat information sharing ==\nThe Pentagon has had an information sharing arrangement, the Defense Industrial Base Cybersecurity and Information Assurance (DIBCIA) program, in place with some private defense contractors since 2007 to which access was widened in 2012.\nA number of other information sharing initiatives such as the Cyber Intelligence Sharing and Protection Act (CISPA) and Cybersecurity Information Sharing Act (CISA) have been proposed, but failed for various reasons including fears that they could be used to spy on the general public.\n\n== United States Cyber Command ==\n\nThe United States Cyber Command (USCYBERCOM) is a United States Armed Forces Unified Combatant Command. USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: defend Department of Defense information networks and; prepare to conduct \"full spectrum military cyberspace operations\" to ensure US/Allied freedom of action in cyberspace and deny the same to adversaries.\n\n\n*** Army ***\nThe Army Cyber Command (ARCYBER) is an Army component command for the U.S. Cyber Command. ARCYBER has the following components:\n\nArmy Network Enterprise Technology Command / 9th Army Signal Command\nPortions of 1st Information Operations Command (Land)\nUnited States Army Intelligence and Security Command will be under the operational control of ARCYBER for cyber-related actions.New cyber authorities have been granted under National Security Presidential Memorandum (NSPM) 13; persistent cyber engagements at Cyber command are the new norm for cyber operations.\n\n\n*** Marine Corps ***\nUnited States Marine Corps Forces Cyberspace Command is a functional formation of the United States Marine Corps to protect infrastructure from cyberwarfare.\n\n\n*** Air Force ***\nThe Sixteenth Air Force (16 AF) is the United States Air Force component of United States Cyber Command (USCYBERCOM). It has the following components:\n\n67th Cyberspace Wing\n688th Cyberspace Wing\n689th Combat Communications WingThe F-15 and C-130 systems are being hardened from cyber attack as of 2019.\n\n\n*** Navy ***\nThe Navy Cyber Forces (CYBERFOR) is the type of some commanders for the U.S. Navy's global cyber workforce. The headquarters is located at Joint Expeditionary Base Little Creek-Fort Story. CYBERFOR provides forces and equipment in cryptology/signals intelligence, cyber, electronic warfare, information operations, intelligence, networks, and space. In September 2013, the United States Naval Academy will offer undergraduate students the opportunity, to major in Cyber Operations for the United States.Fleet Cyber Command is an operating force of the United States Navy responsible for the Navy's cyber warfare programs. Tenth Fleet is a force provider for Fleet Cyber Command. The fleet components are:\n\nNaval Network Warfare Command\nNavy Cyber Defense Operations Command\nNaval Information Operation Commands\nCombined Task Forces\n\n== Timeline ==\nSystems in the US military and private research institutions were penetrated from March 1998 for almost two years in an incident called Moonlight Maze. The United States Department of Defense traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement.\nTitan Rain was the U.S. government's designation given to a series of coordinated attacks on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature (i.e., state-sponsored espionage, corporate espionage, or random hacker attacks) and their real identities (i.e., masked by proxy, zombie computer, spyware/virus infected) remain unknown.\nIn 2007, the United States government suffered \"an espionage Pearl Harbor\" in which an unknown foreign power ... broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.\nIn 2008, a hacking incident occurred on a U.S. Military facility in the Middle East. United States Deputy Secretary of Defense William J. Lynn III had the Pentagon release a document, which reflected a \"malicious code\" on a USB flash drive spread undetected on both classified and unclassified Pentagon systems, establishing a digital beachhead, from which data could be transferred to servers under foreign control.  \"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. This ... was the most significant breach of U.S. military computers ever and it served as an important wake-up call\", Lynn wrote in an article for Foreign Affairs.\nOperation Buckshot Yankee, conducted by the United States in response to the 2008 breach which was allegedly conducted by Russia. This operation lasted three years, starting in October 2008 when the breach was first detected. The operation included attempts to recognize and mitigate the malicious code (Agent.btz), which had spread to military computers around the world. The team conducting the operation requested permission to use more offensive means of combating the code, but it was denied by senior officials. Operation Buckshot Yankee was a catalyst for the formation of Cyber Command.\nOn 9 February 2009, the White House announced that it will conduct a review of the nation's cyber security to ensure that the Federal government of the United States cyber security initiatives are appropriately integrated, resourced and coordinated with the United States Congress and the private sector.\nOn 1 April 2009, U.S. lawmakers pushed for the appointment of a White House cyber security \"czar\" to dramatically escalate U.S. defenses against cyber attacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.\nOn 7 April 2009, The Pentagon announced they spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems.\nFrom December 2009 to January 2010, a cyber attack, dubbed Operation Aurora, was launched from China against Google and over 20 other companies. Google said the attacks originated from China and that it would \"review the feasibility\" of its business operations in China following the incident. According to Google, at least 20 other companies in various sectors had been targeted by the attacks. McAfee spokespersons claimed that \"this is the highest profile attack of its kind that we have seen in recent memory.\"\nIn February 2010, the United States Joint Forces Command released a study which included a summary of the threats posed by the internet: \"The open and free flow of information favored by the West will allow adversaries an unprecedented ability to gather intelligence.\"\nOn 19 June 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called \"Protecting Cyberspace as a National Asset Act of 2010\", which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the \"Kill switch bill\", would grant the President emergency powers over parts of the Internet. However, all three co-authors of the bill issued a statement that instead, the bill \"[narrowed] existing broad Presidential authority to take over telecommunications networks\".\nIn August 2010, the U.S. for the first time publicly warned about the Chinese military's use of civilian computer experts in clandestine cyber attacks aimed at American companies and government agencies. The Pentagon also pointed to an alleged China-based computer spying network dubbed GhostNet that was revealed in a research report last year. The Pentagon stated that the People's Liberation Army was using \"information warfare units\" to develop viruses to attack enemy computer systems and networks, and those units include civilian computer professionals. Commander Bob Mehal would monitor the PLA's buildup of its cyberwarfare capabilities and \"will continue to develop capabilities to counter any potential threat.\"\nIn 2010, American General Keith B. Alexander endorsed talks with Russia over a proposal to limit military attacks in cyberspace, representing a significant shift in U.S. policy.\nIn 2011 as part of The Anonymous attack on HBGary Federal information about private companies such as Endgame systems who design offensive software for the Department of Defense were revealed. It was shown that Endgame systems job applicants had previously \"managed team of 15 persons, responsible for coordinating offensive computer network operations for the United States Department of Defense and other federal agencies.\"\nIn October 2012, the Pentagon was to host contractors who \"want to propose revolutionary technologies for understanding, planning and managing cyberwarfare. It is part of an ambitious program that the Defense Advanced Research Projects Agency, or DARPA, calls Plan X, and the public description talks about 'understanding the cyber battlespace', quantifying 'battle damage' and working in DARPA's 'cyberwar laboratory.'\"\nStarting in September 2012, denial of service attacks, were carried out against the New York Stock Exchange and a number of banks including J.P. Morgan Chase. Credit for these attacks was claimed by a hacktivist group called the Qassam Cyber Fighters who have labeled the attacks Operation Ababil. The attacks had been executed in several phases and were restarted in March 2013.\nIn 2013, the first Tallinn Manual on the International Law Applicable to Cyber Warfare was published.  This publication was the result of an independent study to examine and review laws governing cyber warfare sponsored by the NATO Cooperative Cyber Defence Centre of Excellence in 2009.\nIn February 2013, the White House Presidential Executive Order (E.o.) 13636 \"Improving Critical Infrastructure Cybersecurity\" was published.  This executive order highlighted the policies needed to improve and coordinate cybersecurity, identification of critical infrastructure, reduction of cyber risk, information sharing with the private sector, and ensure civil and privacy liberties protections are incorporated.\nIn January 2014, the White House Presidential Policy Directive 28 (PPD-28) on \"Signals Intelligence Activities\" was published.  This presidential policy directive highlighted the principles, limitations of use, process of collection, safeguarding of personal information, and transparency related to the collection and review of cyber intelligence signal activities.\nIn August 2014, \"gigabytes\" of sensitive data were reported stolen from JPMorgan Chase (see 2014 JPMorgan Chase data breach), and the company's internal investigation was reported to have found that the data was sent to a \"major Russian city.\" The FBI was said to be investigating whether the breach was in retaliation for sanctions the United States had imposed on Russia in relation to the 2014 Russian military intervention in Ukraine.\nOn 29 May 2014, iSIGHT Partners, a global provider of cyber threat intelligence, uncovered a \"long-term\" and \"unprecedented\" cyber espionage that was \"the most elaborate cyber espionage campaign using social engineering that has been uncovered to date from any nation\". Labelled \"Operation Newscaster\", it targeted senior U.S. military and diplomatic personnel, congresspeople, journalists, lobbyists, think tankers and defense contractors, including a four-star admiral.\nIn December 2014, Cylance Inc. published an investigation on so-called \"Operation Cleaver\" which targeted over 50 world's unnamed leading enterprises, including in United States. Federal Bureau of Investigation tacitly acknowledged the operation and \"warned businesses to stay vigilant and to report any suspicious activity spotted on the companies' computer systems\".\nIn December 2014, in response to a hack on the US based company Sony (see Sony Pictures hack) believed to be perpetrated by North Korea, the US government created new economic sanctions on North Korea and listed the country as a state sponsor of terrorism. After the hack, there was an internet blackout over most of North Korea allegedly caused by the US, but there was no definitive evidence to support that claim.\nIn January 2015, terrorist group ISIS hacked United States Central Command and took over their Twitter and YouTube accounts. They distributed sensitive information obtained during the attack on various social media platforms.\nIn April 2015, The Department of Defense Cyber Strategy was updated and published.  Original DoD Strategy for Operating in Cyberspace was published in July 2011.\nIn 2015 the United States Office of Personnel Management (OPM) was victim to what has been described by federal officials as among the largest breaches of government data in the history of the United States, in which an estimated 21.5 million records were stolen. Information targeted in the breach included personally identifiable information such as Social Security numbers, as well as names, dates and places of birth, and addresses, and likely involved theft of detailed background security-clearance-related background information.\nIn June 2015, the US Department of Defense (DoD) included a chapter dedicated to cyber warfare in the DoD Law of War Manual. See Cyber Warfare section on p. 994.\nIn 2016 Cyber Command mounted computer-network attacks on ISIS under Operation Glowing Symphony with the intent to disrupt internal communication, manipulate data, and undermine confidence in the group's security. A particular emphasis was placed on locking key figures out of their accounts, deleting files of propaganda, and making it all look like general IT trouble instead of an intentional attack. This operation prompted an internal debate in the American government about whether or not to alert their allies that they would be attacking servers located within other countries.\nIn March 2018, the Office of Foreign Assets Control sanctioned two Russian intelligence agencies, the Federal Security Service (FSB) and the Main Intelligence Directorate (GRU) for committing \"destructive cyber-attacks.\" The attacks include the NotPetya attack, an assault that was allegedly conducted by the Russian military in February according to statements of the White House and British government, and which the United States Treasury described as \"the most destructive and costly cyber-attack in history.\"\nIn March 2018, the United States Justice Department charged nine Iranians with stealing scientific secrets on behalf of Iran's Revolutionary Guard Corps. The defendants \"stole more than 31 terabytes of academic data and intellectual property from universities, and email accounts of employees at private sector companies, government agencies, and non-governmental organizations.\"\nIn September 2018, the United States Justice Department published a criminal complaint against Park Jin Hyok, a professional hacker alleged to be working for North Korea's military intelligence bureau, for his commitment of three cyber-attacks: attack against Sony Pictures in 2014, the theft of $81m from the central bank of Bangladesh in 2016, and WannaCry 2.0 ransomware attack against hundreds of thousands of computers.\nSeptember 2018, The White House has \"authorized offensive cyber operations\" against foreign threats as a result of loosened restrictions on the use of digital weapons in line with the president's directive; the National Security Presidential Memorandum 13 (NSPM 13). This allows the military to carry out such attacks with a shortened approval process.\nIn October 2018, the United States Cyber Command launched the still-classified Operation Synthetic Theology. A team of experts were deployed to Macedonia, Ukraine, and Montenegro to identify Russian agents interfering in the election. The team was also gathering intelligence on Russia's cyber capabilities and attacking the Internet Research Agency, a \"Kremin-backed troll farm in St. Petersburg\".\nBeginning at least by March 2019, persistent cyber operations were applied by the United States against Russia's power grid, seemingly per National Security Presidential Memorandum 13 (September 2018).:\u200apages A1,\u200aA20\u200a\nJune 2019, White House National Security Adviser John Bolton announced that U.S. offensive cyber operations would be expanded to include \"economic cyber intrusions\". These comments appear to reference China's alleged theft of information and data from U.S. corporations.\nIn June 2019, President Trump ordered a cyber attack against Iranian weapons systems in retaliation to the shooting down of a US drone being in the Strait of Hormuz and two mine attacks on oil tankers. The attacks disabled Iranian computer systems controlling its rocket and missile launchers. Iran's Islamic Revolutionary Guard Corps (IRGC) was specifically targeted. Answer this question using the following article:\n\nHow does the Department of Defense's (DoD) Cyber Strategy approach the defense of its own networks, systems, and information?",
    "context": "",
    "output": "The DoD Cyber Strategy focuses on building capabilities to protect, secure, and defend its own DoD networks, systems and information; defend the nation against cyber attacks; and support contingency plans. This includes being prepared to operate and continue to carry out missions in environments impacted by cyber attacks.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "How does the Department of Defense's (DoD) Cyber Strategy approach the defense of its own networks, systems, and information?",
      "answer": "The DoD Cyber Strategy focuses on building capabilities to protect, secure, and defend its own DoD networks, systems and information; defend the nation against cyber attacks; and support contingency plans. This includes being prepared to operate and continue to carry out missions in environments impacted by cyber attacks.",
      "context": "Cyberwarfare in the United States\n\n==Introduction==\nCyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.\nThe United States Department of Defense recognizes the use of computers and the Internet to conduct warfare in cyberspace as a threat to national security, but also as a platform for attack.The United States Cyber Command centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks. It is an armed forces Unified Combatant Command. A 2021 report by the International Institute for Strategic Studies placed the United States as the world's foremost cyber superpower, taking into account its cyber offense, defense, and intelligence capabilities.\n\n\n\n== The Department of Defense Cyber Strategy ==\nIn April 2015, the U.S. Department of Defense (DoD) published its latest Cyber Strategy building upon the previous DoD Strategy for Operating in Cyberspace published in July 2011. The DoD Cyber strategy focuses on building capabilities to protect, secure, and defend its own DoD networks, systems and information; defend the nation against cyber attacks; and support contingency plans. This includes being prepared to operate and continue to carry out missions in environments impacted by cyber attacks.\nThe DoD outlines three cyber missions:\n\nDefend DoD networks, systems, and information.\nDefend the United States and its interests against cyber attacks of significant consequence.\nProvide integrated cyber capabilities to support military operations and contingency plans.In addition, the Cyber Strategy emphasizes the need to build bridges to the private sector, so that the best talent and technology the United States has to offer is at disposal to the DoD.\n\n\n*** The Five Pillars ***\n\nThe five pillars is the base of the Department of Defense's strategy for cyber warfare. The first pillar is to recognize that the new domain for warfare is cyberspace and that it is similar to the other elements in the battlespace. The key objectives of this pillar are to build up technical capabilities and accelerate research and development to provide the United States with a technological advantage. The second pillar is proactive defenses as opposed to passive defense. Two examples of passive defense are computer hygiene and firewalls. The balance of the attacks requires active defense using sensors to provide a rapid response to detect and stop a cyber attack on a computer network. This would provide military tactics to backtrace, hunt down and attack an enemy intruder. The third pillar is critical infrastructure protection (CIP) to ensure the protection of critical infrastructure by developing warning systems to anticipate threats. The fourth pillar is the use of collective defense which would provide the ability of early detection, and incorporate it into the cyber warfare defense structure. The goal of this pillar is to explore all options in the face of a conflict, and to minimize loss of life and destruction of property. The fifth pillar is building and maintaining international alliances and partnerships to deter shared threats, and to remain adaptive and flexible to build new alliances as required. This is focused on \"priority regions, to include the Middle East, Asia-Pacific, and Europe\".\n\n\n*** Trump Administration's National Cyber Strategy ***\nShortly after his election, U.S. President Donald Trump pledged to deliver an extensive plan to improve U.S. cybersecurity within 90 days of his inauguration. Three weeks after the designated 90-day mark, he signed an executive order that claimed to strengthen government networks. By the new executive order, federal-agency leaders are to be held responsible for breaches on their networks and federal agencies are to follow the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity in consolidating risk management practices. In addition, the federal departments were to examine cyber defense abilities of agencies within 90 days, focusing on \"risk mitigation and acceptance choices\" and evaluating needs for funding and sharing technology across departments. Experts in cybersecurity later claimed that the order was \"not likely\" to have a major impact.In September, President Trump signed the National Cyber Strategy- \"the first fully articulated cyber strategy for the United States since 2003.\" John Bolton, the National Security Advisor, claimed in September 2018 that the Trump administration's new \"National Cyber Strategy\" has replaced restrictions on the use of offensive cyber operations with a legal regime that enables the Defense Department and other relevant agencies to operate with a greater authority to penetrate foreign networks to deter hacks on U.S. systems. Describing the new strategy as an endeavor to \"create powerful deterrence structures that persuade the adversary not to strike in the first place,\" Bolton added that decision-making for launching attacks will be moved down the chain of command from requiring the president's approval.The Defense Department, in its strategy document released in September 2018, further announced that it would \"defend forward\" U.S. networks by disrupting \"malicious cyber activity at its source\" and endeavor to \"ensure there are consequences for irresponsible cyber behavior\" by \"preserving peace through strength.\"The National Cyber Strategy has also garnered criticisms that evaluating acts of cyberwarfare against the United States still remains ambiguous, as the current U.S. law does not specifically define what constitutes an illegal cyber act that transcends a justifiable computer activity. The legal status of most information security research in the United States is governed by 1986 Computer Fraud and Abuse Act, which was derided to be \"poorly drafted and arbitrarily enforced\" by enabling prosecution of useful information security research methods such as Nmap or Shodan. As even the needed services fall into prohibition, top-level information security experts find it challenging to improve the infrastructure of cyberdefense.\n\n== Cyberattack as an act of war ==\nIn 2011, The White House published an \"International Strategy for Cyberspace\" that reserved the right to use military force in response to a cyberattack:\n\nIn 2013, the Defense Science Board, an independent advisory committee to the U.S. Secretary of Defense, went further, stating that \"The cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War,\" and recommending, in response to the \"most extreme case\" (described as a \"catastrophic full spectrum cyber attack\"), that \"Nuclear weapons would remain the ultimate response and anchor the deterrence ladder.\"\n\n== Attacks on other nations ==\n\n\n*** Iran ***\n\nIn June 2010, Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyber-worm 'Stuxnet', said to be the most advanced piece of malware ever discovered and significantly increased the profile of cyberwarfare. It destroyed perhaps over 1,000 nuclear centrifuges and, according to a Business Insider article, \"[set] Tehran's atomic program back by at least two years.\"Despite a lack of official confirmation, Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, made a public statement, in which he said, \"we're glad they [the Iranians] are having trouble with their centrifuge machine and that we\u2014the US and its allies\u2014are doing everything we can to make sure that we complicate matters for them\", offering \"winking acknowledgement\" of US involvement in Stuxnet.\n\n\n*** China ***\n\nIn 2013, Edward Snowden, a former systems administrator for the Central Intelligence Agency (CIA) and a counterintelligence trainer at the Defense Intelligence Agency (DIA), revealed that the United States government had hacked into Chinese mobile phone companies to collect text messages and had spied on Tsinghua University, one of China's biggest research institutions, as well as home to one of China's six major backbone networks, the China Education and Research Network (CERNET), from where internet data from millions of Chinese citizens could be mined. He said U.S. spy agencies have been watching China and Hong Kong for years.According to classified documents provided by Edward Snowden, the National Security Agency (NSA) has also infiltrated the servers in the headquarters of Huawei, China's largest telecommunications company and the largest telecommunications equipment maker in the world. The plan is to exploit Huawei's technology so that when the company sold equipment to other countries\u2014including both allies and nations that avoid buying American products\u2014the NSA could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations.\n\n\n*** Russia ***\nIn June 2019, Russia said that its electrical grid could be under cyber-attack by the United States. The New York Times reported that American hackers from the United States Cyber Command planted malware potentially capable of disrupting the Russian electrical grid.\n\n\n*** Others ***\nAccording to Thomas C. Reed's account in his 2004 autobiographical book At the Abyss: An Insider's History of the Cold War, in 1982, a computer control system stolen from a Canadian company by Soviet spies caused a Soviet gas pipeline to explode. He alleged that code for the control system had been modified by the CIA to include a logic bomb which changed the pump speeds to cause the explosion, but this is disputed.\nA 1 April 1991 article in InfoWorld Magazine \"Meta-Virus Set to Unleash Plague on Windows 3.0 Users\" by John Gantz was purported to be an extremely early example of cyber warfare between 2 countries. In fact the \"AF/91 virus\" was an April Fools Joke that was misunderstood and widely re-reported as fact by credulous media.\n\n== Cyber threat information sharing ==\nThe Pentagon has had an information sharing arrangement, the Defense Industrial Base Cybersecurity and Information Assurance (DIBCIA) program, in place with some private defense contractors since 2007 to which access was widened in 2012.\nA number of other information sharing initiatives such as the Cyber Intelligence Sharing and Protection Act (CISPA) and Cybersecurity Information Sharing Act (CISA) have been proposed, but failed for various reasons including fears that they could be used to spy on the general public.\n\n== United States Cyber Command ==\n\nThe United States Cyber Command (USCYBERCOM) is a United States Armed Forces Unified Combatant Command. USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: defend Department of Defense information networks and; prepare to conduct \"full spectrum military cyberspace operations\" to ensure US/Allied freedom of action in cyberspace and deny the same to adversaries.\n\n\n*** Army ***\nThe Army Cyber Command (ARCYBER) is an Army component command for the U.S. Cyber Command. ARCYBER has the following components:\n\nArmy Network Enterprise Technology Command / 9th Army Signal Command\nPortions of 1st Information Operations Command (Land)\nUnited States Army Intelligence and Security Command will be under the operational control of ARCYBER for cyber-related actions.New cyber authorities have been granted under National Security Presidential Memorandum (NSPM) 13; persistent cyber engagements at Cyber command are the new norm for cyber operations.\n\n\n*** Marine Corps ***\nUnited States Marine Corps Forces Cyberspace Command is a functional formation of the United States Marine Corps to protect infrastructure from cyberwarfare.\n\n\n*** Air Force ***\nThe Sixteenth Air Force (16 AF) is the United States Air Force component of United States Cyber Command (USCYBERCOM). It has the following components:\n\n67th Cyberspace Wing\n688th Cyberspace Wing\n689th Combat Communications WingThe F-15 and C-130 systems are being hardened from cyber attack as of 2019.\n\n\n*** Navy ***\nThe Navy Cyber Forces (CYBERFOR) is the type of some commanders for the U.S. Navy's global cyber workforce. The headquarters is located at Joint Expeditionary Base Little Creek-Fort Story. CYBERFOR provides forces and equipment in cryptology/signals intelligence, cyber, electronic warfare, information operations, intelligence, networks, and space. In September 2013, the United States Naval Academy will offer undergraduate students the opportunity, to major in Cyber Operations for the United States.Fleet Cyber Command is an operating force of the United States Navy responsible for the Navy's cyber warfare programs. Tenth Fleet is a force provider for Fleet Cyber Command. The fleet components are:\n\nNaval Network Warfare Command\nNavy Cyber Defense Operations Command\nNaval Information Operation Commands\nCombined Task Forces\n\n== Timeline ==\nSystems in the US military and private research institutions were penetrated from March 1998 for almost two years in an incident called Moonlight Maze. The United States Department of Defense traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement.\nTitan Rain was the U.S. government's designation given to a series of coordinated attacks on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature (i.e., state-sponsored espionage, corporate espionage, or random hacker attacks) and their real identities (i.e., masked by proxy, zombie computer, spyware/virus infected) remain unknown.\nIn 2007, the United States government suffered \"an espionage Pearl Harbor\" in which an unknown foreign power ... broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.\nIn 2008, a hacking incident occurred on a U.S. Military facility in the Middle East. United States Deputy Secretary of Defense William J. Lynn III had the Pentagon release a document, which reflected a \"malicious code\" on a USB flash drive spread undetected on both classified and unclassified Pentagon systems, establishing a digital beachhead, from which data could be transferred to servers under foreign control.  \"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. This ... was the most significant breach of U.S. military computers ever and it served as an important wake-up call\", Lynn wrote in an article for Foreign Affairs.\nOperation Buckshot Yankee, conducted by the United States in response to the 2008 breach which was allegedly conducted by Russia. This operation lasted three years, starting in October 2008 when the breach was first detected. The operation included attempts to recognize and mitigate the malicious code (Agent.btz), which had spread to military computers around the world. The team conducting the operation requested permission to use more offensive means of combating the code, but it was denied by senior officials. Operation Buckshot Yankee was a catalyst for the formation of Cyber Command.\nOn 9 February 2009, the White House announced that it will conduct a review of the nation's cyber security to ensure that the Federal government of the United States cyber security initiatives are appropriately integrated, resourced and coordinated with the United States Congress and the private sector.\nOn 1 April 2009, U.S. lawmakers pushed for the appointment of a White House cyber security \"czar\" to dramatically escalate U.S. defenses against cyber attacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.\nOn 7 April 2009, The Pentagon announced they spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems.\nFrom December 2009 to January 2010, a cyber attack, dubbed Operation Aurora, was launched from China against Google and over 20 other companies. Google said the attacks originated from China and that it would \"review the feasibility\" of its business operations in China following the incident. According to Google, at least 20 other companies in various sectors had been targeted by the attacks. McAfee spokespersons claimed that \"this is the highest profile attack of its kind that we have seen in recent memory.\"\nIn February 2010, the United States Joint Forces Command released a study which included a summary of the threats posed by the internet: \"The open and free flow of information favored by the West will allow adversaries an unprecedented ability to gather intelligence.\"\nOn 19 June 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called \"Protecting Cyberspace as a National Asset Act of 2010\", which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the \"Kill switch bill\", would grant the President emergency powers over parts of the Internet. However, all three co-authors of the bill issued a statement that instead, the bill \"[narrowed] existing broad Presidential authority to take over telecommunications networks\".\nIn August 2010, the U.S. for the first time publicly warned about the Chinese military's use of civilian computer experts in clandestine cyber attacks aimed at American companies and government agencies. The Pentagon also pointed to an alleged China-based computer spying network dubbed GhostNet that was revealed in a research report last year. The Pentagon stated that the People's Liberation Army was using \"information warfare units\" to develop viruses to attack enemy computer systems and networks, and those units include civilian computer professionals. Commander Bob Mehal would monitor the PLA's buildup of its cyberwarfare capabilities and \"will continue to develop capabilities to counter any potential threat.\"\nIn 2010, American General Keith B. Alexander endorsed talks with Russia over a proposal to limit military attacks in cyberspace, representing a significant shift in U.S. policy.\nIn 2011 as part of The Anonymous attack on HBGary Federal information about private companies such as Endgame systems who design offensive software for the Department of Defense were revealed. It was shown that Endgame systems job applicants had previously \"managed team of 15 persons, responsible for coordinating offensive computer network operations for the United States Department of Defense and other federal agencies.\"\nIn October 2012, the Pentagon was to host contractors who \"want to propose revolutionary technologies for understanding, planning and managing cyberwarfare. It is part of an ambitious program that the Defense Advanced Research Projects Agency, or DARPA, calls Plan X, and the public description talks about 'understanding the cyber battlespace', quantifying 'battle damage' and working in DARPA's 'cyberwar laboratory.'\"\nStarting in September 2012, denial of service attacks, were carried out against the New York Stock Exchange and a number of banks including J.P. Morgan Chase. Credit for these attacks was claimed by a hacktivist group called the Qassam Cyber Fighters who have labeled the attacks Operation Ababil. The attacks had been executed in several phases and were restarted in March 2013.\nIn 2013, the first Tallinn Manual on the International Law Applicable to Cyber Warfare was published.  This publication was the result of an independent study to examine and review laws governing cyber warfare sponsored by the NATO Cooperative Cyber Defence Centre of Excellence in 2009.\nIn February 2013, the White House Presidential Executive Order (E.o.) 13636 \"Improving Critical Infrastructure Cybersecurity\" was published.  This executive order highlighted the policies needed to improve and coordinate cybersecurity, identification of critical infrastructure, reduction of cyber risk, information sharing with the private sector, and ensure civil and privacy liberties protections are incorporated.\nIn January 2014, the White House Presidential Policy Directive 28 (PPD-28) on \"Signals Intelligence Activities\" was published.  This presidential policy directive highlighted the principles, limitations of use, process of collection, safeguarding of personal information, and transparency related to the collection and review of cyber intelligence signal activities.\nIn August 2014, \"gigabytes\" of sensitive data were reported stolen from JPMorgan Chase (see 2014 JPMorgan Chase data breach), and the company's internal investigation was reported to have found that the data was sent to a \"major Russian city.\" The FBI was said to be investigating whether the breach was in retaliation for sanctions the United States had imposed on Russia in relation to the 2014 Russian military intervention in Ukraine.\nOn 29 May 2014, iSIGHT Partners, a global provider of cyber threat intelligence, uncovered a \"long-term\" and \"unprecedented\" cyber espionage that was \"the most elaborate cyber espionage campaign using social engineering that has been uncovered to date from any nation\". Labelled \"Operation Newscaster\", it targeted senior U.S. military and diplomatic personnel, congresspeople, journalists, lobbyists, think tankers and defense contractors, including a four-star admiral.\nIn December 2014, Cylance Inc. published an investigation on so-called \"Operation Cleaver\" which targeted over 50 world's unnamed leading enterprises, including in United States. Federal Bureau of Investigation tacitly acknowledged the operation and \"warned businesses to stay vigilant and to report any suspicious activity spotted on the companies' computer systems\".\nIn December 2014, in response to a hack on the US based company Sony (see Sony Pictures hack) believed to be perpetrated by North Korea, the US government created new economic sanctions on North Korea and listed the country as a state sponsor of terrorism. After the hack, there was an internet blackout over most of North Korea allegedly caused by the US, but there was no definitive evidence to support that claim.\nIn January 2015, terrorist group ISIS hacked United States Central Command and took over their Twitter and YouTube accounts. They distributed sensitive information obtained during the attack on various social media platforms.\nIn April 2015, The Department of Defense Cyber Strategy was updated and published.  Original DoD Strategy for Operating in Cyberspace was published in July 2011.\nIn 2015 the United States Office of Personnel Management (OPM) was victim to what has been described by federal officials as among the largest breaches of government data in the history of the United States, in which an estimated 21.5 million records were stolen. Information targeted in the breach included personally identifiable information such as Social Security numbers, as well as names, dates and places of birth, and addresses, and likely involved theft of detailed background security-clearance-related background information.\nIn June 2015, the US Department of Defense (DoD) included a chapter dedicated to cyber warfare in the DoD Law of War Manual. See Cyber Warfare section on p. 994.\nIn 2016 Cyber Command mounted computer-network attacks on ISIS under Operation Glowing Symphony with the intent to disrupt internal communication, manipulate data, and undermine confidence in the group's security. A particular emphasis was placed on locking key figures out of their accounts, deleting files of propaganda, and making it all look like general IT trouble instead of an intentional attack. This operation prompted an internal debate in the American government about whether or not to alert their allies that they would be attacking servers located within other countries.\nIn March 2018, the Office of Foreign Assets Control sanctioned two Russian intelligence agencies, the Federal Security Service (FSB) and the Main Intelligence Directorate (GRU) for committing \"destructive cyber-attacks.\" The attacks include the NotPetya attack, an assault that was allegedly conducted by the Russian military in February according to statements of the White House and British government, and which the United States Treasury described as \"the most destructive and costly cyber-attack in history.\"\nIn March 2018, the United States Justice Department charged nine Iranians with stealing scientific secrets on behalf of Iran's Revolutionary Guard Corps. The defendants \"stole more than 31 terabytes of academic data and intellectual property from universities, and email accounts of employees at private sector companies, government agencies, and non-governmental organizations.\"\nIn September 2018, the United States Justice Department published a criminal complaint against Park Jin Hyok, a professional hacker alleged to be working for North Korea's military intelligence bureau, for his commitment of three cyber-attacks: attack against Sony Pictures in 2014, the theft of $81m from the central bank of Bangladesh in 2016, and WannaCry 2.0 ransomware attack against hundreds of thousands of computers.\nSeptember 2018, The White House has \"authorized offensive cyber operations\" against foreign threats as a result of loosened restrictions on the use of digital weapons in line with the president's directive; the National Security Presidential Memorandum 13 (NSPM 13). This allows the military to carry out such attacks with a shortened approval process.\nIn October 2018, the United States Cyber Command launched the still-classified Operation Synthetic Theology. A team of experts were deployed to Macedonia, Ukraine, and Montenegro to identify Russian agents interfering in the election. The team was also gathering intelligence on Russia's cyber capabilities and attacking the Internet Research Agency, a \"Kremin-backed troll farm in St. Petersburg\".\nBeginning at least by March 2019, persistent cyber operations were applied by the United States against Russia's power grid, seemingly per National Security Presidential Memorandum 13 (September 2018).:\u200apages A1,\u200aA20\u200a\nJune 2019, White House National Security Adviser John Bolton announced that U.S. offensive cyber operations would be expanded to include \"economic cyber intrusions\". These comments appear to reference China's alleged theft of information and data from U.S. corporations.\nIn June 2019, President Trump ordered a cyber attack against Iranian weapons systems in retaliation to the shooting down of a US drone being in the Strait of Hormuz and two mine attacks on oil tankers. The attacks disabled Iranian computer systems controlling its rocket and missile launchers. Iran's Islamic Revolutionary Guard Corps (IRGC) was specifically targeted."
    }
  },
  {
    "instruction": "Red Apollo\n\n==Introduction==\nRed Apollo (also known as APT 10 (by Mandiant), MenuPass (by Fireeye), Stone Panda (by Crowdstrike), and POTASSIUM (by Microsoft)) is a Chinese state-sponsored cyberespionage group which has operated since 2006. In a 2018 indictment, the United States Department of Justice attributed the group to the Tianjin State Security Bureau of the Ministry of State Security.The team was designated an Advanced Persistent Threat by Fireeye, who reported that they target aerospace, engineering, and telecom firms and any government that they believe is a rival of China.\nFireeye stated that they could be targeting intellectual property from educational institutions such as a Japanese university and is likely to expand operations into the education sector in the jurisdictions of nations that are allied with the United States. Fireeye claimed that they were tracked since 2009, however because of the low-threat nature they had posed, they were not a priority. Fireeye now describes the group as \"a threat to organizations worldwide.\"\n\n\n\n== Tactics ==\nThe group directly targets managed information technology service providers (MSPs) using RAT. The general role of an MSP is to help manage a company's computer network. MSPs were often compromised by Poison Ivy, FakeMicrosoft, PlugX, ArtIEF, Graftor, and ChChes, through the use of spear-phishing emails. Answer this question using the following article:\n\nHow has the US Department of Justice attributed Red Apollo's actions to the Tianjin State Security Bureau of the Ministry of State Security?",
    "context": "",
    "output": "The US Department of Justice attributed Red Apollo's actions to the Tianjin State Security Bureau of the Ministry of State Security in a 2018 indictment.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "How has the US Department of Justice attributed Red Apollo's actions to the Tianjin State Security Bureau of the Ministry of State Security?",
      "answer": "The US Department of Justice attributed Red Apollo's actions to the Tianjin State Security Bureau of the Ministry of State Security in a 2018 indictment.",
      "context": "Red Apollo\n\n==Introduction==\nRed Apollo (also known as APT 10 (by Mandiant), MenuPass (by Fireeye), Stone Panda (by Crowdstrike), and POTASSIUM (by Microsoft)) is a Chinese state-sponsored cyberespionage group which has operated since 2006. In a 2018 indictment, the United States Department of Justice attributed the group to the Tianjin State Security Bureau of the Ministry of State Security.The team was designated an Advanced Persistent Threat by Fireeye, who reported that they target aerospace, engineering, and telecom firms and any government that they believe is a rival of China.\nFireeye stated that they could be targeting intellectual property from educational institutions such as a Japanese university and is likely to expand operations into the education sector in the jurisdictions of nations that are allied with the United States. Fireeye claimed that they were tracked since 2009, however because of the low-threat nature they had posed, they were not a priority. Fireeye now describes the group as \"a threat to organizations worldwide.\"\n\n\n\n== Tactics ==\nThe group directly targets managed information technology service providers (MSPs) using RAT. The general role of an MSP is to help manage a company's computer network. MSPs were often compromised by Poison Ivy, FakeMicrosoft, PlugX, ArtIEF, Graftor, and ChChes, through the use of spear-phishing emails."
    }
  },
  {
    "instruction": "Context: Object-capability model\n\n==Introduction==\nThe object-capability model is a computer security model. A capability describes a transferable right to perform one (or more) operations on a given object. It can be obtained by the following combination:\n\nAn unforgeable reference (in the sense of object references or protected pointers) that can be sent in messages.\nA message that specifies the operation to be performed.The security model relies on not being able to forge references. \n\nObjects can interact only by sending messages on references.\nA reference can be obtained by:Initial conditions: In the initial state of the computational world being described, object A may already have a reference to object B.\nParenthood: If A creates B, at that moment A obtains the only reference to the newly created B.\nEndowment: If A creates B, B is born with that subset of A's references with which A chose to endow it.\nIntroduction: If A has references to both B and C, A can send to B a message containing a reference to C. B can retain that reference for subsequent use.In the object-capability model, all computation is performed following the above rules.\nAdvantages that motivate object-oriented programming, such as encapsulation or information hiding, modularity, and separation of concerns, correspond to security goals such as least privilege and privilege separation in capability-based programming.The object-capability model was first proposed by Jack Dennis and Earl C. Van Horn in 1966.\n\n== Loopholes in object-oriented programming languages ==\nSome object-based programming languages (e.g. JavaScript, Java, and C#) provide ways to access resources in other ways than according to the rules above including the following:\n\nDirect assignment to the instance variables of an object in Java and C#.\nDirect reflective inspection of the meta-data of an object in Java and C#.\nThe pervasive ability to import primitive modules, e.g. java.io.File that enable external effects.Such use of undeniable authority violates the conditions of the object-capability model.  Caja and Joe-E are variants of JavaScript and Java, respectively, that impose restrictions to eliminate these loopholes.\n\n== Advantages of object capabilities ==\nComputer scientist E. Dean Tribble stated that in smart contracts, identity-based access control did not support well dynamically changing permissions, compared to the object-capability model. He analogized the ocap model with giving a valet the key to one's car, without handing over the right to car ownership.The structural properties of object capability systems favor modularity in code design and ensure reliable encapsulation in code implementation.\nThese structural properties facilitate the analysis of some security properties of an object-capability program or operating system. Some of these \u2013  in particular, information flow properties \u2013  can be analyzed at the level of object references and connectivity, independent of any knowledge or analysis of the code that determines the behavior of the objects. As a consequence, these security properties can be established and maintained in the presence of new objects that contain unknown and possibly malicious code.\nThese structural properties stem from the two rules governing access to existing objects:\n\n1) An object A can send a message to B only if object A holds a reference to B.\n2) An object A can obtain a reference to C only if object A receives a message containing a reference to C.As a consequence of these two rules, an object can obtain a reference to another object only through a preexisting chain of references. In short, \"Only connectivity begets connectivity.\"\n\n== Glossary of related terms ==\nobject-capability system\nA computational system that implements principles described in this article.\nobject\nAn object has local state and behavior. An object in this sense is both a subject and an object in the sense used in the access control literature.\nreference\nAn unforgeable communications channel (protected pointer, opaque address) that unambiguously designates a single object, and provides permission to send messages to that object.\nmessage\nWhat is sent on a reference. Depending on the system, messages may or may not themselves be first-class objects.\nrequest\nAn operation in which a message is sent on a reference. When the message is received, the receiver will have access to any references included in the message.\nattenuation\nA common design pattern in object-capability systems: given one reference of an object, create another reference for a proxy object with certain security restrictions, such as only permitting read-only access or allowing revocation.  The proxy object performs security checks on messages that it receives and passes on any that are allowed. Deep attenuation refers to the case where the same attenuation is applied transitively to any objects obtained via the original attenuated object, typically by use of a \"membrane\".\n\n== Implementations ==\nAlmost all historical systems that have been described as \"capability systems\" can be modeled as object-capability systems. (Note, however, that some uses of the term \"capability\" are not consistent with the model, such as POSIX \"capabilities\".)\nKeyKOS, EROS, Integrity (operating system), CapROS, Coyotos, seL4, OKL4 and Fiasco.OC are secure operating systems that implement the object-capability model.\n\n== Languages that implement object capabilities ==\nAct 1 (1981) \nEden (1985),\nEmerald (1987),\nTrusty Scheme (1992),\nW7 (1995),\nJoule (1996),\nOriginal-E (1997),\nOz-E (2005),\nJoe-E (2005),\nCaPerl (2006),\nEmily (2006)\nCaja (2007\u20132021)\nMonte (2008\u2013present)\nPony (2014\u2013present)\nWyvern (2012\u2013present)\nNewspeak (2007\u2013present)\nHacklang (2021-present)\nRholang (2018-present)\nQuestion: How do some object-based programming languages deviate from the object-capability model's rules?\n\nAnswer:",
    "context": "",
    "output": "Some object-based programming languages, such as Java, C#, and JavaScript, deviate from the object-capability model by allowing direct assignment to instance variables, direct reflective inspection of meta-data, and unrestricted access to primitive modules, which can lead to security issues.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "How do some object-based programming languages deviate from the object-capability model's rules?",
      "answer": "Some object-based programming languages, such as Java, C#, and JavaScript, deviate from the object-capability model by allowing direct assignment to instance variables, direct reflective inspection of meta-data, and unrestricted access to primitive modules, which can lead to security issues.",
      "context": "Object-capability model\n\n==Introduction==\nThe object-capability model is a computer security model. A capability describes a transferable right to perform one (or more) operations on a given object. It can be obtained by the following combination:\n\nAn unforgeable reference (in the sense of object references or protected pointers) that can be sent in messages.\nA message that specifies the operation to be performed.The security model relies on not being able to forge references. \n\nObjects can interact only by sending messages on references.\nA reference can be obtained by:Initial conditions: In the initial state of the computational world being described, object A may already have a reference to object B.\nParenthood: If A creates B, at that moment A obtains the only reference to the newly created B.\nEndowment: If A creates B, B is born with that subset of A's references with which A chose to endow it.\nIntroduction: If A has references to both B and C, A can send to B a message containing a reference to C. B can retain that reference for subsequent use.In the object-capability model, all computation is performed following the above rules.\nAdvantages that motivate object-oriented programming, such as encapsulation or information hiding, modularity, and separation of concerns, correspond to security goals such as least privilege and privilege separation in capability-based programming.The object-capability model was first proposed by Jack Dennis and Earl C. Van Horn in 1966.\n\n== Loopholes in object-oriented programming languages ==\nSome object-based programming languages (e.g. JavaScript, Java, and C#) provide ways to access resources in other ways than according to the rules above including the following:\n\nDirect assignment to the instance variables of an object in Java and C#.\nDirect reflective inspection of the meta-data of an object in Java and C#.\nThe pervasive ability to import primitive modules, e.g. java.io.File that enable external effects.Such use of undeniable authority violates the conditions of the object-capability model.  Caja and Joe-E are variants of JavaScript and Java, respectively, that impose restrictions to eliminate these loopholes.\n\n== Advantages of object capabilities ==\nComputer scientist E. Dean Tribble stated that in smart contracts, identity-based access control did not support well dynamically changing permissions, compared to the object-capability model. He analogized the ocap model with giving a valet the key to one's car, without handing over the right to car ownership.The structural properties of object capability systems favor modularity in code design and ensure reliable encapsulation in code implementation.\nThese structural properties facilitate the analysis of some security properties of an object-capability program or operating system. Some of these \u2013  in particular, information flow properties \u2013  can be analyzed at the level of object references and connectivity, independent of any knowledge or analysis of the code that determines the behavior of the objects. As a consequence, these security properties can be established and maintained in the presence of new objects that contain unknown and possibly malicious code.\nThese structural properties stem from the two rules governing access to existing objects:\n\n1) An object A can send a message to B only if object A holds a reference to B.\n2) An object A can obtain a reference to C only if object A receives a message containing a reference to C.As a consequence of these two rules, an object can obtain a reference to another object only through a preexisting chain of references. In short, \"Only connectivity begets connectivity.\"\n\n== Glossary of related terms ==\nobject-capability system\nA computational system that implements principles described in this article.\nobject\nAn object has local state and behavior. An object in this sense is both a subject and an object in the sense used in the access control literature.\nreference\nAn unforgeable communications channel (protected pointer, opaque address) that unambiguously designates a single object, and provides permission to send messages to that object.\nmessage\nWhat is sent on a reference. Depending on the system, messages may or may not themselves be first-class objects.\nrequest\nAn operation in which a message is sent on a reference. When the message is received, the receiver will have access to any references included in the message.\nattenuation\nA common design pattern in object-capability systems: given one reference of an object, create another reference for a proxy object with certain security restrictions, such as only permitting read-only access or allowing revocation.  The proxy object performs security checks on messages that it receives and passes on any that are allowed. Deep attenuation refers to the case where the same attenuation is applied transitively to any objects obtained via the original attenuated object, typically by use of a \"membrane\".\n\n== Implementations ==\nAlmost all historical systems that have been described as \"capability systems\" can be modeled as object-capability systems. (Note, however, that some uses of the term \"capability\" are not consistent with the model, such as POSIX \"capabilities\".)\nKeyKOS, EROS, Integrity (operating system), CapROS, Coyotos, seL4, OKL4 and Fiasco.OC are secure operating systems that implement the object-capability model.\n\n== Languages that implement object capabilities ==\nAct 1 (1981) \nEden (1985),\nEmerald (1987),\nTrusty Scheme (1992),\nW7 (1995),\nJoule (1996),\nOriginal-E (1997),\nOz-E (2005),\nJoe-E (2005),\nCaPerl (2006),\nEmily (2006)\nCaja (2007\u20132021)\nMonte (2008\u2013present)\nPony (2014\u2013present)\nWyvern (2012\u2013present)\nNewspeak (2007\u2013present)\nHacklang (2021-present)\nRholang (2018-present)"
    }
  },
  {
    "instruction": "Context: Secure communication\n\n==Introduction==\nSecure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probably safe to say that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues (interception and encryption), and the sheer volume of communication serve to limit surveillance.\nWith many communications taking place over long distance and mediated by technology, and increasing awareness of the importance of interception issues, technology and its compromise are at the heart of this debate. For this reason, this article focuses on communications mediated or intercepted by technology.\nAlso see Trusted Computing, an approach under present development that achieves security in general at the potential cost of compelling obligatory trust in corporate and government bodies.\n\n== Nature and limits of security ==\n\n\n*** Types of security ***\nSecurity can be broadly categorized under the following headings, with examples:\n\nHiding the content or nature of a communication\nCode \u2013 a rule to convert a piece of information (for example, a letter, word, phrase, or gesture) into another form or representation (one sign into another sign), not necessarily of the same type. In communications and information processing, encoding is the process by which information from a source is converted into symbols to be communicated. Decoding is the reverse process, converting these code symbols back into information understandable by a receiver. One reason for coding is to enable communication in places where ordinary spoken or written language is difficult or impossible. For example, semaphore, where the configuration of flags held by a signaler or the arms of a semaphore tower encodes parts of the message, typically individual letters and numbers. Another person standing a great distance away can interpret the flags and reproduce the words sent.\nObfuscation\nEncryption\nSteganography\nIdentity Based\nHiding the parties to a communication \u2013 preventing identification, promoting anonymity\n\"Crowds\" and similar anonymous group structures \u2013 it is difficult to identify who said what when it comes from a \"crowd\"\nAnonymous communication devices \u2013 unregistered cellphones, Internet cafes\nAnonymous proxies\nHard-to-trace routing methods \u2013 through unauthorized third-party systems, or relays\nHiding the fact that a communication takes place\n\"Security by obscurity\" \u2013 similar to needle in a haystack\nRandom traffic \u2013 creating random data flow to make the presence of genuine communication harder to detect and traffic analysis less reliableEach of the three types of security is important, and depending on the circumstances, any of these may be critical. For example, if a communication is not readily identifiable, then it is unlikely to attract attention for identification of parties, and the mere fact a communication has taken place (regardless of content) is often enough by itself to establish an evidential link in legal prosecutions. It is also important with computers, to be sure where the security is applied, and what is covered.\n\n== Borderline cases ==\nA further category, which touches upon secure communication, is software intended to take advantage of security openings at the end-points. This software category includes trojan horses, keyloggers and other spyware.\nThese types of activity are usually addressed with everyday mainstream security methods, such as antivirus software, firewalls, programs that identify or neutralize adware and spyware, and web filtering programs such as Proxomitron and Privoxy which check all web pages being read and identify and remove common nuisances contained. As a rule they fall under computer security rather than secure communications.\n\n== Tools used to obtain security ==\n\n\n*** Encryption ***\n\nEncryption is a method in which data is rendered hard to read by an unauthorized party. Since encryption methods are created to be extremely hard to break, many communication methods either use deliberately weaker encryption than possible, or have backdoors inserted to permit rapid decryption. In some cases government authorities have required backdoors be installed in secret. Many methods of encryption are also subject to \"man in the middle\" attack whereby a third party who can 'see' the establishment of the secure communication is made privy to the encryption method, this would apply for example to the interception of computer use at an ISP. Provided it is correctly programmed, sufficiently powerful, and the keys not intercepted, encryption would usually be considered secure. The article on key size examines the key requirements for certain degrees of encryption security.\nEncryption can be implemented in a way that requires the use of encryption, i.e. if encrypted communication is impossible then no traffic is sent, or opportunistically. Opportunistic encryption is a lower security method to generally increase the percentage of generic traffic which is encrypted.  This is analogous to beginning every conversation with \"Do you speak Navajo?\"  If the response is affirmative, then the conversation proceeds in Navajo, otherwise it uses the common language of the two speakers.  This method does not generally provide authentication or anonymity but it does protect the content of the conversation from eavesdropping.\nAn Information-theoretic security technique known as physical layer encryption ensures that a wireless communication link is provably secure with communications and coding techniques.\n\n\n*** Steganography ***\n\nSteganography (\"hidden writing\") is the means by which data can be hidden within other more innocuous data. Thus a watermark proving ownership embedded in the data of a picture, in such a way it is hard to find or remove unless you know how to find it. Or, for communication, the hiding of important data (such as a telephone number) in apparently innocuous data (an MP3 music file). An advantage of steganography is plausible deniability, that is, unless one can prove the data is there (which is usually not easy), it is deniable that the file contains any.\n\n\n*** Identity based networks ***\nUnwanted or malicious behavior is possible on the web since the internet is inherently anonymous. True identity based networks replace the ability to remain anonymous and are inherently more trustworthy since the identity of the sender and recipient are known. (The telephone system is an example of an identity based network.)\n\n\n*** Anonymized networks ***\nRecently, anonymous networking has been used to secure communications. In principle, a large number of users running the same system, can have communications routed between them in such a way that it is very hard to detect what the complete message is, which user sent it, and where it is ultimately coming from or going to. Examples are Crowds, Tor, I2P, Mixminion, various anonymous P2P networks, and others.\n\n\n*** Anonymous communication devices ***\nIn theory, an unknown device would not be noticed, since so many other devices are in use. This is not altogether the case in reality, due to the presence of systems such as Carnivore and unzak, which can monitor communications over entire networks, and the fact that the far end may be monitored as before. Examples include payphones, Internet cafe, etc.\n\n== Methods used to \"break\" security ==\n\n\n*** Bugging ***\n\nThe placing covertly of monitoring and/or transmission devices either within the communication device, or in the premises concerned.\n\n\n*** Computers (general) ***\n\nAny security obtained from a computer is limited by the many ways it can be compromised \u2013 by hacking, keystroke logging, backdoors, or even in extreme cases by monitoring the tiny electrical signals given off by keyboard or monitors to reconstruct what is typed or seen (TEMPEST, which is quite complex).\n\n\n*** Laser audio surveillance ***\n\nSounds, including speech, inside rooms can be sensed by bouncing a laser beam off a window of the room where a conversation is held, and detecting and decoding the vibrations in the glass caused by the sound waves.\n\n== Systems offering partial security ==\n\n\n*** Cellphones ***\nCellphones can easily be obtained, but are also easily traced and \"tapped\". There is no (or only limited) encryption, the phones are traceable \u2013 often even when switched off \u2013 since the phone and SIM card broadcast their International Mobile Subscriber Identity (IMSI). It is possible for a cellphone company to turn on some cellphones when the user is unaware and use the microphone to listen in on you, and according to James Atkinson, a counter-surveillance specialist cited in the same source, \"Security-conscious corporate executives routinely remove the batteries from their cell phones\" since many phones' software can be used \"as-is\", or modified, to enable transmission without user awareness and the user can be located within a small distance using signal triangulation and now using built in GPS features for newer models. Transceivers may also be defeated by jamming or Faraday cage.\nSome cellphones (Apple's iPhone, Google's Android) track and store users' position information, so that movements for months or years can be determined by examining the phone.US Government also has access to cellphone surveillance technologies, mostly applied for law enforcement.\n\n\n*** Landlines ***\nAnalogue landlines are not encrypted, it lends itself to being easily tapped. Such tapping requires physical access to the line which can be easily obtained from a number of places, e.g. the phone location, distribution points, cabinets and the exchange itself. Tapping a landline in this way can enable an attacker to make calls which appear to originate from the tapped line.\n\n\n*** Anonymous Internet ***\n\nUsing a third party system of any kind (payphone, Internet cafe) is often quite secure, however if that system is used to access known locations (a known email account or 3rd party) then it may be tapped at the far end, or noted, and this will remove any security benefit obtained. Some countries also impose mandatory registration of Internet cafe users.\nAnonymous proxies are another common type of protection, which allow one to access the net via a third party (often in a different country) and make tracing difficult. Note that there is seldom any guarantee that the plaintext is not tappable, nor that the proxy does not keep its own records of users or entire dialogs. As a result, anonymous proxies are a generally useful tool but may not be as secure as other systems whose security can be better assured. Their most common use is to prevent a record of the originating IP, or address, being left on the target site's own records. Typical anonymous proxies are found at both regular websites such as Anonymizer.com and spynot.com, and on proxy sites which maintain up to date lists of large numbers of temporary proxies in operation.\nA recent development on this theme arises when wireless Internet connections (\"Wi-Fi\") are left in their unsecured state. The effect of this is that any person in range of the base unit can piggyback the connection \u2013 that is, use it without the owner being aware. Since many connections are left open in this manner, situations where piggybacking might arise (willful or unaware) have successfully led to a defense in some cases, since it makes it difficult to prove the owner of the connection was the downloader, or had knowledge of the use to which unknown others might be putting their connection. An example of this was the Tammie Marson case, where neighbours and anyone else might have been the culprit in the sharing of copyright files. Conversely, in other cases, people deliberately seek out businesses and households with unsecured connections, for illicit and anonymous Internet usage, or simply to obtain free bandwidth.\n\n\n*** Programs offering more security ***\n\nSecure instant messaging \u2013 Some instant messaging clients use end-to-end encryption with forward secrecy to secure all instant messages to other users of the same software. Some instant messaging clients also offer end-to-end encrypted file transfer support and group messaging.\nVoIP \u2013 Some VoIP clients implement ZRTP and SRTP encryption for calls.\nSecure email \u2013 some email networks are designed to provide encrypted and/or anonymous communication. They authenticate and encrypt on the users own computer, to prevent transmission of plain text, and mask the sender and recipient. Mixminion and I2P-Bote provide a higher level of anonymity by using a network of anonymizing intermediaries, similar to how Tor works, but at a higher latency.\nIRC and web chat \u2013 Some IRC clients and systems use client-to-server encryption such as SSL/TLS. This is not standardized.\n\n== Government attacks on encrypted communications ==\n\n\n*** EncroChat ***\nHas been shut down.\n\n\n*** Sky Global / Sky ECC ***\nTaken down by law enforcement.\n\n\n*** Phantom Secure ***\nTaken down by law enforcement.\nQuestion: How can hiding the fact that a communication takes place enhance secure communication?. Whats the answer?",
    "context": "",
    "output": "Hiding the fact that a communication takes place can make it harder to detect and analyze traffic. This can be achieved through the use of security by obscurity and random traffic to create a haystack of data that makes it difficult to find the needle of genuine communication.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "How can hiding the fact that a communication takes place enhance secure communication?",
      "answer": "Hiding the fact that a communication takes place can make it harder to detect and analyze traffic. This can be achieved through the use of security by obscurity and random traffic to create a haystack of data that makes it difficult to find the needle of genuine communication.",
      "context": "Secure communication\n\n==Introduction==\nSecure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probably safe to say that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues (interception and encryption), and the sheer volume of communication serve to limit surveillance.\nWith many communications taking place over long distance and mediated by technology, and increasing awareness of the importance of interception issues, technology and its compromise are at the heart of this debate. For this reason, this article focuses on communications mediated or intercepted by technology.\nAlso see Trusted Computing, an approach under present development that achieves security in general at the potential cost of compelling obligatory trust in corporate and government bodies.\n\n== Nature and limits of security ==\n\n\n*** Types of security ***\nSecurity can be broadly categorized under the following headings, with examples:\n\nHiding the content or nature of a communication\nCode \u2013 a rule to convert a piece of information (for example, a letter, word, phrase, or gesture) into another form or representation (one sign into another sign), not necessarily of the same type. In communications and information processing, encoding is the process by which information from a source is converted into symbols to be communicated. Decoding is the reverse process, converting these code symbols back into information understandable by a receiver. One reason for coding is to enable communication in places where ordinary spoken or written language is difficult or impossible. For example, semaphore, where the configuration of flags held by a signaler or the arms of a semaphore tower encodes parts of the message, typically individual letters and numbers. Another person standing a great distance away can interpret the flags and reproduce the words sent.\nObfuscation\nEncryption\nSteganography\nIdentity Based\nHiding the parties to a communication \u2013 preventing identification, promoting anonymity\n\"Crowds\" and similar anonymous group structures \u2013 it is difficult to identify who said what when it comes from a \"crowd\"\nAnonymous communication devices \u2013 unregistered cellphones, Internet cafes\nAnonymous proxies\nHard-to-trace routing methods \u2013 through unauthorized third-party systems, or relays\nHiding the fact that a communication takes place\n\"Security by obscurity\" \u2013 similar to needle in a haystack\nRandom traffic \u2013 creating random data flow to make the presence of genuine communication harder to detect and traffic analysis less reliableEach of the three types of security is important, and depending on the circumstances, any of these may be critical. For example, if a communication is not readily identifiable, then it is unlikely to attract attention for identification of parties, and the mere fact a communication has taken place (regardless of content) is often enough by itself to establish an evidential link in legal prosecutions. It is also important with computers, to be sure where the security is applied, and what is covered.\n\n== Borderline cases ==\nA further category, which touches upon secure communication, is software intended to take advantage of security openings at the end-points. This software category includes trojan horses, keyloggers and other spyware.\nThese types of activity are usually addressed with everyday mainstream security methods, such as antivirus software, firewalls, programs that identify or neutralize adware and spyware, and web filtering programs such as Proxomitron and Privoxy which check all web pages being read and identify and remove common nuisances contained. As a rule they fall under computer security rather than secure communications.\n\n== Tools used to obtain security ==\n\n\n*** Encryption ***\n\nEncryption is a method in which data is rendered hard to read by an unauthorized party. Since encryption methods are created to be extremely hard to break, many communication methods either use deliberately weaker encryption than possible, or have backdoors inserted to permit rapid decryption. In some cases government authorities have required backdoors be installed in secret. Many methods of encryption are also subject to \"man in the middle\" attack whereby a third party who can 'see' the establishment of the secure communication is made privy to the encryption method, this would apply for example to the interception of computer use at an ISP. Provided it is correctly programmed, sufficiently powerful, and the keys not intercepted, encryption would usually be considered secure. The article on key size examines the key requirements for certain degrees of encryption security.\nEncryption can be implemented in a way that requires the use of encryption, i.e. if encrypted communication is impossible then no traffic is sent, or opportunistically. Opportunistic encryption is a lower security method to generally increase the percentage of generic traffic which is encrypted.  This is analogous to beginning every conversation with \"Do you speak Navajo?\"  If the response is affirmative, then the conversation proceeds in Navajo, otherwise it uses the common language of the two speakers.  This method does not generally provide authentication or anonymity but it does protect the content of the conversation from eavesdropping.\nAn Information-theoretic security technique known as physical layer encryption ensures that a wireless communication link is provably secure with communications and coding techniques.\n\n\n*** Steganography ***\n\nSteganography (\"hidden writing\") is the means by which data can be hidden within other more innocuous data. Thus a watermark proving ownership embedded in the data of a picture, in such a way it is hard to find or remove unless you know how to find it. Or, for communication, the hiding of important data (such as a telephone number) in apparently innocuous data (an MP3 music file). An advantage of steganography is plausible deniability, that is, unless one can prove the data is there (which is usually not easy), it is deniable that the file contains any.\n\n\n*** Identity based networks ***\nUnwanted or malicious behavior is possible on the web since the internet is inherently anonymous. True identity based networks replace the ability to remain anonymous and are inherently more trustworthy since the identity of the sender and recipient are known. (The telephone system is an example of an identity based network.)\n\n\n*** Anonymized networks ***\nRecently, anonymous networking has been used to secure communications. In principle, a large number of users running the same system, can have communications routed between them in such a way that it is very hard to detect what the complete message is, which user sent it, and where it is ultimately coming from or going to. Examples are Crowds, Tor, I2P, Mixminion, various anonymous P2P networks, and others.\n\n\n*** Anonymous communication devices ***\nIn theory, an unknown device would not be noticed, since so many other devices are in use. This is not altogether the case in reality, due to the presence of systems such as Carnivore and unzak, which can monitor communications over entire networks, and the fact that the far end may be monitored as before. Examples include payphones, Internet cafe, etc.\n\n== Methods used to \"break\" security ==\n\n\n*** Bugging ***\n\nThe placing covertly of monitoring and/or transmission devices either within the communication device, or in the premises concerned.\n\n\n*** Computers (general) ***\n\nAny security obtained from a computer is limited by the many ways it can be compromised \u2013 by hacking, keystroke logging, backdoors, or even in extreme cases by monitoring the tiny electrical signals given off by keyboard or monitors to reconstruct what is typed or seen (TEMPEST, which is quite complex).\n\n\n*** Laser audio surveillance ***\n\nSounds, including speech, inside rooms can be sensed by bouncing a laser beam off a window of the room where a conversation is held, and detecting and decoding the vibrations in the glass caused by the sound waves.\n\n== Systems offering partial security ==\n\n\n*** Cellphones ***\nCellphones can easily be obtained, but are also easily traced and \"tapped\". There is no (or only limited) encryption, the phones are traceable \u2013 often even when switched off \u2013 since the phone and SIM card broadcast their International Mobile Subscriber Identity (IMSI). It is possible for a cellphone company to turn on some cellphones when the user is unaware and use the microphone to listen in on you, and according to James Atkinson, a counter-surveillance specialist cited in the same source, \"Security-conscious corporate executives routinely remove the batteries from their cell phones\" since many phones' software can be used \"as-is\", or modified, to enable transmission without user awareness and the user can be located within a small distance using signal triangulation and now using built in GPS features for newer models. Transceivers may also be defeated by jamming or Faraday cage.\nSome cellphones (Apple's iPhone, Google's Android) track and store users' position information, so that movements for months or years can be determined by examining the phone.US Government also has access to cellphone surveillance technologies, mostly applied for law enforcement.\n\n\n*** Landlines ***\nAnalogue landlines are not encrypted, it lends itself to being easily tapped. Such tapping requires physical access to the line which can be easily obtained from a number of places, e.g. the phone location, distribution points, cabinets and the exchange itself. Tapping a landline in this way can enable an attacker to make calls which appear to originate from the tapped line.\n\n\n*** Anonymous Internet ***\n\nUsing a third party system of any kind (payphone, Internet cafe) is often quite secure, however if that system is used to access known locations (a known email account or 3rd party) then it may be tapped at the far end, or noted, and this will remove any security benefit obtained. Some countries also impose mandatory registration of Internet cafe users.\nAnonymous proxies are another common type of protection, which allow one to access the net via a third party (often in a different country) and make tracing difficult. Note that there is seldom any guarantee that the plaintext is not tappable, nor that the proxy does not keep its own records of users or entire dialogs. As a result, anonymous proxies are a generally useful tool but may not be as secure as other systems whose security can be better assured. Their most common use is to prevent a record of the originating IP, or address, being left on the target site's own records. Typical anonymous proxies are found at both regular websites such as Anonymizer.com and spynot.com, and on proxy sites which maintain up to date lists of large numbers of temporary proxies in operation.\nA recent development on this theme arises when wireless Internet connections (\"Wi-Fi\") are left in their unsecured state. The effect of this is that any person in range of the base unit can piggyback the connection \u2013 that is, use it without the owner being aware. Since many connections are left open in this manner, situations where piggybacking might arise (willful or unaware) have successfully led to a defense in some cases, since it makes it difficult to prove the owner of the connection was the downloader, or had knowledge of the use to which unknown others might be putting their connection. An example of this was the Tammie Marson case, where neighbours and anyone else might have been the culprit in the sharing of copyright files. Conversely, in other cases, people deliberately seek out businesses and households with unsecured connections, for illicit and anonymous Internet usage, or simply to obtain free bandwidth.\n\n\n*** Programs offering more security ***\n\nSecure instant messaging \u2013 Some instant messaging clients use end-to-end encryption with forward secrecy to secure all instant messages to other users of the same software. Some instant messaging clients also offer end-to-end encrypted file transfer support and group messaging.\nVoIP \u2013 Some VoIP clients implement ZRTP and SRTP encryption for calls.\nSecure email \u2013 some email networks are designed to provide encrypted and/or anonymous communication. They authenticate and encrypt on the users own computer, to prevent transmission of plain text, and mask the sender and recipient. Mixminion and I2P-Bote provide a higher level of anonymity by using a network of anonymizing intermediaries, similar to how Tor works, but at a higher latency.\nIRC and web chat \u2013 Some IRC clients and systems use client-to-server encryption such as SSL/TLS. This is not standardized.\n\n== Government attacks on encrypted communications ==\n\n\n*** EncroChat ***\nHas been shut down.\n\n\n*** Sky Global / Sky ECC ***\nTaken down by law enforcement.\n\n\n*** Phantom Secure ***\nTaken down by law enforcement."
    }
  },
  {
    "instruction": "Context: Security descriptor\n\n==Introduction==\nSecurity descriptors are data structures of security information for securable Windows objects, that is objects that can be identified by a unique name. Security descriptors can be associated with any named objects, including files, folders, shares, registry keys, processes, threads, named pipes, services, job objects and other resources.Security descriptors contain discretionary access control lists (DACLs) that contain access control entries (ACEs) that grant and deny access to trustees such as users or groups.  They also contain a system access control list (SACLs) that control auditing of object access. ACEs may be explicitly applied to an object or inherited from a parent object.  The order of ACEs in an ACL is important, with access denied ACEs appearing higher in the order than ACEs that grant access.  Security descriptors also contain the object owner.\nMandatory Integrity Control is implemented through a new type of ACE on a security descriptor.Files and folder permissions can be edited by various tools including Windows Explorer, WMI, command line tools like Cacls, XCacls, ICacls, SubInACL, the freeware Win32 console FILEACL, the free software utility SetACL, and other utilities.  To edit a security descriptor, a user needs WRITE_DAC permissions to the object, a permission that is usually delegated by default to administrators and the object's owner.\n\n\n\n== Permissions in NTFS ==\nThe following table summarizes NTFS permissions and their roles (in individual rows.) The table exposes the following information:\nPermission code: Each access control entry (ACE) specifies its permission with binary code. There are 14 codes (12 in older systems.)\nMeaning: Each permission code has a meaning, depending on whether it is applied to a file or a folder. For example, code 0x01 on file indicates the permission to read the file, while on a folder indicates the permission to list the content of the folder. Knowing the meaning alone, however, is useless. An ACE must also specify to whom the permission applies, and whether that permission is granted or denied.\nIncluded in: In addition to individual permissions, an ACE can specify special permissions known as \"generic access rights.\" These special permissions are equivalents of a number individual permissions. For example, GENERIC_READ (or GR) is the equivalent of \"Read data\", \"Read attributes\", \"Read extended attributes\", \"Read permissions\", and \"Synchronize\". Because it makes sense to ask for these five at the same time, requesting \"GENERIC_READ\" is more convenient.\nAlias: The two Windows command-line utilities (icacls and cacls) have their own aliases for these permissions.Most of these permissions are self-explanatory, except the following:\n\nRenaming a file requires the \"Delete\" permission.\nFile Explorer doesn't show \"Synchronize\" and always sets it. Multi-threaded apps like File Explorer and Windows Command Prompt need the \"Synchronize\" permission to be able to work with files and folders.\n\n== Footnotes ==\nQuestion: What is the difference between the two Windows command-line utilities icacls and cacls in terms of permissions aliases?. Whats the answer?",
    "context": "",
    "output": "The two Windows command-line utilities icacls and cacls have their own aliases for permissions. Most of these permissions are self-explanatory, except for a few permissions that have different aliases in the two utilities.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "What is the difference between the two Windows command-line utilities icacls and cacls in terms of permissions aliases?",
      "answer": "The two Windows command-line utilities icacls and cacls have their own aliases for permissions. Most of these permissions are self-explanatory, except for a few permissions that have different aliases in the two utilities.",
      "context": "Security descriptor\n\n==Introduction==\nSecurity descriptors are data structures of security information for securable Windows objects, that is objects that can be identified by a unique name. Security descriptors can be associated with any named objects, including files, folders, shares, registry keys, processes, threads, named pipes, services, job objects and other resources.Security descriptors contain discretionary access control lists (DACLs) that contain access control entries (ACEs) that grant and deny access to trustees such as users or groups.  They also contain a system access control list (SACLs) that control auditing of object access. ACEs may be explicitly applied to an object or inherited from a parent object.  The order of ACEs in an ACL is important, with access denied ACEs appearing higher in the order than ACEs that grant access.  Security descriptors also contain the object owner.\nMandatory Integrity Control is implemented through a new type of ACE on a security descriptor.Files and folder permissions can be edited by various tools including Windows Explorer, WMI, command line tools like Cacls, XCacls, ICacls, SubInACL, the freeware Win32 console FILEACL, the free software utility SetACL, and other utilities.  To edit a security descriptor, a user needs WRITE_DAC permissions to the object, a permission that is usually delegated by default to administrators and the object's owner.\n\n\n\n== Permissions in NTFS ==\nThe following table summarizes NTFS permissions and their roles (in individual rows.) The table exposes the following information:\nPermission code: Each access control entry (ACE) specifies its permission with binary code. There are 14 codes (12 in older systems.)\nMeaning: Each permission code has a meaning, depending on whether it is applied to a file or a folder. For example, code 0x01 on file indicates the permission to read the file, while on a folder indicates the permission to list the content of the folder. Knowing the meaning alone, however, is useless. An ACE must also specify to whom the permission applies, and whether that permission is granted or denied.\nIncluded in: In addition to individual permissions, an ACE can specify special permissions known as \"generic access rights.\" These special permissions are equivalents of a number individual permissions. For example, GENERIC_READ (or GR) is the equivalent of \"Read data\", \"Read attributes\", \"Read extended attributes\", \"Read permissions\", and \"Synchronize\". Because it makes sense to ask for these five at the same time, requesting \"GENERIC_READ\" is more convenient.\nAlias: The two Windows command-line utilities (icacls and cacls) have their own aliases for these permissions.Most of these permissions are self-explanatory, except the following:\n\nRenaming a file requires the \"Delete\" permission.\nFile Explorer doesn't show \"Synchronize\" and always sets it. Multi-threaded apps like File Explorer and Windows Command Prompt need the \"Synchronize\" permission to be able to work with files and folders.\n\n== Footnotes =="
    }
  },
  {
    "instruction": "Context: Types of physical unclonable function\n\n==Introduction==\nPhysical unclonable function (PUF), sometimes also called physically unclonable function, is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict.\nAll PUFs are subject to environmental variations such as temperature, supply voltage and electromagnetic interference, which can affect their performance. Therefore, rather than just being random, the real power of a PUF is its ability to be different between devices, but simultaneously to be the same under different environmental conditions.\n\n== PUF categorization ==\n\n\n*** Measurement process ***\nOne way to categorise the numerous PUF concepts is by how the source of variation within each PUF is measured. For instance some PUFs examine how the source of uniqueness interacts with, or influences, an electronic signal to derive the signature measurement while others examine the effects on the reflection of incident light, or another optical process. This also typically correlates with the intended application for each PUF concept. As an example, PUFs that probe uniqueness through electronic characterization are most suitable for authenticating electronic circuits or components due to the ease of integration. On the other hand, PUFs that authenticate physical objects tend to probe the PUF using a second process, such as optical or radio frequency methods, that are then converted into electronic signal forming a hybrid measurement system. This allows for easier communication at a distance between the separate physical authenticating tag or object and the evaluating device.\n\n\n*** Randomness source ***\nOne major way that PUFs are categorized is based on examining from where the randomness or variation of the device is derived. This source of uniqueness is either applied in an explicit manner, through the deliberate addition of extra manufacturing steps, or occurring in an implicit manner, as part of the typical manufacture processes. For example, in the case of electronic PUFs manufactured in CMOS, adding additional CMOS components is possible without introducing extra fabrication steps, and would count as an implicit source of randomness, as would deriving randomness from components that were already part of the design to start with. Adding, for example, a randomized dielectric coating for the sole purpose of PUF fingerprinting would add additional manufacturing steps and would make the PUF concept or implementation fall into the explicit category.  Implicit randomness sources show benefit in that they do not have additional costs associated with introducing more manufacturing steps, and that randomness derived from the inherent variation of the device\u2019s typical manufacture process cannot be as directly manipulated. Explicit randomness sources can show benefit in that the source of randomness can be deliberately chosen, for instance to maximize variation (and therefore entropy yield) or increase cloning difficulty (for example harnessing randomness from smaller feature sizes).\n\n\n*** Intrinsic evaluation ***\nIn a similar manner to the classification of a PUF by its randomness source, PUF concepts can be divided by whether or not they can evaluate in an intrinsic manner. An PUF is described as intrinsic if its randomness is of implicit origin and can evaluate itself internally. This means that the mechanism for characterizing the PUF is intrinsic to, or embedded within, the evaluating device itself. This property can currently only be held by PUFs of entirely electronic design, as the evaluation processing can only be done through the involvement of electronic circuitry, and therefore can only be inseparable to an electronic randomness probing mechanism. Intrinsic evaluation is beneficial as it can allow this evaluation processing and post-processing (such as error correction or hashing) to occur without having the unprocessed PUF readout exposed externally. This incorporation of the randomness characterization and evaluation processing into one unit reduces the risk of man-in-the-middle and side-channel attacks aimed at the communication between the two areas.\n\n== Electronic-measurement PUFs ==\n\n\n*** Implicit randomness ***\n\n\n**** Via PUF ****\nThe Via PUF technology is based on \"via\" or \"contact\" formation during the standard CMOS fabrication process. The technology is the outcome of the reverse thinking process. Rather than meeting the design rules, it makes the sizes of Via or Contact be smaller than the requirements in a controlled manner, resulting in unpredictable or stochastic formation of Via or Contact, i.e. 50% probability of making the electrical connection. The technology details are published in 2020 for the first time while the technology is already in mass production in 2016 by ICTK Holdings. Few characteristics of Via PUF are followings:\n\nReliability: Thanks to the metallic property, once \"via\" or \"contact\" are formed in a structure, they stay there nearly permanently regardless of PVT variation, which means 0% of bit error rate and thus the post processing stages such as error correction code or helper data algorithm are not required. The technology is verified by the JEDEC standard tests and passed the Automotive Electronics Council Q-100 Grade 3 test for automotive applications.\nRandomness of the Via PUF achieves 0.4972 of Hamming weight closed to the ideal value of 0.5. The technology passed NIST Special Publication 800-92 and NIST SP 800-90B randomness tests.\nUniqueness and \u2018InbornID\u2019: Uniqueness is an important property of PUF since it would guarantee that one chip ID is always different from other chips. The Via PUF reports 0.4999 of Hamming Distance value closed to the ideal uniqueness of 0.5. The 'InbornID' of the Via PUF stands for on-chip unique \u2018inborn\u2019 ID of a silicon chip.\nObscurity is one of the great advantages of using the Via PUF technology in IC implementation. The Via or Contact holes of PUF are scattered around all over the chip. No need to form array blocks like the SRAM PUF. Practically impossible to distinguish PUF Vias from regular logic Vias, making IC reverse engineering almost impossible.\nStandard Manufacturing Process: The Via PUF technology uses standard cell structures from standard digital library with regular core voltage. No high voltage, and so no special circuitry like charge pump. There is no extra mask layer required in the IC manufacturing process.The Via PUF based Hardware RoT (Root of Trust) chips are currently applied in various markets such as telecommunications, appliances, and IoT devices in the forms of Wifi/BLE modules, smart door locks, IP cameras, IR sensor hub, etc. The technology supports the security functionalities such as anti-counterfeiting, secure boot, secure firmware copy protection, secure firmware update and secure data integrity.\n\n\n**** Delay PUF ****\nA delay PUF exploits the random variations in delays of wires and gates on silicon. Given an input challenge, a race condition\nis set up in the circuit, and two transitions that propagate along different paths are compared to see which comes first. An arbiter, typically implemented as a latch, produces a 1 or a 0, depending on which transition comes first. Many circuits realizations are possible and at least two have been fabricated. When a circuit with the same layout mask is fabricated on different chips, the logic function implemented by the circuit is different for each chip due to the random variations of delays.\nA PUF based on a delay loop, i.e., a ring oscillator with logic, in the publication that introduced the PUF acronym and the first integrated PUF of any type.  A multiplexor-based PUF has been described, as has a secure processor design using a PUF and a multiplexor-based PUF with an RF interface for use in RFID anti-counterfeiting applications.\n\n\n**** SRAM PUF ****\nThese PUFs use the randomness in the power-up behavior of standard static random-access memory on a chip as a PUF. The use of SRAM as a PUF was introduced in 2007 simultaneously by researchers at the Philips High Tech Campus and at the University of Massachusetts. Since the SRAM PUF can be connected directly to standard digital circuitry embedded on the same chip, they can be immediately deployed as a hardware block in cryptographic implementations, making them of particular interest for security solutions. SRAM-based PUF technology has been investigated extensively. Several research papers explore SRAM-based PUF technology on topics such as behavior, implementation, or application for anti-counterfeiting purposes. Notable is the implementation of secure secret key storage without storing the key in digital form. SRAM PUF-based cryptographic implementations have been commercialized by Intrinsic ID, a spin-out of Philips, and as of 2019, are available on every technology node from 350 nm down to 7 nm.\nDue to deep submicron manufacturing process variations, every transistor in an Integrated Circuit (IC) has slightly different physical properties. These lead to small differences in electronic properties, such as transistor threshold voltages and gain factor. The start-up behavior of an SRAM cell depends on the difference of the threshold voltages of its transistors. Even the smallest differences will push the SRAM cell into one of the two stable states. Given that every SRAM cell has its own preferred state every time it is powered, an SRAM response yields a unique and random pattern of zeros and ones. This pattern is like a chip\u2019s fingerprint, since it is unique to a particular SRAM and hence to a particular chip.\n\n\n***** Post-processing of SRAM PUF*****\nSRAM PUF response is a noisy fingerprint since a small number of the cells, close to equilibrium is unstable. In order to use SRAM PUF reliably as a unique identifier or to extract cryptographic keys, post-processing is required. This can be done by applying error correction techniques, such as \u2018helper data algorithms\u2019  or fuzzy extractors. These algorithms perform two main functions: error correction and privacy amplification. This approach allows a device to create a strong device-unique secret key from the SRAM PUF and power down with no secret key present. By using helper data, the exact same key can be regenerated from the SRAM PUF when needed.\n\n\n***** Aging of SRAM PUF*****\nAn operational IC slowly but gradually changes over time, i.e. it ages. The dominant aging effect in modern ICs that at the same time has a large impact on the noisy behavior of the SRAM PUF is NBTI. Since the NBTI is well understood, there are several ways to counteract the aging tendency. Anti-aging strategies have been developed that cause SRAM PUF to become more reliable over time, without degrading the other PUF quality measures such as security and efficiency.\n\n\n***** SRAM PUF in commercial applications*****\nSRAM PUFs were initially used in applications with high security requirements, such as in defense, to protect sensitive government and military systems, and in the banking industry, to secure payment systems and financial transactions. In 2010, NXP started using SRAM PUF technology to secure SmartMX-powered assets against cloning, tampering, theft-of-service and reverse engineering.  Since 2011, Microsemi is offering SRAM PUF implementations to add security to secure government and sensitive commercial applications on the company's flash-based devices and development boards.  More recent applications include: a secure sensor-based authentication system for the IoT, incorporation in RISC-V-based IoT application processors to secure intelligent, battery-operated sensing devices at the edge, and the replacement of traditional OTP-plus-key-injection approaches to IoT security in high-volume, low-power microcontrollers and crossover processors.Some SRAM-based security systems in the 2000s refer to \"chip identification\" rather than the more standard term of \"PUF.\"  The research community and industry have now largely embraced the term PUF to describe this space of technology.\n\n\n**** Butterfly PUF ****\nThe Butterfly PUF is based on cross-coupling of two latches or flip-flops.  The mechanism being used in this PUF is similar to the one behind the SRAM PUF but has the advantage that it can be implemented on any SRAM FPGA.\n\n\n**** Metal resistance PUF ****\nThe metal resistance-based PUF derives its entropy from random physical variations in the metal contacts, vias and wires that define the power grid and interconnect of an IC. There are several important advantages to leveraging random resistance variations in the metal resources of an IC including:\n\nTemperature and voltage stability: Temperature and voltage (TV) variations represent one of the most significant challenges for PUFs in applications that require re-generation of exactly the same bitstring later in time, e.g., encryption. Metal resistance (unlike transistors) varies linearly with temperature and is independent of voltage. Therefore, metal resistance provides a very high level of robustness to changing environmental conditions.\nUbiquity: Metal is (currently) the only conducting material on the chip that is layered, effectively enabling high density, and very compact, PUF entropy sources. Advanced processes create 11 or more metal layers on top of the (x,y) plane of the underlying transistors.\nReliability: The wear-out mechanism for metal is electro-migration, which like TV variations, adversely affects the ability of the PUF to reproduce the same bitstring over time. However, the electro-migration process is well understood and can be completely avoided with proper sizing of the metal wires, vias and contacts. Transistor reliability issues, e.g., NBTI (negative-bias temperature instability) and HCI, on the other hand, are more difficult to mitigate.\nResiliency: Recent reports have shown that transistor-based PUFs, in particular the SRAM PUF, are subject to cloning. Metal resistance PUFs are not subject to these types of cloning attacks due to the high complexity associated with 'trimming' wires in the clone as a means of matching resistances. Moreover, by adding one or more shielding layers in the thicker upper metal layers that overlay the underlying PUF (which is built using the lower metal layers), front-side probing attacks designed to extract the metal resistances for the clone is extremely difficult or impossible.\n\n\n**** Bistable Ring PUF ****\nThe Bistable Ring PUF or BR-PUF was introduced by Q. Chen et al. in. The BR-PUF is based on the idea that a ring of even number of inverters has two possible stable states. By duplicating the inverters and adding multiplexers between stages, it is possible to generate exponentially large number of challenge-response pairs from the BR-PUF.\n\n\n**** DRAM PUF ****\nSince many computer systems have some form of DRAM on board, DRAMs can be used as an effective system-level PUF. DRAM is also much cheaper than static RAM (SRAM). Thus, DRAM PUFs could be a source of random but reliable data for generating board identifications (chip ID). The advantage of the DRAM PUF is based on the fact that the stand-alone DRAM already present in a system on a chip can be used for generating device-specific signatures without requiring any additional circuitry or hardware. Tehranipoor et al. presented the first DRAM PUF that uses the randomness in the power-up behavior of DRAM cells. Other types of DRAM PUFs include ones based on the data retention of DRAM cells, and on the effects of changing the write and read latency times used in DRAMs.\n\n\n**** Digital PUF ****\nDigital PUF overcomes the vulnerability issues in conventional analog silicon PUFs. Unlike the analog PUFs where the fingerprints come from transistors' intrinsic process variation natures, the fingerprints of digital circuit PUFs are extracted from the VLSI interconnect geometrical randomness induced by lithography variations. Such interconnection uncertainty however is incompatible to CMOS VLSI circuits due to issues like short circuit, floating gate voltages etc. for transistors. One solution is to use strongly skewed latches to ensure the stable operating state of each CMOS transistor hence ensuring the circuit itself is immune against environmental and operational variations.\n\n\n**** Oxide Rupture PUF ****\nOxide rupture PUF is a type of PUF benefiting from randomness obtained from inhomogeneous natural gate oxide properties occurring in IC manufacturing process.  Along with the truly random, un-predictable and highly stable properties, which is the most ideal source for physical unclonable function. IC design houses can strongly enhance security level by implementing oxide rupture PUF in its IC design, without concerns about the reliability and life time issue and can get rid of the additional costs from complicated ECC (Error Correction Code) circuits. Oxide rupture PUF can extract uniformly-distributed binary bits through amplification and self-feedback mechanism, the random bits are activated upon enrollment, and due to a large entropy bit pool, users are provided the desired flexibility to choose their own key-generation and management approaches. Security level can be upgraded by oxide rupture PUF's intrinsic truly randomness and invisible features.\n\n\n*** Explicit randomness ***\n\n\n**** Coating PUF ****\nA coating PUF can be built in the top layer of an integrated circuit (IC). Above a normal IC, a network of metal wires is laid out in a comb shape. The space between and above the comb structure is filled with an opaque material and randomly doped with dielectric particles. Because of the random placement, size and dielectric strength of the particles, the capacitance between each couple of metal wires will be random up to a certain extent. This unique randomness can be used to obtain a unique identifier for the device carrying the Coating PUF. Moreover, the placement of this opaque PUF in the top layer of an IC protects the underlying circuits from being inspected by an attacker, e.g. for reverse-engineering. When an attacker tries to remove (a part of) the coating, the capacitance between the wires is bound to change and the original unique identifier will be destroyed. It was shown how an unclonable RFID tag is built with coating PUFs.\n\n\n**** Quantum Electronic PUF ****\nAs the size of a system is reduced below the de Broglie wavelength, the effects of quantum confinement become extremely important. The intrinsic randomness within a quantum confinement PUF originates from the compositional and structural non-uniformities on the atomic level. The physical characteristics are dependent on the effects of quantum mechanics at this scale, whilst the quantum mechanics are dictated by the random atomic structure. Cloning this type of structure is practically impossible due to the large number of atoms involved, the uncontrollable nature of processes on the atomic level and the inability to manipulate atoms reliably.\nIt has been shown that quantum confinement effects can be used to construct a PUF, in devices known as resonant-tunneling diodes. These devices can be produced in standard semiconductor fabrication processes, facilitating mass-production of many devices in parallel. This type of PUF requires atom-level engineering to clone and is the smallest, highest bit density PUF known to date. Furthermore, this type of PUF could be effectively reset by purposely overbiasing the device to cause a local rearrangement of atoms.\n\n== Hybrid-measurement PUFs ==\n\n\n*** Implicit randomness ***\n\n\n**** Magnetic PUF ****\nA magnetic PUF exists on a magnetic stripe card. The physical structure of the magnetic media applied to a card is fabricated by blending billions of particles of barium ferrite together in a slurry during the manufacturing process. The particles have many different shapes and sizes. The slurry is applied to a receptor layer.  The particles land in a random fashion, much like pouring a handful of wet magnetic sand onto a carrier. To pour the sand to land in exactly the same pattern a second time is physically impossible due to the inexactness of the process, the sheer number of particles, and the random geometry of their shape and size. The randomness introduced during the manufacturing process cannot be controlled. This is a classic example of a PUF using intrinsic randomness.\nWhen the slurry dries, the receptor layer is sliced into strips and applied to plastic cards, but the random pattern on the magnetic stripe remains and cannot be changed. Because of their physically unclonable functions, it is highly improbable that two magnetic stripe cards will ever be identical. Using a standard-sized card, the odds of any two cards having an exact matching magnetic PUF are calculated to be 1 in 900 million. Further, because the PUF is magnetic, each card will carry a distinctive, repeatable and readable magnetic signal.\n\nPersonalizing the magnetic PUF: The personal data encoded on the magnetic stripe contributes another layer of randomness. When the card is encoded with personal identifying information, the odds of two encoded magstripe cards having an identical magnetic signature are approximately 1 in 10 billion. The encoded data can be used as a marker to locate significant elements of the PUF. This signature can be digitized and is generally called a magnetic fingerprint. An example of its use is in the Magneprint brand system.\nStimulating the magnetic PUF: The magnetic head acts as a stimulus on the PUF and amplifies the random magnetic signal. Because of the complex interaction of the magnetic head, influenced by speed, pressure, direction and acceleration, with the random components of the PUF, each swipe of the head over the magnetic PUF will yield a stochastic, but very distinctive signal. Think of it as a song with thousands of notes.  The odds of the same notes recurring in an exact pattern from a single card swiped many times are 1 in 100 million, but overall the melody remains very recognizable.\nUses for a magnetic PUF: The stochastic behavior of the PUF in concert with the stimulus of the head makes the magnetic stripe card an excellent tool for dynamic token authentication, forensic identification, key generation, one-time passwords, and digital signatures.\n\n\n*** Explicit randomness ***\n\n\n**** Optical PUF ****\nAn optical PUF which was termed POWF (physical one-way function) consists of a transparent material that is doped with light scattering particles. When a laser beam shines on the material, a random and unique speckle pattern will arise. The placement of the light scattering particles is an uncontrolled process and the interaction between the laser and the particles is very complex. Therefore, it is very hard to duplicate the optical PUF such that the same speckle pattern will arise, hence the postulation that it is \"unclonable\".\n\n\n**** Quantum Optical PUF ****\nLeveraging the same quantum derived difficulty to clone as the Quantum Electronic PUF, a Quantum PUF operating in the optical regime can be devised. Imperfections created during crystal growth or fabrication lead to spatial variations in the bandgap of 2D materials that can be characterized through photoluminescence measurements. It has been shown that an angle-adjustable transmission filter, simple optics and a CCD camera can capture spatially-dependent photoluminescence to produce complex maps of unique information from 2D monolayers.\n\n\n**** RF PUF ****\nThe digitally modulated data in modern communication circuits are subjected to device-specific unique analog/RF impairments such as frequency error/offset and I-Q imbalance (in the transmitter), and are typically compensated\nfor at the receiver which rejects these non-idealities. RF-PUF, and RF-DNA utilize those existing non-idealities to distinguish among transmitter instances. RF-PUF does not use any additional hardware at the transmitter and can be used as a stand-alone physical-layer security feature, or for multi-factor authentication, in conjunction with network-layer, transport-layer and application-layer security features.\nQuestion: How does the Delay PUF technology exploit random variations in delays of wires and gates on silicon?. Whats the answer?",
    "context": "",
    "output": "The Delay PUF technology exploits random variations in delays of wires and gates on silicon by setting up a race condition in the circuit and comparing two transitions that propagate along different paths to see which comes first. An arbiter, typically implemented as a latch, produces a 1 or a 0, depending on which transition comes first.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "How does the Delay PUF technology exploit random variations in delays of wires and gates on silicon?",
      "answer": "The Delay PUF technology exploits random variations in delays of wires and gates on silicon by setting up a race condition in the circuit and comparing two transitions that propagate along different paths to see which comes first. An arbiter, typically implemented as a latch, produces a 1 or a 0, depending on which transition comes first.",
      "context": "Types of physical unclonable function\n\n==Introduction==\nPhysical unclonable function (PUF), sometimes also called physically unclonable function, is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict.\nAll PUFs are subject to environmental variations such as temperature, supply voltage and electromagnetic interference, which can affect their performance. Therefore, rather than just being random, the real power of a PUF is its ability to be different between devices, but simultaneously to be the same under different environmental conditions.\n\n== PUF categorization ==\n\n\n*** Measurement process ***\nOne way to categorise the numerous PUF concepts is by how the source of variation within each PUF is measured. For instance some PUFs examine how the source of uniqueness interacts with, or influences, an electronic signal to derive the signature measurement while others examine the effects on the reflection of incident light, or another optical process. This also typically correlates with the intended application for each PUF concept. As an example, PUFs that probe uniqueness through electronic characterization are most suitable for authenticating electronic circuits or components due to the ease of integration. On the other hand, PUFs that authenticate physical objects tend to probe the PUF using a second process, such as optical or radio frequency methods, that are then converted into electronic signal forming a hybrid measurement system. This allows for easier communication at a distance between the separate physical authenticating tag or object and the evaluating device.\n\n\n*** Randomness source ***\nOne major way that PUFs are categorized is based on examining from where the randomness or variation of the device is derived. This source of uniqueness is either applied in an explicit manner, through the deliberate addition of extra manufacturing steps, or occurring in an implicit manner, as part of the typical manufacture processes. For example, in the case of electronic PUFs manufactured in CMOS, adding additional CMOS components is possible without introducing extra fabrication steps, and would count as an implicit source of randomness, as would deriving randomness from components that were already part of the design to start with. Adding, for example, a randomized dielectric coating for the sole purpose of PUF fingerprinting would add additional manufacturing steps and would make the PUF concept or implementation fall into the explicit category.  Implicit randomness sources show benefit in that they do not have additional costs associated with introducing more manufacturing steps, and that randomness derived from the inherent variation of the device\u2019s typical manufacture process cannot be as directly manipulated. Explicit randomness sources can show benefit in that the source of randomness can be deliberately chosen, for instance to maximize variation (and therefore entropy yield) or increase cloning difficulty (for example harnessing randomness from smaller feature sizes).\n\n\n*** Intrinsic evaluation ***\nIn a similar manner to the classification of a PUF by its randomness source, PUF concepts can be divided by whether or not they can evaluate in an intrinsic manner. An PUF is described as intrinsic if its randomness is of implicit origin and can evaluate itself internally. This means that the mechanism for characterizing the PUF is intrinsic to, or embedded within, the evaluating device itself. This property can currently only be held by PUFs of entirely electronic design, as the evaluation processing can only be done through the involvement of electronic circuitry, and therefore can only be inseparable to an electronic randomness probing mechanism. Intrinsic evaluation is beneficial as it can allow this evaluation processing and post-processing (such as error correction or hashing) to occur without having the unprocessed PUF readout exposed externally. This incorporation of the randomness characterization and evaluation processing into one unit reduces the risk of man-in-the-middle and side-channel attacks aimed at the communication between the two areas.\n\n== Electronic-measurement PUFs ==\n\n\n*** Implicit randomness ***\n\n\n**** Via PUF ****\nThe Via PUF technology is based on \"via\" or \"contact\" formation during the standard CMOS fabrication process. The technology is the outcome of the reverse thinking process. Rather than meeting the design rules, it makes the sizes of Via or Contact be smaller than the requirements in a controlled manner, resulting in unpredictable or stochastic formation of Via or Contact, i.e. 50% probability of making the electrical connection. The technology details are published in 2020 for the first time while the technology is already in mass production in 2016 by ICTK Holdings. Few characteristics of Via PUF are followings:\n\nReliability: Thanks to the metallic property, once \"via\" or \"contact\" are formed in a structure, they stay there nearly permanently regardless of PVT variation, which means 0% of bit error rate and thus the post processing stages such as error correction code or helper data algorithm are not required. The technology is verified by the JEDEC standard tests and passed the Automotive Electronics Council Q-100 Grade 3 test for automotive applications.\nRandomness of the Via PUF achieves 0.4972 of Hamming weight closed to the ideal value of 0.5. The technology passed NIST Special Publication 800-92 and NIST SP 800-90B randomness tests.\nUniqueness and \u2018InbornID\u2019: Uniqueness is an important property of PUF since it would guarantee that one chip ID is always different from other chips. The Via PUF reports 0.4999 of Hamming Distance value closed to the ideal uniqueness of 0.5. The 'InbornID' of the Via PUF stands for on-chip unique \u2018inborn\u2019 ID of a silicon chip.\nObscurity is one of the great advantages of using the Via PUF technology in IC implementation. The Via or Contact holes of PUF are scattered around all over the chip. No need to form array blocks like the SRAM PUF. Practically impossible to distinguish PUF Vias from regular logic Vias, making IC reverse engineering almost impossible.\nStandard Manufacturing Process: The Via PUF technology uses standard cell structures from standard digital library with regular core voltage. No high voltage, and so no special circuitry like charge pump. There is no extra mask layer required in the IC manufacturing process.The Via PUF based Hardware RoT (Root of Trust) chips are currently applied in various markets such as telecommunications, appliances, and IoT devices in the forms of Wifi/BLE modules, smart door locks, IP cameras, IR sensor hub, etc. The technology supports the security functionalities such as anti-counterfeiting, secure boot, secure firmware copy protection, secure firmware update and secure data integrity.\n\n\n**** Delay PUF ****\nA delay PUF exploits the random variations in delays of wires and gates on silicon. Given an input challenge, a race condition\nis set up in the circuit, and two transitions that propagate along different paths are compared to see which comes first. An arbiter, typically implemented as a latch, produces a 1 or a 0, depending on which transition comes first. Many circuits realizations are possible and at least two have been fabricated. When a circuit with the same layout mask is fabricated on different chips, the logic function implemented by the circuit is different for each chip due to the random variations of delays.\nA PUF based on a delay loop, i.e., a ring oscillator with logic, in the publication that introduced the PUF acronym and the first integrated PUF of any type.  A multiplexor-based PUF has been described, as has a secure processor design using a PUF and a multiplexor-based PUF with an RF interface for use in RFID anti-counterfeiting applications.\n\n\n**** SRAM PUF ****\nThese PUFs use the randomness in the power-up behavior of standard static random-access memory on a chip as a PUF. The use of SRAM as a PUF was introduced in 2007 simultaneously by researchers at the Philips High Tech Campus and at the University of Massachusetts. Since the SRAM PUF can be connected directly to standard digital circuitry embedded on the same chip, they can be immediately deployed as a hardware block in cryptographic implementations, making them of particular interest for security solutions. SRAM-based PUF technology has been investigated extensively. Several research papers explore SRAM-based PUF technology on topics such as behavior, implementation, or application for anti-counterfeiting purposes. Notable is the implementation of secure secret key storage without storing the key in digital form. SRAM PUF-based cryptographic implementations have been commercialized by Intrinsic ID, a spin-out of Philips, and as of 2019, are available on every technology node from 350 nm down to 7 nm.\nDue to deep submicron manufacturing process variations, every transistor in an Integrated Circuit (IC) has slightly different physical properties. These lead to small differences in electronic properties, such as transistor threshold voltages and gain factor. The start-up behavior of an SRAM cell depends on the difference of the threshold voltages of its transistors. Even the smallest differences will push the SRAM cell into one of the two stable states. Given that every SRAM cell has its own preferred state every time it is powered, an SRAM response yields a unique and random pattern of zeros and ones. This pattern is like a chip\u2019s fingerprint, since it is unique to a particular SRAM and hence to a particular chip.\n\n\n***** Post-processing of SRAM PUF*****\nSRAM PUF response is a noisy fingerprint since a small number of the cells, close to equilibrium is unstable. In order to use SRAM PUF reliably as a unique identifier or to extract cryptographic keys, post-processing is required. This can be done by applying error correction techniques, such as \u2018helper data algorithms\u2019  or fuzzy extractors. These algorithms perform two main functions: error correction and privacy amplification. This approach allows a device to create a strong device-unique secret key from the SRAM PUF and power down with no secret key present. By using helper data, the exact same key can be regenerated from the SRAM PUF when needed.\n\n\n***** Aging of SRAM PUF*****\nAn operational IC slowly but gradually changes over time, i.e. it ages. The dominant aging effect in modern ICs that at the same time has a large impact on the noisy behavior of the SRAM PUF is NBTI. Since the NBTI is well understood, there are several ways to counteract the aging tendency. Anti-aging strategies have been developed that cause SRAM PUF to become more reliable over time, without degrading the other PUF quality measures such as security and efficiency.\n\n\n***** SRAM PUF in commercial applications*****\nSRAM PUFs were initially used in applications with high security requirements, such as in defense, to protect sensitive government and military systems, and in the banking industry, to secure payment systems and financial transactions. In 2010, NXP started using SRAM PUF technology to secure SmartMX-powered assets against cloning, tampering, theft-of-service and reverse engineering.  Since 2011, Microsemi is offering SRAM PUF implementations to add security to secure government and sensitive commercial applications on the company's flash-based devices and development boards.  More recent applications include: a secure sensor-based authentication system for the IoT, incorporation in RISC-V-based IoT application processors to secure intelligent, battery-operated sensing devices at the edge, and the replacement of traditional OTP-plus-key-injection approaches to IoT security in high-volume, low-power microcontrollers and crossover processors.Some SRAM-based security systems in the 2000s refer to \"chip identification\" rather than the more standard term of \"PUF.\"  The research community and industry have now largely embraced the term PUF to describe this space of technology.\n\n\n**** Butterfly PUF ****\nThe Butterfly PUF is based on cross-coupling of two latches or flip-flops.  The mechanism being used in this PUF is similar to the one behind the SRAM PUF but has the advantage that it can be implemented on any SRAM FPGA.\n\n\n**** Metal resistance PUF ****\nThe metal resistance-based PUF derives its entropy from random physical variations in the metal contacts, vias and wires that define the power grid and interconnect of an IC. There are several important advantages to leveraging random resistance variations in the metal resources of an IC including:\n\nTemperature and voltage stability: Temperature and voltage (TV) variations represent one of the most significant challenges for PUFs in applications that require re-generation of exactly the same bitstring later in time, e.g., encryption. Metal resistance (unlike transistors) varies linearly with temperature and is independent of voltage. Therefore, metal resistance provides a very high level of robustness to changing environmental conditions.\nUbiquity: Metal is (currently) the only conducting material on the chip that is layered, effectively enabling high density, and very compact, PUF entropy sources. Advanced processes create 11 or more metal layers on top of the (x,y) plane of the underlying transistors.\nReliability: The wear-out mechanism for metal is electro-migration, which like TV variations, adversely affects the ability of the PUF to reproduce the same bitstring over time. However, the electro-migration process is well understood and can be completely avoided with proper sizing of the metal wires, vias and contacts. Transistor reliability issues, e.g., NBTI (negative-bias temperature instability) and HCI, on the other hand, are more difficult to mitigate.\nResiliency: Recent reports have shown that transistor-based PUFs, in particular the SRAM PUF, are subject to cloning. Metal resistance PUFs are not subject to these types of cloning attacks due to the high complexity associated with 'trimming' wires in the clone as a means of matching resistances. Moreover, by adding one or more shielding layers in the thicker upper metal layers that overlay the underlying PUF (which is built using the lower metal layers), front-side probing attacks designed to extract the metal resistances for the clone is extremely difficult or impossible.\n\n\n**** Bistable Ring PUF ****\nThe Bistable Ring PUF or BR-PUF was introduced by Q. Chen et al. in. The BR-PUF is based on the idea that a ring of even number of inverters has two possible stable states. By duplicating the inverters and adding multiplexers between stages, it is possible to generate exponentially large number of challenge-response pairs from the BR-PUF.\n\n\n**** DRAM PUF ****\nSince many computer systems have some form of DRAM on board, DRAMs can be used as an effective system-level PUF. DRAM is also much cheaper than static RAM (SRAM). Thus, DRAM PUFs could be a source of random but reliable data for generating board identifications (chip ID). The advantage of the DRAM PUF is based on the fact that the stand-alone DRAM already present in a system on a chip can be used for generating device-specific signatures without requiring any additional circuitry or hardware. Tehranipoor et al. presented the first DRAM PUF that uses the randomness in the power-up behavior of DRAM cells. Other types of DRAM PUFs include ones based on the data retention of DRAM cells, and on the effects of changing the write and read latency times used in DRAMs.\n\n\n**** Digital PUF ****\nDigital PUF overcomes the vulnerability issues in conventional analog silicon PUFs. Unlike the analog PUFs where the fingerprints come from transistors' intrinsic process variation natures, the fingerprints of digital circuit PUFs are extracted from the VLSI interconnect geometrical randomness induced by lithography variations. Such interconnection uncertainty however is incompatible to CMOS VLSI circuits due to issues like short circuit, floating gate voltages etc. for transistors. One solution is to use strongly skewed latches to ensure the stable operating state of each CMOS transistor hence ensuring the circuit itself is immune against environmental and operational variations.\n\n\n**** Oxide Rupture PUF ****\nOxide rupture PUF is a type of PUF benefiting from randomness obtained from inhomogeneous natural gate oxide properties occurring in IC manufacturing process.  Along with the truly random, un-predictable and highly stable properties, which is the most ideal source for physical unclonable function. IC design houses can strongly enhance security level by implementing oxide rupture PUF in its IC design, without concerns about the reliability and life time issue and can get rid of the additional costs from complicated ECC (Error Correction Code) circuits. Oxide rupture PUF can extract uniformly-distributed binary bits through amplification and self-feedback mechanism, the random bits are activated upon enrollment, and due to a large entropy bit pool, users are provided the desired flexibility to choose their own key-generation and management approaches. Security level can be upgraded by oxide rupture PUF's intrinsic truly randomness and invisible features.\n\n\n*** Explicit randomness ***\n\n\n**** Coating PUF ****\nA coating PUF can be built in the top layer of an integrated circuit (IC). Above a normal IC, a network of metal wires is laid out in a comb shape. The space between and above the comb structure is filled with an opaque material and randomly doped with dielectric particles. Because of the random placement, size and dielectric strength of the particles, the capacitance between each couple of metal wires will be random up to a certain extent. This unique randomness can be used to obtain a unique identifier for the device carrying the Coating PUF. Moreover, the placement of this opaque PUF in the top layer of an IC protects the underlying circuits from being inspected by an attacker, e.g. for reverse-engineering. When an attacker tries to remove (a part of) the coating, the capacitance between the wires is bound to change and the original unique identifier will be destroyed. It was shown how an unclonable RFID tag is built with coating PUFs.\n\n\n**** Quantum Electronic PUF ****\nAs the size of a system is reduced below the de Broglie wavelength, the effects of quantum confinement become extremely important. The intrinsic randomness within a quantum confinement PUF originates from the compositional and structural non-uniformities on the atomic level. The physical characteristics are dependent on the effects of quantum mechanics at this scale, whilst the quantum mechanics are dictated by the random atomic structure. Cloning this type of structure is practically impossible due to the large number of atoms involved, the uncontrollable nature of processes on the atomic level and the inability to manipulate atoms reliably.\nIt has been shown that quantum confinement effects can be used to construct a PUF, in devices known as resonant-tunneling diodes. These devices can be produced in standard semiconductor fabrication processes, facilitating mass-production of many devices in parallel. This type of PUF requires atom-level engineering to clone and is the smallest, highest bit density PUF known to date. Furthermore, this type of PUF could be effectively reset by purposely overbiasing the device to cause a local rearrangement of atoms.\n\n== Hybrid-measurement PUFs ==\n\n\n*** Implicit randomness ***\n\n\n**** Magnetic PUF ****\nA magnetic PUF exists on a magnetic stripe card. The physical structure of the magnetic media applied to a card is fabricated by blending billions of particles of barium ferrite together in a slurry during the manufacturing process. The particles have many different shapes and sizes. The slurry is applied to a receptor layer.  The particles land in a random fashion, much like pouring a handful of wet magnetic sand onto a carrier. To pour the sand to land in exactly the same pattern a second time is physically impossible due to the inexactness of the process, the sheer number of particles, and the random geometry of their shape and size. The randomness introduced during the manufacturing process cannot be controlled. This is a classic example of a PUF using intrinsic randomness.\nWhen the slurry dries, the receptor layer is sliced into strips and applied to plastic cards, but the random pattern on the magnetic stripe remains and cannot be changed. Because of their physically unclonable functions, it is highly improbable that two magnetic stripe cards will ever be identical. Using a standard-sized card, the odds of any two cards having an exact matching magnetic PUF are calculated to be 1 in 900 million. Further, because the PUF is magnetic, each card will carry a distinctive, repeatable and readable magnetic signal.\n\nPersonalizing the magnetic PUF: The personal data encoded on the magnetic stripe contributes another layer of randomness. When the card is encoded with personal identifying information, the odds of two encoded magstripe cards having an identical magnetic signature are approximately 1 in 10 billion. The encoded data can be used as a marker to locate significant elements of the PUF. This signature can be digitized and is generally called a magnetic fingerprint. An example of its use is in the Magneprint brand system.\nStimulating the magnetic PUF: The magnetic head acts as a stimulus on the PUF and amplifies the random magnetic signal. Because of the complex interaction of the magnetic head, influenced by speed, pressure, direction and acceleration, with the random components of the PUF, each swipe of the head over the magnetic PUF will yield a stochastic, but very distinctive signal. Think of it as a song with thousands of notes.  The odds of the same notes recurring in an exact pattern from a single card swiped many times are 1 in 100 million, but overall the melody remains very recognizable.\nUses for a magnetic PUF: The stochastic behavior of the PUF in concert with the stimulus of the head makes the magnetic stripe card an excellent tool for dynamic token authentication, forensic identification, key generation, one-time passwords, and digital signatures.\n\n\n*** Explicit randomness ***\n\n\n**** Optical PUF ****\nAn optical PUF which was termed POWF (physical one-way function) consists of a transparent material that is doped with light scattering particles. When a laser beam shines on the material, a random and unique speckle pattern will arise. The placement of the light scattering particles is an uncontrolled process and the interaction between the laser and the particles is very complex. Therefore, it is very hard to duplicate the optical PUF such that the same speckle pattern will arise, hence the postulation that it is \"unclonable\".\n\n\n**** Quantum Optical PUF ****\nLeveraging the same quantum derived difficulty to clone as the Quantum Electronic PUF, a Quantum PUF operating in the optical regime can be devised. Imperfections created during crystal growth or fabrication lead to spatial variations in the bandgap of 2D materials that can be characterized through photoluminescence measurements. It has been shown that an angle-adjustable transmission filter, simple optics and a CCD camera can capture spatially-dependent photoluminescence to produce complex maps of unique information from 2D monolayers.\n\n\n**** RF PUF ****\nThe digitally modulated data in modern communication circuits are subjected to device-specific unique analog/RF impairments such as frequency error/offset and I-Q imbalance (in the transmitter), and are typically compensated\nfor at the receiver which rejects these non-idealities. RF-PUF, and RF-DNA utilize those existing non-idealities to distinguish among transmitter instances. RF-PUF does not use any additional hardware at the transmitter and can be used as a stand-alone physical-layer security feature, or for multi-factor authentication, in conjunction with network-layer, transport-layer and application-layer security features."
    }
  },
  {
    "instruction": "Context: Malwarebytes (software)\n\n==Introduction==\nMalwarebytes (formerly Malwarebytes Anti-Malware, abbreviated as MBAM) is an anti-malware software for Microsoft Windows, macOS, ChromeOS, Android, and iOS that finds and removes malware. Made by Malwarebytes Corporation, it was first released in January 2006. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.\n\n\n\n== Overview ==\nMalwarebytes is primarily a scanner that scans and removes malicious software, including rogue security software, adware, and spyware. Malwarebytes scans in batch mode, rather than scanning all files opened, reducing interference if another on-demand anti-malware software is also running on the computer.Malwarebytes is available in both a free and a paid version. The free version can be run manually by the user when desired, whereas the paid version can perform scheduled scans, automatically scan files when opened, block IP addresses of malicious web sites, and scan only those services, programs and device drivers that are currently in use.\n\n== Security vulnerabilities ==\nOn February 2, 2016, Project Zero discovered four vulnerabilities in the Malwarebytes flagship product, including lack of server-side encryption for update files and lack of proper payload signing within encrypted data; the combination of which allowed an attacker to recompile the encrypted payload with exploits. Malwarebytes responded one day before disclosure in a blog article detailing the extreme difficulty in executing these attacks, as well as revealing that the announced server-side and encryption issues were resolved within days of private disclosure and were not outstanding at the time Project Zero published their research. Malwarebytes also published information on how to protect current users until a patch was released. This event also resulted in the establishment of a formal bug bounty program by Malwarebytes, which offers up to $1000 per disclosure as of 2018, depending on severity and exploitability.\n\n== Dispute with IObit ==\nOn November 2, 2009, Malwarebytes accused IObit, a Chinese company that offers similar products, of incorporating the database of Malwarebytes Anti-Malware (and several products from other vendors, which were not named) into its security software IObit Security 360. IObit denied the accusation and stated that the database is based on user submissions, and sometimes the same signature names that are in Malwarebytes get placed into the results. They said that they did not have time to filter out the signature names that are similar to Malwarebytes. IObit also stated that Malwarebytes did not have convincing proof, and declared that the databases were not stolen. After the declaration from IObit, Malwarebytes replied that they are not convinced of the argument from IObit. Malwarebytes claims to have served DMCA infringement notices against CNET, Download.com and Majorgeeks in order to have the download sites remove the IObit software. IObit said that as of version 1.3, their database has been updated to address those accusations of intellectual property theft made earlier by Malwarebytes.\nQuestion: What is the bug bounty program established by Malwarebytes?\n\nAnswer:",
    "context": "",
    "output": "Malwarebytes established a formal bug bounty program that offers up to $1000 per disclosure as of 2018, depending on severity and exploitability.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "What is the bug bounty program established by Malwarebytes?",
      "answer": "Malwarebytes established a formal bug bounty program that offers up to $1000 per disclosure as of 2018, depending on severity and exploitability.",
      "context": "Malwarebytes (software)\n\n==Introduction==\nMalwarebytes (formerly Malwarebytes Anti-Malware, abbreviated as MBAM) is an anti-malware software for Microsoft Windows, macOS, ChromeOS, Android, and iOS that finds and removes malware. Made by Malwarebytes Corporation, it was first released in January 2006. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.\n\n\n\n== Overview ==\nMalwarebytes is primarily a scanner that scans and removes malicious software, including rogue security software, adware, and spyware. Malwarebytes scans in batch mode, rather than scanning all files opened, reducing interference if another on-demand anti-malware software is also running on the computer.Malwarebytes is available in both a free and a paid version. The free version can be run manually by the user when desired, whereas the paid version can perform scheduled scans, automatically scan files when opened, block IP addresses of malicious web sites, and scan only those services, programs and device drivers that are currently in use.\n\n== Security vulnerabilities ==\nOn February 2, 2016, Project Zero discovered four vulnerabilities in the Malwarebytes flagship product, including lack of server-side encryption for update files and lack of proper payload signing within encrypted data; the combination of which allowed an attacker to recompile the encrypted payload with exploits. Malwarebytes responded one day before disclosure in a blog article detailing the extreme difficulty in executing these attacks, as well as revealing that the announced server-side and encryption issues were resolved within days of private disclosure and were not outstanding at the time Project Zero published their research. Malwarebytes also published information on how to protect current users until a patch was released. This event also resulted in the establishment of a formal bug bounty program by Malwarebytes, which offers up to $1000 per disclosure as of 2018, depending on severity and exploitability.\n\n== Dispute with IObit ==\nOn November 2, 2009, Malwarebytes accused IObit, a Chinese company that offers similar products, of incorporating the database of Malwarebytes Anti-Malware (and several products from other vendors, which were not named) into its security software IObit Security 360. IObit denied the accusation and stated that the database is based on user submissions, and sometimes the same signature names that are in Malwarebytes get placed into the results. They said that they did not have time to filter out the signature names that are similar to Malwarebytes. IObit also stated that Malwarebytes did not have convincing proof, and declared that the databases were not stolen. After the declaration from IObit, Malwarebytes replied that they are not convinced of the argument from IObit. Malwarebytes claims to have served DMCA infringement notices against CNET, Download.com and Majorgeeks in order to have the download sites remove the IObit software. IObit said that as of version 1.3, their database has been updated to address those accusations of intellectual property theft made earlier by Malwarebytes."
    }
  },
  {
    "instruction": "Context: Layer 2 Tunneling Protocol\n\n==Introduction==\nIn computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs.  It uses encryption ('hiding') only for its own control messages (using an optional pre-shared secret), and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2 (which may be encrypted), and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.\n\n\n\n== Description ==\nThe entire L2TP packet, including payload and L2TP header, is sent within a User Datagram Protocol (UDP) datagram. A virtue of transmission over UDP (rather than TCP) is that it avoids the \"TCP meltdown problem\". It is common to carry PPP sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec (discussed below).\nThe two endpoints of an L2TP tunnel are called the L2TP access concentrator (LAC) and the L2TP network server (LNS). The LNS waits for new tunnels. Once a tunnel is established, the network traffic between the peers is bidirectional. To be useful for networking, higher-level protocols are then run through the L2TP tunnel. To facilitate this, an L2TP session is established within the tunnel for each higher-level protocol such as PPP. Either the LAC or LNS may initiate sessions.  The traffic for each session is isolated by L2TP, so it is possible to set up multiple virtual networks across a single tunnel.\nThe packets exchanged within an L2TP tunnel are categorized as either control packets or data packets. L2TP provides reliability features for the control packets, but no reliability for data packets. Reliability, if desired, must be provided by the nested protocols running within each session of the L2TP tunnel.\nL2TP allows the creation of a virtual private dialup network (VPDN) to connect a remote client to its corporate network by using a shared infrastructure, which could be the Internet or a service provider's network.\n\n== Tunneling models ==\nAn L2TP tunnel can extend across an entire PPP session or only across one segment of a two-segment session. This can be represented by four different tunneling models, namely:\n\nvoluntary tunnel\ncompulsory tunnel \u2014 incoming call\ncompulsory tunnel \u2014 remote dial\nL2TP multihop connection\n\n== L2TP packet structure ==\nAn L2TP packet consists of :\n\nField meanings:\n\nFlags and version\ncontrol flags indicating data/control packet and presence of length, sequence, and offset fields.\nLength (optional)\nTotal length of the message in bytes, present only when length flag is set.\nTunnel ID\nIndicates the identifier for the control connection.\nSession ID\nIndicates the identifier for a session within a tunnel.\nNs (optional)\nsequence number for this data or control message, beginning at zero and incrementing by one (modulo 216) for each message sent. Present only when sequence flag set.\nNr (optional)\nsequence number for expected message to be received. Nr is set to the Ns of the last in-order message received plus one (modulo 216). In data messages, Nr is reserved and, if present (as indicated by the S bit), MUST be ignored upon receipt..\nOffset Size (optional)\nSpecifies where payload data is located past the L2TP header. If the offset field is present, the L2TP header ends after the last byte of the offset padding. This field exists if the offset flag is set.\nOffset Pad (optional)\nVariable length, as specified by the offset size.  Contents of this field are undefined.\nPayload data\nVariable length (Max payload size\n\n== L2TP packet exchange ==\nAt the time of setup of L2TP connection, many control packets are exchanged between server and client to establish tunnel and session for each direction. One peer requests the other peer to assign a specific tunnel and session id through these control packets. Then using this tunnel and session id, data packets are exchanged with the compressed PPP frames as payload.\nThe list of L2TP Control messages exchanged between LAC and LNS, for handshaking before establishing a tunnel and session in voluntary tunneling method are\n\n== L2TP/IPsec ==\nBecause of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec. This is referred to as L2TP/IPsec, and is standardized in IETF RFC 3193. The process of setting up an L2TP/IPsec VPN is as follows:\n\nNegotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500, and commonly uses either a shared password (so-called \"pre-shared keys\"), public keys, or X.509 certificates on both ends, although other keying methods exist.\nEstablishment of Encapsulating Security Payload (ESP) communication in transport mode. The IP protocol number for ESP is 50 (compare TCP's 6 and UDP's 17). At this point, a secure channel has been established, but no tunneling is taking place.\nNegotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA's secure channel, within the IPsec encryption. L2TP uses UDP port 1701.When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, the original source and destination IP address is encrypted within the packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints.\nA potential point of confusion in L2TP/IPsec is the use of the terms tunnel and secure channel. The term tunnel-mode refers to a channel which allows untouched packets of one network to be transported over another network. In the case of L2TP/PPP, it allows L2TP/PPP packets to be transported over IP. A secure channel refers to a connection within which the confidentiality of all data is guaranteed. In L2TP/IPsec, first IPsec provides a secure channel, then L2TP provides a tunnel. IPsec also specifies a tunnel protocol: this is not used when a L2TP tunnel is used.\n\n== Windows implementation ==\nWindows has had native support (configurable in control panel) for L2TP since Windows 2000. Windows Vista added 2 alternative tools, an MMC snap-in called \"Windows Firewall with Advanced Security\" (WFwAS) and the \"netsh advfirewall\" command-line tool. One limitation with both of the WFwAS and netsh commands is that servers must be specified by IP address. Windows 10 added the \"Add-VpnConnection\" and \"Set-VpnConnectionIPsecConfiguration\" PowerShell commands. A registry key must be created on the client and server if the server is behind a NAT-T device. [1]\n\n== L2TP in ISPs' networks ==\nL2TP is often used by ISPs when internet service over for example ADSL or cable is being resold. From the end user, packets travel over a wholesale network service provider's network to a server called a Broadband Remote Access Server (BRAS), a protocol converter and router combined. On legacy networks the path from end user customer premises' equipment to the BRAS may be over an ATM network. \nFrom there on, over an IP network, an L2TP tunnel runs from the BRAS (acting as LAC) to an LNS which is an edge router at the boundary of the ultimate destination ISP's IP network. See example of reseller ISPs using L2TP.\n\n== RFC references ==\nRFC 2341 Cisco Layer Two Forwarding (Protocol) \"L2F\" (a predecessor to L2TP)\nRFC 2637 Point-to-Point Tunneling Protocol (PPTP)\nRFC 2661 Layer Two Tunneling Protocol \"L2TP\"\nRFC 2809 Implementation of L2TP Compulsory Tunneling via RADIUS\nRFC 2888 Secure Remote Access with L2TP\nRFC 3070 Layer Two Tunneling Protocol (L2TP) over Frame Relay\nRFC 3145 L2TP Disconnect Cause Information\nRFC 3193 Securing L2TP using IPsec\nRFC 3301 Layer Two Tunneling Protocol (L2TP): ATM access network\nRFC 3308 Layer Two Tunneling Protocol (L2TP) Differentiated Services\nRFC 3355 Layer Two Tunneling Protocol (L2TP) Over ATM Adaptation Layer 5 (AAL5)\nRFC 3371 Layer Two Tunneling Protocol \"L2TP\" Management Information Base\nRFC 3437 Layer Two Tunneling Protocol Extensions for PPP Link Control Protocol Negotiation\nRFC 3438 Layer Two Tunneling Protocol (L2TP) Internet Assigned Numbers: Internet Assigned Numbers Authority (IANA) Considerations Update\nRFC 3573 Signaling of Modem-On-Hold status in Layer 2 Tunneling Protocol (L2TP)\nRFC 3817 Layer 2 Tunneling Protocol (L2TP) Active Discovery Relay for PPP over Ethernet (PPPoE)\nRFC 3931 Layer Two Tunneling Protocol - Version 3 (L2TPv3)\nRFC 4045 Extensions to Support Efficient Carrying of Multicast Traffic in Layer-2 Tunneling Protocol (L2TP)\nRFC 4951 Fail Over Extensions for Layer 2 Tunneling Protocol (L2TP) \"failover\"\nQuestion: How does L2TP support the establishment of virtual private dialup networks (VPDNs)?. Whats the answer?",
    "context": "",
    "output": "L2TP allows the creation of a VPDN to connect a remote client to its corporate network by using a shared infrastructure, such as the Internet or a service provider's network.",
    "category": "WikiQAFlan",
    "instruction_type": "retrieval2",
    "parsed_raw_data": {
      "question": "How does L2TP support the establishment of virtual private dialup networks (VPDNs)?",
      "answer": "L2TP allows the creation of a VPDN to connect a remote client to its corporate network by using a shared infrastructure, such as the Internet or a service provider's network.",
      "context": "Layer 2 Tunneling Protocol\n\n==Introduction==\nIn computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs.  It uses encryption ('hiding') only for its own control messages (using an optional pre-shared secret), and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2 (which may be encrypted), and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.\n\n\n\n== Description ==\nThe entire L2TP packet, including payload and L2TP header, is sent within a User Datagram Protocol (UDP) datagram. A virtue of transmission over UDP (rather than TCP) is that it avoids the \"TCP meltdown problem\". It is common to carry PPP sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec (discussed below).\nThe two endpoints of an L2TP tunnel are called the L2TP access concentrator (LAC) and the L2TP network server (LNS). The LNS waits for new tunnels. Once a tunnel is established, the network traffic between the peers is bidirectional. To be useful for networking, higher-level protocols are then run through the L2TP tunnel. To facilitate this, an L2TP session is established within the tunnel for each higher-level protocol such as PPP. Either the LAC or LNS may initiate sessions.  The traffic for each session is isolated by L2TP, so it is possible to set up multiple virtual networks across a single tunnel.\nThe packets exchanged within an L2TP tunnel are categorized as either control packets or data packets. L2TP provides reliability features for the control packets, but no reliability for data packets. Reliability, if desired, must be provided by the nested protocols running within each session of the L2TP tunnel.\nL2TP allows the creation of a virtual private dialup network (VPDN) to connect a remote client to its corporate network by using a shared infrastructure, which could be the Internet or a service provider's network.\n\n== Tunneling models ==\nAn L2TP tunnel can extend across an entire PPP session or only across one segment of a two-segment session. This can be represented by four different tunneling models, namely:\n\nvoluntary tunnel\ncompulsory tunnel \u2014 incoming call\ncompulsory tunnel \u2014 remote dial\nL2TP multihop connection\n\n== L2TP packet structure ==\nAn L2TP packet consists of :\n\nField meanings:\n\nFlags and version\ncontrol flags indicating data/control packet and presence of length, sequence, and offset fields.\nLength (optional)\nTotal length of the message in bytes, present only when length flag is set.\nTunnel ID\nIndicates the identifier for the control connection.\nSession ID\nIndicates the identifier for a session within a tunnel.\nNs (optional)\nsequence number for this data or control message, beginning at zero and incrementing by one (modulo 216) for each message sent. Present only when sequence flag set.\nNr (optional)\nsequence number for expected message to be received. Nr is set to the Ns of the last in-order message received plus one (modulo 216). In data messages, Nr is reserved and, if present (as indicated by the S bit), MUST be ignored upon receipt..\nOffset Size (optional)\nSpecifies where payload data is located past the L2TP header. If the offset field is present, the L2TP header ends after the last byte of the offset padding. This field exists if the offset flag is set.\nOffset Pad (optional)\nVariable length, as specified by the offset size.  Contents of this field are undefined.\nPayload data\nVariable length (Max payload size\n\n== L2TP packet exchange ==\nAt the time of setup of L2TP connection, many control packets are exchanged between server and client to establish tunnel and session for each direction. One peer requests the other peer to assign a specific tunnel and session id through these control packets. Then using this tunnel and session id, data packets are exchanged with the compressed PPP frames as payload.\nThe list of L2TP Control messages exchanged between LAC and LNS, for handshaking before establishing a tunnel and session in voluntary tunneling method are\n\n== L2TP/IPsec ==\nBecause of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec. This is referred to as L2TP/IPsec, and is standardized in IETF RFC 3193. The process of setting up an L2TP/IPsec VPN is as follows:\n\nNegotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500, and commonly uses either a shared password (so-called \"pre-shared keys\"), public keys, or X.509 certificates on both ends, although other keying methods exist.\nEstablishment of Encapsulating Security Payload (ESP) communication in transport mode. The IP protocol number for ESP is 50 (compare TCP's 6 and UDP's 17). At this point, a secure channel has been established, but no tunneling is taking place.\nNegotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA's secure channel, within the IPsec encryption. L2TP uses UDP port 1701.When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, the original source and destination IP address is encrypted within the packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints.\nA potential point of confusion in L2TP/IPsec is the use of the terms tunnel and secure channel. The term tunnel-mode refers to a channel which allows untouched packets of one network to be transported over another network. In the case of L2TP/PPP, it allows L2TP/PPP packets to be transported over IP. A secure channel refers to a connection within which the confidentiality of all data is guaranteed. In L2TP/IPsec, first IPsec provides a secure channel, then L2TP provides a tunnel. IPsec also specifies a tunnel protocol: this is not used when a L2TP tunnel is used.\n\n== Windows implementation ==\nWindows has had native support (configurable in control panel) for L2TP since Windows 2000. Windows Vista added 2 alternative tools, an MMC snap-in called \"Windows Firewall with Advanced Security\" (WFwAS) and the \"netsh advfirewall\" command-line tool. One limitation with both of the WFwAS and netsh commands is that servers must be specified by IP address. Windows 10 added the \"Add-VpnConnection\" and \"Set-VpnConnectionIPsecConfiguration\" PowerShell commands. A registry key must be created on the client and server if the server is behind a NAT-T device. [1]\n\n== L2TP in ISPs' networks ==\nL2TP is often used by ISPs when internet service over for example ADSL or cable is being resold. From the end user, packets travel over a wholesale network service provider's network to a server called a Broadband Remote Access Server (BRAS), a protocol converter and router combined. On legacy networks the path from end user customer premises' equipment to the BRAS may be over an ATM network. \nFrom there on, over an IP network, an L2TP tunnel runs from the BRAS (acting as LAC) to an LNS which is an edge router at the boundary of the ultimate destination ISP's IP network. See example of reseller ISPs using L2TP.\n\n== RFC references ==\nRFC 2341 Cisco Layer Two Forwarding (Protocol) \"L2F\" (a predecessor to L2TP)\nRFC 2637 Point-to-Point Tunneling Protocol (PPTP)\nRFC 2661 Layer Two Tunneling Protocol \"L2TP\"\nRFC 2809 Implementation of L2TP Compulsory Tunneling via RADIUS\nRFC 2888 Secure Remote Access with L2TP\nRFC 3070 Layer Two Tunneling Protocol (L2TP) over Frame Relay\nRFC 3145 L2TP Disconnect Cause Information\nRFC 3193 Securing L2TP using IPsec\nRFC 3301 Layer Two Tunneling Protocol (L2TP): ATM access network\nRFC 3308 Layer Two Tunneling Protocol (L2TP) Differentiated Services\nRFC 3355 Layer Two Tunneling Protocol (L2TP) Over ATM Adaptation Layer 5 (AAL5)\nRFC 3371 Layer Two Tunneling Protocol \"L2TP\" Management Information Base\nRFC 3437 Layer Two Tunneling Protocol Extensions for PPP Link Control Protocol Negotiation\nRFC 3438 Layer Two Tunneling Protocol (L2TP) Internet Assigned Numbers: Internet Assigned Numbers Authority (IANA) Considerations Update\nRFC 3573 Signaling of Modem-On-Hold status in Layer 2 Tunneling Protocol (L2TP)\nRFC 3817 Layer 2 Tunneling Protocol (L2TP) Active Discovery Relay for PPP over Ethernet (PPPoE)\nRFC 3931 Layer Two Tunneling Protocol - Version 3 (L2TPv3)\nRFC 4045 Extensions to Support Efficient Carrying of Multicast Traffic in Layer-2 Tunneling Protocol (L2TP)\nRFC 4951 Fail Over Extensions for Layer 2 Tunneling Protocol (L2TP) \"failover\""
    }
  }
]