From 373065f71ce5fbad0444ff77eb4c1251a185f9b0 Mon Sep 17 00:00:00 2001
From: Sungchan Yi <calofmijuck@snu.ac.kr>
Date: Mon, 11 Sep 2023 18:29:24 +0900
Subject: [PATCH] [PUBLISHER] upload files #82

* PUSH NOTE : 01. Security Introduction.md

* PUSH ATTACHMENT : is-01-cryptosystem.png
---
 .../2023-09-10-security-intro.md              | 258 ++++++++++++++++++
 .../Internet Security/is-01-cryptosystem.png  | Bin 0 -> 12378 bytes
 2 files changed, 258 insertions(+)
 create mode 100644 _posts/Lecture Notes/Internet Security/2023-09-10-security-intro.md
 create mode 100644 assets/img/posts/Lecture Notes/Internet Security/is-01-cryptosystem.png

diff --git a/_posts/Lecture Notes/Internet Security/2023-09-10-security-intro.md b/_posts/Lecture Notes/Internet Security/2023-09-10-security-intro.md
new file mode 100644
index 0000000..b641bf0
--- /dev/null
+++ b/_posts/Lecture Notes/Internet Security/2023-09-10-security-intro.md	
@@ -0,0 +1,258 @@
+---
+share: true
+toc: true
+math: false
+categories:
+  - Lecture Notes
+  - Internet Security
+tags:
+  - network
+  - security
+  - lecture-note
+title: 01. Security Introduction
+date: 2023-09-10
+github_title: 2023-09-10-security-intro
+image:
+  path: /assets/img/posts/Lecture Notes/Internet Security/is-01-cryptosystem.png
+attachment: 
+  folder: assets/img/posts/Lecture Notes/Internet Security
+---
+
+> Every program has at least two purposes: the one for which it was written, and another for which it wasn't. - Alan J. Perlis
+
+# Security Overview
+
+## Security
+
+**Security** may mean different things.
+- Emotional security
+- Physical security: physical separation of assets
+- Resource exhaustion: mitigating DoS attacks
+- **System security**
+- **Network security**
+- Cryptography
+- Social Engineering: email pranksters (impersonating)
+
+In this course, we are mainly interested in system/network security!
+
+There are two categories in **IT Security**, (though the boundary is blurry)
+- **Computer** (system) **security** uses automated tools and mechanisms to protect **data in a computer**, against hackers, malware, etc.
+- **Internet** (network) **security** prevents, detects, and corrects security violations that involve the **transmission of information** in a network.
+
+In internet security, we assume that:
+- Everything on the network can be an attack target.
+- Every transmitted bit can be tapped (eavesdropped).
+
+## Modeling in Network Security
+
+- Basically, we have a sender and a receiver, and they communicate through the internet.
+- **Sender and receiver want to communicate *securely***.
+- But the adversary can attack the communication channel. For instance,
+	- tapping, eavesdropping, snooping messages
+	- inserting, modifying, deleting, replaying messages
+	- poisoning data
+	- impersonate and pretend to be someone else
+- Conventionally, we use the terms:
+	- Alice and Bob for the two parties participating in the communication.
+	- Eve (or Mallory, Oscar) for the adversary.
+
+# Security Attacks
+
+This is only an overview, so the attacks are introduced briefly.
+
+## Computer/Network Attacks
+
+- Malware: malicious software
+	- virus, worm, Trojan, spyware, ransomware
+- Bots that automate malicious tasks
+- [Buffer Overflow](https://en.wikipedia.org/wiki/Buffer_overflow) (BOF)
+- Denial of Service (DoS)
+	- Distributed DoS (DDoS) if numerous hosts are used
+- Network-based attacks (upcoming)
+- Physical Attacks
+	- [Van Eck phreaking](https://en.wikipedia.org/wiki/Van_Eck_phreaking)
+	- Energy weapons (electromagnetic waves)
+- Password Attacks
+	- Password guessing, dictionary attacks, brute force attacks
+- Information gathering attacks
+	- through phone, web, SNS (watch out what you post)
+	- Phishing with cloned websites
+		- the information you enter will be sent to the attacker
+	- (Port) Scanning: searching for open ports on a server
+- [Side Channel Attacks](https://en.wikipedia.org/wiki/Side-channel_attack): attacks based on extra information rather than the flaws in the design of the protocol or algorithm itself.
+	- Timing information, power consumption can be used
+	- Data remanence: reading sensitive data after they have been deleted
+
+### Network-based Attacks
+
+- Cryptographic attacks: decrypting ciphertext, finding the key
+- Spoofing: ARP, DNS, cache poisoning
+- Session hijacking
+- Impersonation, man-in-the-middle (MITM) attacks
+- Network domain specific attacks: wireless, web, mobile, IoT etc.
+
+There are two types of attacks in security attacks
+- **Active attacks**: modify the content of messages
+	- Ex. (D)DoS, MITM, poisoning, smurf attack, system attacks.
+	- *Prevention* is important since the active attacks are a danger to *data integrity* and *availability*.
+- **Passive attacks**: does not modify information, but observes the content or copies it.
+	- Ex. eavesdropping, port scanning (idle scan secretly scanns).
+	- *Detection* is important since passive attacks are a danger to *confidentiality*.
+
+# Security Services and Mechanisms
+
+## CIA Triad
+
+What kind of security services do we want? The basic network security services must support the following. These are also known as the **CIA triad**.
+
+- **Confidentiality**: the data must be kept secret (privacy)
+- **Integrity**: the data must not be modified during transmission (consistency, accuracy, trustworthiness)
+- **Availability**: information should be consistently and readily accessible
+
+Additionally, we also need:
+- **Authentication**: a way to authenticate users (ID, passwords)
+- **Non-repudiation**: ensure that no party can deny that it sent or received a message or approved some information
+	- Assurance that someone cannot deny the validity of something
+
+### Attacks Against CIA Triad
+
+- Confidentiality: snooping, traffic analysis
+- Integrity: modification, masquerading, replaying, repudiation
+- Availability: denial of service
+
+## More Security Services
+
+- **Access control**: controlling privileges to access assets
+	- identification, authentication (credential validation), authorization
+- **Anonymity**: name or identification is hidden
+- **Accountability**: any actions of an entity can be traced uniquely to that entity
+	- similar to responsibility of an entity to some event or incident
+- **Security audit**: assessment or evaluation of an organization's security systems
+- **Privacy**: keeping data safe in transit and in storage
+- **Digital forensics**: recovering data from digital devices
+
+## Security Mechanisms
+
+There are many ways of achieving security.
+
+- **Cryptography**: encryption/decryption of data
+- **Credential**: ID, password, certificates
+- **Message digest**: usage of hash functions and message authentication codes (MAC)
+- **Traffic padding**: to keep traffic size equal
+	- It may be desirable to not leak *any* information, so one might add padding to the traffic, so the traffic is indistinguishable by the adversary (prevents side-channel attacks)
+- **Digital signatures**: provides authenticity of digital messages or documents
+- **Trusted Third Party** (TTP): a safe third-party that we can trust
+	- If we have a TTP, a lot of problems go away. We can always ask the TTP for the truth
+	- But TTP can become a *single point of failure* (SPOF), and security architectures may become too dependent on the TTP
+- **Append-only server**: keeps track of all modifications, good for auditing
+	- Blockchain is a kind of append-only data structure
+
+# Cryptography
+
+> **Cryptography** is the study of mathematical techniques for securing digital information, systems, and distributed computations against adversarial attacks.^[J. Katz, Introduction to Modern Cryptography]
+
+**Cryptanalysis** is the study of methods for obtaining the meaning of encrypted information without access to the key.
+
+## Basics of a Cryptosystem
+
+![is-01-cryptosystem.png](../../../assets/img/posts/Lecture%20Notes/Internet%20Security/is-01-cryptosystem.png)
+
+- A **message** in *plaintext* is given to an **encryption algorithm**.
+- The encryption algorithm uses an **encryption key** to create a *ciphertext*.
+- The ciphertext if given to a **decryption algorithm**.
+- The decryption algorithm uses a **decryption key** to recover the original plaintext.
+- The encryption/decryption keys are only known to the sender/receiver.
+
+### Classification of Cryptosystems
+
+There are two criteria for classifying cryptosystems.
+
+- How are the keys used?
+	- **Symmetric** cryptography uses a single key for both encryption and decryption
+	- **Public key** cryptography uses different keys for encryption and decryption, respectively.
+- How are plaintexts processed?
+	- **Block cipher**
+	- **Stream cipher**
+
+## Kerckhoffs' Principle
+
+There are two choices to achieve the security of a cryptosystem.
+
+1. Keep the encryption/decryption scheme secret. (security through obscurity)
+2. Keep the key secret.
+
+But in real life, we use the second method and keep the key secret.
+
+> The cipher method must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience.^[J. Katz, Introduction to Modern Cryptography]
+
+**Kerckhoffs' principle** demands that *security rely solely on the secrecy of the key*. Even if everything about the system is publicly known, except for the key.
+
+Why? Here are some of the arguments in favor of Kerckhoffs' principle.
+
+1. It is significantly easier to maintain the secrecy of a short key than to keep an encryption scheme secret.
+	- Information about the scheme might be leaked or reverse engineered.
+2. In case the secret information is exposed, it is much easier to replace the key, than to replace the encryption scheme.
+	- Generating a new random key is relatively easy, but generating a new, *secure* encryption scheme is non-trivial.
+3. The public can review an encryption scheme to check for vulnerabilities.
+	- *Standardization* of schemes is possible, supporting compatibility between different users.
+	- It is beneficial to use strong schemes that have gone through public scrutiny.
+
+# Threat Modeling
+
+What should we consider when we are building secure systems? We should consider what attacks are possible. **Threat modeling** is the process of systematically identifying the threats faced by a system.
+
+1. Identify the values of assets.
+2. Enumerate the *attack surfaces*.
+3. Hypothesize attackers.
+	- What kinds of assets would they want?
+	- Are they able to attack through vulnerable surfaces?
+4. Survey mitigations.
+5. Balance costs vs. risks.
+
+We consider the case of a smartphone.
+
+## Identifying Assets
+
+In a smartphone, assets (things of value) would be
+- Saved credentials such as passwords
+- *Personally identifiable information* (PII) such as social security number
+- Contacts, pictures, sensitive documents, credit card data
+- Access to sensors such as camera, microphone, network traffic or location
+- The device itself
+
+## Attack Surfaces
+
+- Physically stealing the device
+- Tricking the user to install malicious applications
+- Passive eavesdropping on the network
+- Backdoors in the OS
+
+## Hypothetical Attackers
+
+For example,
+
+|Attacker|Abilities|Goals|
+|-|-|-|
+|Thief|Steal the phone|Take the device|
+|FBI|Lot of things...|Obtain evidence from the device|
+|Eavesdropper|Observe network traffic|Steal information|
+
+## Surveying Mitigations
+
+Next, we survey how to mitigate the attacks.
+
+Suppose we are mitigating theft. One could:
+- Apply strong authentication using passwords or biometrics
+	- But this is annoying to the user
+- Use full device encryption
+- Use remote device tracking and format the device
+	- May not work if the device is disconnected from the internet
+
+For blocking eavesdroppers, one could apply HTTPS everywhere or use a VPN. But it's hard to check if apps are actually using HTTPS or not, and VPNs may slow down connection.
+
+## Cost vs. Risk Analysis
+
+- How costly is the mitigation?
+	- Applying strong password is not very costly.
+- How likely is the attack?
+	- Attacks from FBI are very unlikely for an average person.
diff --git a/assets/img/posts/Lecture Notes/Internet Security/is-01-cryptosystem.png b/assets/img/posts/Lecture Notes/Internet Security/is-01-cryptosystem.png
new file mode 100644
index 0000000000000000000000000000000000000000..267d3d723f85033559c338a73a711b20b13aa428
GIT binary patch
literal 12378
zcmdtIRZv`C@Gd&ICs=R^8XSVV1a}GUI=BXR2@b&_xCZwD26u<S-4omi?sLfRU$^Si
zy>%bX>v`F=th>Mdx>v8gcdbYjC20&)B2)kXfFUa*p#}iJLjV96BxJa^k*F@QE&u?Q
zMMXhf5(<UBjQ{}9z`($_76t}}sHi9&9v%h;l!Sz&tE&qS54yIt_WTTeeT7<CS^fR{
z*VEJU?Cgx2oBQVG1`Gz5l$305Z&OlIDk>^2EiGkdXOoaXDJh{<RaH+<PX`AFW@cuu
zFE4R%aqR5u0Rhm_(b2-f!kZgtaWOPM9~v7AWo3n?rluw(C9SSPU0k4TZP12>23J?t
zp`jsrd;6LiXkA@hcQ<r;db+Kxjh2@7?hbl-3f<g<o}8RKKR=h3mqQ;OSXfx}_4R3K
zp}V`g3=9kn4R1Q3F)=aD&d#c;s=K?;+1c5=ygUH`0VoEBmlrf6BSS+&Lq<kMQxhsF
zDJdi*^rj{%3d+q5ZEAvUZEXz<KyPnv2L=WrBO}AY!m_fU$H&K)m(Zmp=)?q6M@MIT
z9O~}=)}EM|fesHtArOeZKD4*DcYYok8v4c+R7?!YzyQ6!zrVY?>*(n4^Yh!;fhsFQ
z-`sw9fXd23rKF(7#>Vq+0&l!bP9`KkA0Hq8;ijZCHio_-g)S`E+e4vFPW$^%Gczdk
z>}+ak3i{SrTYK{jDkuoW!#h8RLKzv~u>J$l-VWvD{QVmWjgN<VcpM%=-vB}17z_)8
zzCj0ppcNINZ{RE~-=bSt35C8bEh*{m?+*?RhU)1(yums?hJwK%AtBJOU*CA?>+6GN
zWqtqt9jc%JrKQCew7UlYnD=ER#MC`kPNqMj_KIR6Omzg_In63^EG?aXzzbGH&EzEO
z57|i_#IzMtVcIy}>+23T`Y*};e;$G7ZSy&15@Wv>Onw%ZHOW7e^*!`;S=f>>AG;}g
zPu{fR8`cA(30Bn>?Ze&E<90hl2%EE-E<Xd~gd+F5{a6H-1OhhZ+}L8eylLfCA5nS<
z=${h;5k7ynlVPi6`}kLy>BC1%WL0Arv9xy|=YC`}xSfI9m1>=3csn}wH+*nWpkbq*
zWIx|L-ABHxj7+bY1`{B@$Ufp}vb-R|>3bFiYQZ<iQi;XvpD_9<tHCN5$S^q<q2}UP
zbAs>nlkc|1l@)z17mi@9rgP2FJ}PzvrITB9>!jfCzdl?b=1m!)%TSHPWo}jK%C8DH
z{<tu4OX{Tf3{xCuU4z<9rznIv3|P7?_P(fkpy2?}W22+i9zshty>WkaU_LqCB^S_%
zWC6^iGHf?`D0=qI@Utw_{!p`bvjQ@xt>8SVWA}(J0p--Pg-TGKSQeHX9quW&10F9p
zHf*3KV1al>0;c;Q_yJyNtjIQzXp1utU-cDMJDoG*d<ig|P;`fMse~r#wa22|1wrY)
zHU(CoTANC6<kL9WwbGWsysD9_!=h(H7oRaO00xQeN@3Rl+mRzfUBv)n3W(itJncI;
zCR7moC(~zH3?~#(gVb{JqG{hr#z3kUS#E$0G$j)wG@V&-X001gjyq`bw?{_}P9OGy
z4s~65#_Bap8NjIOenpEio?eq9*Fw?~n`u~+bLMEC*fJilV_Qi25+#)YU5brvbfys`
zVoK^~4zqERI-HrJ4*kj*Nha*gv5)^Ge`(2KE3EQ;oim%|7-0f8KH8GF>R40GCeRkZ
zzE8M+C5ohd1y%<LM!R5f{1NnQj11zwVR9<}6@Ocg4)dhNGCqzML*xUv$uiOSrZHxP
zr8--?aGX3%>!H8d_fd}He!K+t0w(XAKP9$BuOaOuvCL;!9qS@XWXvr=7!Vu&330+%
zOf>@_$gbRtCi&9=ON9W_D=b0x$!MbMXn4$a?BYNvqD=>j<kO7Y2)fhx3D7!k_XuG7
znx1LFh7H0|s(B}t1W$uzY<urXbFZz0pQW&mtYni&TX4Gus3lt7XB>y6?qqeaLlh$q
z%t-e1$x~tI(gxJiPUFJlBHgTl*T(e+lQ_>%JQ-6!=%w7H?6N_i`X`C&285CuC66y_
z5W^lqDLwiGn6sWZdqm!J{_YI&*5z_`r}fbxt2laReh5_{Zl#6a#P?giHohs{pXPYq
z0{QIle3>Dkh7dC=3Pw2B2yX}tpfI#Nn_itlcsRJ<6O6WCF}B1Amx(pxg&0p$zJvp{
z!*2n)lj}QfID!6>9ZYkDP{mXH7zz}^;vxtv%dlRb?rdnzOy9yStV$jRAen(^jgJAg
z{wKhwd|k7l9{jY-HuMSp`1fVJOf;a2pJ}s*j}jIDJ$?@98>VqQ-X=zmF9nhfBZ~lq
z_3UGEB_lPaDtRMkbb!|%!7s%@S6jH-4ug?xI=|Uh#$hiahBbwzIctlaD9(WW09>=G
z<bJ@N)8GQk!t)yBrwIXiR{QAo*`zn=7nvcrsXUJL4=5;*$WrJD8Us=urO0J8Y$^r4
z`_4j1LV0);CeI9Ox6?q6w2lR_XgDl;Il(uM2D1QF#TQZ|Q}_9fIZx#_yMWK!!~?qY
zkuYasDr|0nTq3TZDs9M-X+9o5hbxfA)f5g9g)AgVS*|f_eAnZsG{fe7D4~DMy?Der
z&d{jZiI3ZM2~2-Y%3O*707C4L8aip_Y7kKBefFI<d`!!JeKA|$3`oWstIbIBxmyUT
zjhe;t^)0bEcrv3eaf*+ORVNrE0<7ry!W;${iPJTAlEkGRV%-{rDrx&WQ6l}AG|7~x
zbx>Ls0K7K-oGp#0Q<huivIz((8H(XvtX=W+`GkR=e$RTfQvGqzL^K}Id-LR-CJd3S
zlWz69+C6Cpcg$V>!6TF1PPy{E{wHlz>V)$0L2$q{!JraJeGsnf3PA45No>RtBLGz^
zR~_4iHs}V8rw}W;NOQw!K+{!J8+ehe=c=sTodIu?0geHyVZ-?v&Q@mSrg*ppazXnc
z?TI)ZAewj_jv#S`6FxQc0ezE5CdvNl@67$LgnZlxQ>{ceMO3EBksFwY24pphfZphP
zX+Sp9{;wSCJG_Zs@9!eUaR*(M`*RTTECC?Te>|CXEgK_D)D^&0KJ<V9j$o#0-%}v)
z8KqRo91jHhQ~ul-4qGsE;1$;RW4~c!k%koVU2AJ;Ct`O@l#sCIg_<dfrlOg!L&v)F
z@glgOEm(5h4si?9_Ln)LwlLb3UC&6z+eYrR{B{bgx&6X~^`T}>f!Ufqhf?Sl>6-Jg
z)r?}@<iNTYlf?N~+>mZW-nJ=H@*L0bV4M#=&wPsB1|c9f`mMZ9-w2B-1l{Lx0~kV>
z5i(J#g||9!vC9WpC&`)%e<NS7{TM}x*xJOoBO((L+JNg`RML#jo1wueGlODaqHB7)
z@;<VI)?ua?##k;mq?DbsbtWqMg?cle;wvNEa$ju`9TngfY2m%AvLK+gpf9`RjT?^c
zqgc^BY!b85H*S9XZp{3kf`_N|m9l2k3*INr{CBLj?#8>g>w1bh%fJPTOI4J0zv!8C
zrFy+03Giqs<9x<XQ+k02g(_FZwAi0sQ8NfjD1@zyB&7r+c<ZfyHRXVTt2W9feefjQ
zGcXIjeFQ<sG`2gThMoNhRhX4Yu(jm+lh*|F-^bZHu?0}yJzNtmoTrUQ(-$pfaB6s_
zY5j0FNMBAFNhH48_Ohz#T@C>`3=4Wxi@`WN3C$(+oSiUR<suJR%_a+|ZvWfcPbC7s
zm+7^2khH&{(SXeY+J||BiTey;N|A+tvSk~|lmo4&GvXVDjuXO2JWYn~MYeTj2IM}6
za2NWj>HG`yKz>u_3jcKBB3KJ$47PL1t-4Xwb1G0NOP<4k0~(3#a5OnnY5ut|ry;s$
zz6q*bD=TmdSDLt_p3d@C#U!>-4HixTQjz6=BuqnU46!GIz=^}BvENVy&dK|I^zbA<
zk~AD;yC-;+1?z)*4)OS-kMUc;RHkWjiYX57csoTpiva3IWTXY_^eP9H&+t2!J<yS!
z6jZ^**|gJb_ZPLaRYAAk9ISH^9zR3+Ho_!0;P7dwb^e^?czN}3*(H7wt4zVhGcLz(
zx>&}qzeM)c6?%igd<g)l(T}kam~GYCqz%JzFh!$SR~lbj5<3$y!`Bu|<FElAx+1RU
z-JQ+wv3&4_OX5_jdh%PgDN2ViL9wh9(>4n<6KuS;Z0eC$6Zaxt-1uIX)klpPJnTAQ
zVi3H#MkRa~d~wN2*476{yO!F_7QP3u0s4%(Sn?@e5Zsxxg;eklryAp1^eUPo@S@ew
zfpy6&r20oojRB2(^vTrBKumOxa}X+}mk4IZm_=TG74Z@<fBDC!%L>mF8$4~z+xhiy
z<=r7qd|nE+ca%ryHQuvY50jwm#@^ii<7p?aq=2+T(^q<nV_vW3-0U$Ji8$v95!*fg
z^e}$xXXg}T^kfPAM^&QR)`L<kOoCGC1x05LFY%*4k@G&Va2i#vnrjMVa*7JDn&&9!
z>J3vtxI9TnYB=`)b#Vz#<tGgM!u;$VmEnVe{5DuKjcyz6FX{1Jd{;FaI7wvXjPru&
z)GI!DvFe7ij+g1eydR@wtKBU173>;Mss?Vbth(q&0%3FHq}~=z$Ps7SjvR8SnJIX$
z5)3;Jlx47l58x2|Z?DAAEDQLF0@ikC??kNTsLl(d*)#6PUUG%D)dREuwo`{f*5{sv
zw%GsA#OBGI7#83oppVV)K5g8@Op(cM(f;;V-zs=H?VaN$(1^d?FVpYv;`aYNxZ21{
zXw!7MctS>}0<yP}3eT|r%E3Qpmzgo04_uv#dB?R{40J7B=H@CChcuNDlG-#WLJs~9
zmU^D7DasS85`_KU-($m|@A)Zlm5;fN<ZOY*Et$xYk*BU=9ZGj9Wit?}f~hrs<~rRq
zqamOF@x@2z8*OBy{oTl63*MKk5j(?{P3Qja84t{J<8TkA;8qRhYLDwB-?~<dIDH0W
zt}CO`bflcbr8z1tY<$!&kY{|Gy&z>Yw~!m9INxsmb}xgkm^OP|DjXu?654LD4~e}i
zGti0WMxay>`M8lSFo)r%8f)zjPGI&@*{cWQl{6#<MSczcUqhi;Hq&&qACJ@2B2C)>
zD%2e_KTd#Lu}U0BSdmUK?vYVdhiJ}aisRBP{c?w%O1Loo^TKz4al|*Ai{tx)5*Sva
zGLeiV@f3y`fp-wSGi?48pJdwxh<ugpj=%!y?hHFK$wykVwrYAP);qT<ZCXCyHWDW3
zT+#0G{*^y50y)eY%mQz=TTj?1RCP4B<V6ArK4^j+dwpMAhAj|}DWrz<OL;Dt?18qi
z+O3}pwfAj__D?%1Qw9vOdJD3&CKJ;vIga!Wg?m1~k8Lwlq$z3S8u7%`1c&$fc9_~0
zlYT7el(&jqIGM*`JALrm%A-2m{ap6PtLg>bUru*9$mo}^UrX15|H<bIg~%jW!Sh>G
z?J~Lo%CdCY4rh%jKt+ZzZKXp^=z}*+^|Ec{H<}-%Rz*M$`hwI-MPuceZ>3|pEl#9I
zU&QM$7+z+%<+9siBYJ{#30Iu=9b{eC+fZ3)AUlD@wA$M1{%BV>vicmP0I3O5PHCH_
zdJIb!hWONEQ$?lhoFcuS8g`LrI#*1L?g;G~OwukA56Eg&n(_=VB~cK`+Da5)@6oO9
z&l+WY$dPEW)=BCoqOxVd__SFB8{I&4={h1wSuFFN6QBjx82Rqnmm+O=VwW5^BXhqn
zE}Hs_FG)<54qb0v^v^2{b!+JmTE#8ck*mpZ26-_9mfOQ9>CCV3eW*R`z49n5KNQgD
ztkxFxBYCXAbC|gKFpn=%$wJP8tQOXVKXB@TP$iU)t3nlMlLUG7DBY);Pln5kJ2-g0
z5jn3j>@5V|XYO}*W^wSw&%^vUXEj=lX89=_;8a}O`hvH299IPN-dFpjRm-Ib;xr?g
zA&We4x0O;$>f9dS<E!Z+p8?Nx^+zj*Tr!XHoAmcX7lTkLR&7l>U+GlH1<9lLlFd9M
z7o@s?i=qugw$}@7Jn1xL-v&h&I_ETrN}yV!&sep$joF*<xMQ%B78)icRL6+g^3|=)
zhC+T^g^_rg;LW$ZP|c&aEe3EJeo?JMboykCLU){SW!e-2VmW^Ctque+mBCtg446QG
z9zk+7t>`JNQR{FziWoSW;KeuLx<Q_Sra<){*NLVTqVk$Y<nIsVj}g*pI+q{NJ~B53
zeT|)0;KISG7_S)~0fc9enYcZ@5s1GkNcuvMhr#C)QljG+R3J4@Ha_;C8WenOryR+#
zrHfcFQJ7KYK70uT6$RaC)BHc?{OaWOl&}~xd}O{FEKt_I7{0fuWS9=Mum-aWc2}zt
z&M`sZ<7XBA>YKS2A8RRw&YyzWjFgL(6G7^TG1$35#5y1>Cm$hCW7?EvjRGW%vMjYf
z69`9nP&3t)fyA$YVS~PXD+KL-rIJ{DtJB}ed0|5%Pu7N)lOw^f1w}Tl`*hSdT*TDR
z1>+1{T5P<;Q<g_TND|6rH-oGKoIgeV2y7R?s;EtZu$=2N1$3%0g=^5~9K0M(bFTgR
z56tFa+K9zi_w*~V&SKYcTiasMA71pWN%4KUFmvnHl)NU>4X@vLb?r+))4XXkz9XRa
zZ%H<Swj%`hgh&LcCGSEjT*;-u14$dn7Z1|7A?<u_1J<FdCx3^qOky8Te;*R${bn7}
zzUpTLZhc62WrA%aU`S@t^-!EU(UbvEA#ogHn5q9W|CLZwp@g1|n3C_?vhC|yRdu(@
z&2&-H_0lturAwpdev&`ZCXL!1dYhZ=K(%&_vcop0OntO)7D=2>JjsU%(fE#yxy2S>
zDsA<5V2TYZ@3-Oy*&~N+F#r;)ONE&gvSHrg&TmS@z;;)G%<E&$*B!EkMh`(3T2Jrt
z8!KTKVdoQ9EXBpK5hqH{qi_r5+f(1aCFlO)d#n(}n40lVtcikA#V23r{QIIeRJfwn
z&wrGwR&I*%6eaN()8|mbEy0|rMcb4ZJbrNBqq=*!KAT243A8ztH?;i9e4Zztfc1Ql
zFfQ|ysC8MM?lE;}jwu2^Y;A3HDQC!a^{y50@QxX2<acQUs~1g8h8I${8{fOxQl$ym
ze*z2{9#f|x@~zucfUw>ofBluT_C&4ucDTu0ibHo&r=)g`#9Nx09S!apxa4g!mi2G9
zN9l?GY3lU~9sM5&H7YHBBgb~-yB`?9tX|oQjqP7{--JMAsamCLojY#a^OvtQNww)%
zT@6r?%LUu9+V_WG@`0@-!_tbQS@~N0+*QVsm(4vzEgLWoR~772ynkDSf^=ff_E5-(
zj3CK7gbphL)O|~t!KslVh+}7m*)*(>f2QJ#g*R}w0Xo}W!#NAL6n?$Bj2!U$2LO3?
zN80BX;Hw4iimJ<;!&i~rKTeuTPfC}?j2;_~)zzB@>-u{7a)o6ZEj6(N0?IL5tATzp
zT?U?7fB0pUe;d$w%!~JR(mmsBOUs-|`<Nt3|2D^BH|Z+No%bqWDCszFAA3)3i?QEO
ztjq<t(Kubj=5MnX{40DS{&>nF&K?<NGnmCea7kTg#cCp4h88f<NG{Z@j@+kY%5QnX
zd*jUhsib4GJv!sJWYr~+XY2Ka-Zo4i>)?>j!AZ;C8~%T49Ab806~2aBz2u)!wjiAj
zD9vyLO<+?;FE!b9JAm1FC4a0sAC;)>#An@hUKTIL=sdOtrIws?o&IXnWSt6XbRRp=
zXl>FFdr!8em&El%<#m@pBKb8v>;phcrl2rH)m8Ol<f(unI}C9;t-)>9BZs+|l8=a&
zbj;rwygJE_7PY%vtK*c-XX!g4A@7!I>&aTbLDoB&g_F3Q4q2CKjYp5$iMx_W>X_|G
zp0oNgif1}zTp1OH1g(oN6!4xDxWSPG`C_n+F<E~@BS&@(gJ|1Th~#JDotQD@P>NJA
zVabqsDPBEzII`DI-!o`>Z|FOSIO+p)?FE+8<0i)^&W>cdL=Uh4k75}xTA#mq0BmF_
zq=I;C%KcXW{8<Zzc7D6pi&z$Ql?fm5nr(cEN+?lm2bhnMZC1+6K#6mAVF!hY;Q&MI
z>1^AjN^C27%6296y}92)#--(tB7r6)jrc~J$hprV#Y_{OGagREKhRYY#__x;l7G2O
z$bdL+UeLQqh`j*Uqc90dcp6<kWAtzV(r~gw8&`d2-pBQJnyG~P8(cFS=Kf+HUq8qK
zAB8c^Wd2zYW-Bc}a)b@rv_6$wybC_GNUN8nJ`h-X!OA4X<6GvgvCjMfkyG1@1LO>!
zZUWXmNoCrDqKb*wVoDD4qAWMSEUwtwyAUJYB~34H=)Q1U-@@d$`no&LwtLCD3A5@x
zDe}Pjed+^%la~8ZnRQ%Sb)34f6q1y>Mh8-N^6W}<m7~H_SkkjCR-y!ssp`sz(y+_4
z=HsyFjyZF@pSGPXHx^B_DEoxS$8`1&+8;T|RumIjPT&9JUUj$AOnmIDwcm4qL6iu$
zY2dfJqoxi!Xb=`<aKy|yq9?Vcy-)DF8>A?sF8FL*e={q?ng>!k%ue2oVIaS_<(^-k
zq9~*K(2SO+uQR_0xXb<*r9R!D$g-%Aq!vGWvFgf>Db0v?Aw>H!3=Yx}^h~I%?!(lr
z@$Up;Bh9GVe8iY>wYO;4d7_cjhNj!6uDqJu@ILhrtr~831%F^c_)})JR;P1lw^t1l
zW7$tw$8U!=$}i|}ZU$hft`L|n1Z-fde!XD?AYPZ8_Vqf)nkpuXzVe}~Z~WntBs9Kw
zr;jFu|2ZQcDks76lb{G*5iqCm!p3&gaBF((Q~p85e~)XTxLKil`Ht0!R<8-d%{9{0
z;b7*)&G)1+8!TH;N*fVrc1PDxBD;6>MLBi$a~AH?Z42G62`#RX{I{H2s<bJ15C+fP
z<BWpR4@$sCFus%%8~`JkJUFWs=5vHE7;(oetZ;^qXTF#AxK=>N=%}Zzg(2L_uc;M9
z)43GTM^|MipOB)Q6B64SGU@K!f5_S<6r7dPYU@T$*`*aYGS|cyrB@bPmP2cZKAEnZ
zsOzo2BS)xW*ERlv>O{^A633(G0*{1prfHfffOtpIX!sixT1pVa|By#V{DU~Yi6%-8
zjiy@!)@&?mEe=+WWE#m#p%G{t_8Qt^EtrXteKo70zJbYJ@SYR1sr^*qk1sA@L4b%j
zry&$~AyCyZ{8;@HALf#;mZSP>>}Pz;)Y<X6!yjz8tol2VYl&I%XvLLvf9zT#>im1v
zYV4y1_OwL>F(Z&z&@jf1E5cnAS4_V{!`R|H_8@XxGtX>0v{FAHb`Cx2vz&p_3mTn3
zxhsS~=@kV$;dpu!OA@O(L{%%I_*@$M+nD6vpV{)Ok8EMuU3GmDZZI-vM?P7s+9?-X
zXVK)8rgN`Si4CvmgIUEU#-0kWef0@H@#B57HF0(dQsKwe(PP^F^fz~3AA#;~yN*dF
z#?6{F;>E({3Mn@FFuPZXY09z*V^vn6_tDMM<>h6VH-K86@5V0`lH39?mfI_9Ex)_m
z+-|rfC$MIj{sn(x;Jd;Y?=>9MpffD@SEAEB>$8K986n~4M0cGP;FCmJ_$albM~d}C
z-Lf(`y(C}?kOz04WedVfj~M2o056*eSg3L@V5<<?cq~z<g|X)u8q9yobbI5s^l{Yg
zKrYi>4oSymHGx~87Q=&KC?<16g&Hqfl4Xf|q+X>MvKNW^{ZefrRAd$y{$DL&1+=1h
zEU}Pww=LZHn^gC5S0G$;pVam(%*<+e@Y=^V8q_ET`5hokC0lTW=3Mb3&y`j@`db$1
zyj4+zvAnK42zO=aL!|~tkB?hVY1K}1tiMTza~5dyW+=*W)X;G38`lu<S0`u$IDTT(
z1zUPMJn=y1!NvvfZ5apNRSoDiCQG-x6D1!#sYMm~-bHkvp><;qV0f$3=6)VrQh%b>
zm{x%(>2|xz3L94~Jt(>4qoGZ<YRah)%{LS5utvWaX`We!fHa`xnq=`zYmlmO7Tp+-
z48U3$c}DC-+C)~G+Oe@=|MdnFF)&h?ax4wCBRG$AYF^_7e=GmLqGz1@VEVw2X>Yk=
zCoU{t#<&W^7i94;rn7g?vg9DlkY*ZA8n7ycxRYe2oDdRuu<E!W%<7-=aerG)yo8ze
zB6VM5dWP>#%apyIFFf(WIBB<#W6r#R`>CpV(<j>TW}^DMW$-7nuOi1LP+IVPlC{Bj
z({ehA@PsP&NM*uaSk^^aeoK)iS0`|1Jl6z-^X80Cr;hY1BNt$!&=AflsblS=meoYj
zvF(J|o~SB(S2-ip4>52>(2EFM26LOXp>A75e@3IGd1Gf(^3R;3u_WU~e2(N<rf=qh
z4tE--A8ws}6BC3h_uC$}jxuBkkDC!w?iJ0RFUKprvA0fV<Y*NoFWlu`Tv)x9xVz}2
z2S`pFyvx>irhf`J8jrE)cAUsxE%u%L_-l!ZynNd`o&_IA@`w#pP)*}T1K|A@EMLFH
z{v{SMFOpSmy+rOLY=IQwCIqcn?yH)eICABB!&A;r(ivX)F6VN|ltgBVtqX+Ksg<2L
z1<HF<Oj`EBNM`k?-!RCIfg&e?E!1OhK3iA4qoxdA)?IgT4v%c8gSCr_XT?O*ZXId?
zU|JXjU$!KQ7ggnB)*{4H(T?)+JJ@RBw}aWhsEotjA%W@LEgqd;+-`A)sXK*Imbr?a
zVtAPS;Z(aqOH*S^uS9=4{>Q{8o8)H|K6k}o$5rJ3>8yY{Gm!1uZ|v4@*jZYAjpnL6
zw=zf<%~eJUBq%G4`hkY)a#i*?#_d*&cR#p7{?=9XjGNM~N=KBU#WWy<(Nau3Ojtiw
z5ngEg>I%V6X&ha4nV>5ZBhB-{)$rrGnErR9FD~dfarF45pxQHAt%PNDiZt36SA~fq
zg-d6+({_N<ojX1c|M(<joG#6h#WeG0!JGePWw_PKdsyT^u&&NW_8^ioZRs0ce1>_b
zfL`VV2WRz@u;RMYgD(py#QgIBs-Lj<e(=KuR!pix0ns{}iny@<_vq6T8*Z?~<pp8b
zSl}2*WX}N>Dd>d)9!K%Rq0&p_%o?0)UA??8r{$D*6dO!TS($g-yE(q9m!YFfT~wRk
zt)r;H7VV<t3&PEncSGMHcD??lB)N_kQ#Tha_g^FENhqUOY++x6#$cjC)0*RM@0xHH
zAi2RU?Nd8s#1q9cV(kZZsRU^3v`0%Pxz#oMBblwH?+-im48;<|au#08(l%Xf#HGPs
zw77BsoqBTRofw`T9iV`UuGEgdOUI`+M>Y1O)^;Ss)<<Q9xpMPY0TqoyeH9raM^ft4
zl07LeFK-`#RQ65P&Uo)+FsGONJN3|tKJ^6m<l*f_raZ`6>V2SGPb3FPTPuBMO{3#c
zj}c5_w+a_<Fz6JGsv~Q2_ba(y-mL*u+uM`a+Ie3+!uTOE<ZeMTJLD(*@{A<sq1N3_
zM&~DO36sb#3L9eQ&^uipN!L>+Yi=x^BK;kWz>pnTYNbsv>d$SNf-KLPH;pn|qbix(
zDs;NRk3Xo=Qo-x42y(f`L%_vfqk+ol&W?zufp-~}T{XYms0g?qeLNfP?-qyw8?(wg
zEP&h$s0UhR*#!7l;JWBTOwi-r(PUo;4yJ4Cp<bz9FlnYirjIBM{g7>5J+5VdpqaId
zBpjPKP00mgf&id7xp7&zY$D~xe#CQZ>B^_3n=MCG7@B}{vUKvuS$?A?7_=JBu1r7i
z+E%GS&XO%RJYOT>kJ?af4YGe#XP<AW@4V4$vfq?FX;W-@)>69IJjsSAGiZ^71vn0~
zrK4bBiV0(PQrGt)m`2o!!UahXbE$?97jUyE$e=TdxUcjp&Ppb+v>sGP7e{j!D`qr7
z4ffG3_r}?D32gMLIVSfqe56})?k?DJ_iyZPS^mnPUHb+rA-$w{$cms>RLCoOD;H}~
z)<{L*xio=3m|0JY89&+-A}b2t`$*vUvcm+BWR@|!IO-3kTGuTJ=%kxCVLClrNLz&L
znZL^I3}l@~TY$W-I&$<!`Ct;jTVGM`x0hlt)kiEJx0=DrLLK;Lj0yN|O(0?mYv-RF
zo3MfH+k)2dv=0)nucF*&-FM3kJ<hqWoxhx$eIyaJ@FkLc%7stkV;LJ=mSk8HCP1xU
zk{x3xukje?1zskS9tVzyQ-%+7hs~`URXeSgTT`wi=G4y9pjXSU;je--y=<19CPS3(
zEFwab@eGSIXc-f3`nHd5ncth24&b#!>>o0_P~q8msB4J}e1m6V0CfO4V108H2}$k_
z9d#XMh2*dflaB9k6?Iz>3#k<9lTXD;v<mh4iBoH{&A0`Z(^7zKY010z1?5G4*~#Ei
z0tWm*&UMZn-g171gqpcVf{cD0p@i;u9{0iZ(fQICgDA!+s|D!T^6T!M(IL3m|1SnJ
zDy0#aThD#N%u_k0jf*fwI|Mz9{y>J1IqqH@`vZS6fS!?lBqz1JK`A+H7uZ(T5ZTI<
zkG}iWn3~7M0oGj;=raa{xfjml=e=60lrqCz2M!r0x6;I@&Ts;sA|laaT=4nxnXPc^
z&Hmc^<xmmfdE0>`;P^uf2m}?>DZ_iLzI_E!Co>d2a^aBsND{_)B4ix|Sb>cEpHu(t
z$8Am*7*BfmXR6N9&6UxsFcjL!RmNonz)vOL$V4Jl4V9qxwMOuZypKo)2LpDj;Q1rr
z2(xA*G6S<ymUHR}VLB&^-~aH*97xm3p?Xlk`&9Hf<|rz08Y;-<pE%lnu~D%;Gjofg
zqK6{k1Aq;)D!@F|g!`ybblq2sZcIM&`g>B^IQcYX*sX(u57?>K2QE?_XeRSgKG#(G
zg5u~(ZB^89vwTWvq{V%FHJM`Yalth8^I{8;tf=N{D=`8~8Mctcbg(KB&yh^O>PPUw
zGX;^^M$(1$vP_Vw6HYCNeO2!PaqG!0wa3|-Lu|-}UP1R$tO3aK7p+6PLcXmayHV6o
zNHYm}x6I_;${&hvI)+(0v7xjSAKoBIL^(%UAP;+lae1+B;&76ElW^67z1XtP<hyjU
z=SZ;cZhdzc#YuK<vFzJwj?w1pCM*+PSld~AnXWA*Y`^B@2Z-H>=e$(3B56im(n&w9
z^M%>8<iPkLpDA0<B#)PAAK5nv3uRx#o2-!f+pDE#HtB2dt9($H?6AL<W`W}UUcX$D
zOthSNC%uv1a|`o=ZmY(<ygN)$)Zi0R$wpH;$L7Nwggb&PFmb80EZkv7%DJ?C9#&am
zpo;vSMI+gjY-*K4YEeyZS`l`*8RZ{>Dqpw@Kkn_V=DOv0f_*~$XtZq9SVCv{bv>5Q
zvd6d=h`SSJ@aORN<9b;~3n@c|0Bj%)`#!o1;pEl2c0huBr=tqqK=J3e)$yG3HSVu@
z0ZffSKP+x`khAqtNeCp;3*7S@`$p&k_2;@06F!3GyeC)Ah}=KCg~10E8BrL!+viaM
z!<UXEgrfqIbMHG~IcS9HQPcuq07RMp8WbAl<0{^!B^!7Kn&Q~3;-(B2_$_xf^Ddf)
z8~NKtn9gD+3<006eb+bhossaO9Li@m9o}h^x&cIEo3cL$OU;JHZ$xmGtGJjl-@zxS
z=&fpWPmG?>Z;4;M_bdKGg`;lSs1q?LLtjVkX0yCs{v%G@d*TM`(p+sf_jEsTId84j
z9pnLX^2Yd+`Q|<Y=O&fVi?ZtHuT%DWr^~|9oe0tau0*1VRsey%#q#1)H1K|G$2sl~
z>+z_0U^2Y-|7=yE&Ag-46UAT_dreY)`zF*p;hfa^Ss*j}$jCNn>vuY}X7I`hLU%@~
zM3eF@j&1ZaHo&46Xp(ojI_}mP_rnr~<%ZzeO3pSWR)NoF+Mr-FHuB?CA-?Ni(EI+C
zOYj=-Pw9-}n_qS{`@|P_kPTY4Z4e+|3l~4DR%g`Nu#o#R)E|M({M#eXpO{K+V%TOL
z#soe~{mk5DcR1>g!*QI_oshkWH2ETVJWA~Nc2e?_(2-HH$$k6G*g@$Wm}#j5&`Kp8
z3=BTZ)u`Pju-D=>VJ{ONs3+d%0P08VD)!<u0V(?TTj#DlM4nBv*;7d&is;y<!t7+}
zM2<(o_`L@E8eVn&gcWJ9zUO}W^ib>x+p8lu5pTvE%kXxCucDq>+Xi;zPc&2I*M=1)
zjIHkfoN+YRtvlQ|d$Bne=H)0hs$H#2-#KH;;@p}Qf!oU9odB5*?w`9XT_Tq1faw6a
zZy{1b;oUCpvosgd7`h<<FO6?6a_*1Zxte0c#`mAPyi16UPjHck^~>zv>9vT3za8ms
zl_Wf9L;0x%^jQRoZCbD(S{7dmaA!7R?(A7d%T_;GM~v9)G~X-z#aE@{TTO4&`1>vS
zgKFgXp|ica$#TQ^-JdTCMSr@MubUxzBX`5E=mRQ<8E_nTY&xE)5*3}iI!3f;%z!fN
zFEuMCEGWLG491ogO(mBaerXVHUX~eU9py<iyf~b*`<0)yanA{gN&HZyBvJ$-TXT?3
zKnlS+HygDrO})}gv$_tZW3@ica0cavCqG%oRl90mA3&3$z-P0p#(o`uy4Cos5EiNF
zAM@T1n_n)FV{uUcbol+AhX6tk7y(9*P>SP}$1+pMHp2^T;P%bw^~YTDHT9LHohvNK
z&&PK%RID)Z3%U|oDcaeSA}PEDwSLPE95T6an%ht8xP86_*y%2NeF4lPm?jRh_uUTK
zYfDJ+R}F7I^H9PpX}_1G%#U7&<*YuBz?p|66HGk}M4qMpA>_QBm0(;}PmTy%z{f$g
ziwDG19p&AAd%xsH_^$}dKa_Wl>0?Y>U*kMkPJA0%9fI-up{c%op}JhbgfpLEEQ1~B
zT3Vk5pZ7h$aj6E*E@2)RT!rjBF1Pcv&Bl4lNYzvYn`cB$``As!acHuOF6wg1+dE0S
zT{m+vWfu_cdv3AR()lrIpUsu}TW*^VDk)*N$&P2?`&gxq;<WOzc`XvK$d43hFkQOo
zr`f(ConyuCezaYqdAB&LC0NM9id(0Z*{KsAo2pUN)hw$E#mP;1RjQH<YMMOB?uVdc
z4s^>@B?XmAydxGdP2$x3L@?Vz5mo@LnBFJ*KJJ~~VGHuQjQyh7;B+&$voW&EupDuh
zKdUED^4TIZ(;EDf2Tp0Fup)jPD2qaLx=sWB4@SDL##<U9?Z3=UR_xwya!y-Lm7rw0
zr7c$QBrGx{kglzp!w&sT?V7m^NOkl`rrQiZk)NbJI`;C8#w;5C4so9ZZ{vIMz&t(J
z!26}Wylg!~5AjuU8<rVb`i*$}ov(hebIX3Lw(g9~JwGlb-`C0yFmuBD_#&9RwlfP0
zmk}(oDw6ISDTn;P?eqQ_A@CK^jba80V{5+41EBaf3pG9ep-~u7z#FqEt}RX!IfCep
zav)_}fgHR_psBBd)<da5R97oU_y_Ku!JS(;pZKR~@z0{Rbf3=iJ4AA5Rcc>0@OB-e
zmC5hCEe&z7rDjDR>Vzl#>-_fjU5(zEpKqg2+TZHyb%}nkOKy`77meGZNZh2wR#DqJ
z$)fA|cE#EgH@C9<W_w!=>AZUl?XQ(buqF9^u6IBp#%2!bqRqL)+_8b5*VP|$Jba6-
z(zXcFdApk8l9fmDR^@Swj;M%emt0MsPX&hO)@u)s_2~K@`!n0Rr}Niyx&dS!6aHyA
zeIi}ARHiQ{n{n*r(;H=_i#~(`LlrZ3kLS)3;}dt)V?TjDTtbZtT@QSj%*tckHgy|z
z+^aW#w#s8{8ax<|Zu~_eKKWd+JGE?_A#SkT=B9my+}e0s9j|5*S846soI+w37%v}h
z_oR+Lc=`E!E4+zn@9b!q_Lel<+*q^fpsaCpbZ9V4SOoL%=++GX-!JAT2KUs6gkfiN
zqksAv7yB;d6^s-P|L^`u@N3s?D9ZnK6Xk!Jfks%JVv|4T>Pi0fWhIp)s=pWq|1Xxc
BgDwC7

literal 0
HcmV?d00001