1 CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced
2 Introduction Deploying cryptographic keys to end points such as smart phones, virtual machines in The Public Cloud, and smart grid equipment is risky. This presentation proposes a Cryptography as a Service (CaaS) model which allows operations to be performed without exposing cryptographic keys and recommends how to overcome the pitfalls associated with this technology.
3 Acknowledgements I acknowledge the combined efforts of the many people who have progressed the CaaS technology area in RSA to where it is today. In particular I thank: Steve Schmalz, Jaimee Brown, Eric Young, Stefan Pingel, Sean Parkinson, Sandra Carielli, Ken Ray, Didi Dotan, Mike Shanzer, Ingo Schubert, Ari Juels, Karen Reinhardt, David Healy, and Nikos Triandopoulos.
4 Pre-Requisites This session is classified as Advanced and assumes you have an understanding of: Security concepts such as Entropy. Cryptographic Algorithms such as RSA, ECDSA, ECDH, AES, SHA256, HMAC/SHA256, and PRNGs. Transport Layer Security (TLS). Hyper Text Transfer Protocol (HTTP). Cryptographic Message Syntax (CMS) / PKCS #7.
5 Agenda Problem Domain and Examples. CaaS Definition. End Point Authentication. Crypto Algorithms and Security Operations. System Impact of Moving to CaaS. CaaS Usage.
6 Problem Domain and Examples
7 Vulnerable End Points Poor entropy: Bad place to generate keys. Heightened probability of compromise.
8 End Point Key Gen and Crypto
9 End Point Cryptography Key Manager
10 Cryptography as a Service Cryptographic Service Provider Key Manager
11 Example: Smart Phone App Sign out-going . Decrypt in-coming . View and create protected information: Stored off-device: Documents stored in the cloud. On-device: Address book.
12 Example: Smart Phone App Sign out-going signing private key. Decrypt in-coming decryption private key. View and create protected information: MAC and symmetric encryption: Symmetric keys. Asymmetric signing and decryption: Private keys.
13 Example: Smart Phone App Compromise scenarios: Attacker steals smart phone and attempts to compromise data or keys on the phone. Attacker steals a back-up of the phone. Malware App steals data or keys. Malware App compromises or biases entropy sources which results in more easily guessed keys.
14 Example: Smart Phone App Multiple devices: If you have multiple devices, the problems are multiplied.
16 Example: Virtual Machine HTTPS server: Signing or decryption private key (depending on TLS cipher suite). Audit logging: Symmetric keys for MAC and symmetric encrypt, or asymmetric keys for signing and enveloping. Secure Messaging or Transactions: Symmetric or asymmetric keys for signing and encryption.
17 Example: Virtual Machine Compromise scenarios: Attacker copies the VM. Attacker steals a back-up of the VM. Attacker uses a misconfiguration or vulnerability to gain access to the VM. Attacker compromises or biases entropy sources which results in more easily guessed keys.
18 Example: Smart Grid Status information from Smart Grid equipment. Verification of software updates. Verification and decryption of control messages.
19 Example: Smart Grid Status information from Smart Grid equipment: Private key for signing and symmetric key for encryption. Verification of software updates: Public key for verification. Verification and decryption of control messages: Public key for verification and symmetric key for decryption.
20 Example: Smart Grid Compromise scenarios: Attacker obtains access to the smart grid device and attempts to compromise data or keys on the device. Attacker uses a misconfiguration or vulnerability to take control of the device. Attacker uses knowledge of the device s entropy sources to guess keys.
21 Cryptography as a Service Cryptographic Service Provider
22 CaaS Definition
23 Cryptography as a Service Keyed cryptographic operations, such as encryption and decryption, are performed by a CaaS provider on behalf of a device via web services APIs. The cryptographic keys used to perform these operations are stored within the CaaS provider, so devices do not possess these keys at any time.
24 Cryptography as a Service Secret Data P A B ID Key Data, Alg, Cryptographic Service Provider
25 Cryptography as a Service Secret Data P A B 1. Encrypt P ID Key Data, Alg, Cryptographic Service Provider
26 Cryptography as a Service Secret Data P A B 1. Encrypt P 2. Generate and store key 3. C = Encrypt(AES, 0x1234, P) ID Key Data, Alg, AA 0x1234, AES Cryptographic Service Provider
27 Cryptography as a Service Secret Data P A B 4. Encrypted result [AA, C] 1. Encrypt P 2. Generate and store key 3. C = Encrypt(AES, 0x1234, P) ID Key Data, Alg, AA 0x1234, AES Cryptographic Service Provider
28 Cryptography as a Service Secret Data P A Encrypted [AA, C] 5. Send B 4. Encrypted result [AA, C] 1. Encrypt P 2. Generate and store key 3. C = Encrypt(AES, 0x1234, P) ID Key Data, Alg, AA 0x1234, AES Cryptographic Service Provider
29 Cryptography as a Service Secret Data P A Encrypted [AA, C] 5. Send B 4. Encrypted result [AA, C] 1. Encrypt P 6. Decrypt [AA, C] 2. Generate and store key 3. C = Encrypt(AES, 0x1234, P) ID Key Data, Alg, AA 0x1234, AES Cryptographic Service Provider
30 Cryptography as a Service Secret Data P A Encrypted [AA, C] 5. Send B 4. Encrypted result [AA, C] 1. Encrypt P 6. Decrypt [AA, C] 2. Generate and store key 3. C = Encrypt(AES, 0x1234, P) ID Key Data, Alg, AA 0x1234, AES Cryptographic Service Provider 7. Lookup(AA) 8. P = Decrypt(AES, 0x1234, C)
31 Cryptography as a Service Secret Data P Secret Data P A Encrypted [AA, C] 5. Send B 4. Encrypted result [AA, C] 1. Encrypt P 6. Decrypt [AA, C] 9. Decrypted result [P] 2. Generate and store key 3. C = Encrypt(AES, 0x1234, P) ID Key Data, Alg, AA 0x1234, AES Cryptographic Service Provider 7. Lookup(AA) 8. P = Decrypt(AES, 0x1234, C)
32 End Point Key Gen and Crypto
33 End Point Cryptography Key Manager
34 Cryptography as a Service Cryptographic Service Provider Key Manager
35 Cryptography as a Service REST 1 or KMIP 2 Cryptographic Service Provider Key Manager 1. Representational State Transfer (REST). Often over mutually authenticated TLS. 2. Key Management Interoperability Protocol (KMIP). Uses mutually authenticated TLS.
36 End Point Authentication
37 Authentication End Point Authentication ensures only authorized end points can use the CaaS services.
38 Auth: Smart Phone App User: Password. Voice print. Facial recognition. Motion based. SecurId One Time Password. Environment: Device: Device ID, SIM number, Phone number. Location. Apps allowed to be on phone. Time of day.
39 Auth: Smart Phone App Risk based authentication could be applicable: Services available depend on the degree to which the identity is authenticated. Alternatively, perhaps the level of authentication could be stepped-up if the requested service requires a higher degree of authentication than has been provided.
40 Auth: Virtual Machine Mutually authenticated TLS: TLS Client private key must be stored on VM and protected. Server authenticated TLS with a password or PIN 1 : Password must be stored on VM and protected. 1. Personal Identification Number. In this context, a very large pseudo-random number.
41 Auth: Virtual Machine Environment: System values: Complex due to virtualization layer, and technologies such as vmotion. Can be used to encrypt local secrets. Software attestation / environmental comparison. Virtual Trusted Platform Module (vtpm). Local authentication: Use techniques to determine if VM is local to a service provider. Operational heuristics.
42 Auth: Smart Grid System values: Device unique identifier. MAC address. User: Installation PIN.
43 Crypto Algorithms and Security Operations
44 Cryptographic Algorithms This section explores which types of security operations make sense in a CaaS context. The impact of compromise of the end point is also reviewed.
45 Cryptographic Algorithms Private key operations: Asymmetric signing. Asymmetric decryption. Key agreement. Compromise: Private key not exposed. However, private key could be used.
46 Cryptographic Algorithms Secret key operations: MACing. Symmetric encryption / decryption. Compromise: Secret key not exposed. However, secret key could be used.
47 Cryptographic Algorithms Entropy and Pseudo-random Numbers. Usage: Entropy from CaaS can be mixed into an end point s entropy to dramatically improve the quality of entropy on the end point. This will greatly improve the quality of end point produced keys. Compromise: None.
48 Cryptographic Algorithms Public key operations: Asymmetric signature verification. Asymmetric encryption. Usage: Crypto acceleration by off-loading processing? Compromise: Public key not exposed. However, public key could be used.
49 Cryptographic Algorithms Message Digesting. Usage: To connect securely to a CaaS server, operations such as Message Digesting are required. As such, if the cryptographic library used to connect to the CaaS server can not be trusted to Message Digest values correctly, then the result also can t be trusted. Possible usage if the output of the Message Digesting operation can be directly supplied to another CaaS operation.
50 Cryptographic Algorithms Combining algorithms: Advantageous to be able to combine multiple operations in the one web services call: Sign and encrypt for instance. CMS / PKCS #7: Secure messaging which offers a range of standard encapsulation types, for instance signed and enveloped.
51 System Impact of Moving to CaaS
52 System Impact: Advantages Improved security: No important cryptographic keys on end points. Important cryptographic keys stored and backed up in one place; in a key manager. Other advantages: Possible improved performance due to scalable web services.
53 System Impact: Disadvantages Disadvantages: Increased architectural complexity. Latency due to web calls. Possibly reduced performance due to overhead of making web calls. Possibly more hardware required to host the CaaS provider. Denial of Service: Causing a loss of connection between an end point and the CaaS provider results in the end point not being able to perform cryptographic operations.
54 System Impact: Challenges Authentication of the end point requesting cryptography services is the major challenge of CaaS. Network connectivity is required to allow the end point to have the CaaS provider perform the required action when required. For some situations, such as Smart Grid, this may not be possible.
56 Usage: Smart Phone App Example: Sending a signed .
62 Usage: Smart Phone App 1. Login 4. Write 5. Plain text & Authentication Token 6. Signed 2. Authenticate Cryptographic Service Provider Key Manager 3. Authentication Token Authentication Provider
63 Usage: Smart Phone App 1. Login 4. Write 7. Send signed to server. 5. Plain text & Authentication Token 6. Signed 2. Authenticate Cryptographic Service Provider Key Manager 3. Authentication Token Authentication Provider
64 Usage: Smart Phone App 1. Login 4. Write 7. Send signed to server. 5. Plain text & Authentication Token 6. Signed 2. Authenticate Cryptographic Service Provider Key Manager 3. Authentication Token Authentication Provider
65 Usage: Smart Grid & VM Example: Smart Grid and VM
66 Usage: Smart Grid & VM At time of manufacture: 1. Smart Grid device manufacturer puts onto the device: a. Serial Number. b. Start up entropy. c. Manufacturer s public key used for software update verification. Cryptographic Service Provider Key Manager Manufacturer puts boot-strap information onto device. Authentication Provider
67 Usage: Smart Grid & VM At installation time: 2. Device gets a software update signed by the Manufacturer s private key. The update contains: a. Utility s public key used for verifying control messages. b. Utility s public key used for decrypting messages from devices. which allows Utility to put more boot-strap information on device. Cryptographic Service Provider Authentication Provider Key Manager
68 Usage: Smart Grid & VM At installation time: 3. Device authenticates to server sending serial number and installation PIN encrypted using Utility s encryption public key. Cryptographic Service Provider Key Manager The device authenticates. Authentication Provider
69 Usage: Smart Grid & VM At installation time: 4. Device and server use serial number and installation PIN as an initial symmetric key. 5. Server generates an ephemeral device specific EC key pair for use in ECDH. 6. Server sends to the device, encrypted against the initial symmetric key and signed with the Utility s Control private key: a. Server s device specific ECDH public key. b. Entropy. CaaS delivers entropy to device. Cryptographic Service Provider Authentication Provider Key Manager
70 Usage: Smart Grid & VM At installation time: 7. Device combines entropy from server and local entropy to generate an ephemeral EC key pair for use in ECDH, and an EC key pair for signing status messages. 8. Device uses ephemeral EC private key and server s device specific EC public key to derive an the device specific AES key. 9. Device sends to the server encrypted using server s encryption public key: a. Device s Status public key. b. Device s ephemeral EC public key. CaaS and device complete ECDH key agreement. Cryptographic Service Provider Authentication Provider Key Manager
71 Usage: Smart Grid & VM At installation time: 10. Server uses device s ephemeral EC public key and server s ephemeral EC private key to generate the device specific AES key. 11. Device now has the utility s public keys and the utility s servers have the device s public key. The device and the utility s servers share an AES key. Device and server can communicate securely. Cryptographic Service Provider Authentication Provider Key Manager
72 Usage: Smart Grid & VM When operational: 1. Server to device: Signed and symmetric encrypted control messages. 2. Device to server: Signed and symmetric encryption status messages. Cryptographic Service Provider Key Manager Device has keys. CaaS has keys. VM has no keys. Authentication Provider
73 Usage: Smart Grid & VM When operational: 1. Server to device: Signed and symmetric encrypted control messages. 2. Device to server: Signed and symmetric encryption status messages. Cryptographic Service Provider Key Manager Device keys were generated in conjunction with CaaS. Authentication Provider
75 Apply Review what end points you have. For each end point: Which keys are on the end point? What cryptographic operations are performed and why? What would be the cost of compromise of the keys be? Which cryptographic operations would be suitable for a CaaS model? What authentication mechanisms could be used?
76 Limitations of Technology CaaS does not apply to all scenarios: No authentication mechanism. No network connection.
77 Summary End points are bad places to generate and store keys. CaaS allows cryptographic services to be performed on behalf of end points without exposing important cryptographic keys to the end points. CaaS when combined with strong authentication can greatly improve the security of a system. CaaS does not apply to all cryptographic operations. Some environments, such as embedded devices, are challenging for CaaS. However, CaaS can still be used in these situations to improve the security.
78 Q & A Any Questions?
79 Thank you! Peter Robinson RSA, The Security Division of EMC
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
Cryptography in AllJoyn Greg Zaverucha Software Engineer, Microsoft 10 November 2015 AllSeen Alliance 1 Agenda 1. Review of AllJoyn security features 2. Authentication and security protocols 3. Comparison
Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Radhika G #1, K.V.V. Satyanarayana *2, Tejaswi A #3 1,2,3 Dept of CSE, K L University, Vaddeswaram-522502,
Mitigating Server Breaches with Secure Computation Yehuda Lindell Bar-Ilan University and Dyadic Security The Problem Network and server breaches have become ubiquitous Financially-motivated and state-sponsored
Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, firstname.lastname@example.org A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
National Security Agency Perspective on Key Management IEEE Key Management Summit 5 May 2010 Petrina Gillman Information Assurance (IA) Infrastructure Development & Operations Technical Director National
Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety
Security - 1 - OPC UA - Security Security Access control Wide adoption of OPC SCADA & DCS Embedded devices Performance Internet Scalability MES Firewalls ERP Communication between distributed systems OPC
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
Multifactor authentication systems Jiří Sobotka, Radek Doležel Fakulta elektrotechniky a komunikačních technologií VUT v Brně Email: email@example.com Fakulta elektrotechniky a komunikačních technologií
GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
OpenADR 2.0 Security Jim Zuber, CTO QualityLogic, Inc. Security Overview Client and server x.509v3 certificates TLS 1.2 with SHA256 ECC or RSA cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright
White Paper Key Management Best Practices Data encryption is a fundamental component of strategies to address security threats and satisfy regulatory mandates. While encryption is not in itself difficult
Sponsored by Oracle : New Technologies and Best Practices for Database Encryption A SANS Whitepaper April 2010 Written by Tanya Baccam, SANS senior instructor and course author for SEC509: Oracle Database
Analyzing the Security Schemes of Various Cloud Storage Services ECE 646 Project Presentation Fall 2014 12/09/2014 Team Members Ankita Pandey Gagandeep Singh Bamrah Pros and Cons of Cloud Storage Services
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner firstname.lastname@example.org Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
Is Your SSL Website and Mobile App Really Secure? Agenda What is SSL / TLS SSL Vulnerabilities PC/Server Mobile Advice to the Public Hong Kong Computer Emergency Response Team Coordination Centre 香 港 電
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1 Contents 2010.8.23 DRM inside, Taehyun Kim ETRI, Kisoon Yoon 1 Introduction NIST (National Institute of Standards and Technology) published
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare email@example.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
CSE/EE 461 Lecture 23 Network Security David Wetherall firstname.lastname@example.org Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team email@example.com Contents Introduction to SSL/TLS Cryptography
RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,
NCP Secure Client Juniper Edition Service Release: 9.30 Build 102 Date: February 2012 1. New Features and Enhancements The following describe the new features introduced in this release: Visual Feedback
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing
ERserver iseries Securing applications with SSL ERserver iseries Securing applications with SSL Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users
The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and
Amethyst Cryptographic Services Ltd Managed Encryption Service An Overview Chris Greengrass March 2011 Encryption and Cryptography The use of encryption/decryption is as old as the art of communication.
Introduction An Overview of the D Industrial Router Product Line Secure Access with VPN Technology in Industrial Networks Outlining the IPsec and VPN capabilities available in the GarrettCom D series of
Application Security: Threats and Architecture Steven M. Bellovin firstname.lastname@example.org http://www.cs.columbia.edu/ smb Steven M. Bellovin August 4, 2005 1 We re from the Security Area, and We re Here to
Security Policy www.clickmeeting.com 1 Introduction ClickMeeting is a worldwide, solid and easy to use SaaS platform. It s core was constructed with the hi-end technology. Data security the highest priority
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
MS-55096: Securing Data on Microsoft SQL Server 2012 Description The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure