Security architecture Integrating security into the communicating vehicle. Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015

Size: px
Start display at page:

Download "Security architecture Integrating security into the communicating vehicle. Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015"

Transcription

1 Security architecture Integrating security into the communicating vehicle Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015

2 Overview PRESERVE provides a close-to-market V2X Security Architecture (VSA) considering External V2X communication security Onboard communication & data security Public Key Infrastructure (PKI) Privacy protection Abstract V2X security architecture Detailed PRESERVE architecture 2

3 Contribution to Harmonization and Standardization ETSI Internal Security Interfaces conforming to ETSI ITS WG 5 Integration of security in the communication stack according to ETSI EN (Geo Networking) C2C-CC Joint architecture workshop TF PKI, TF TAL, TF Privacy HTG 1 & 3 / HTG 6 Participation as C-ITS experts Status of security standards and needs for harmonization International harmonization of C-ITS Credential Management System (CCMS) 3

4 Applications Road Safety Road Traffic Efficiency Comfort and Mobility FA SA Security Secure Information Secure Communication MF Facilities SF Secure Software Data Consistency and Plausibility Internal Communication Secure Storage Privacy Protection External Communication Management MN Networking & Transport SN Credential Management Security Management Security Entities Management Access Security Analysis Security Policies HSM MI Internal Communication SI Audit Monitoring Policy Storage Policy Management Sec. Storage Crypto Acc. External Communication Logging Policy Enforcement TRNG

5 In- Vehicle PRESERVE Vehicle Security Subsystem Sensors Sensors Sensors ECUs Head Unit CAN Bus Comm. Control Security Event Processor Policy Decision Entity Auth. Security Support Platform Integrity Crypto. Services HW Layer TPM HSM Open SSL Applications V2X Comm. Stack Facilities Layer Network Layer MAC Layer CL External API Convergence Layer CL Internal API Privacy Enforcement Runtime Architecture Secure Communication Communication Layer Pseudonym Manag. ID & Trust Management Security Services Management and Configuration Legend X Y X use service of Y Sevecom Mod. EVITA PRECIOSA Mod. External SW/HW Optional comp.

6 Public Key Infrastructure

7 Public Key Infrastructure ITS G5 Network V2X Security Infrastructure CA certs. Long-term Certificate Authority IP LTC Root Certificate Authority ITS G5 PC 1 PC n Pseudonym Certificate Authority V2X message PC 1 RSU Vehicles 7

8 Results of the PRESERVE Architecture Workshop 2013 Relation of IP and non-ip communication from a security perspective Parallel processing of packets in the communication stack to fully exploit HSM performance Verification-on-demand, certificate omission and their relation to Distributed Congestion Control Meta-data and cross-layer signalling of security information Development of the PKI architecture in more complex ITS settings Design of Misbehavior Detection 8

9 Summary PRESERVE V2X Security Architecture Bridges the gap between the very abstract ETSI reference architecture and specific implementations Conforming with current standards and considers in addition future aspects Stable basis for V2X security implementers and integrators 9

10 BACKUP SLIDES 10

11 Integration of Security Header 11

12 Onboard Meta Data Exchange 12

13 Pseudonym Certificate Refill 13

The relevance of cyber-security to functional safety of connected and automated vehicles

The relevance of cyber-security to functional safety of connected and automated vehicles The relevance of cyber-security to functional safety of connected and automated vehicles André Weimerskirch University of Michigan Transportation Research Institute (UMTRI) February 12, 2014 Introduction

More information

Vehicular On-board Security: EVITA Project

Vehicular On-board Security: EVITA Project C2C-CC Security Workshop 5 November 2009 VW, MobileLifeCampus Wolfsburg Hervé Seudié Corporate Sector Research and Advance Engineering Robert Bosch GmbH Outline 1. Project Scope and Objectives 2. Security

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture

Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture IEEE GLOBECOM Design and Developers Forum Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture Tim Weil CISSP, CISA Booz Allen Hamilton

More information

ETSI TC ITS RELEASE PROCESS

ETSI TC ITS RELEASE PROCESS ETSI TC ITS RELEASE PROCESS ITS Workshop Doha 7-9 February 2012 Søren Hess Chairman ETSI TC ITS hess@shess.dk Status of ETSI standardisation M/453 Applicationand Facility Network and transport GeoNetworking

More information

Securing Wireless Access for Vehicular Environments (WAVE)

Securing Wireless Access for Vehicular Environments (WAVE) Securing Wireless Access for Vehicular Environments (WAVE) May 7, 2009 CTST, New Orleans Tim Weil CISSP/CISA Security Architect ITS Engineering Booz Allen Hamilton 0 The concept of VII started upon the

More information

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Andreas Fuchs and Roland Rieke {andreas.fuchs,roland.rieke}@sit.fraunhofer.de Fraunhofer Institute for

More information

Introduction of Information Security Research Division

Introduction of Information Security Research Division Introduction of Information Security Research Division 2005. 5. 13. Kyo-il Chung, Ph. D. Information Security Infrastructure Research Group Contents Overview - Secure u-it KOREA - Organization of ETRI

More information

ITS Safety, Security and Privacy. Scott Cadzow, i-tour partner, ETSI ITS WG5 Chairman

ITS Safety, Security and Privacy. Scott Cadzow, i-tour partner, ETSI ITS WG5 Chairman ITS Safety, Security and Privacy Scott Cadzow, i-tour partner, ETSI ITS WG5 Chairman 1 ITS Security tutorial agenda ITS security/safety/privacy in context The security process TVRA what we analysed and

More information

KVM Security - Where Are We At, Where Are We Going

KVM Security - Where Are We At, Where Are We Going Klaus Heinrich Kiwi Software Engineer LinuxCon Brazil August 31, 2010 KVM Security - Where Are We At, Where Are We Going Klaus Heinrich Kiwi, IBM LTC 2010 IBM Corporation KVM Security - Where Are We At,

More information

Future Directions for Internet of Things Work

Future Directions for Internet of Things Work Future Directions for Internet of Things Work Naming Architecture for Object to Object Communications 77 th IETF Anaheim, March 2010 Gyu Myoung Lee (gmlee@it-sudparis.eu)

More information

Hardware Security for Trustworthy C2X Applications Marko Wolf

Hardware Security for Trustworthy C2X Applications Marko Wolf Hardware Security for Trustworthy C2X Applications Marko Wolf C2C-CC/CAMP Harmonization Workshop, Wolfsburg, Germany, 15.3.2012 Outline 1. Three General Reasons for Automotive Hardware Security Modules

More information

MIF Charter update proposal

MIF Charter update proposal MIF Charter update proposal MIF WG Charter update proposal summary http://www.ietf.org/mail-archive/web/mif/current/msg02125.html Specific deliverables listed MPVD architecture document Requirement for

More information

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri Automotive Ethernet Security Testing Alon Regev and Abhijit Lahiri 1 Automotive Network Security Cars are evolving Number of ECUs, sensors, and interconnects is growing Moving to Ethernet networks utilizing

More information

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications 7 th escar Embedded Security in Cars Conference November 24 25, 2009, Düsseldorf Dr.-Ing. Olaf Henniger, Fraunhofer SIT Darmstadt Hervé

More information

OS/390 Firewall Technology Overview

OS/390 Firewall Technology Overview OS/390 Firewall Technology Overview Washington System Center Mary Sweat E - Mail: sweatm@us.ibm.com Agenda Basic Firewall strategies and design Hardware requirements Software requirements Components of

More information

Laboratory Exercises V: IP Security Protocol (IPSec)

Laboratory Exercises V: IP Security Protocol (IPSec) Department of Electronics Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture (FESB) University of Split, Croatia Laboratory Exercises V: IP Security Protocol (IPSec) Keywords:

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

Security in Vehicle Networks

Security in Vehicle Networks Security in Vehicle Networks Armin Happel, Christof Ebert Stuttgart, 17. March 2015 V1.1 2015-04-28 Introduction Vector Consulting Services supports clients worldwide in improving their product development

More information

Cloud Security Overview

Cloud Security Overview UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Security Overview Murat Kantarcioglu Outline Current cloud security techniques Amazon Web services Microsoft Azure Cloud Security Challengers

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

SOFTWARE-DEFINED NETWORKING AND OPENFLOW SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control

More information

ReadyNAS Remote White Paper. NETGEAR May 2010

ReadyNAS Remote White Paper. NETGEAR May 2010 ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that

More information

Enterprise Security Architecture Concepts and Practice

Enterprise Security Architecture Concepts and Practice Enterprise Architecture Concepts and Practice Jim Whitmore whitmore@us.ibm.com Presentation to Open Group Oct 22, 2003 Enterprise Architecture Abstract In the early 90 s IBM Global Services created a Consultancy

More information

Affording the Upgrade to Higher Speed & Density

Affording the Upgrade to Higher Speed & Density Affording the Upgrade to Higher Speed & Density Ethernet Summit February 22, 2012 Agenda VSS Overview Technology Q&A 2 Corporate Overview World Leader in Network Intelligence Optimization Deployed in 80%

More information

e-authentication guidelines for esign- Online Electronic Signature Service

e-authentication guidelines for esign- Online Electronic Signature Service e-authentication guidelines for esign- Online Electronic Signature Service Version 1.0 June 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry of Communications

More information

API-Security Gateway Dirk Krafzig

API-Security Gateway Dirk Krafzig API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing

More information

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Vehicular Security Hardware The Security for Vehicular Security Mechanisms escrypt GmbH Embedded Security Systemhaus für eingebettete Sicherheit Vehicular Security Hardware The Security for Vehicular Security Mechanisms Marko Wolf, escrypt GmbH Embedded Security Embedded Security

More information

Key Management Best Practices

Key Management Best Practices White Paper Key Management Best Practices Data encryption is a fundamental component of strategies to address security threats and satisfy regulatory mandates. While encryption is not in itself difficult

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

How to configure Client side certificate authentication for authorization-only access / Active Sync URL s

How to configure Client side certificate authentication for authorization-only access / Active Sync URL s How to configure Client side certificate authentication for authorization-only access / Active Sync URL s Juniper Networks, Inc. Overview: Authorization-only access is similar to a reverse proxy. Typically,

More information

Security within a development lifecycle. Enhancing product security through development process improvement

Security within a development lifecycle. Enhancing product security through development process improvement Security within a development lifecycle Enhancing product security through development process improvement Who I am Working within a QA environment, with a focus on security for 10 years Primarily web

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

SWITCHpki long lived grid user certificates

SWITCHpki long lived grid user certificates SWITCHpki long lived grid user certificates PKI meeting in Bern Bern, 15 June 2010 Alessandro Usai alessandro.usai@switch.ch Trust Link Interface! Long lived grid user certificates are now handled by the

More information

Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal

Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal Shawn Geddis Security Consulting Engineer, Apple Enterprise geddis@apple.com 703-264-5103 1 Agenda A View of Apples PKI

More information

Building a protocol validator for Business to Business Communications. Abstract

Building a protocol validator for Business to Business Communications. Abstract Building a protocol validator for Business to Business Communications Rudi van Drunen, Competa IT B.V. (r.van.drunen@competa.com) Rix Groenboom, Parasoft Netherlands (rix.groenboom@parasoft.nl) Abstract

More information

Data Communication Networks and Converged Networks

Data Communication Networks and Converged Networks Data Communication Networks and Converged Networks The OSI Model and Encapsulation Layer traversal through networks Protocol Stacks Converged Data/Telecommunication Networks From Telecom to Datacom, Asynchronous

More information

The Costs of Managed PKI:

The Costs of Managed PKI: The Costs of Managed PKI: In-House Implementation of PKI vs. Traditional Managed PKI vs. ON-Demand PKI A TC TrustCenter Whitepaper Last Updated: February 2008 Introduction Until recently, organizations

More information

Feature Comparison. Windows Server 2008 R2 Hyper-V and Windows Server 2012 Hyper-V

Feature Comparison. Windows Server 2008 R2 Hyper-V and Windows Server 2012 Hyper-V Comparison and Contents Introduction... 4 More Secure Multitenancy... 5 Flexible Infrastructure... 9 Scale, Performance, and Density... 13 High Availability... 18 Processor and Memory Support... 24 Network...

More information

CONVERGENCE Glossary (version of 30/10/2012)

CONVERGENCE Glossary (version of 30/10/2012) Glossary (version of 30/10/2012) Term Access Rights Advertise Application Business Scenario CA CCN Cl_Auth_SC Cl_Auth_User_Pw Clean-slate architecture CoApp CoApp Provider CoMid CoMid Provider CoMid Resource

More information

PCI Compliance Considerations

PCI Compliance Considerations PCI Compliance Considerations This article outlines implementation considerations when deploying the Barracuda Load Balancer ADC in an environment subject to PCI Data Security Standard (PCI DSS) compliance.

More information

Looking Ahead The Path to Moving Security into the Cloud

Looking Ahead The Path to Moving Security into the Cloud Looking Ahead The Path to Moving Security into the Cloud Gerhard Eschelbeck Sophos Session ID: SPO2-107 Session Classification: Intermediate Agenda The Changing Threat Landscape Evolution of Application

More information

OpenFlow: History and Overview. Demo of OpenFlow@home routers

OpenFlow: History and Overview. Demo of OpenFlow@home routers Affan A. Syed affan.syed@nu.edu.pk Syed Ali Khayam ali.khayam@seecs.nust.edu.pk OpenFlow: History and Overview Dr. Affan A. Syed OpenFlow and Software Defined Networking Dr. Syed Ali Khayam Demo of OpenFlow@home

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

PC Business Banking. Technical Requirements

PC Business Banking. Technical Requirements PC Business Banking Technical Requirements For PC Business Banking Version 7.0 March 2007 Application Overview PC Business Banking (PCBB) is Bank of New Zealand s banking platform for large business/corporate

More information

Management and Web service Management

Management and Web service Management Management and Web service Management This presentation offers work to OASIS completed by IBM with contribution from CA and Talking Blocks The work details a frame of reference for Management Applications,

More information

Universal Flash Storage: Mobilize Your Data

Universal Flash Storage: Mobilize Your Data White Paper Universal Flash Storage: Mobilize Your Data Executive Summary The explosive growth in portable devices over the past decade continues to challenge manufacturers wishing to add memory to their

More information

Windows Server 2008 R2 Hyper-V Server and Windows Server 8 Beta Hyper-V

Windows Server 2008 R2 Hyper-V Server and Windows Server 8 Beta Hyper-V Features Comparison: Hyper-V Server and Hyper-V February 2012 The information contained in this document relates to a pre-release product which may be substantially modified before it is commercially released.

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12. Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON

More information

Are Second Generation Firewalls Good for Industrial Control Systems?

Are Second Generation Firewalls Good for Industrial Control Systems? Are Second Generation Firewalls Good for Industrial Control Systems? Bernie Pella, CISSP Schneider Electric Cyber Security Services bernie.pella@schneider-electric.com Firewall Overview Firewalls provide

More information

SSL Inspection Step-by-Step Guide. June 6, 2016

SSL Inspection Step-by-Step Guide. June 6, 2016 SSL Inspection Step-by-Step Guide June 6, 2016 Key Drivers for Inspecting Outbound SSL Traffic Eliminate blind spots of SSL encrypted communication to/from the enterprise Maintaining information s communication

More information

Long Term Evolution - LTE. A short overview

Long Term Evolution - LTE. A short overview Long Term Evolution - LTE A short overview LTE Architecture 2 Conformance Test Suite Specification 3 GPP and ETSI product 3GPP TS 32.523-3 Evolved Universal Terrestrial Radio Access (E-UTRA) User Equipment

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Building Robust Security Solutions Using Layering And Independence

Building Robust Security Solutions Using Layering And Independence Building Robust Security Solutions Using Layering And Independence Fred Roeper Neal Ziring Information Assurance Directorate National Security Agency Session ID: STAR-401 Session Classification: Intermediate

More information

Connectivity. SWIFTNet Link 7.0. Functional Overview

Connectivity. SWIFTNet Link 7.0. Functional Overview Connectivity SWIFTNet Link 7.0 Functional Overview December 2010 SWIFTNet Link 7.0 Table of Contents 1 Introduction... 3 2 Enhancements and features... 4 2.1 Message and File Copy... 4 2.2 Message and

More information

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture Deploying Cisco ASA VPN Solutions Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and Course Flow Additional Cisco Glossary of Terms Your Training Curriculum Evaluation of the Cisco

More information

Abstract. Avaya Solution & Interoperability Test Lab

Abstract. Avaya Solution & Interoperability Test Lab Avaya Solution & Interoperability Test Lab Application Notes for Configuring a Small to Medium Size Business VoIP and Data Network Solution Consisting of HP ProCurve Networking Switches and an Avaya Telephony

More information

A Perspective on the Evolution of Mobile Platform Security Architectures

A Perspective on the Evolution of Mobile Platform Security Architectures A Perspective on the Evolution of Mobile Platform Security Architectures Kari Kostiainen Nokia Research Center, Helsinki TIW, June 2011 Joint work with N. Asokan, Jan-Erik Ekberg and Elena Reshetova 1

More information

Software Datapath Acceleration for Stateless Packet Processing

Software Datapath Acceleration for Stateless Packet Processing June 22, 2010 Software Datapath Acceleration for Stateless Packet Processing FTF-NET-F0817 Ravi Malhotra Software Architect Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions

More information

Automotive and Industrial Data Security

Automotive and Industrial Data Security André Weimerskirch Cybersecurity for Cyber-Physical Systems Workshop April 23-24, 2012 Overview Introduction and Motivation Risk analysis Current and future security solutions Conclusions Communication

More information

CGHub Client Security Guide Documentation

CGHub Client Security Guide Documentation CGHub Client Security Guide Documentation Release 3.1 University of California, Santa Cruz April 16, 2014 CONTENTS 1 Abstract 1 2 GeneTorrent: a secure, client/server BitTorrent 2 2.1 GeneTorrent protocols.....................................

More information

Public Key Infrastructure for a Higher Education Environment

Public Key Infrastructure for a Higher Education Environment Public Key Infrastructure for a Higher Education Environment Eric Madden and Michael Jeffers 12/13/2001 ECE 646 Agenda Architectural Design Hierarchy Certificate Authority Key Management Applications/Hardware

More information

Websense Support Webinar: Questions and Answers

Websense Support Webinar: Questions and Answers Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user

More information

Information security versus network security in the Internet as critical infrastructure Security of Internet and Critical Infrastructures: European

Information security versus network security in the Internet as critical infrastructure Security of Internet and Critical Infrastructures: European Information security versus network security in the Internet as critical infrastructure Security of Internet and Critical Infrastructures: European Experiences, Rome, 13 June 2011 Objectives Describe information

More information

Network Virtualization Based on Flows

Network Virtualization Based on Flows TERENA NETWORKING CONFERENCE 2009 June 9, 2009 Network Virtualization Based on Flows Peter Sjödin Markus Hidell, Georgia Kontesidou, Kyriakos Zarifis KTH Royal Institute of Technology, Stockholm Outline

More information

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above CCNA1 V3.0 Mod 10 (Ch 8) 1. How many bits are in an IP C. 64 2. What is the maximum value of each octet in an IP A. 28 55 C. 256 3. The network number plays what part in an IP A. It specifies the network

More information

SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features

SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features Dirk Olderdissen Solution Expert, Regional Presales EMEA SAP Brought to you by the Customer Experience Group 2014 SAP

More information

Implementing the Application Control Engine Service Module

Implementing the Application Control Engine Service Module Course: Implementing the Application Control Engine Service Module Duration: 4 Day Hands-On Lab & Lecture Course Price: $ 2,995.00 Learning Credits: 30 Hitachi HiPass: 4 Description: Implementing the Application

More information

Securing the Database Stack

Securing the Database Stack Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,

More information

EAGLE EYE IP TAP. 1. Introduction

EAGLE EYE IP TAP. 1. Introduction 1. Introduction The Eagle Eye - IP tap is a passive IP network application platform for lawful interception and network monitoring. Designed to be used in distributed surveillance environments, the Eagle

More information

Bootstrapping "softwarised" infrastructure trust: from SDN towards NFV

Bootstrapping softwarised infrastructure trust: from SDN towards NFV Bootstrapping "softwarised" infrastructure trust: from towards NFV Ludovic Jacquin Hewlett-Packard Laboratories < ludovic.jacquin@hp.com > Cybersecurity & Privacy Innovation Forum 2015 Brussels, 28/4/2015

More information

Service Delivery Automation in IPv6 Networks

Service Delivery Automation in IPv6 Networks Service Delivery Automation in IPv6 Networks C. Jacquenet christian.jacquenet@orange.com Slide 1 Outline Rationale Beyond the SDN hype: a true need for automation Global framework From service negotiation

More information

Oracle Web Cache 11g Overview

<Insert Picture Here> Oracle Web Cache 11g Overview Oracle Web Cache 11g Overview Oracle Web Cache Oracle Web Cache is a secure reverse proxy cache and a compression engine deployed between Browser and HTTP server Browser and Content

More information

The MILS Component Integration Approach To Secure Information Sharing

The MILS Component Integration Approach To Secure Information Sharing The MILS Component Integration Approach To Secure Information Sharing Carolyn Boettcher, Raytheon, El Segundo CA Rance DeLong, LynuxWorks, San Jose CA John Rushby, SRI International, Menlo Park CA Wilmar

More information

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002 INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before

More information

Samsung Security Solutions

Samsung Security Solutions Print with confidence Samsung Security Solutions For Every Business A4 to A3 Mono to Colour MFPs to Printers Samsung Security Features You may not realise it, but every business can benefit from security.

More information

OpenFlow and Software Defined Networking presented by Greg Ferro. OpenFlow Functions and Flow Tables

OpenFlow and Software Defined Networking presented by Greg Ferro. OpenFlow Functions and Flow Tables OpenFlow and Software Defined Networking presented by Greg Ferro OpenFlow Functions and Flow Tables would like to thank Greg Ferro and Ivan Pepelnjak for giving us the opportunity to sponsor to this educational

More information

Composite Link Requirements draft-ietf-rtgwg-cl-requirement-00.txt

Composite Link Requirements draft-ietf-rtgwg-cl-requirement-00.txt Composite Link Requirements draft-ietf-rtgwg-cl-requirement-00.txt Ning So ning.so@verizonbusiness.com Andrew Malis andrew.g.malis@verizon.com Dave McDysan dave.mcdysan@verizon.com Lucy Yong lucyyong@huawei.com

More information

Cisco Integrated Services Routers Performance Overview

Cisco Integrated Services Routers Performance Overview Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,

More information

BROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE

BROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE BROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE Network Switch Business Unit Infrastructure and Networking Group 1 TOPICS SDN Principles Open Switch Options Introducing OF-DPA

More information

Load Balancing Trend Micro InterScan Web Gateway

Load Balancing Trend Micro InterScan Web Gateway Load Balancing Trend Micro InterScan Web Gateway Deployment Guide rev. 1.1.7 Copyright 2002 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...

More information

OpenMTC. M2M Solutions for Smart Cities and the Internet of Things. www.open-mtc.org info@open-mtc.org

OpenMTC. M2M Solutions for Smart Cities and the Internet of Things. www.open-mtc.org info@open-mtc.org OpenMTC M2M Solutions for Smart Cities and the Internet of Things www.open-mtc.org info@open-mtc.org 2. March März 2, 2013 Understanding M2M Machine-to-Machine (M2M) is a paradigm in which the end-to-end

More information

TRILL Large Layer 2 Network Solution

TRILL Large Layer 2 Network Solution TRILL Large Layer 2 Network Solution Contents 1 Network Architecture Requirements of Data Centers in the Cloud Computing Era... 3 2 TRILL Characteristics... 5 3 Huawei TRILL-based Large Layer 2 Network

More information

5 TH C-ITS PLUGTEST 2016 USE CASES V01. Contact sebastian.mueller@etsi.org

5 TH C-ITS PLUGTEST 2016 USE CASES V01. Contact sebastian.mueller@etsi.org 5 TH C-ITS PLUGTEST 2016 USE CASES V01 Contact sebastian.mueller@etsi.org Date, Location, Host and Scope Date: 7 18 November 2016 Location: Port of Livorno, Italy Host: CNIT, Livorno Port Authority Organized

More information

CumuLogic Load Balancer Overview Guide. March 2013. CumuLogic Load Balancer Overview Guide 1

CumuLogic Load Balancer Overview Guide. March 2013. CumuLogic Load Balancer Overview Guide 1 CumuLogic Load Balancer Overview Guide March 2013 CumuLogic Load Balancer Overview Guide 1 Table of Contents CumuLogic Load Balancer... 3 Architectural Overview of CumuLogic Load Balancer... 4 How to Use

More information

An Open Policy Framework for Cross-vendor Integrated Governance

An Open Policy Framework for Cross-vendor Integrated Governance An Open Policy Framework for Cross-vendor Integrated Governance White Paper Intel SOA Expressway An Open Policy Framework for Cross-vendor Integrated Governance Intel SOA Expressway delivers a pluggable

More information

A distributed data processing architecture for real time intelligent transport systems

A distributed data processing architecture for real time intelligent transport systems A distributed data processing architecture for real time intelligent transport systems K. Nesenbergs (krisjanis.nesenbergs@edi.lv) L. Selavo (leo.selavo@edi.lv) Institute of Electronics and Computer Science

More information

Connect for new business opportunities

Connect for new business opportunities Connect for new business opportunities The world of connected objects How do we monitor the carbon footprint of a vehicle? How can we track and trace cargo on the move? How do we know when a vending machine

More information

Software Defined Networking

Software Defined Networking Software Defined Networking Dr. Nick Feamster Associate Professor In this course, you will learn about software defined networking and how it is changing the way communications networks are managed, maintained,

More information

HSM: A Must Have. Applications are everywhere. www.safenet-inc.com. 2006 SafeNet Inc. All rights reserved.

HSM: A Must Have. Applications are everywhere. www.safenet-inc.com. 2006 SafeNet Inc. All rights reserved. What is an HSM HSM: A Must Have Applications are everywhere HSM: A Must Have Secrecy, Control, Payment, Rights are all attributes of applications Security & Keys are used HSM: A Must Have Keeping Keys

More information

Mobility, AAA, Security, Privacy : How can we support Real-World Network Mobility?

Mobility, AAA, Security, Privacy : How can we support Real-World Network Mobility? NEXT GENERATION NETWORKING 2011 Multi-Service Network Workshop 7-8 July 2011, Cosener s House, Abingdon, UK Mobility, AAA, Security, Privacy : How can we support Real-World Network Mobility? Panagiotis

More information

Audit Logging. Overall Goals

Audit Logging. Overall Goals Audit Logging Security Training by Arctec Group (www.arctecgroup.net) 1 Overall Goals Building Visibility In Audit Logging Domain Model 2 1 Authentication, Authorization, and Auditing 3 4 2 5 6 3 Auditing

More information

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS André Groll, Jan Holle University of Siegen, Institute for Data Communications Systems {andre.groll,jan.holle}@uni-siegen.de

More information

Monitoring for network security and management. Cyber Solutions Inc.

Monitoring for network security and management. Cyber Solutions Inc. Monitoring for network security and management Cyber Solutions Inc. Why monitoring? Health check of networked node Usage and load evaluation for optimizing the configuration Illegal access detection for

More information

Trust areas: a security paradigm for the Future Internet

Trust areas: a security paradigm for the Future Internet Trust areas: a security paradigm for the Future Internet Carsten Rudolph Fraunhofer Institute for Secure Information Technology SIT Rheinstrasse 75, Darmstadt, Germany Carsten.Rudolph@sit.fraunhofer.de

More information

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab Length 5 days Format Lecture/lab Version 3.0 SNRS Course Description SNRS 1.0 is a 5-day, lab-intensive course that provides the knowledge and skills needed to secure Cisco IOS router and switch networks.

More information