Security architecture Integrating security into the communicating vehicle. Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015
|
|
- Vivian Wright
- 8 years ago
- Views:
Transcription
1 Security architecture Integrating security into the communicating vehicle Norbert Bissmeyer, Fraunhofer SIT June 18 th 2015
2 Overview PRESERVE provides a close-to-market V2X Security Architecture (VSA) considering External V2X communication security Onboard communication & data security Public Key Infrastructure (PKI) Privacy protection Abstract V2X security architecture Detailed PRESERVE architecture 2
3 Contribution to Harmonization and Standardization ETSI Internal Security Interfaces conforming to ETSI ITS WG 5 Integration of security in the communication stack according to ETSI EN (Geo Networking) C2C-CC Joint architecture workshop TF PKI, TF TAL, TF Privacy HTG 1 & 3 / HTG 6 Participation as C-ITS experts Status of security standards and needs for harmonization International harmonization of C-ITS Credential Management System (CCMS) 3
4 Applications Road Safety Road Traffic Efficiency Comfort and Mobility FA SA Security Secure Information Secure Communication MF Facilities SF Secure Software Data Consistency and Plausibility Internal Communication Secure Storage Privacy Protection External Communication Management MN Networking & Transport SN Credential Management Security Management Security Entities Management Access Security Analysis Security Policies HSM MI Internal Communication SI Audit Monitoring Policy Storage Policy Management Sec. Storage Crypto Acc. External Communication Logging Policy Enforcement TRNG
5 In- Vehicle PRESERVE Vehicle Security Subsystem Sensors Sensors Sensors ECUs Head Unit CAN Bus Comm. Control Security Event Processor Policy Decision Entity Auth. Security Support Platform Integrity Crypto. Services HW Layer TPM HSM Open SSL Applications V2X Comm. Stack Facilities Layer Network Layer MAC Layer CL External API Convergence Layer CL Internal API Privacy Enforcement Runtime Architecture Secure Communication Communication Layer Pseudonym Manag. ID & Trust Management Security Services Management and Configuration Legend X Y X use service of Y Sevecom Mod. EVITA PRECIOSA Mod. External SW/HW Optional comp.
6 Public Key Infrastructure
7 Public Key Infrastructure ITS G5 Network V2X Security Infrastructure CA certs. Long-term Certificate Authority IP LTC Root Certificate Authority ITS G5 PC 1 PC n Pseudonym Certificate Authority V2X message PC 1 RSU Vehicles 7
8 Results of the PRESERVE Architecture Workshop 2013 Relation of IP and non-ip communication from a security perspective Parallel processing of packets in the communication stack to fully exploit HSM performance Verification-on-demand, certificate omission and their relation to Distributed Congestion Control Meta-data and cross-layer signalling of security information Development of the PKI architecture in more complex ITS settings Design of Misbehavior Detection 8
9 Summary PRESERVE V2X Security Architecture Bridges the gap between the very abstract ETSI reference architecture and specific implementations Conforming with current standards and considers in addition future aspects Stable basis for V2X security implementers and integrators 9
10 BACKUP SLIDES 10
11 Integration of Security Header 11
12 Onboard Meta Data Exchange 12
13 Pseudonym Certificate Refill 13
The relevance of cyber-security to functional safety of connected and automated vehicles
The relevance of cyber-security to functional safety of connected and automated vehicles André Weimerskirch University of Michigan Transportation Research Institute (UMTRI) February 12, 2014 Introduction
More informationVehicular On-board Security: EVITA Project
C2C-CC Security Workshop 5 November 2009 VW, MobileLifeCampus Wolfsburg Hervé Seudié Corporate Sector Research and Advance Engineering Robert Bosch GmbH Outline 1. Project Scope and Objectives 2. Security
More informationCycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
More informationETSI TC ITS RELEASE PROCESS
ETSI TC ITS RELEASE PROCESS ITS Workshop Doha 7-9 February 2012 Søren Hess Chairman ETSI TC ITS hess@shess.dk Status of ETSI standardisation M/453 Applicationand Facility Network and transport GeoNetworking
More informationSecuring Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture
IEEE GLOBECOM Design and Developers Forum Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture Tim Weil CISSP, CISA Booz Allen Hamilton
More informationSecuring Wireless Access for Vehicular Environments (WAVE)
Securing Wireless Access for Vehicular Environments (WAVE) May 7, 2009 CTST, New Orleans Tim Weil CISSP/CISA Security Architect ITS Engineering Booz Allen Hamilton 0 The concept of VII started upon the
More informationITS Safety, Security and Privacy. Scott Cadzow, i-tour partner, ETSI ITS WG5 Chairman
ITS Safety, Security and Privacy Scott Cadzow, i-tour partner, ETSI ITS WG5 Chairman 1 ITS Security tutorial agenda ITS security/safety/privacy in context The security process TVRA what we analysed and
More informationIdentification of Authenticity Requirements in Systems of Systems by Functional Security Analysis
Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Andreas Fuchs and Roland Rieke {andreas.fuchs,roland.rieke}@sit.fraunhofer.de Fraunhofer Institute for
More informationIntroduction of Information Security Research Division
Introduction of Information Security Research Division 2005. 5. 13. Kyo-il Chung, Ph. D. Information Security Infrastructure Research Group Contents Overview - Secure u-it KOREA - Organization of ETRI
More informationAutomotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri
Automotive Ethernet Security Testing Alon Regev and Abhijit Lahiri 1 Automotive Network Security Cars are evolving Number of ECUs, sensors, and interconnects is growing Moving to Ethernet networks utilizing
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationLaboratory Exercises V: IP Security Protocol (IPSec)
Department of Electronics Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture (FESB) University of Split, Croatia Laboratory Exercises V: IP Security Protocol (IPSec) Keywords:
More informationSecurity in Vehicle Networks
Security in Vehicle Networks Armin Happel, Christof Ebert Stuttgart, 17. March 2015 V1.1 2015-04-28 Introduction Vector Consulting Services supports clients worldwide in improving their product development
More informationCloud Security Overview
UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Security Overview Murat Kantarcioglu Outline Current cloud security techniques Amazon Web services Microsoft Azure Cloud Security Challengers
More informationKVM Security - Where Are We At, Where Are We Going
Klaus Heinrich Kiwi Software Engineer LinuxCon Brazil August 31, 2010 KVM Security - Where Are We At, Where Are We Going Klaus Heinrich Kiwi, IBM LTC 2010 IBM Corporation KVM Security - Where Are We At,
More informationEnterprise Security Architecture Concepts and Practice
Enterprise Architecture Concepts and Practice Jim Whitmore whitmore@us.ibm.com Presentation to Open Group Oct 22, 2003 Enterprise Architecture Abstract In the early 90 s IBM Global Services created a Consultancy
More informatione-authentication guidelines for esign- Online Electronic Signature Service
e-authentication guidelines for esign- Online Electronic Signature Service Version 1.0 June 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry of Communications
More informationFuture Directions for Internet of Things Work
Future Directions for Internet of Things Work Naming Architecture for Object to Object Communications 77 th IETF Anaheim, March 2010 Gyu Myoung Lee (gmlee@it-sudparis.eu)
More informationVehicular Security Hardware The Security for Vehicular Security Mechanisms
escrypt GmbH Embedded Security Systemhaus für eingebettete Sicherheit Vehicular Security Hardware The Security for Vehicular Security Mechanisms Marko Wolf, escrypt GmbH Embedded Security Embedded Security
More informationEVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications
EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications 7 th escar Embedded Security in Cars Conference November 24 25, 2009, Düsseldorf Dr.-Ing. Olaf Henniger, Fraunhofer SIT Darmstadt Hervé
More informationOS/390 Firewall Technology Overview
OS/390 Firewall Technology Overview Washington System Center Mary Sweat E - Mail: sweatm@us.ibm.com Agenda Basic Firewall strategies and design Hardware requirements Software requirements Components of
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationHardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationHardware Security for Trustworthy C2X Applications Marko Wolf
Hardware Security for Trustworthy C2X Applications Marko Wolf C2C-CC/CAMP Harmonization Workshop, Wolfsburg, Germany, 15.3.2012 Outline 1. Three General Reasons for Automotive Hardware Security Modules
More informationCharter Text Network Design and Configuration
MIF Charter update proposal MIF WG Charter update proposal summary http://www.ietf.org/mail-archive/web/mif/current/msg02125.html Specific deliverables listed MPVD architecture document Requirement for
More informationAffording the Upgrade to Higher Speed & Density
Affording the Upgrade to Higher Speed & Density Ethernet Summit February 22, 2012 Agenda VSS Overview Technology Q&A 2 Corporate Overview World Leader in Network Intelligence Optimization Deployed in 80%
More informationData Communication Networks and Converged Networks
Data Communication Networks and Converged Networks The OSI Model and Encapsulation Layer traversal through networks Protocol Stacks Converged Data/Telecommunication Networks From Telecom to Datacom, Asynchronous
More informationThe Costs of Managed PKI:
The Costs of Managed PKI: In-House Implementation of PKI vs. Traditional Managed PKI vs. ON-Demand PKI A TC TrustCenter Whitepaper Last Updated: February 2008 Introduction Until recently, organizations
More informationOpenFlow: History and Overview. Demo of OpenFlow@home routers
Affan A. Syed affan.syed@nu.edu.pk Syed Ali Khayam ali.khayam@seecs.nust.edu.pk OpenFlow: History and Overview Dr. Affan A. Syed OpenFlow and Software Defined Networking Dr. Syed Ali Khayam Demo of OpenFlow@home
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationReadyNAS Remote White Paper. NETGEAR May 2010
ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationKey Management Best Practices
White Paper Key Management Best Practices Data encryption is a fundamental component of strategies to address security threats and satisfy regulatory mandates. While encryption is not in itself difficult
More informationAre Second Generation Firewalls Good for Industrial Control Systems?
Are Second Generation Firewalls Good for Industrial Control Systems? Bernie Pella, CISSP Schneider Electric Cyber Security Services bernie.pella@schneider-electric.com Firewall Overview Firewalls provide
More informationBuilding Robust Security Solutions Using Layering And Independence
Building Robust Security Solutions Using Layering And Independence Fred Roeper Neal Ziring Information Assurance Directorate National Security Agency Session ID: STAR-401 Session Classification: Intermediate
More informationSecurity within a development lifecycle. Enhancing product security through development process improvement
Security within a development lifecycle Enhancing product security through development process improvement Who I am Working within a QA environment, with a focus on security for 10 years Primarily web
More informationStandardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal
Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal Shawn Geddis Security Consulting Engineer, Apple Enterprise geddis@apple.com 703-264-5103 1 Agenda A View of Apples PKI
More informationAutomotive and Industrial Data Security
André Weimerskirch Cybersecurity for Cyber-Physical Systems Workshop April 23-24, 2012 Overview Introduction and Motivation Risk analysis Current and future security solutions Conclusions Communication
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationFeature Comparison. Windows Server 2008 R2 Hyper-V and Windows Server 2012 Hyper-V
Comparison and Contents Introduction... 4 More Secure Multitenancy... 5 Flexible Infrastructure... 9 Scale, Performance, and Density... 13 High Availability... 18 Processor and Memory Support... 24 Network...
More informationCGHub Client Security Guide Documentation
CGHub Client Security Guide Documentation Release 3.1 University of California, Santa Cruz April 16, 2014 CONTENTS 1 Abstract 1 2 GeneTorrent: a secure, client/server BitTorrent 2 2.1 GeneTorrent protocols.....................................
More informationInformation security versus network security in the Internet as critical infrastructure Security of Internet and Critical Infrastructures: European
Information security versus network security in the Internet as critical infrastructure Security of Internet and Critical Infrastructures: European Experiences, Rome, 13 June 2011 Objectives Describe information
More informationBuilding a protocol validator for Business to Business Communications. Abstract
Building a protocol validator for Business to Business Communications Rudi van Drunen, Competa IT B.V. (r.van.drunen@competa.com) Rix Groenboom, Parasoft Netherlands (rix.groenboom@parasoft.nl) Abstract
More informationCONVERGENCE Glossary (version of 30/10/2012)
Glossary (version of 30/10/2012) Term Access Rights Advertise Application Business Scenario CA CCN Cl_Auth_SC Cl_Auth_User_Pw Clean-slate architecture CoApp CoApp Provider CoMid CoMid Provider CoMid Resource
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationService Delivery Automation in IPv6 Networks
Service Delivery Automation in IPv6 Networks C. Jacquenet christian.jacquenet@orange.com Slide 1 Outline Rationale Beyond the SDN hype: a true need for automation Global framework From service negotiation
More informationSWITCHpki long lived grid user certificates
SWITCHpki long lived grid user certificates PKI meeting in Bern Bern, 15 June 2010 Alessandro Usai alessandro.usai@switch.ch Trust Link Interface! Long lived grid user certificates are now handled by the
More informationLooking Ahead The Path to Moving Security into the Cloud
Looking Ahead The Path to Moving Security into the Cloud Gerhard Eschelbeck Sophos Session ID: SPO2-107 Session Classification: Intermediate Agenda The Changing Threat Landscape Evolution of Application
More informationPCI Compliance Considerations
PCI Compliance Considerations This article outlines implementation considerations when deploying the Barracuda Load Balancer ADC in an environment subject to PCI Data Security Standard (PCI DSS) compliance.
More informationComposite Link Requirements draft-ietf-rtgwg-cl-requirement-00.txt
Composite Link Requirements draft-ietf-rtgwg-cl-requirement-00.txt Ning So ning.so@verizonbusiness.com Andrew Malis andrew.g.malis@verizon.com Dave McDysan dave.mcdysan@verizon.com Lucy Yong lucyyong@huawei.com
More informationWindows Server 2008 R2 Hyper-V Server and Windows Server 8 Beta Hyper-V
Features Comparison: Hyper-V Server and Hyper-V February 2012 The information contained in this document relates to a pre-release product which may be substantially modified before it is commercially released.
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationUniversal Flash Storage: Mobilize Your Data
White Paper Universal Flash Storage: Mobilize Your Data Executive Summary The explosive growth in portable devices over the past decade continues to challenge manufacturers wishing to add memory to their
More informationHow to configure Client side certificate authentication for authorization-only access / Active Sync URL s
How to configure Client side certificate authentication for authorization-only access / Active Sync URL s Juniper Networks, Inc. Overview: Authorization-only access is similar to a reverse proxy. Typically,
More informationPC Business Banking. Technical Requirements
PC Business Banking Technical Requirements For PC Business Banking Version 7.0 March 2007 Application Overview PC Business Banking (PCBB) is Bank of New Zealand s banking platform for large business/corporate
More informationA distributed data processing architecture for real time intelligent transport systems
A distributed data processing architecture for real time intelligent transport systems K. Nesenbergs (krisjanis.nesenbergs@edi.lv) L. Selavo (leo.selavo@edi.lv) Institute of Electronics and Computer Science
More informationMobility, AAA, Security, Privacy : How can we support Real-World Network Mobility?
NEXT GENERATION NETWORKING 2011 Multi-Service Network Workshop 7-8 July 2011, Cosener s House, Abingdon, UK Mobility, AAA, Security, Privacy : How can we support Real-World Network Mobility? Panagiotis
More informationAudit Logging. Overall Goals
Audit Logging Security Training by Arctec Group (www.arctecgroup.net) 1 Overall Goals Building Visibility In Audit Logging Domain Model 2 1 Authentication, Authorization, and Auditing 3 4 2 5 6 3 Auditing
More informationCumuLogic Load Balancer Overview Guide. March 2013. CumuLogic Load Balancer Overview Guide 1
CumuLogic Load Balancer Overview Guide March 2013 CumuLogic Load Balancer Overview Guide 1 Table of Contents CumuLogic Load Balancer... 3 Architectural Overview of CumuLogic Load Balancer... 4 How to Use
More informationMonitoring for network security and management. Cyber Solutions Inc.
Monitoring for network security and management Cyber Solutions Inc. Why monitoring? Health check of networked node Usage and load evaluation for optimizing the configuration Illegal access detection for
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationConnectivity. SWIFTNet Link 7.0. Functional Overview
Connectivity SWIFTNet Link 7.0 Functional Overview December 2010 SWIFTNet Link 7.0 Table of Contents 1 Introduction... 3 2 Enhancements and features... 4 2.1 Message and File Copy... 4 2.2 Message and
More informationRELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.
Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON
More informationArnab Roy Fujitsu Laboratories of America and CSA Big Data WG
Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation
More informationA Perspective on the Evolution of Mobile Platform Security Architectures
A Perspective on the Evolution of Mobile Platform Security Architectures Kari Kostiainen Nokia Research Center, Helsinki TIW, June 2011 Joint work with N. Asokan, Jan-Erik Ekberg and Elena Reshetova 1
More informationSoftware Datapath Acceleration for Stateless Packet Processing
June 22, 2010 Software Datapath Acceleration for Stateless Packet Processing FTF-NET-F0817 Ravi Malhotra Software Architect Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationAbstract. Avaya Solution & Interoperability Test Lab
Avaya Solution & Interoperability Test Lab Application Notes for Configuring a Small to Medium Size Business VoIP and Data Network Solution Consisting of HP ProCurve Networking Switches and an Avaya Telephony
More informationWebsense Support Webinar: Questions and Answers
Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user
More informationSSL Inspection Step-by-Step Guide. June 6, 2016
SSL Inspection Step-by-Step Guide June 6, 2016 Key Drivers for Inspecting Outbound SSL Traffic Eliminate blind spots of SSL encrypted communication to/from the enterprise Maintaining information s communication
More informationImplementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks
Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Petra Ardelean advisor: Panos Papadimitratos January 2009 Abstract Vehicular Ad-hoc Networks (VANETs)
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationLong Term Evolution - LTE. A short overview
Long Term Evolution - LTE A short overview LTE Architecture 2 Conformance Test Suite Specification 3 GPP and ETSI product 3GPP TS 32.523-3 Evolved Universal Terrestrial Radio Access (E-UTRA) User Equipment
More informationVidder PrecisionAccess
Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...
More informationSecuring ArcGIS Server Services: First Steps
Federal GIS Conference February 9 10, 2015 Washington, DC Securing ArcGIS Server Services: First Steps Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow ArcGIS Server Roles and
More informationSAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features
SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features Dirk Olderdissen Solution Expert, Regional Presales EMEA SAP Brought to you by the Customer Experience Group 2014 SAP
More informationThe New Key Management:
SESSION ID: SEC-F01 The New Key Management: Unlocking the Safeguards of Keeping Keys Private Jono Bergquist Solutions Engineering Lead - APJ CloudFlare Outline Why application-level TLS is important Key
More informationtcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack Stanford, UCL
tcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack! Stanford, UCL Reminder: project goal IPsec SSH TLS Unencrypted TCP traffic today Not drawn to scale Reminder:
More informationBlending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access
Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:
More informationMigrating the SSL Offloading Configuration of the Alteon Application Switch 2424-SSL to AlteonOS version 27.0.0.0
Migrating the SSL Offloading Configuration of the Alteon Application Switch 2424-SSL to AlteonOS version 27.0.0.0 Table of Contents 1 Introduction... 1 2 Certificates Repository... 2 3 Common SSL Offloading
More informationIndependent Accountants Report
KPMG LLP 1601 Market Street Philadelphia, PA 19103-2499 Independent Accountants Report To the Management of Unisys Corporation: We have examined the assertion by the management of Unisys Corporation (
More informationUnderstanding changes to the Trust Services Principles for SOC 2 reporting
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding changes to the Trust Services Principles for SOC 2 reporting
More informationEvaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture
Deploying Cisco ASA VPN Solutions Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and Course Flow Additional Cisco Glossary of Terms Your Training Curriculum Evaluation of the Cisco
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationImplementing the Application Control Engine Service Module
Course: Implementing the Application Control Engine Service Module Duration: 4 Day Hands-On Lab & Lecture Course Price: $ 2,995.00 Learning Credits: 30 Hitachi HiPass: 4 Description: Implementing the Application
More informationSecuring the Database Stack
Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,
More informationPervasive Monitoring and the Internet
Pervasive Monitoring and the Internet Jari Arkko Stephen Farrell Richard Barnes IETF {Chair, SEC AD, RAI AD}* *) Speaking as individuals & this presentation contains forward looking statements What do
More informationThe MILS Component Integration Approach To Secure Information Sharing
The MILS Component Integration Approach To Secure Information Sharing Carolyn Boettcher, Raytheon, El Segundo CA Rance DeLong, LynuxWorks, San Jose CA John Rushby, SRI International, Menlo Park CA Wilmar
More informationSamsung Security Solutions
Print with confidence Samsung Security Solutions For Every Business A4 to A3 Mono to Colour MFPs to Printers Samsung Security Features You may not realise it, but every business can benefit from security.
More informationTraining courses 2015/2016
Training courses 2015/2016 2 S33.201 SINA Basics Basic knowledge of IP and routing Basic knowledge of networks and VPN Basic knowledge of cryptography Administrators who use or will soon use an All-in-One
More informationPerformance Testing BroadR-Reach Automotive Ethernet
White Paper Performance Testing BroadR-Reach Automotive Ethernet Key Elements for an Automotive-Specific Ethernet Test Regime www.spirent.com Performance Testing BroadR-Reach Automotive Ethernet SPIRENT
More informationSoftware Requirements Specification. Schlumberger Scheduling Assistant. for. Version 0.2. Prepared by Design Team A. Rice University COMP410/539
Software Requirements Specification for Schlumberger Scheduling Assistant Page 1 Software Requirements Specification for Schlumberger Scheduling Assistant Version 0.2 Prepared by Design Team A Rice University
More informationA Call Conference Room Interception Attack and its Detection
A Call Conference Room Interception Attack and its Detection Nikos Vrakas 1, Dimitris Geneiatakis 2 and Costas Lambrinoudakis 1 1 Department of Digital Systems, University of Piraeus 150 Androutsou St,
More informationHSM: A Must Have. Applications are everywhere. www.safenet-inc.com. 2006 SafeNet Inc. All rights reserved.
What is an HSM HSM: A Must Have Applications are everywhere HSM: A Must Have Secrecy, Control, Payment, Rights are all attributes of applications Security & Keys are used HSM: A Must Have Keeping Keys
More informationDesign of Simple and Efficient Revocation List Distribution in Urban areas for VANET s
Design of Simple and Efficient Revocation List Distribution in Urban areas for VANET s Ghassan Samara, Sureswaran Ramadas National Advanced IPv6 Center, Universiti Sains Malaysia Penang, Malaysia ghassan@nav6.org,
More informationEAGLE EYE IP TAP. 1. Introduction
1. Introduction The Eagle Eye - IP tap is a passive IP network application platform for lawful interception and network monitoring. Designed to be used in distributed surveillance environments, the Eagle
More informationCROSS LAYER BASED MULTIPATH ROUTING FOR LOAD BALANCING
CHAPTER 6 CROSS LAYER BASED MULTIPATH ROUTING FOR LOAD BALANCING 6.1 INTRODUCTION The technical challenges in WMNs are load balancing, optimal routing, fairness, network auto-configuration and mobility
More informationWindows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
More information