A Security Architecture for Protecting Dynamic Components of Mobile Agents

Size: px
Start display at page:

Download "A Security Architecture for Protecting Dynamic Components of Mobile Agents"

Transcription

1 A Security Architecture for Protecting Dynamic Components of Mobile Agents by Ming Yao Bachelor of Mechanical Engineering (Zhejiang University of Technology, China) Master of Information Technology (Queensland University of Technology, Australia) Thesis submitted in accordance with the regulations for Degree of Doctor of Philosophy Information Security Research Centre Faculty of Information Technology Queensland University of Technology November 2004

2 QUEENSLAND UNIVERSITY OF TECHNOLOGY DOCTOR OF PHILOSOPHY THESIS EXAMINATION CANDIDATE NAME: CENTRE/RESEARCH CONCENTRATION: PRINCIPAL SUPERVISOR: ASSOCIATE SUPERVISOR(S): THESIS TITLE: Ming Yao Information Security Research Centre Dr. Ernest Foo Professor Ed Dawson Associate Professor Paul Roe A Security Architecture for Protecting Dynamic Components of Mobile Agents Under the requirements of PhD regulation 9.2, the above candidate was examined orally by the Faculty. The members of the panel set up for this examination recommend that the thesis be accepted by the University and forwarded to the appointed Committee for examination. Name: Dr. Ernest Foo Signature Panel Chairperson (Principal Supervisor) Name: Signature Panel Member Name: Signature Panel Member Under the requirements of PhD regulation 9.15, it is hereby certified that the thesis of the above-named candidate has been examined. I recommend on behalf of the Thesis Examination Committee that the thesis be accepted in fulfilment of the conditions for the award of the degree of Doctor of Philosophy. Name Signature Date Chair of Examiners (Thesis Examination Committee) ii

3 Keywords Mobile agents, offer integrity, offer privacy, forward integrity, security architecture, modification attack, insertion attack, colluding servers attack, truncation attack, stemming attack, interleaving attack, hash chaining relationship, recoverable key commitment, joint keys. iii

4 iv

5 Abstract New techniques, languages and paradigms have facilitated the creation of distributed applications in several areas. Perhaps the most promising paradigm is the one that incorporates the mobile agent concept. A mobile agent in a largescale network can be viewed as a software program that travels through a heterogeneous network, crossing various security domains and executing autonomously in its destination. Mobile agent technology extends the traditional network communication model by including mobile processes, which can autonomously migrate to new remote servers. This basic idea results in numerous benefits including flexible, dynamic customisation of the behavior of clients and servers and robust interaction over unreliable networks. In spite of its advantages, widespread adoption of the mobile agent paradigm is being delayed due to various security concerns. Currently available mechanisms for reducing the security risks of this technology do not efficiently cover all the existing threats. Due to the characteristics of the mobile agent paradigm and the threats to which it is exposed, security mechanisms must be designed to protect both agent hosting servers and agents. Protection to agent-hosting servers security is a reasonably well researched issue, and many viable mechanisms have been developed to address it. Protecting agents is technically more challenging and solutions to do so are far less developed. The primary added complication is that, as an agent traverses multiple servers that are trusted to different degrees, the agent s owner has no control over the behaviors of the agent-hosting servers. Consequently the hosting servers can subvert the computation of the passing agent. Since it is infeasible to enforce the remote servers to enact the security policy that may prevent the server from corrupting agent s data, cryptographic mechanisms defined by the agent s owner may be one of the feasible solutions to protect agent s data. v

6 Hence the focus of this thesis is the development and deployment of cryptographic mechanisms for securing mobile agents in an open environment. Firstly, requirements for securing mobile agents data are presented. For a sound mobile agent application, the data in an agent that is collected from each visiting server must be provided integrity. In some applications where servers intend to keep anonymous and will reveal their identities only under certain circumstances, privacy is also necessitated. Aimed at these properties, four new schemes are designed to achieve different security levels: two schemes direct at preserving integrity for the agent s data, the other two focus on attaining data privacy. There are four new security techniques designed to support these new schemes. The first one is joint keys to discourage two servers from colluding to forge a victim server s signature. The second one is recoverable key commitment to enable detection of any illegal operation of hosting servers on an agent s data. The third one is conditionally anonymous digital signature schemes, utilising anonymous public-key certificates, to allow any server to digitally sign a document without leaking its identity. The fourth one is servers pseudonyms that are analogues of identities, to enable servers to be recognised as legitimate servers while their identities remain unknown to anyone. Pseudonyms can be deanonymised with the assistance of authorities. Apart from these new techniques, other mechanisms such as hash chaining relationship and mandatory verification process are adopted in the new schemes. To enable the inter-operability of these mechanisms, a security architecture is therefore developed to integrate compatible techniques to provide a generic solution for securing an agent s data. The architecture can be used independently of the particular mobile agent application under consideration. It can be used for guiding and supporting developers in the analysis of security issues during the design and implementation of services and applications based on mobile agents technology. vi

7 Contents Certificate Recommending Acceptance Keywords Abstract Declaration Previously Published Material Acknowledgements ii iii v xix xxi xxiii 1 Introduction Aims and Objectives Contributions and Achievements Outline of the Thesis Current Mobile Agent Systems, Applications and Their Issues From Code Mobility To Mobile Agents What Is a Mobile Agent? Mobile Agent Data Structure A Mobile Agent s Lifecycle and Its State Transition Diagram State 1: Create and Clone State 2: Execute State 3: Services Search State 4: Migrate State 5: Arrival State 6: Halt and Dispose vii

8 2.2.3 An Agent s Itinerary - Fixed Vs. Flexible Application Domains of Mobile Agents Distributed information retrieval Advanced telecommunication services Work management and cooperation Electronic commerce Existing Mobile Agent Architectures Ajanta SOMA Gypsy Known Attacks General Threats in a Mobile Agent System Threats to the Dynamic Data of An Agent Truncation Attacks Stemming attack Security Objectives Review of Mobile Agent Systems Security Common Security Techniques Protection of Agent Applet Firewall Code Obfuscation Computing with Encrypted Functions Proof Verification Fault Tolerance Investigation and Trust Building State Appraisal Forward Integrity Tamper Resistant Devices Detection of agent tampering Prevention of agent tampering Protection of Host Protecting A Mobile Agent s Data - State of Art Forward Integrity KAG Protocol Forward Privacy viii

9 2.8.4 Execution Integrity Execution Privacy Conclusion Security Architecture Security Requirements Participants Security Mechanisms Digital Signatures Hash Chaining Relationship Pseudonyms Single Hop Verification Integration System Setup Creation Execution Migration Agent s Return Security Analysis Integrity of the Dynamic Component Privacy of the Dynamic Component Extension to the Architecture - A Secure Client Agent Environment Background Web Server as Agent Provider Web Agents from Server Side Secure Client Agent Environment (SCAE) Agent Manager Platform for Agent Collaboration and Delegation Security of SCAE Use of Tamper-Resistant Hardware An Prototype Implementation: Hosting Multiple Agents in SCAE A Demonstrative Application of SCAE: e-sales A Case Study - Application of Agent Technology to Certificate Objects Background ix

10 3.7.2 Protection to Active Certificates Agents Principles to Protect the Host Principles to Protect the Certificate Conclusion Offer Integrity Security Requirements for Forward Integrity An Improved Forward Integrity Protocol OF Notations Participants Publicly Verifiable Signature Scheme using Split Knowledge (OF1) Security analysis Implementation of OF1 in.net Choosing.NET and C# as an Implementation Platform. 101 Implementing the Protocol Large Number Arithmetic Agent Support Performance Analysis Recoverable Key Commitment Technique OF Variations of Truncation Attack and Strong Truncation Resilience Notation Recoverable Key Commitment (RKC) Application of the RKC Technique Against Truncation Attack in Mobile Agents Participants How to Apply the RKC in OF Setup Creation Execution Migration Agent s return Security Analysis Comparison of OF1 and OF Conclusion x

11 5 Offer Privacy Some Known Attacks Security Requirements for Offer Privacy Providing Offer Privacy Using Group Signatures OP Notations Group Signature Scheme Overview of Scheme OP Participants How it works A New Hashed Chained Group Scheme (OP1) Security Analysis Offer Privacy Single Hop Verification Prevention of Known Attacks Conditionally Anonymous Digital Signatures OP Notations New Conditionally Anonymous Digital Signatures The Anonymous Public-Key Certificate Generation Conditionally Anonymous Digital Signatures Using Conditionally Anonymous Digital Signatures to Provide Offer Privacy OP Overview of OP Participants Chaining Relationship and Data Integrity Chained Signatures with Conditional Anonymity Security Analysis Offer Privacy Defense against some known attacks Comparison of OP1 and OP Conclusion Security Properties and Performance Analysis Security Properties Properties Provided by the Supporting Mechanisms Digital Signature Schemes Hash Chaining Relationship xi

12 Pseudonyms Single Hop Verification Joint Keys Recoverable Key Commitment (RKC) Conditional Anonymous Digital Signature (CADS) Security Properties Provided by OF1, OF2, OP1, OP Offer Integrity Offer Privacy Offer Confidentiality Offer Creator Non-repudiation Digital Signatures and Hash Chaining Relationship Hash Chaining Relationship Single Hop Verification Pseudonyms Conditionally Anonymous Digital Signatures (CADS) Recoverable key commitment (RKC) Defending Against Known Attacks Modification, Insertion and Deletion Truncation and Stemming Colluding Servers Attack Performance Analysis Classification of OF1, OF2, OP1 and OP Discussion of the Security Architecture Configuration Components Required by OF1, OF2, OP1 and OP Electronic Marketplace Implementation Issues Conclusion Conclusions and Future Work Summary of Contributions A Security Architecture Security Properties and Their Supporting Mechanisms Avenues for Future Work A Cryptographic Tools 203 A.1 ElGamal Signature Scheme A.2 Group Signatures xii

13 A.2.1 Ateniese s Group Signature SETUP JOIN SIGN VERIFY OPEN Bibliography 209 xiii

14 xiv

15 List of Figures 1.1 A Mobile Agent s Working Mechanism Topics Covered in the Thesis Regarding Mobile Agent Technology Dynamic component and static component in a mobile agent A mobile agent s life cycle A Mobile Agent State Transition Diagram A Simple Example of Itinerary for a Shopping Agent Truncation attack and stemming attack Categories of Security Mechanisms in Protecting Mobile Agents against Distrusted Hosts The KAG Protocol Participants in our architecture Generate a pseudonym D i for server S i Pull All the Components Together Security techniques integration in the architecture Trust Link Established through Security Servers User-Centred Agent Collaboration Trust Link Requirements in different Models Downloading and Installation of Web Agent Communication Among Agents Colluding servers attack on the KAG protocol (Black dots mean colluding servers) Architecture and its participants for OF The New Forward Integrity Scheme OF1 using Split-knowledge Architecture of OF1 Implementation Top-level C# APIs in the OF ElGamal encryption algorithm using the managed C++ LN wrapper107 xv

16 4.7 The LN Structure in the C version of the LN library API primitives for exponentiation in the C version of the LN library Architecture and its participants for OF The protocol using recoverable key commitment mechanism Architecture and its participants for OP Generate a pseudonym D i for server S i Hash chained group signature scheme: S 0 E-market gateway (EG) Hash chained group signature scheme: e-market gateway (EG) S Hash chained group signature scheme: S i S i+1 (1 i n) Comparison between a regular public key certificate and an anonymous public key certificate Applying Pseudonyms Protocol Obtaining Blind Signature on the Public Key Protocol Architecture and its participants for OP Chained Signatures with Conditional Anonymity Scheme: S 0 E-market gateway (EG) Chained Signatures with Conditional Anonymity Scheme: E-market gateway (EG) S Chained Signatures with Conditional Anonymity Scheme: S i S i+1 (1 i n) The Mobile Agent Topics Covered in This Thesis and Potential Topics For Future Research A.1 JOIN protocol xvi

17 List of Tables 2.1 Threats in the corresponding agent state A summary of the detection mechanisms A summary of the protection mechanisms Access Control List Yellow Page Notation used in OF1 ( 0 i n unless i is indicated) Comparison of the KAG protocol and OF1 upon security requirements Performance of Exponentiation in various big number libraries Notation used in this paper ( 0 i n unless i is indicated) Comparison of OF1 and OF2 on Security Properties Comparison of average computational cost of the KAG and OF1, OF Comparison of maximum communication cost of the KAG and OF1, OF Notations used in OP1 ( 0 i n unless i is indicated) Notation used in OP2 ( 0 i n unless i is indicated) Comparison of OP1 and OP2 on security properties Comparison of average computational cost of OP1, OP2 and the KAG Comparison of the maximum communicational cost of OP1, OP2 and the KAG Properties provided by the security techniques The techniques employed by the new schemes Properties of the new schemes xvii

18 6.4 Defense against known attacks of the new schemes Performance characteristics of the techniques employed in OF1, OF2, OP1 and OP Comparison of Average Computational Cost Comparison of Maximum Communicational Cost Examples of Communicational Costs Classification of the new schemes Participants and mechanisms in OF1, OF2, OP1 and OP External and internal trusted third parties in the architecture xviii

19 Declaration The work contained in this thesis has not been previously submitted for a degree or diploma at any higher education institution. To the best of my knowledge and belief, the thesis contains no material previously published or written by another person except where due reference is made. Signed: Date: xix

20 xx

21 Previously Published Material The following papers have been published or presented, and contain material based on the content of this thesis. [1] Selwyn Russell and Ming Yao. Application of agent technology to certificate objects. In In Proceedings of the 2002 Symposium on Cryptography and Information Security Shirahama (SCIS2000), Japan. The Institute of Electronics Information and Communication Engineers, [2] Richard Au, Ming Yao, Mark Looi, and Paul Ashley. Secure client agent environment (scae) for world wide web. In G. Quirchmayr K. Bauknecht, A. Min Tjoa, editor, Proceedings of 3rd International Conference on Electronic Commerce and Web Technologies (EC-WEB 2002), volume 2455 of Lecture Notes in Computer Science, pages Springer-Verlag, Berlin Heidelberg, [3] Richard Au, Ming Yao, and Mark Looi. Agent based privilege negotiation for e-commerce on the world wide web. In J. Manuel Cueva Lovelle, B. Martín González Rodríguez, L. Joyanes Aguilar, J. Emilio Labra Gayo, and M. del Puerto Paule Ruiz, editors, Proceedings of International Conference on Web Engineering (ICWE 2003), volume 2722 of Lecture Notes in Computer Science, pages 68 71, Oviedo, Spain, July Springer-Verlag, Berlin Heidelberg. [4] Richard Au, Ming Yao, and Mark Looi. Privilege negotiation agents for distributed authorisation on world wide web. In Proceedings of 2003 IEEE/WIC International Conference on Intelligent Agent Technology (IAT 2003), pages IEEE Computer Society, October [5] Ming Yao, Ernest Foo, Kun Peng, and Ed Dawson. An improved forward integrity protocol for mobile agents. In G. Goos, J. Hartmanis, and J. van xxi

22 Leeuwen, editors, Proceeding of the 4th International Workshop on Information Security Applications (WISA 2003), volume 2908 of Lecture Notes in Computer Science, pages , Jeju Island, Korea, Springer-Verlag, Berlin Heidelberg. [6] Ming Yao, Matt Henricksen, Ernest Foo, Greg Maitland, and Ed Dawson. A mobile agent system providing offer privacy. In H. Wang, J. Pieprzyk, and V. Varadharajan, editors, Proceedings of 9th Australian Conference on Information Security and Privacy (ACISP 2004), volume 3108 of Lecture Notes in Computer Science, pages , Sydney, Australia, July Springer-Verlag, Berlin Heidelberg. [7] Ming Yao, Matt Henricksen, Ernest Foo, and Ed Dawson. Secure architecture for protecting dynamic components of mobile agents. In M. Mohammadian, editor, Proceedings of International Conference on Intelligent Agents, Web Technology and Internet Commerce (IAWTIC 2004), pages , Gold Coast, Australia, July Springer-Verlag, Berlin Heidelberg. [8] Ming Yao, Matt Henricksen, Ernest Foo, and Ed Dawson. Offer privacy in mobile agents using conditionally anonymous digital signatures. In S. Katsikas, J. Lopez, and G. Pernul, editors, Proceedings of the 1st International Conference on Trust and Privacy in Digital Business (TrustBus 04), volume 3184, pages , Zaragoza, Spain, 30 August - 3 September Springer-Verlag, Berlin Heidelberg. [9] Ming Yao, Kun Peng, Matt Henricksen, Ernest Foo, and Ed Dawson. Using recoverable key commitment to defend against truncation attacks in mobile agents. In Proceedings of the 5th International Conference on Electronic Commerce and Web Technologies (EC-Web 2004), volume 3182, pages , Zaragoza, Spain, 30 August - 3 September Springer-Verlag, Berlin Heidelberg. [10] Matt Henricksen, Ming Yao, and Ernest Foo. An implementation of the yao forward integrity protocol for mobile agents. In E. Dawson and W. Klemm, editors, Proceedings of Workshop on Cryptographic Algorithms and their Uses, pages , Australia, 5-6 July Queensland University of Technology. xxii

23 Acknowledgements I have been saving the writing of this special part of my thesis until this moment in order to have some more time to contemplate the many important people who have somehow paved the way that led to this Ph.D. I am very grateful to Dr. Ernest Foo, Professor Ed Dawson, and Associate Professor Paul Roe, my academic supervisors, for your guidance, support, constructive criticism and gentle natures; and the confidence you have put in me. Without your encouragement, my Ph.D would be a much longer journey; I would probably have wandered in a desert without gaining any results. Many thanks to Mr. Matt Henricksen, the very important person to me, both as a friend and a mentor, for his selfless help in the last year of this Ph.D. Our joint work in implementing a mobile agent protocol is presented in Section Another major thanks goes to all my friends and peer students: Riza, Kun, Richard, Praveen, Raymond, Jaimee and many of others in the Information Security Research Centre. I could not have had more fun with you all while undertaking research. I especially want to thank Kun Peng, who is an excellent researcher and has inspired me along my Ph.D course. Kun Peng has worked with me in designing protocols for providing offer integrity, which has be included in Chapter 4. Many thanks to Richard Au for showing me the use of mobile agents and how to organise research results into a conference paper. We have had much work done together in applications of mobile agents that is described in Section 3.6. Finally I want to thank my family - dear Steve and my parents, who have been there for me at every moment. No one could have asked for a more loving and supportive family. I promise that I will spend more time with you from now on. I must have left out many people that I do remember and probably some that I have forgotten. If you are not here because I have forgotten you, I offer my heartfelt apologies. xxiii

24 xxiv

25 Chapter 1 Introduction In the course of Internet proliferation, many network related technologies are examined for possible growth and evolution. In the past, computation relied solely on large sophisticated devices. Those devices were sophisticated to reform all processes and sequentially return to the end users returned with processed data. As computing devices and their underlying networks kept on improving, computation was no longer dedicated to a few devices. Instead, computation became distributed. Proceeding along the line of distributed computing, three major technologies occurred. In historical order, they are message passing systems, remote procedure call (RPC), and distributed object systems [68]. The mechanisms in message passing systems are simple and literal: Programs reside on two ends, and communicate with each other by sending simple passive messages over the network. Message passing systems are the core of all network systems. Many Internet applications such as FTP, the Web, or are based on simple message passing. In remote procedure calls (RPC) [96], a program communicates with another program on the remote server by calling the functions provided by the remote server [75]. This is intended to be similar to the program calling a local function. Distributed objects work similarly to RPC, but with an object-oriented abstraction on top of the procedure calls. Instead of calling a predefined function, the remote party invokes the objects residing on the server, and therefore is able to access the properties and methods of the objects. However, those functions 1

26 2 Chapter 1. Introduction and objects are pre-defined and lack the flexibility for customisation. Mobile agents continued the line of evolution by introducing client customisation and autonomy. Autonomy makes a mobile agent a self-contained software entity. This is different from the approaches mentioned previously, whereby the software modules are maintained on the server side, and are kept as functions or objects in a loosely coupled setting. Mobile agents are programs, encapsulating code, data and execution state, enabled with certain properties to work on behalf of human users in a distributed heterogenous environment. The mobile agent firstly resides on a home machine, and is dispatched to a remote host for execution. The accommodating host provides a suitable runtime environment for mobile agents to execute. The mobile agent executes, collects host-specific information, and generates runtime states and variables ready to migrate to the second host in the itinerary. This process continues until the mobile agent returns home with useful information from the last host in the itinerary. The working mechanism of the mobile agent can be readily observed in the following Figure (#) *+, -. - / , 5 "#%$ 7 "! '& Figure 1.1: A Mobile Agent s Working Mechanism What makes the mobile agent different from ordinary software? To differentiate mobile agents from other pieces of ordinary software, we could specifically investigate the properties associated with mobile agents [37]. Although researchers do not come to a definitive characterization of mobile agents, their ideas converge to a certain extent. Mobile agents should be, at least, autonomous, adaptive and learning, and mobile to justify their name [94, 93]. Being autonomous, mobile agents can carry out some set of operations on behalf of the users but acting independently. It is meant that the operations done by mobile agents should best be transparent to the users, and the operations should be done on the interests of the users too. Being adaptive and learning, mobile agents can learn and

Secure cloud access system using JAR ABSTRACT:

Secure cloud access system using JAR ABSTRACT: Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile

More information

ADMINISTRATION AND CONFIGURATION OF HETEROGENEOUS NETWORKS USING AGLETS

ADMINISTRATION AND CONFIGURATION OF HETEROGENEOUS NETWORKS USING AGLETS ANNALS OF THE FACULTY OF ENGINEERING HUNEDOARA 2006, Tome IV, Fascicole 1, (ISSN 1584 2665) FACULTY OF ENGINEERING HUNEDOARA, 5, REVOLUTIEI, 331128, HUNEDOARA ADMINISTRATION AND CONFIGURATION OF HETEROGENEOUS

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

Electronic Payment Schemes Guidelines

Electronic Payment Schemes Guidelines BANK OF TANZANIA Electronic Payment Schemes Guidelines Bank of Tanzania May 2007 Bank of Tanzania- Electronic Payment Schemes and Products Guidleness page 1 Bank of Tanzania, 10 Mirambo Street, Dar es

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Secure Semantic Web Service Using SAML

Secure Semantic Web Service Using SAML Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Cryptography and Network Security Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 1 Overview The combination of space, time, and strength that must be considered as the basic elements of this theory of defense

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

MS Information Security (MSIS)

MS Information Security (MSIS) MS Information Security (MSIS) Riphah Institute of Systems Engineering (RISE) Riphah International University, Islamabad, Pakistan 1. Program Overview: The program aims to develop core competencies in

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But

More information

AppFabric. Pro Windows Server. Stephen Kaufman. Danny Garber. Apress. INFORMATIONSBIBLIOTHbK TECHNISCHE. U N! V En SIT AT S R!

AppFabric. Pro Windows Server. Stephen Kaufman. Danny Garber. Apress. INFORMATIONSBIBLIOTHbK TECHNISCHE. U N! V En SIT AT S R! Pro Windows Server AppFabric Stephen Kaufman Danny Garber Apress TECHNISCHE INFORMATIONSBIBLIOTHbK T1B/UB Hannover 133 294 706 U N! V En SIT AT S R! B L' OT H E K HANNOVER Contents it Contents at a Glance

More information

WEB CONTENT MANAGEMENT SYSTEM

WEB CONTENT MANAGEMENT SYSTEM WEB CONTENT MANAGEMENT SYSTEM February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

An Intelligent Approach for Integrity of Heterogeneous and Distributed Databases Systems based on Mobile Agents

An Intelligent Approach for Integrity of Heterogeneous and Distributed Databases Systems based on Mobile Agents An Intelligent Approach for Integrity of Heterogeneous and Distributed Databases Systems based on Mobile Agents M. Anber and O. Badawy Department of Computer Engineering, Arab Academy for Science and Technology

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

LIST OF FIGURES. Figure No. Caption Page No.

LIST OF FIGURES. Figure No. Caption Page No. LIST OF FIGURES Figure No. Caption Page No. Figure 1.1 A Cellular Network.. 2 Figure 1.2 A Mobile Ad hoc Network... 2 Figure 1.3 Classifications of Threats. 10 Figure 1.4 Classification of Different QoS

More information

CHAPTER THREE, Network Services Management Framework

CHAPTER THREE, Network Services Management Framework CHAPTER THREE, Acronyms and Terms 3-3 List of Figures 3-4 1 Introduction 3-5 2 Architecture 3-6 2.1 Entity Identification & Addressing 3-7 2.2 Management Domain Registration and Information Service 3-7

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Installation and configuration guide

Installation and configuration guide Installation and Configuration Guide Installation and configuration guide Adding X-Forwarded-For support to Forward and Reverse Proxy TMG Servers Published: May 2010 Applies to: Winfrasoft X-Forwarded-For

More information

Peer-to-peer Cooperative Backup System

Peer-to-peer Cooperative Backup System Peer-to-peer Cooperative Backup System Sameh Elnikety Mark Lillibridge Mike Burrows Rice University Compaq SRC Microsoft Research Abstract This paper presents the design and implementation of a novel backup

More information

Evaluate the Usability of Security Audits in Electronic Commerce

Evaluate the Usability of Security Audits in Electronic Commerce Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka

More information

IoT Security Platform

IoT Security Platform IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there

More information

Digital Watermark Mobile Agents *

Digital Watermark Mobile Agents * Digital Watermark Mobile Agents * Jian Zhao and Chenghui Luo Fraunhofer Center for Research in Computer Graphics, Inc. 321 South Main Street Providence, RI 02903 Abstract Digital watermarking has emerged

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

D. SERVICE ORIENTED ARCHITECTURE PRINCIPLES

D. SERVICE ORIENTED ARCHITECTURE PRINCIPLES D. SERVICE ORIENTED ARCHITECTURE PRINCIPLES 1. Principles of serviceorientation 2. Service exchange lifecycle 3. Service composition 4. Evolution of SOA 212 D.1 Principles of service-orientation 213 HISTORICAL

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75 Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.

More information

PrivyLink Internet Application Security Environment *

PrivyLink Internet Application Security Environment * WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.

More information

Module 7 Security CS655! 7-1!

Module 7 Security CS655! 7-1! Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration

More information

SECURITY TRENDS-ATTACKS-SERVICES

SECURITY TRENDS-ATTACKS-SERVICES SECURITY TRENDS-ATTACKS-SERVICES 1.1 INTRODUCTION Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

Index Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing.

Index Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing. Volume 3, Issue 5, May 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Privacy - Preserving

More information

15 Organisation/ICT/02/01/15 Back- up

15 Organisation/ICT/02/01/15 Back- up 15 Organisation/ICT/02/01/15 Back- up 15.1 Description Backup is a copy of a program or file that is stored separately from the original. These duplicated copies of data on different storage media or additional

More information

Comparing Two Models of Distributed Denial of Service (DDoS) Defences

Comparing Two Models of Distributed Denial of Service (DDoS) Defences Comparing Two Models of Distributed Denial of Service (DDoS) Defences Siriwat Karndacharuk Computer Science Department The University of Auckland Email: skar018@ec.auckland.ac.nz Abstract A Controller-Agent

More information

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and

More information

Keywords: mobile agents, supply chain management, industrial application.

Keywords: mobile agents, supply chain management, industrial application. A Shipment Tracking System using Wireless technology and Mobile agents Mei-Ling L. Liu, Alfredo Macias, Thuan Ngo Computer Science Department, California Polytechnic State University, San Luis Obispo mliu@csc.calpoly.edu

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Secure Authentication and Session. State Management for Web Services

Secure Authentication and Session. State Management for Web Services Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively

More information

A Review of Web Application Security for Preventing Cyber Crimes

A Review of Web Application Security for Preventing Cyber Crimes International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 7 (2014), pp. 699-704 International Research Publications House http://www. irphouse.com A Review of Web Application

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Analysis of E-Commerce Security Protocols SSL and SET

Analysis of E-Commerce Security Protocols SSL and SET Analysis of E-Commerce Security Protocols SSL and SET Neetu Kawatra, Vijay Kumar Dept. of Computer Science Guru Nanak Khalsa College Karnal India ABSTRACT Today is the era of information technology. E-commerce

More information

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens. Secure Data transfer in Cloud Storage Systems using Dynamic Tokens. P.Srinivas *,K. Rajesh Kumar # M.Tech Student (CSE), Assoc. Professor *Department of Computer Science (CSE), Swarnandhra College of Engineering

More information

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

Data Storage Security in Cloud Computing

Data Storage Security in Cloud Computing Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

Technical Proposition. Security

Technical Proposition. Security Technical Proposition ADAM Software NV The global provider of media workflow and marketing technology software ADAM Software NV adamsoftware.net info@adamsoftware.net Why Read this Technical Proposition?

More information

CHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL

CHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL CHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL This chapter is to introduce the client-server model and its role in the development of distributed network systems. The chapter

More information

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT K.karthika 1, M. Daya kanimozhi Rani 2 1 K.karthika, Assistant professor, Department of IT, Adhiyamaan College of Engineering, Hosur

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Regulation On Attainment of Doctor of Sciences Degree at SEEU (PhD)

Regulation On Attainment of Doctor of Sciences Degree at SEEU (PhD) According to article 118 of the Law on Higher Education of Republic of Macedonia; articles 60, 68 and 69 of SEEU statute ; based on decision of Council of Teaching and Science of SEEU of date April 12th

More information

Digital Records Preservation Procedure No.: 6701 PR2

Digital Records Preservation Procedure No.: 6701 PR2 Digital Records Preservation Procedure No.: 6701 PR2 Policy Reference: Category: Department Responsible: Current Approved Date: 6700 Records Management Information Management Records Management and Privacy

More information

Understanding digital certificates

Understanding digital certificates Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk

More information

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Notes on Network Security - Introduction

Notes on Network Security - Introduction Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network

More information

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email WHITE PAPER Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email EXECUTIVE SUMMARY Data Loss Prevention (DLP) monitoring products have greatly

More information

MEng, BSc Applied Computer Science

MEng, BSc Applied Computer Science School of Computing FACULTY OF ENGINEERING MEng, BSc Applied Computer Science Year 1 COMP1212 Computer Processor Effective programming depends on understanding not only how to give a machine instructions

More information

Secure Network Monitoring System using Mobile Agent

Secure Network Monitoring System using Mobile Agent 1 Secure Network Monitoring System using Mobile Agent G. M. Gaikwad 1, A. M. Kanthe 2, M. S. Chaudhari 3 1,2,3 Department of Computer Engg. Sinhgad Institute of Technology, Lonavala (India) 1 gmgaikwad@gmail.com

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

Designing and Coding Secure Systems

Designing and Coding Secure Systems Designing and Coding Secure Systems Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class covers secure coding and some design issues from a language neutral approach you can

More information

BANKING SECURITY and COMPLIANCE

BANKING SECURITY and COMPLIANCE BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions

More information

An Electronic Voting System Based On Blind Signature Protocol

An Electronic Voting System Based On Blind Signature Protocol CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer

More information

Enterprise K12 Network Security Policy

Enterprise K12 Network Security Policy Enterprise K12 Network Security Policy I. Introduction The K12 State Wide Network was established by MDE and ITS to provide a private network infrastructure for the public K12 educational community. Therefore,

More information

Dissertation Title: SOCKS5-based Firewall Support For UDP-based Application. Author: Fung, King Pong

Dissertation Title: SOCKS5-based Firewall Support For UDP-based Application. Author: Fung, King Pong Dissertation Title: SOCKS5-based Firewall Support For UDP-based Application Author: Fung, King Pong MSc in Information Technology The Hong Kong Polytechnic University June 1999 i Abstract Abstract of dissertation

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Policies and Procedures

Policies and Procedures Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,

More information

Workflow Administration of Windchill 10.2

Workflow Administration of Windchill 10.2 Workflow Administration of Windchill 10.2 Overview Course Code Course Length TRN-4339-T 2 Days In this course, you will learn about Windchill workflow features and how to design, configure, and test workflow

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

on the transfer of personal data from the European Union

on the transfer of personal data from the European Union on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP

More information

Testimony of. Patrick Heim. Chief Information Security Officer. on behalf of the. Kaiser Permanente Medical Care Program

Testimony of. Patrick Heim. Chief Information Security Officer. on behalf of the. Kaiser Permanente Medical Care Program Testimony of Patrick Heim Chief Information Security Officer on behalf of the Kaiser Permanente Medical Care Program Clinical Operations Workgroup Medical Device Hearing March 28, 2011 1 Good afternoon

More information

Digital Watermark Mobile Agents

Digital Watermark Mobile Agents In: Proc. of the 22 nd National Information System Security Conference Hyatt Regency, Crystal City, VA October 18-21, 1999 Digital Watermark Mobile Agents Jian Zhao and Chenghui Luo Fraunhofer Center for

More information

A Proxy-Based Data Security Solution in Mobile Cloud

A Proxy-Based Data Security Solution in Mobile Cloud , pp. 77-84 http://dx.doi.org/10.14257/ijsia.2015.9.5.08 A Proxy-Based Data Security Solution in Mobile Cloud Xiaojun Yu 1,2 and Qiaoyan Wen 1 1 State Key Laboratory of Networking and Switching Technology,

More information

"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"

ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: aparnagulhane@gmail.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of

More information

TELECOMMUNICATION NETWORKS

TELECOMMUNICATION NETWORKS THE USE OF INFORMATION TECHNOLOGY STANDARDS TO SECURE TELECOMMUNICATION NETWORKS John Snare * Manager Telematic and Security Systems Section Telecom Australia Research Laboratories Victoria TELECOMMUNICATIONS

More information

Den Gode Webservice - Security Analysis

Den Gode Webservice - Security Analysis Den Gode Webservice - Security Analysis Cryptomathic A/S September, 2006 Executive Summary This report analyses the security mechanisms provided in Den Gode Web Service (DGWS). DGWS provides a framework

More information