RAINSTORM IAEA. Christoph Brunhuber, Keith Morgan, Jim Regula. Remote Monitoring Team Safeguards, IAEA
|
|
- Evangeline Arnold
- 8 years ago
- Views:
Transcription
1 RAINSTORM Christoph Brunhuber, Keith Morgan, Jim Regula Remote Monitoring Team Safeguards,
2 Outline History / Motivation RAINSTORM Data Transfer: HTTP + REST Data Organization Details Data Security: PKI PKI on ultra-light devices Efficiency Details Source Code Sample Implementations Use Cases Forecast Conclusion
3 History / Motivation Remote Monitoring has gradually expanded over the last ~15 years In the beginning Data Transfer Instruments (i.e. sensors) connected to a PC (typically via serial port) Transferred from PC to Vienna via SMB or FTP or RoboCopy, XCopy In-house developed software (e.g. DCCopy) Large overhead for small files Inefficient for high latency networks Data Security Instruments (i.e. sensors) had symmetric-key data security or no data security Symmetric-key data security has issues, e.g. Private key is exposed (easier to be lost or stolen) Each verifier is able to forge data In case of RSA, data are signed on the collect PC
4 History / Motivation Safeguards Equipment Cross Section NDA Surveillance MiniGrand; JSR RS232 & SMB RSA Signing on collect PC VIFM; ATPM Proprietary & SMB RSA Signing on collect PC UNAP HTTP RSA Signature (RAINSTORM compliant) NGAM (future) RAINSTORM OLEM (future) RAINSTORM DMOS; SDIS Proprietary & SMB MAC Signing NGSS HTTPS DSA & RSA Signatures (almost RAINSTORM compliant) Seals EOSS/VACOSS Proprietary MAC RMSA RAINSTORM (only HTTP) MAC LMCV (Future) RAINSTORM
5 History / Motivation Goals for RAINSTORM Low complexity, and low resource requirements -should run on Microcontrollers Ethernet based Suitable for high latency networks (no Stop and Wait) No need for intermediate collect PC Efficient broken transfer recovery Overall good performance Signature as close as possible to data acquisition and NO resigning (implies strictly appending of data files)
6 History / Motivation Q: What can we learn from the shipping industry? A: Standards! Ship image source: Train image source: Truck image source:
7 RAINSTORM Real-time And INtegrated STream-Oriented Remote Monitoring (RAINSTORM) interface Image source:
8 RAINSTORM It s just a concept Requirements captured in SG-UR Remote Monitoring Requirements for the Development of Safeguards Equipment Achieved Goals Standardize data transfer and data security Data Transfer: Ethernet + TCP/IP + HTTP + REST Data Security: PKI + Smartcard tokens Eliminate the PC (reduced maintenance, reduced power) i.e. everything on the instrument Provide in-house developed tools/libraries/applications (with source code!) to vendors for prototyping and/or production
9 Data Transfer: HTTP + REST Hypertext Transfer Protocol (HTTP) Simple, lightweight, ubiquitous (used billions of times per day!!!) Not just for web pages, also well-suited to binary data HTTP HTML Incremental file transfers: efficient use of bandwidth Persistent/Stateless connections REpresentational State Transfer (REST) Each file and folder has a unique URI Standard HTTP methods (e.g. GET) No need for fancy protocols on top of HTTP (e.g. SOAP)
10 Data Organization Details Data Storage Organization of data into day files e.g. xvie-ngss mpg Strictly appended (see previous page) Organization of files into month folders e.g. /data / / / Consider the problems with a flat file structure or even one file per folder (e.g. day folders )
11 Data Security: PKI Public key infrastructure (PKI) Public/Private (i.e. asymmetric) keys Certificates & Certification Authorities (CA) Smartcard security tokens Private key generation / operations performed on token Cryptographic Message Syntax (CMS, S/MIME, PKCS#7) ASN.1-based binary format Contains certificates, message digest, signature, etc. RM-specific Requirements detached signature files Include all certificates up to, but excluding the root CA certificate Source:
12 PKI on Ultra-light Devices Using a token requires: usb (e.g. libusb) ccid pcsc-lite opensc cryptlib (or openssl etc.) All this on a low-power embedded device? Yikes! Way too complex! (could be majority of development effort) Fortunately we typically need only one operation: sign
13 PKI on Ultra-light Devices cont. sc-hsm-ultralite Joint development with CardContact (Germany) lightweight PKCS#11 (read-only) driver ultralite raw CCID driver Includes in-house developed PKCS#7 template library for simple detached signature creation fork available at:
14 Efficiency Details Incremental transfer allows near real-time data collection and efficient recovery from broken transfers. (Resending all data, i.e. old and new, increases transfer volume by factor of ( + 1)/2 where n is the number of transfers for a single entity). Incremental transfer is always possible because data are strictly appended. Using many small data files eliminates the inefficiency, but creates too many items. A good compromise: 1 data file per day. TCP uses a so-called sliding window for optimal bandwidth utilization. Stop and Wait is idle when waiting for an acknowledgement. TCP handles automatic retransmits in case of transmission failures.
15 Efficiency Details Organizing data in month folder is a good compromise for device data exploration. Day folders result in too many directory requests, while a flat structure results in too many entries per directory. By design a cryptographic hash cannot be continued, however it can be forked one path finalizes the hash, the other path continues hashing. Suppose an entity has its signature updated n times per day. Restarting the hash from the beginning at each signing results again in the inefficiency factor ( + 1)/2, e.g. if n = 60 seconds: requires ~720MB hashing for each MB. The hashing operation is NOT performed on the Cryptographic Smart Card.
16 Source Code Sample Implementations Name Description OS Support Notes RainstormX A module for use with the Microsoft IIS HTTP server. C# Windows Complete. In testing. RainstormC# Complete HTTP server built on the.net HttpListener framework. C# Windows, Linux (using mono) Complete. In testing. RainstormPHP PHP module for use with any HTTP server that supports PHP. C# Windows, Linux, etc. (to-date only tested on Linux w/ Apache) Complete. In testing. Mongoose A patch of the complete open-source Mongoose HTTP server. C Only intended for microcontrollers. Incomplete. Not tested. sc-hsmultralite Ultra lightweight digital file signing library/tools/applications. C Windows, Linux (portable to other operating systems) Complete. In testing. In-house developed code provided, on request, to external vendors.
17 Use Cases Custom Instrument Y HTTP Server RM Data Center Custom Instrument X Network HTTP Server Data Security Xspecific code Rainbox H D Data Security Yspecific code Off-the-shelf Instrument Z Z-specific code
18 Forecast Rainstorm-enabled equipment in the SGTS pipeline Production NGSS (vendor implementation) Testing RMSA (RainstormPHP + HMAC) OLEM (RainstormPHP + sc-hsm-ultralite) NGAM (RainstormPHP + sc-hsm-ultralite) LMCV (RainstormX + opensc) UNAP (vendor implementation) Potential Lynx (TBD) Rainbox + any off-the-shelf device dogfooding RM regional office servers (RainstormC#) Legacy UMS instruments: VIFM, MiniGrand, etc. (RainstormC# + sc-hsm-ultralite)
19 Conclusion RAINSTORM unifies data organization, transfer and security for all kinds of sensors. It does not define data formats, but requires a format which strictly appends new data. The sensor platform requires a TCP/IP over Ethernet implementation and USB access to the cryptographic Smartcard. All RAINSTORM components work on top of these requirements and can be implemented easily. An instrument should be able to store several months of data locally. The motivation for RAINSTORM includes: eliminate a local PC in the field and reducing proprietary software for remote monitoring usage and data signing (on the PC). The transfer channel is a secure VPN tunnel, managed by approved VPN devices, through the public Internet (out of the scope of RAINSTORM). The chosen HTTP protocol allows arbitrary additional metadata which can be used to implement special applications on top of RAINSTORM.
How To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationA Transport Protocol for Multimedia Wireless Sensor Networks
A Transport Protocol for Multimedia Wireless Sensor Networks Duarte Meneses, António Grilo, Paulo Rogério Pereira 1 NGI'2011: A Transport Protocol for Multimedia Wireless Sensor Networks Introduction Wireless
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationOpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.
OpenADR 2.0 Security Jim Zuber, CTO QualityLogic, Inc. Security Overview Client and server x.509v3 certificates TLS 1.2 with SHA256 ECC or RSA cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationA new Secure Remote Access Platform from Giritech. Page 1
A new Secure Remote Access Platform from Giritech Page 1 Remote users have preferences G/On 5 works for Windows, Mac and Linux The G/On Client user experience is specific to the operating system Users
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationMultifactor authentication systems Jiří Sobotka, Radek Doležel
Multifactor authentication systems Jiří Sobotka, Radek Doležel Fakulta elektrotechniky a komunikačních technologií VUT v Brně Email: sobotkaj@feec.vutbr.cz Fakulta elektrotechniky a komunikačních technologií
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationSecurity. 2014 Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -
Security - 1 - OPC UA - Security Security Access control Wide adoption of OPC SCADA & DCS Embedded devices Performance Internet Scalability MES Firewalls ERP Communication between distributed systems OPC
More informationPrivateServer HSM Integration with Microsoft IIS
PrivateServer HSM Integration with Microsoft IIS January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this document
More informationManaging the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011
Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011 This document contains information on these topics: Introduction... 2 Terminology...
More informationMobile OTPK Technology for Online Digital Signatures. Dec 15, 2015
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
More informationSECUR IN MIRTH CONNECT. Best Practices and Vulnerabilities of Mirth Connect. Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions
SECUR Y IN MIRTH CONNECT Best Practices and Vulnerabilities of Mirth Connect Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions Date: May 15, 2015 galenhealthcare.com 2015. All rights
More informationUsing PIV Smart Cards on Linux for Authentication to Windows Active Directory
Using PIV Smart Cards on Linux for Authentication to Windows Active Directory Douglas E. Engert Computing and Information Systems April 26, 2006 DOE Cyber Security Group Training Conference Dayton, Ohio
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationStrong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012
Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal
More informationSetup Guide Access Manager Appliance 3.2 SP3
Setup Guide Access Manager Appliance 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS
More informationCatDV Pro Workgroup Serve r
Architectural Overview CatDV Pro Workgroup Server Square Box Systems Ltd May 2003 The CatDV Pro client application is a standalone desktop application, providing video logging and media cataloging capability
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationSetup Guide Access Manager 3.2 SP3
Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationCisco Expressway Certificate Creation and Use
Cisco Expressway Certificate Creation and Use Deployment Guide Cisco Expressway X8.1 D15061.01 December 2013 Contents Introduction 3 PKI introduction 3 Overview of certificate use on the Expressway 3 Certificate
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationWeb-Based Data Backup Solutions
"IMAGINE LOSING ALL YOUR IMPORTANT FILES, IS NOT OF WHAT FILES YOU LOSS BUT THE LOSS IN TIME, MONEY AND EFFORT YOU ARE INVESTED IN" The fact Based on statistics gathered from various sources: 1. 6% of
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationEXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET
EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET Giuseppe Gippa Paternò gpaterno@gpaterno.com June 2008 WHO AM I Experienced architect Linux, Networking and Security Focused on Telcos
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationRelease Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day
NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in
More informationSetting Up SSL on IIS6 for MEGA Advisor
Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority
More information1 HARDWARE AND SOFTWARE REQUIREMENTS FOR HAL E-BANK SYSTEM
1 HARDWARE AND SOFTWARE REQUIREMENTS FOR HAL E-BANK SYSTEM 1.1 PRECONDITIONS FOR USING HAL E-BANK: An appropriate PC with Windows XP, Windows 2003, Windows Vista or Windows 7 operating system installed;
More informationNumber of relevant issues
Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More informationConfiguration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide
SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English Afaria Network Configuration (X87) Building Block Configuration Guide SAP SE Dietmar-Hopp-Allee 16 69190 Walldorf Germany Copyright 2014 SAP SE
More informationIndustrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity
Industrial Network Security and Connectivity Tunneling Process Data Securely Through Firewalls A Solution To OPC - DCOM Connectivity Manufacturing companies have invested billions of dollars in industrial
More informationOPC UA vs OPC Classic
OPC UA vs OPC Classic By Paul Hunkar Security and Communication comparison In the world of automation security has become a major source of discussion and an important part of most systems. The OPC Foundation
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationAlliance Key Manager A Solution Brief for Technical Implementers
KEY MANAGEMENT Alliance Key Manager A Solution Brief for Technical Implementers Abstract This paper is designed to help technical managers, product managers, and developers understand how Alliance Key
More informationIRF2000 IWL3000 SRC1000 Application Note - Develop your own Apps with OSGi - getting started
Version 2.0 Original-Application Note ads-tec GmbH IRF2000 IWL3000 SRC1000 Application Note - Develop your own Apps with OSGi - getting started Stand: 28.10.2014 ads-tec GmbH 2014 IRF2000 IWL3000 SRC1000
More informationQuick Scan Features Setup Guide. Scan to E-mail Setup. See also: System Administration Guide: Contains details about E-mail setup.
Quick Scan Features Setup Guide XE3024EN0-2 This guide includes instructions for: Scan to E-mail Setup on page 1 Scan to Mailbox Setup on page 6 Network Scanning Setup on page 9 Scan to PC Setup on page
More informationEnterprise Solution for Remote Desktop Services... 2. System Administration... 3. Server Management... 4. Server Management (Continued)...
CONTENTS Enterprise Solution for Remote Desktop Services... 2 System Administration... 3 Server Management... 4 Server Management (Continued)... 5 Application Management... 6 Application Management (Continued)...
More informationUSER GUIDE WWPass Security for Windows Logon
USER GUIDE WWPass Security for Windows Logon December 2015 TABLE OF CONTENTS Chapter 1 Welcome... 3 Introducing WWPass Security for Windows Logon... 4 Related Documentation... 4 Presenting Your PassKey
More informationHow To Run A Password Manager On A 32 Bit Computer (For 64 Bit) On A 64 Bit Computer With A Password Logger (For 32 Bit) (For Linux) ( For 64 Bit (Foramd64) (Amd64 (For Pc
SafeNet Authentication Client (Linux) Administrator s Guide Version 8.1 Revision A Copyright 2011, SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document
More informationMicrosoft vs. Red Hat. A Comparison of PKI Vendors
Microsoft vs. A Comparison of PKI Vendors 1 Outline Definitions Issue #1: RedHat vs. Microsoft CA Issue #2: Cross Flows Issue #3: Core PKI Recommendation 2 Definitions User or Enrollment Officer - The
More informationAdvanced Administration
BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What
More informationSSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service
Paper SAS1541-2015 SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service Heesun Park and Jerome Hughes, SAS Institute Inc., Cary, NC ABSTRACT
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationSSL Tunnels. Introduction
SSL Tunnels Introduction As you probably know, SSL protects data communications by encrypting all data exchanged between a client and a server using cryptographic algorithms. This makes it very difficult,
More informationToken User Guide. Version 1.0/ July 2013
Token User Guide Version 1.0/ July 2013 Index Overview... 3 Usage requirements... 4 KIT contents... 5 Smart Card installation... 6 Reader driver installation... 7 In the case of Windows XP... 7 In the
More informationOct 15, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 3. Internet : the vast collection of interconnected networks that all use the TCP/IP protocols
E-Commerce Infrastructure II: the World Wide Web The Internet and the World Wide Web are two separate but related things Oct 15, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 1 Outline The Internet and
More informationSecure Use of the New NHS Network (N3): Good Practice Guidelines
Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version
More informationOpenCA v1.0.2+ (ten-ten 2 )
Supported by Interoperability and Usability of PKI Dartmouth College http://www.openca.org OpenCA v1.0.2+ (ten-ten 2 ) Massimiliano Pala Outline Basic Installation Procedures
More informationLecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005
Lecture 31 Security April 13, 2005 Secure Sockets Layer (Netscape 1994) A Platform independent, application independent protocol to secure TCP based applications Currently the most popular internet crypto-protocol
More informationThe Security Framework 4.1 Programming and Design
Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com Security Architecture for Development and Run Time Support of Secure Network Applications Sead Muftic, President/CEO
More informationEntrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.
Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions
More informationMCSE SYLLABUS. Exam 70-290 : Managing and Maintaining a Microsoft Windows Server 2003:
MCSE SYLLABUS Course Contents : Exam 70-290 : Managing and Maintaining a Microsoft Windows Server 2003: Managing Users, Computers and Groups. Configure access to shared folders. Managing and Maintaining
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationInternet Programming. Security
Internet Programming Security Introduction Security Issues in Internet Applications A distributed application can run inside a LAN Only a few users have access to the application Network infrastructures
More informationUser s Manual CONTENT. Nano NAS Server for USB storages. 1. Product Information...1. 2. Product Specifications.2. 3. System requirements..
CONTENT Nano NAS Server for USB storages 1. Product Information...1 2. Product Specifications.2 3. System requirements..3 4. Product Connecting. 4 5. Configuring DN-7023....5 6. Setting... 9 7. Note..
More informationRELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.
Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON
More informationLesson Plans Administering Security in a Server 2003 Network
Lesson Plans Administering Security in a Server 2003 Network (Exam 70-299) Version 2.0 Table of Contents Table of Contents... 1 Course Overview... 2 Section 1.1: Course Introduction... 4 Section 1.2: Active
More informationinformation security and its Describe what drives the need for information security.
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
More informationPrototyping Connected-Devices for the Internet of Things. Angus Wong
Prototyping Connected-Devices for the Internet of Things Angus Wong Agenda 1) Trends of implementation of IoT applications REST Cloud 2) Connected-device Prototyping Tools Arduino Raspberry Pi Gadgeteer
More informationWindows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
More informationCisco TelePresence VCS Certificate Creation and Use
Cisco TelePresence VCS Certificate Creation and Use Deployment Guide Cisco VCS X8.1 D14548.08 December 2013 Contents Introduction 3 PKI introduction 3 Overview of certificate use on the VCS 3 Certificate
More informationWISE-4000 Series. WISE IoT Wireless I/O Modules
WISE-4000 Series WISE IoT Wireless I/O Modules Bring Everything into World of the IoT WISE IoT Ethernet I/O Architecture Public Cloud App Big Data New WISE DNA Data Center Smart Configure File-based Cloud
More informationProtecting Networks and Data with Public Key Infrastructure (PKI)
Protecting Networks and Data with Public Key Infrastructure (PKI) MARK B. COOPER PRESIDENT & FOUNDER MARK@PKISOLUTIONS.COM WWW.PKISOLUTIONS.COM @PKISOLUTIONS What is PKI? Organizations need enhanced security
More informationExpert Reference Series of White Papers. Fundamentals of the PKI Infrastructure
Expert Reference Series of White Papers Fundamentals of the PKI Infrastructure 1-800-COURSES www.globalknowledge.com Fundamentals of the PKI Infrastructure Boris Gigovic, Global Knowledge Instructor, CEI,
More informationIntellex Platform Security Update Process. Microsoft Security Updates. Version 11-12
Intellex Platform Security Update Process Microsoft Security Updates Version 11-12 Contents Intellex Platform Security Update Process... 1 Introduction... 3 Installing updates on an Intellex Ultra running
More informationUsing email over FleetBroadband
Using email over FleetBroadband Version 01 20 October 2007 inmarsat.com/fleetbroadband Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure
More informationApplication Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008
7 Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008 All information herein is either public information or is the property of and owned
More informationCALIFORNIA SOFTWARE LABS
; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite
More informationFrom Centralization to Distribution: A Comparison of File Sharing Protocols
From Centralization to Distribution: A Comparison of File Sharing Protocols Xu Wang, Teng Long and Alan Sussman Department of Computer Science, University of Maryland, College Park, MD, 20742 August, 2015
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationWeb Development. Owen Sacco. ICS2205/ICS2230 Web Intelligence
Web Development Owen Sacco ICS2205/ICS2230 Web Intelligence 2. Web Servers Introduction Web content lives on Web servers Web servers speak the platform independent HyperText Transfer Protocol (HTTP) (so
More informationKaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0
Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.0 Prepared for: Prepared
More informationImplementation of Embedded Web server using TEA algorithm
Implementation of Embedded Web server using TEA algorithm Arunkumar G 1, Dr. T.C. Manjunath 2, Harish H.M 3, Jayaprakasha.H 4 1 Department of E&C, S.T.J.I.T, Ranebennur 2 Principal, HKBKCE, Bangalore 3,4
More informationSafeNet Authentication Client (Mac)
SafeNet Authentication Client (Mac) Version 8.2 SP2 Revision A Administrator s Guide 1 Copyright 2014 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document
More informationTivoli Endpoint Manager for Remote Control Version 8 Release 2. Internet Connection Broker Guide
Tivoli Endpoint Manager for Remote Control Version 8 Release 2 Internet Connection Broker Guide Tivoli Endpoint Manager for Remote Control Version 8 Release 2 Internet Connection Broker Guide Note Before
More informationAS2 or FTP: What s Best for Your Company. John Radko, Chief Technology Strategist, GXS Rochelle Cohen, Sr. Product Marketing Manager, GXS
AS2 or : What s Best for Your Company John Radko, Chief Technology Strategist, GXS Rochelle Cohen, Sr. Product Marketing Manager, GXS Family Feud: AS2 Versus the Clan Selecting the Right Option for Your
More informationCGI-based applications for distributed embedded systems for monitoring temperature and humidity
CGI-based applications for distributed embedded systems for monitoring temperature and humidity Grisha Spasov, Nikolay Kakanakov Abstract: The paper discusses the using of Common Gateway Interface in developing
More informationenicq 5 System Administrator s Guide
Vermont Oxford Network enicq 5 Documentation enicq 5 System Administrator s Guide Release 2.0 Published November 2014 2014 Vermont Oxford Network. All Rights Reserved. enicq 5 System Administrator s Guide
More informationRSA Digital Certificate Solution
RSA Digital Certificate Solution Create and strengthen layered security Trust is a vital component of modern computing, whether it is between users, devices or applications in today s organizations, strong
More informationSecuring Service Access with Digital Certificates Best Practice Document
Securing Service Access with Digital Certificates Best Practice Document Produced by AMRES Security Group (AMRES BPD 106) Author: Milica Kovinić Contributors: Dušan Pajin, Mara Bukvić, Marko Stojaković,
More informationBridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability
Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Overview... 3 Installing Bridgit Software... 4 Installing Bridgit Software Services... 4 Creating a Server Cluster... 4 Using
More informationReplacing Sneaker Net with the Internet. DREXEL UNIVERSITY ischool INFO614 DISTRIBUTED COMPUTING & NETWORKING FINAL PROJECT
Replacing Sneaker Net with the Internet DREXEL UNIVERSITY ischool INFO614 DISTRIBUTED COMPUTING & NETWORKING FINAL PROJECT Problem Statement Paper Routing of Proposals Slow Opaque Financial Reporting Information
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationGenerating and Installing SSL Certificates on the Cisco ISA500
Application Note Generating and Installing SSL Certificates on the Cisco ISA500 This application note describes how to generate and install SSL certificates on the Cisco ISA500 security appliance. It includes
More informationWildcard and SAN: Understanding Multi-Use SSL Certificates
Wildcard and SAN: Understanding Multi-Use SSL Certificates LEVERAGING MULTI-USE DIGITAL CERTIFICATES TO SIMPLIFY CERTIFICATE MANAGEMENT AND REDUCE COSTS Wildcard and SAN: Understanding Multi-Use SSL Certificates
More informationDigital Signatures and Interoperability
Setting Processes for Electronic Signature Dr. Joachim Schiff On behalf of the SPES Consortium Workgroup City of Saarbruecken IKS Nell-Breuning-Allee 1 D-66115 Saarbruecken Germany Tel. 0049 681 905 5000
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationIntroduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi
Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces
More informationSmartcard Web Server Enabler Architecture
Smartcard Web Server Enabler Architecture Candidate Version 1.0 09 Feb 2007 Open Mobile Alliance OMA-AD-Smartcard_Web_Server-V1_0-20070209-C OMA-AD-Smartcard_Web_Server-V1_0-20070209-C Page 2 (17) Use
More informationConverged Smart Card for Identity Assurance Solutions. Crescendo Series Smart Cards
Converged Smart Card for Identity Assurance Solutions Crescendo Series Smart Cards Crescendo is the proven smart card solution for a combined logical and physical access control solution. Crescendo smart
More informationCRESCENDO SERIES Smart Cards. Smart Card Solutions
CRESCENDO SERIES Smart Cards Smart Card Solutions Crescendo offers the lowest total cost of ownership (TCO) for a combined logical and physical access control solution. Crescendo smart cards allow me to
More information<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008
Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT
More information