Cryptography in Metrology

Size: px
Start display at page:

Download "Cryptography in Metrology"

Transcription

1 Cryptography in Metrology Experiences, Applications and new Developments Norbert Zisky

2 Content Metrology needs security Secure electronic exchange of measurement data Secure bidirectional communication Applications in metrology using cryptographic algorithms Sealing of metrological software Outlook

3 1. Metrology needs security Global markets need integrated security solutions when transferring and storing measurement and other security-relevant data Often communication systems are used without special attention to security aspects Channel security mechanisms are not sufficient mostly Especially solutions which are liable to legal metrology are confronted with new threats and risks (e.g. energy, petrol/gas, weighing machines) Open distributed measurement systems

4 EU-Research 7. FP - Metrology needs security The Information and Communication Technologies (ICT) programme of the EU 7. Framework Programme 2007 challenge on Pervasive and Trusted Network and Service Infrastructures is to deliver the next generation of ubiquitous and covered network and service infrastructures for communication, computing and media. This entails overcoming the scalability, flexibility, dependability and security bottlenecks, as today's networks and service architectures are primarily static and able to support a limited number of devices, service features and limited confidence. This This statements fit fit exactly for for metrological applications

5 Distributed measurement systems measurement devices Requirements no no falsification no no exchange automatic verification easy trusted examination, remote control data acquisition device management customer access

6 Story of rabbit and hedgehog FINISH: Protection of data vs. manipulation of data rabbits: NMI W&M manufacturers hegdehogs: end users?? users of measurement devices Hackers

7 Short look to hackers They act just for fun for technical interest with crime background for commercial reasons on behalf of somebody and they are very clever they are very smart they have money they have connections

8 Fields of interest Automatic cash dispensers Money transactions High level security Very strict requirements Cash boxes Registers Tax rules Fiscal regulations Mid level security Much money??? Measuring instruments Measuring systems Mostly low level security Much money??? All fields move together, about the global network we will have similar threat conditions on each field

9 Security in metrology fields of application Security for legal metrology - consumer protection - secure access (control, parametrization) Security for scientific and technical investigation - quality management - comparison and long-term storing Security for industrial purposes - protection of commercial measurement data - secure control of processes - quality management

10 Legal requirements for the transfer of measurement data via open networks 2345 kwh 2345 kwh Data transfer from meter A safe to the owner/user B Integrity of data Every measurement data reading by B have to be testable by B on its correctness (every falsification must be detected)) Authenticity of data It can be checked by B and any other authorized authority whether the data arrived at B actually date from A

11 Trusted computing in metrology A concept is developed for remote access to running measuring systems for testing or remote calibration via Internet The concept represents a best practice cryptographic solution for metrology purposes

12 The SELMA partners

13 Trusted computing in metrology A Concept is developed for remote access to running measuring systems for testing or remote calibration via Internet Bidirectional security M2M (machine to machine) and M2B (machine to business) Integrity, authenticity, confidentiality and availability of transferred or stored data Non-repudiation Resistance against masquerades

14 Fundamental idea Efficient check of energy invoice Owner of distribution net Digital signature Verteilnetzbetreiber invoice distribution Digital Lieferant signature supplier Analyse of consumption invoice energy EDI Server Information Server Internet Internet Digital signature customer Visual checking ZFA Remote reading of measurement data Digital signature meter

15 Security concept General: Use of modern cryptographic methods Use of Hash functions to make sure the integrity of data, use for SELMA: SHA-1 Use of asymmetric signature procedures for authenticity of data, use for SELMA: ECC technique, (Elliptic Curve Cryptography) - ECDSA

16 Secure measurement device Area protected by verification stamp measurement unit security unit controller MIM MIM- Meter Identification Module Measurement unit and controller Security functions Communication Measurement modul calculates and verifies the Real-time Support of digital signatures clock protocol layer 1 to 3 handling Typical remote provides of secure higher reading memory protocol for layers procedures in measurement data private communication and public keys, PSN, etc. calculate generates the the hash pair value GSM, GPRS (strong of growing), keys control UMTS of management functions Communication modul

17 Typical SELMA - board Source Karl Wieser GmbH,, Anzingerstr. 14, Ebersberg, Tel: 08092/2097-0, 0, Fax: 08092/ ,

18 Typical SELMA-meters data logger Gas meter

19 Development steps of the security system Security analysis Security concept Data modelling Service concept/operational concept Implementation Testing Improvement and optimisation Introduction on the market We are here now

20 Infrastructure of the Security concept Security systems need security management As well security mechanisms as infrastructure are needed The weights and measures bodies or other authorities have been taken into account Infrastructures - ensure the trust of consumers in electronically transmitted measurement values and are preconditions of bidirectional authenticated communication.

21 Infrastructure scheme National Certification Authority (CA) for external CAs SA yptography 24/2048 external CA elliptic curve cryptography- ECC 192 W&M CA existing structure Local testing authority access key device management signature and access key measurement device

22 Public key infrastructure Local authority generates the EC key pair (d, Q) (W&M) Private key d is stored in secure memory Local authority generates a certificate with the public key Q and signs it with his own personalised electronic signature of external CA Certificate is stored in the measurement device Estimated time: currently 1 min. Private key d Computer of local authority Public key Q Measurement device

23 Signing and authenticated access The security concept provides: - Signed measurement data - Authenticated access Methods of authentication: Password offers low level of protection only Symmetric algorithms not useful for many devices Asymmetric algorithms are much better, but there is a need for a public key infrastructure

24 Signature of measurement data Measurement device signs the data which are defined in data model with the private key d data set The signature belongs to the set of data ECC signature r: r: 0x74210B19E59C80E70FA7E9AB FEB8DEECC146B9B4 s: s: 0x388AA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1015 Device-Id 1234 Obis 1-1: :00 23,456 00:15 24,274 00:30 24,995..

25 Signed measurement data data provision signed data signed data user data data verification verification with with verification verification software software by by user user -as -as simple simple as as possible- possible- signed data data data verification verification by by system system Signed data signed data data acquisition transfer protocol certificates of measurement devices measurement device

26 SELMA-in operation: Access to data by customer Daten/ Signatur Customer server Daten/ Signatur Customer system 1. Read data (e.g. Browser) 2. Verify data ( DLMS/ DSFG Messgerät

27 Data evaluation by the end user Requirements on the verification system - Easy to use - Trust one party - Fitting for the application -Flexible PTB developed prototypes of special verification software (EVM) - user gets the validation information very easy - presentation of measurement values - export function to MS-Excel.

28 User friendly verification Energy data Verification Module Verification of data successful Verification successful

29 Authenticated access - preconditions Every unit has one unique identifier (ID) Every unit has a synchronised real time clock Every unit has the public keys of the other units Measurement Device (MD) IT-System (IT) ID MD ID IT Public key IT Public key MD

30 Authenticated access Measurement Device (MD) IT-System (IT) <Request, time stamp IT, ID IT, ID MD, data1, Sig IT > <time stamp IT, time stamp MD, ID IT, ID MD, data2, Sig MD > <Hash(time stamp IT, time stamp MD, ID IT, ID MD, data2, Sig IT > Applications: Secure remote control switch off of energy Parametrisation Download of firmware

31 Testing systems PTB developed prototypes of test systems (PST) Supported services: Generation of keys Generation of certificates Device management (security relevant) Device tests - security (local and remote) Conformity with the concept

32 9 month-selma fieldtrial 90 electricity meters EMH; L+G; Görlitz 60 gas meters Wieser; Elster 3 data acquisition systems Görlitz; ITF-EDV-Fröschl 4 testing authorities AGME; EAM; EnBW; RWE 7 device management systems all testing authorities 1 SELMA-Directory-Service (SDS) University of Siegen customer systems (EVM) all project members Aims of the field trail Verification of SELMA technique under real conditions Proof of accepance of all SELMA functions

33 Advantages of the security concept The concept offers a secure and traceable data exchange concept provides a security architecture supporting the authentication of measuring data and the secure data access represents a comprehensive security concept adapted to the needs metrology applications considers the complete metering process chain from calibration and installation to measurement

34 Expenditure of security systems Security causes costs Two kinds of costs: non-recurring costs, fixed expenses Non-recurring costs depends on technology Fixed expenses depends on infrastructure Annual fixed expediture per device in Euro 1000 devices devices min max min max Sum for signed data 3,00 30,58-1,69 15,77 Sum for authenticated access 6,10 15,64 4,02 8,21 Sum for software download -24,07-3,36-24,82-4,86 Total sum -14,97 42,86-22,49 19,12 source: Jürgen Boda (EnBW): SELMA - Gut und teuer?

35 Applications in metrology Product announcements VNG solution Tlz Sealed software in metrology

36 Top News received on RMG REGEL + MESSTECHNIK GMBH Osterholzstr. 45 D Kassel, Germany Telefon Impressum

37 Secured data data according to to W&M via via remote reading digital signed DSFGdatdata Pattern approval at at PTB PTB in in progress! Details shortly RMG REGEL + MESSTECHNIK GMBH Osterholzstr. 45 D Kassel, Germany Telefon Impressum

38 tlz or Sym 2 Definition of a new concept of electrical meter No real time clock Only a counter which counts every second But it uses the SELMA-ideas for different parts of ensuring, e.g. download and data protection Defines standard interfaces

39 VNG-Elster solution Signature gateway for gas reconstruction-systems Transfer of measured values of gas quality to different users Signed data structures based on ECC SELMA developments

40 Software signing facility in PTB Set-up of an facility for signing software using strong cryptography (SHA-256, ECC 256) Problems: long-term storing of the secret key Well-defined internal PTB rules with reduced residue risk Current state: Only one secret PTB key exists

41 Outlook User association (ADM e.v.) is founded in 2006 Improvements of the concept procedures (performance, operational concept, standardisation) Testing of hard and software for measurement systems Standardized security concept for metrological applications - It may help to avoid interoperability problems Looking for other fields of application

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

2014 IBM Corporation

2014 IBM Corporation 2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session

More information

WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES

WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal

More information

WELMEC European cooperation in legal metrology

WELMEC European cooperation in legal metrology WELMEC 11.2 Issue 1 WELMEC European cooperation in legal metrology Guideline on time depending consumption measurements for billing purposes (interval metering) May 2010 1 WELMEC European cooperation in

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

Concept for a cryptographic infrastructure for measurement components in smart grids

Concept for a cryptographic infrastructure for measurement components in smart grids Physikalisch-Technische Bundesanstalt Braunschweig und Berlin Concept for a cryptographic infrastructure for measurement components in smart grids Norbert Zisky Physikalisch-Technische Bundesanstalt Norbert

More information

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile

More information

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015 Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

World Summit on Information Society (WSIS) Forum 2013. 16 May 2013

World Summit on Information Society (WSIS) Forum 2013. 16 May 2013 World Summit on Information Society (WSIS) Forum 2013 Toolkit for creating ICT-based services using mobile communications for e- government services 16 May 2013 Hani Eskandar ICT Applications coordinator

More information

SecureStore I.CA. User manual. Version 2.16 and higher

SecureStore I.CA. User manual. Version 2.16 and higher User manual Version 2.16 and higher Contents SecureStore I.CA 1. INTRODUCTION...3 2. ACCESS DATA FOR THE CARD...3 2.1 Card initialisation...3 3. MAIN SCREEN...4 4. DISPLAYING INFORMATION ABOUT THE PAIR

More information

Securing Distribution Automation

Securing Distribution Automation Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Cryptography and Network Security Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 1 Overview The combination of space, time, and strength that must be considered as the basic elements of this theory of defense

More information

White Paper. Enhancing Website Security with Algorithm Agility

White Paper. Enhancing Website Security with Algorithm Agility ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

TrustKey Tool User Manual

TrustKey Tool User Manual TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI 2015. All rights reserved

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI 2015. All rights reserved ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance esignature Standards Framework Certificate Authority Time-stamping Signing Servers Validation

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements

More information

ETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification

ETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification TS 102 640-3 V1.1.1 (2008-10) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture, Formats and Policies; Part 3: Information Security

More information

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued

More information

CRYPTOGRAPHY AS A SERVICE

CRYPTOGRAPHY AS A SERVICE CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,

More information

ETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification

ETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification TS 102 640-3 V2.1.1 (2010-01) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information

ERserver. iseries. Secure Sockets Layer (SSL)

ERserver. iseries. Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010 Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture

More information

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013 USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security

More information

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Radhika G #1, K.V.V. Satyanarayana *2, Tejaswi A #3 1,2,3 Dept of CSE, K L University, Vaddeswaram-522502,

More information

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

Evaluate the Usability of Security Audits in Electronic Commerce

Evaluate the Usability of Security Audits in Electronic Commerce Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations Interchange of Data between Administrations EUROPEAN COMMISSION ENTERPRISE DIRECTORATE- GENERAL INTERCHANGE OF DATA BETWEEN ADMINISTRATIONS PROGRAMME Interchange of Data between Administrations 2 of Generic

More information

GT 6.0 GSI C Security: Key Concepts

GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts Overview GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the

More information

Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14 Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture

More information

Security and Security Certificates for OpenADR systems. Background. Content:

Security and Security Certificates for OpenADR systems. Background. Content: Security and Security Certificates for OpenADR systems Content: Background... 1 Setup for OpenADR... 2 Test-, Evaluation-, and Production Certificates... 3 Responsibilities... 3 Certificate Requesting

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Protection Profile for the Security Module of a Smart Meter Gateway (Security Module PP)

Protection Profile for the Security Module of a Smart Meter Gateway (Security Module PP) Protection Profile for the Security Module of a Smart Meter Gateway (Security Module PP) Schutzprofil für das Sicherheitsmodul der Kommunikationseinheit eines intelligenten Messsystems für Stoff- und Energiemengen

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Journal of Electronic Banking Systems

Journal of Electronic Banking Systems Journal of Electronic Banking Systems Vol. 2015 (2015), Article ID 614386, 44 minipages. DOI:10.5171/2015.614386 www.ibimapublishing.com Copyright 2015. Khaled Ahmed Nagaty. Distributed under Creative

More information

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1

Secure Signature Creation Device Protect & Sign Personal Signature, version 4.1 Zentrum für sichere Informationstechnologie Austria Secure Information Technology Center Austria A-1030 Wien, Seidlgasse 22 / 9 Tel.: (+43 1) 503 19 63 0 Fax: (+43 1) 503 19 63 66 A-8010 Graz, Inffeldgasse

More information

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved. A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role

More information

Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1 Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood

More information

Mobile Office Security Requirements for the Mobile Office

Mobile Office Security Requirements for the Mobile Office Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used

More information

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Certificate Management. PAN-OS Administrator s Guide. Version 7.0 Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

Digital Signature Standard (DSS)

Digital Signature Standard (DSS) FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS) CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory National Institute

More information

Data Storage Security in Cloud Computing

Data Storage Security in Cloud Computing Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT

More information

Cleaning Encrypted Traffic

Cleaning Encrypted Traffic Optenet Documentation Cleaning Encrypted Traffic Troubleshooting Guide iii Version History Doc Version Product Date Summary of Changes V6 OST-6.4.300 01/02/2015 English editing Optenet Documentation

More information

ARCHIVED PUBLICATION

ARCHIVED PUBLICATION ARCHIVED PUBLICATION The attached publication, FIPS Publication 186-3 (dated June 2009), was superseded on July 19, 2013 and is provided here only for historical purposes. For the most current revision

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information

PowerKey Conditional Access System Phase 1.0. System Overview. Revision 1.0

PowerKey Conditional Access System Phase 1.0. System Overview. Revision 1.0 PowerKey Conditional Access System Phase 1.0 System Overview Revision 1.0 Scientific-Atlanta, Inc, Unpublished Works of Scientific-Atlanta, Inc. Copyright 1997 Scientific-Atlanta, Inc. All Rights Reserved

More information

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS

More information

Description of the Technical Component:

Description of the Technical Component: Confirmation concerning Products for Qualified Electronic Signatures according to 15 Sec. 7 S. 1, 17 Sec. 4 German Electronic Signature Act 1 and 11 Sec. 2 and 15 German Electronic Signature Ordinance

More information

IBM i Version 7.3. Security Digital Certificate Manager IBM

IBM i Version 7.3. Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information

More information

SSL/TLS: The Ugly Truth

SSL/TLS: The Ugly Truth SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography

More information

Secure cloud access system using JAR ABSTRACT:

Secure cloud access system using JAR ABSTRACT: Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that

More information

Computer System Management: Hosting Servers, Miscellaneous

Computer System Management: Hosting Servers, Miscellaneous Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation

More information

You re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com

You re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.

More information

CipherShare Features and Benefits

CipherShare Features and Benefits CipherShare s and CipherShare s and Security End-to-end Encryption Need-to-Know: Challenge / Response Authentication Transitive Trust Consistent Security Password and Key Recovery Temporary Application

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian

More information

Cisco Trust Anchor Technologies

Cisco Trust Anchor Technologies Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed

More information

B U S I N E S S G U I D E

B U S I N E S S G U I D E VeriSign Microsoft Office/Visual Basic for Applications (VBA) Code Signing Digital Certificates Realizing the Possibilities of Internet Software Distribution CONTENTS + What Is Developer Code Signing?

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

Secure web transactions system

Secure web transactions system Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends

More information

SOMA Cryptography Whitepaper

SOMA Cryptography Whitepaper SOMA Cryptography Whitepaper Draft date: Nov. 1st, 2015 Contents Overview 2 Secure Transport Layer Protocol 3 AES256 Key Generation 3 Login Data Verification 3 Secure Transport Layer Establishment 4 Data

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

The Importance of Security Standards

The Importance of Security Standards The Importance of Security Standards Presented by Douglas Kozlay Principal Engineer, Information Resource Engineering, Inc. Member: ANSI X9F INFORMATION RESOURCE ENGINEERING, INC. The Importance of Security

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

Secure Wireless Application Platform

Secure Wireless Application Platform Texas Instruments SW@P Secure Wireless Application Platform New Challenges for Wireless Handsets Open Environment Multi-application, Interoperability Multiple Access Data Paths GSM/GPRS, EDGE, 802.11,

More information

SSL A discussion of the Secure Socket Layer

SSL A discussion of the Secure Socket Layer www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record

More information

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

More information

Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing

Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 11 No: 05 41 Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing Abstract-- It has been widely observed

More information

Key Management and Distribution

Key Management and Distribution Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Wireless Mobile Internet Security. 2nd Edition

Wireless Mobile Internet Security. 2nd Edition Brochure More information from http://www.researchandmarkets.com/reports/2330593/ Wireless Mobile Internet Security. 2nd Edition Description: The mobile industry for wireless cellular services has grown

More information

A Study on Secure Electronic Medical DB System in Hospital Environment

A Study on Secure Electronic Medical DB System in Hospital Environment A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133

More information

ETSI TS 102 176-2 V1.2.1 (2005-07)

ETSI TS 102 176-2 V1.2.1 (2005-07) TS 102 176-2 V1.2.1 (2005-07) Technical Specification Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures; Part 2: Secure channel protocols and algorithms

More information

SSL BEST PRACTICES OVERVIEW

SSL BEST PRACTICES OVERVIEW SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

MEng, BSc Applied Computer Science

MEng, BSc Applied Computer Science School of Computing FACULTY OF ENGINEERING MEng, BSc Applied Computer Science Year 1 COMP1212 Computer Processor Effective programming depends on understanding not only how to give a machine instructions

More information

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid)

Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid) The World Internet Security Company Solutions for Security Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid) Wherever Security relies on Identity,

More information

Ultimate Server Client Software

Ultimate Server Client Software Ultimate Server Client Software GPRS NET Data Logger Ul mate Server is dedicatedly developed for high volume data applica on. 1. Receive data from Data Loggers in UDP or TCP via GPRS, Ethernet and SMS

More information