Cryptography in Metrology
|
|
- Barbara Walker
- 8 years ago
- Views:
Transcription
1 Cryptography in Metrology Experiences, Applications and new Developments Norbert Zisky
2 Content Metrology needs security Secure electronic exchange of measurement data Secure bidirectional communication Applications in metrology using cryptographic algorithms Sealing of metrological software Outlook
3 1. Metrology needs security Global markets need integrated security solutions when transferring and storing measurement and other security-relevant data Often communication systems are used without special attention to security aspects Channel security mechanisms are not sufficient mostly Especially solutions which are liable to legal metrology are confronted with new threats and risks (e.g. energy, petrol/gas, weighing machines) Open distributed measurement systems
4 EU-Research 7. FP - Metrology needs security The Information and Communication Technologies (ICT) programme of the EU 7. Framework Programme 2007 challenge on Pervasive and Trusted Network and Service Infrastructures is to deliver the next generation of ubiquitous and covered network and service infrastructures for communication, computing and media. This entails overcoming the scalability, flexibility, dependability and security bottlenecks, as today's networks and service architectures are primarily static and able to support a limited number of devices, service features and limited confidence. This This statements fit fit exactly for for metrological applications
5 Distributed measurement systems measurement devices Requirements no no falsification no no exchange automatic verification easy trusted examination, remote control data acquisition device management customer access
6 Story of rabbit and hedgehog FINISH: Protection of data vs. manipulation of data rabbits: NMI W&M manufacturers hegdehogs: end users?? users of measurement devices Hackers
7 Short look to hackers They act just for fun for technical interest with crime background for commercial reasons on behalf of somebody and they are very clever they are very smart they have money they have connections
8 Fields of interest Automatic cash dispensers Money transactions High level security Very strict requirements Cash boxes Registers Tax rules Fiscal regulations Mid level security Much money??? Measuring instruments Measuring systems Mostly low level security Much money??? All fields move together, about the global network we will have similar threat conditions on each field
9 Security in metrology fields of application Security for legal metrology - consumer protection - secure access (control, parametrization) Security for scientific and technical investigation - quality management - comparison and long-term storing Security for industrial purposes - protection of commercial measurement data - secure control of processes - quality management
10 Legal requirements for the transfer of measurement data via open networks 2345 kwh 2345 kwh Data transfer from meter A safe to the owner/user B Integrity of data Every measurement data reading by B have to be testable by B on its correctness (every falsification must be detected)) Authenticity of data It can be checked by B and any other authorized authority whether the data arrived at B actually date from A
11 Trusted computing in metrology A concept is developed for remote access to running measuring systems for testing or remote calibration via Internet The concept represents a best practice cryptographic solution for metrology purposes
12 The SELMA partners
13 Trusted computing in metrology A Concept is developed for remote access to running measuring systems for testing or remote calibration via Internet Bidirectional security M2M (machine to machine) and M2B (machine to business) Integrity, authenticity, confidentiality and availability of transferred or stored data Non-repudiation Resistance against masquerades
14 Fundamental idea Efficient check of energy invoice Owner of distribution net Digital signature Verteilnetzbetreiber invoice distribution Digital Lieferant signature supplier Analyse of consumption invoice energy EDI Server Information Server Internet Internet Digital signature customer Visual checking ZFA Remote reading of measurement data Digital signature meter
15 Security concept General: Use of modern cryptographic methods Use of Hash functions to make sure the integrity of data, use for SELMA: SHA-1 Use of asymmetric signature procedures for authenticity of data, use for SELMA: ECC technique, (Elliptic Curve Cryptography) - ECDSA
16 Secure measurement device Area protected by verification stamp measurement unit security unit controller MIM MIM- Meter Identification Module Measurement unit and controller Security functions Communication Measurement modul calculates and verifies the Real-time Support of digital signatures clock protocol layer 1 to 3 handling Typical remote provides of secure higher reading memory protocol for layers procedures in measurement data private communication and public keys, PSN, etc. calculate generates the the hash pair value GSM, GPRS (strong of growing), keys control UMTS of management functions Communication modul
17 Typical SELMA - board Source Karl Wieser GmbH,, Anzingerstr. 14, Ebersberg, Tel: 08092/2097-0, 0, Fax: 08092/ ,
18 Typical SELMA-meters data logger Gas meter
19 Development steps of the security system Security analysis Security concept Data modelling Service concept/operational concept Implementation Testing Improvement and optimisation Introduction on the market We are here now
20 Infrastructure of the Security concept Security systems need security management As well security mechanisms as infrastructure are needed The weights and measures bodies or other authorities have been taken into account Infrastructures - ensure the trust of consumers in electronically transmitted measurement values and are preconditions of bidirectional authenticated communication.
21 Infrastructure scheme National Certification Authority (CA) for external CAs SA yptography 24/2048 external CA elliptic curve cryptography- ECC 192 W&M CA existing structure Local testing authority access key device management signature and access key measurement device
22 Public key infrastructure Local authority generates the EC key pair (d, Q) (W&M) Private key d is stored in secure memory Local authority generates a certificate with the public key Q and signs it with his own personalised electronic signature of external CA Certificate is stored in the measurement device Estimated time: currently 1 min. Private key d Computer of local authority Public key Q Measurement device
23 Signing and authenticated access The security concept provides: - Signed measurement data - Authenticated access Methods of authentication: Password offers low level of protection only Symmetric algorithms not useful for many devices Asymmetric algorithms are much better, but there is a need for a public key infrastructure
24 Signature of measurement data Measurement device signs the data which are defined in data model with the private key d data set The signature belongs to the set of data ECC signature r: r: 0x74210B19E59C80E70FA7E9AB FEB8DEECC146B9B4 s: s: 0x388AA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1015 Device-Id 1234 Obis 1-1: :00 23,456 00:15 24,274 00:30 24,995..
25 Signed measurement data data provision signed data signed data user data data verification verification with with verification verification software software by by user user -as -as simple simple as as possible- possible- signed data data data verification verification by by system system Signed data signed data data acquisition transfer protocol certificates of measurement devices measurement device
26 SELMA-in operation: Access to data by customer Daten/ Signatur Customer server Daten/ Signatur Customer system 1. Read data (e.g. Browser) 2. Verify data ( DLMS/ DSFG Messgerät
27 Data evaluation by the end user Requirements on the verification system - Easy to use - Trust one party - Fitting for the application -Flexible PTB developed prototypes of special verification software (EVM) - user gets the validation information very easy - presentation of measurement values - export function to MS-Excel.
28 User friendly verification Energy data Verification Module Verification of data successful Verification successful
29 Authenticated access - preconditions Every unit has one unique identifier (ID) Every unit has a synchronised real time clock Every unit has the public keys of the other units Measurement Device (MD) IT-System (IT) ID MD ID IT Public key IT Public key MD
30 Authenticated access Measurement Device (MD) IT-System (IT) <Request, time stamp IT, ID IT, ID MD, data1, Sig IT > <time stamp IT, time stamp MD, ID IT, ID MD, data2, Sig MD > <Hash(time stamp IT, time stamp MD, ID IT, ID MD, data2, Sig IT > Applications: Secure remote control switch off of energy Parametrisation Download of firmware
31 Testing systems PTB developed prototypes of test systems (PST) Supported services: Generation of keys Generation of certificates Device management (security relevant) Device tests - security (local and remote) Conformity with the concept
32 9 month-selma fieldtrial 90 electricity meters EMH; L+G; Görlitz 60 gas meters Wieser; Elster 3 data acquisition systems Görlitz; ITF-EDV-Fröschl 4 testing authorities AGME; EAM; EnBW; RWE 7 device management systems all testing authorities 1 SELMA-Directory-Service (SDS) University of Siegen customer systems (EVM) all project members Aims of the field trail Verification of SELMA technique under real conditions Proof of accepance of all SELMA functions
33 Advantages of the security concept The concept offers a secure and traceable data exchange concept provides a security architecture supporting the authentication of measuring data and the secure data access represents a comprehensive security concept adapted to the needs metrology applications considers the complete metering process chain from calibration and installation to measurement
34 Expenditure of security systems Security causes costs Two kinds of costs: non-recurring costs, fixed expenses Non-recurring costs depends on technology Fixed expenses depends on infrastructure Annual fixed expediture per device in Euro 1000 devices devices min max min max Sum for signed data 3,00 30,58-1,69 15,77 Sum for authenticated access 6,10 15,64 4,02 8,21 Sum for software download -24,07-3,36-24,82-4,86 Total sum -14,97 42,86-22,49 19,12 source: Jürgen Boda (EnBW): SELMA - Gut und teuer?
35 Applications in metrology Product announcements VNG solution Tlz Sealed software in metrology
36 Top News received on RMG REGEL + MESSTECHNIK GMBH Osterholzstr. 45 D Kassel, Germany Telefon rmg@rmg.com Impressum
37 Secured data data according to to W&M via via remote reading digital signed DSFGdatdata Pattern approval at at PTB PTB in in progress! Details shortly RMG REGEL + MESSTECHNIK GMBH Osterholzstr. 45 D Kassel, Germany Telefon rmg@rmg.com Impressum
38 tlz or Sym 2 Definition of a new concept of electrical meter No real time clock Only a counter which counts every second But it uses the SELMA-ideas for different parts of ensuring, e.g. download and data protection Defines standard interfaces
39 VNG-Elster solution Signature gateway for gas reconstruction-systems Transfer of measured values of gas quality to different users Signed data structures based on ECC SELMA developments
40 Software signing facility in PTB Set-up of an facility for signing software using strong cryptography (SHA-256, ECC 256) Problems: long-term storing of the secret key Well-defined internal PTB rules with reduced residue risk Current state: Only one secret PTB key exists
41 Outlook User association (ADM e.v.) is founded in 2006 Improvements of the concept procedures (performance, operational concept, standardisation) Testing of hard and software for measurement systems Standardized security concept for metrological applications - It may help to avoid interoperability problems Looking for other fields of application
Using etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More information2014 IBM Corporation
2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationWIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES
WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationWorld Summit on Information Society (WSIS) Forum 2013. 16 May 2013
World Summit on Information Society (WSIS) Forum 2013 Toolkit for creating ICT-based services using mobile communications for e- government services 16 May 2013 Hani Eskandar ICT Applications coordinator
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationWELMEC European cooperation in legal metrology
WELMEC 11.2 Issue 1 WELMEC European cooperation in legal metrology Guideline on time depending consumption measurements for billing purposes (interval metering) May 2010 1 WELMEC European cooperation in
More informationSecuring Distribution Automation
Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010
More informationConcept for a cryptographic infrastructure for measurement components in smart grids
Physikalisch-Technische Bundesanstalt Braunschweig und Berlin Concept for a cryptographic infrastructure for measurement components in smart grids Norbert Zisky Physikalisch-Technische Bundesanstalt Norbert
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationMobile OTPK Technology for Online Digital Signatures. Dec 15, 2015
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
More informationSecureStore I.CA. User manual. Version 2.16 and higher
User manual Version 2.16 and higher Contents SecureStore I.CA 1. INTRODUCTION...3 2. ACCESS DATA FOR THE CARD...3 2.1 Card initialisation...3 3. MAIN SCREEN...4 4. DISPLAYING INFORMATION ABOUT THE PAIR
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationWhite Paper. Enhancing Website Security with Algorithm Agility
ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationAdvanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech
Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI 2015. All rights reserved
ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance esignature Standards Framework Certificate Authority Time-stamping Signing Servers Validation
More informationETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification
TS 102 640-3 V1.1.1 (2008-10) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture, Formats and Policies; Part 3: Information Security
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements
More informationCryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik
Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification
TS 102 640-3 V2.1.1 (2010-01) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationCryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationTrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationGT 6.0 GSI C Security: Key Concepts
GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts Overview GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationProtection Profile for the Security Module of a Smart Meter Gateway (Security Module PP)
Protection Profile for the Security Module of a Smart Meter Gateway (Security Module PP) Schutzprofil für das Sicherheitsmodul der Kommunikationseinheit eines intelligenten Messsystems für Stoff- und Energiemengen
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationJournal of Electronic Banking Systems
Journal of Electronic Banking Systems Vol. 2015 (2015), Article ID 614386, 44 minipages. DOI:10.5171/2015.614386 www.ibimapublishing.com Copyright 2015. Khaled Ahmed Nagaty. Distributed under Creative
More informationMobile Office Security Requirements for the Mobile Office
Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used
More informationCryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood
More informationData Storage Security in Cloud Computing
Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationSERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security
International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS
More informationDigital Signature Standard (DSS)
FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS) CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory National Institute
More informationARCHIVED PUBLICATION
ARCHIVED PUBLICATION The attached publication, FIPS Publication 186-3 (dated June 2009), was superseded on July 19, 2013 and is provided here only for historical purposes. For the most current revision
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationCleaning Encrypted Traffic
Optenet Documentation Cleaning Encrypted Traffic Troubleshooting Guide iii Version History Doc Version Product Date Summary of Changes V6 OST-6.4.300 01/02/2015 English editing Optenet Documentation
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationEfficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms
Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Radhika G #1, K.V.V. Satyanarayana *2, Tejaswi A #3 1,2,3 Dept of CSE, K L University, Vaddeswaram-522502,
More informationSSL/TLS: The Ugly Truth
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography
More informationIBM i Version 7.3. Security Digital Certificate Manager IBM
IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationCisco Trust Anchor Technologies
Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed
More informationThe IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations
Interchange of Data between Administrations EUROPEAN COMMISSION ENTERPRISE DIRECTORATE- GENERAL INTERCHANGE OF DATA BETWEEN ADMINISTRATIONS PROGRAMME Interchange of Data between Administrations 2 of Generic
More informationYou re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com
SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.
More informationB U S I N E S S G U I D E
VeriSign Microsoft Office/Visual Basic for Applications (VBA) Code Signing Digital Certificates Realizing the Possibilities of Internet Software Distribution CONTENTS + What Is Developer Code Signing?
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationA Study on Secure Electronic Medical DB System in Hospital Environment
A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133
More informationSecure Signature Creation Device Protect & Sign Personal Signature, version 4.1
Zentrum für sichere Informationstechnologie Austria Secure Information Technology Center Austria A-1030 Wien, Seidlgasse 22 / 9 Tel.: (+43 1) 503 19 63 0 Fax: (+43 1) 503 19 63 66 A-8010 Graz, Inffeldgasse
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationWireless Mobile Internet Security. 2nd Edition
Brochure More information from http://www.researchandmarkets.com/reports/2330593/ Wireless Mobile Internet Security. 2nd Edition Description: The mobile industry for wireless cellular services has grown
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationCertificate Management. PAN-OS Administrator s Guide. Version 7.0
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationGuide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid)
The World Internet Security Company Solutions for Security Guide to Obtaining Your Free WISeKey CertifyID Personal Digital Certificate on Aladdin etoken (Personal eid) Wherever Security relies on Identity,
More informationSecurity and Security Certificates for OpenADR systems. Background. Content:
Security and Security Certificates for OpenADR systems Content: Background... 1 Setup for OpenADR... 2 Test-, Evaluation-, and Production Certificates... 3 Responsibilities... 3 Certificate Requesting
More informationA Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.
A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role
More informationSSL BEST PRACTICES OVERVIEW
SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationVoIP Security. Seminar: Cryptography and Security. 07.06.2006 Michael Muncan
VoIP Security Seminar: Cryptography and Security Michael Muncan Overview Introduction Secure SIP/RTP Zfone Skype Conclusion 1 Introduction (1) Internet changed to a mass media in the middle of the 1990s
More informationMOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES
MOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES Marko Schuba and Konrad Wrona Ericsson Research, Germany ABSTRACT This paper describes the Mobile Chip Electronic Commerce
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationLesson 4: Introduction to network security
Lesson 4: Introduction to network security Dr. Justo Carracedo Gallardo carracedo@diatel.upm.es Technical University of Madrid University Professor at the Telecommunication School (EUITT) What is Network
More informationInformation & Communication Security (SS 15)
Information & Communication Security (SS 15) Electronic Signatures Dr. Jetzabel Serna-Olvera @sernaolverajm Chair of Mobile Business & Multilateral Security Goethe University Frankfurt www.m-chair.de Agenda
More informationDescription of the Technical Component:
Confirmation concerning Products for Qualified Electronic Signatures according to 15 Sec. 7 S. 1, 17 Sec. 4 German Electronic Signature Act 1 and 11 Sec. 2 and 15 German Electronic Signature Ordinance
More informationqwertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfgh jklzxcvbnmqwertyuiopasdfghjklzxcvb
qwertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfgh jklzxcvbnmqwertyuiopasdfghjklzxcvb The e-cheque System nmqwertyuiopasdfghjklzxcvbnmqwer System Specification tyuiopasdfghjklzxcvbnmqwertyuiopas
More informationPowerKey Conditional Access System Phase 1.0. System Overview. Revision 1.0
PowerKey Conditional Access System Phase 1.0 System Overview Revision 1.0 Scientific-Atlanta, Inc, Unpublished Works of Scientific-Atlanta, Inc. Copyright 1997 Scientific-Atlanta, Inc. All Rights Reserved
More informationSecurity & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173
Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security
More informationCipherShare Features and Benefits
CipherShare s and CipherShare s and Security End-to-end Encryption Need-to-Know: Challenge / Response Authentication Transitive Trust Consistent Security Password and Key Recovery Temporary Application
More informationCryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI)
Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI) 1024431 Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationCertification Report
Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationImplementation of biometrics, issues to be solved
ICAO 9th Symposium and Exhibition on MRTDs, Biometrics and Border Security, 22-24 October 2013 Implementation of biometrics, issues to be solved Eugenijus Liubenka, Chairman of the Frontiers / False Documents
More informationComputer System Management: Hosting Servers, Miscellaneous
Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation
More information