Securing EPCglobal Object Name Service Privacy Enhancements for Anti-counterfeiting

Size: px
Start display at page:

Download "Securing EPCglobal Object Name Service Privacy Enhancements for Anti-counterfeiting"

Transcription

1 Securing EPCglobal Object Name Service Privacy Enhancements for Anti-counterfeiting Matthieu-P. Schapranow, Alexander Zeier, Felix Leupold, Tobias Schubotz Hasso Plattner Institute, Enterprise Platform and Integration Concepts August Bebel Str. 88, Potsdam, Germany {matthieu.schapranow {felix.leupold Abstract In RFID-aided supply chains captured location-based event data is stored in distributed repositories. Performing anti-counterfeiting involves checks on the good s path in the supply chain. The path is reconstructed by querying corresponding event data from distributed repositories. The object name service performs lookups of relevant event repositories in EPCglobal networks. Attacking the lookup process can be used to break privacy of inquirers, e.g. to derive product and user profiles. We share details about our security enhancement prototypes to protect the privacy of querying parties. Our developed enhancements are designed for easy integration into existing network infrastructures without major efforts. I. Introduction Radio Frequency Identification (RFID) technology is named as a possible basis for anti-counterfeiting by providing enhancements of existing business processes [1]. Hereby, an automated tracking and tracing of products and an enhanced goods receipt process, e.g. on item, box, or pallet level, becomes available. It shows prevailing advantages, e.g. in contrast to barcodes, RFID tags can be read without establishing a direct line of sight, multiple tags can be read simultaneously, and they can cope with dirty environments [2], [3]. In context of pharmaceutical supply chains, the integration of tracking functionality is widely considered, e.g. two-dimensional data matrix or RFID technology, since this specific industry is confronted with increasing counterfeit rates [4]. The Electronic Product Code (EPC) uniquely identifies a certain good, e.g. pharmaceuticals equipped with RFID tags [5]. Related tracking events are stored in distributed EPC Information Services (EPCIS) repositories of involved supply chain parties [6]. We assume a dedicated service provider for anti-counterfeiting which needs to access EPCIS repositories of all supply chain parties. EPCISs are determined by providing EPC to Object Name Service (ONS) [7]. We value RFID event data as sensitive which needs to be protected against attacks during anticounterfeiting, e.g. eavesdropping [8]. In this work, we share details about our developed security enhancements ONSSL and zone encryption of ONS data to improve privacy during anti-counterfeiting Inquirer ONS DNS EPCIS EPC IP Address EPC Query Response Fig. 1. UML Sequence Diagram: EPCglobal Lookup Process and Privacy Threats in Scope of this Work Indicated by Bolt Signs lookup process. In Fig. 1 actors of the EPCglobal lookup process and privacy vulnerabilities in scope of our work are depicted and marked by bolt signs. The rest of the paper is structured as follows: Sect. II draws the motivation in context of the pharmaceutical supply chain. Sect. III sets our work in context to related work and in Sect. IV we share implementation details about our prototypes. Benchmark results of our enhancements are shared in Sect. V and their applicability in context of the pharmaceutical supply chain is evaluated in Sect. VI. Our work concludes with an outlook towards further research activities in Sect. VII. II. Motivation: Pharmaceutical Supply Chain The European pharmaceutical industry hit headlines with operation MEDI-FAKE announcing 34 million detected fake drugs in just two months [9]. The European Commission reported an increase of 118 % for pharmaceutical counterfeits detected at borders in 2008 compared to The pharmaceutical product category is the third largest product category in terms of quantities of intercepted articles besides the categories CDs/DVDs and cigarettes [4]. Counterfeited goods are a risk for customers and suppliers, since their effects are neither tested nor validated and the customer may suffer from medical complications. Annually approx. 7,000 cases of

2 medical complications are suspected to be connected with pharmaceutical counterfeits or improper ingredients [10]. In 2004, it was estimated that more than 500 billion USD were traded in counterfeits, i.e. 7 % of the world trade in the same period [11]. It is argued, that this equals an increase of 150 billion USD compared to 2001 [12]. In contrast, during the same period, the worldwide merchandise trade increased only by approx. 50 billion USD. This short excerpt of reported cases and their impact highlights the omnipresent risks of counterfeits and the need for a reliable mechanism to protect pharmaceutical goods. Its protection has to be an integer part of the entire pharmaceutical supply chain and should involve all supply chain participants. From our point of view, a high level of supply chain integrity is the basis for reliable product tracking and counterfeit detection. III. Related Work Fabian et al. started to investigate security of ONSs in EPCglobal networks, discussed various drawbacks and highlighted possible threats [13]. We see their work as basis for our research activities on ONS privacy enhancements. Jing Sun et al. performed research on securing EPC data based on an adapted Public Key Infrastructure (PKI) [14]. Besides access control, this approach encrypts data for data exchange. However, this requires set-up and administrate a hierarchical chain of trust which issues certificates via Certificate Authorities (CAs) [15], [16]. Security improvements of the Domain Name Service (DNS) are also relevant for the development of ONS since the latter adapts ideas of the DNS concept [17]. Domain Name System Security Extensions (DNSSEC) [18] and DNScurve [19] are only two possible extensions to enable authenticity and data encryption based on ellipticcurve cryptography for DNS queries and responses. From our perspective, securing exchanged queries and responses is equally important for EPCglobal networks to prevent eavesdropping of EPC event data. The Onion Routing (TOR) project presented by Dingledine et al. provides application layer anonymity by encrypting messages and routing them via frequently changing paths through a network of servers operated by volunteers [20]. In terms of the pharmaceutical supply chain the anonymity of the querying party is only relevant when a connection between EPC and customer can be derived. Since we assume a dedicated service provider for anti-counterfeiting the anonymity of inquirers is preserved. Other research activities evaluated the applicability of Peer-to-Peer (P2P) solutions in context of RFID scenarios to guarantee High Availability (HA) and load balancing in global supply chains [21]. Further approaches for HA, such as the Totem Redundant Ring Protocol [22] or multiple logical machines with fault-tolerant protocols [23] exist. We agree on storing RFID event data in a distributed manner. However, no existing work considers security of stored data or privacy of querying parties. Establishing Fig. 2. Inquirer EPC ONSSL Client Encrypted EPC Encrypted ONSSL Server EPC ONS UML Sequence Diagram: Secured ONS Lookup Process access control in P2P networks or distributed environments is hard to achieve. Decker et al. use encryption while resolving RFID event data in P2P networks [24]. Although their approach ensures data security it prevents adaptable views, which are necessary to maintain individual access control. Miklau and Suciu suggest XML encryption to define fine-grained access control and to provide different views [25]. However, due to the expected amount of events, the transferred data needs to be minimized and XML is not an adequate choice in our opinion. Evdokimov et al. propose access control for RFID data on a high level of granularity, i.e. their approach provides only one generic key per data source [26]. If the key is exposed, all RFID events for this source are exposed at once. Our contribution focuses on a fine-grained access control, i.e. an individual key inquirer. IV. Contribution In the following, we present our research prototypes for enhancing the inquirer s privacy of EPCIS lookups during anti-counterfeiting in global RFID-aided pharmaceutical supply chains. Our developed prototypes can be applied to ONS and DNS lookup processes in a similar way since we consider these lookup methods as implementations on top of key-value stores [27]. For anti-counterfeiting RFID event data from distributed EPCIS repositories has to be aggregated. The EPCglobal ONS standard defines interpretation of EPC as Uniform Resource Identifier () and defines the mapping algorithm to convert it to an Internet domain name as follows [7]: urn :epc :id :sgtin : sgtin.id.ons.org. ONS server returns for a given EPC a, e.g. a Unified Resource Locator (URL), to the querying party. The querying party contacts a DNS name server to resolve the received by ONS server to a naming authority pointer. The resolved pointer is used to contact the responsible

3 EPC EPCIS Encrypted EPC Encrypted EPCIS *.sgtin.id.pfizer.com epcis.pfizer.com DgBxJs99gVPV/A==enc.ons.org T5Hz4o6ilCVGA0oEp2c= *.sgtin.id.bayer.de epcis.bayerscheringpharma.de Kd0x8MSbkwE=enc.ons.org c/xovss04fqmsg== *.sgtin.id.schering.de epcis.bayerscheringpharma.de 7dnMS28bAfg=enc.ons.org c/xovss04fqmsg== *.sgtin.id.ratiopharm.de epcis.ratiopharm.de Lr1VMb8R/NiBFinlig==enc.ons.org av38il7o4m2yyydd TABLE I Example of an Encrypted Zone File EPCIS or its provided services for anti-counterfeiting purposes. The lookup process is modeled in Fig. 1. Since ONS lookups are performed via the Internet in plain text, attackers are able to perform malicious attacks, e.g. man-in-the-middle attacks or ONS server attacks, to obtain EPC event details [8]. As a result, attackers are able to either derive connections between groups of pharmaceuticals and querying parties, i.e. product and customer profiles, or spy business relations, e.g. between retailers, wholesalers, and manufacturers. A. Encrypting Lookups using Secure Socket Layer Since current ONS implementations lack encrypted communication, we elaborate the use of Secure Socket Layer (SSL) to secure data exchange. Rather than adapting existing infrastructure services, such as DNS or ONS, we developed an ONSSL client/server which encrypts queries and responses as depicted in Fig. 2. Instead of querying default ONS server directly inquirers have to connect to ONSSL client at the border of its trusted network, e.g. company s internal network. A trusted ONS respectively DNS server needs to install ONSSL server, which accepts incoming encrypted queries and forwards them to the local ONS service accordingly. Stored content remains unchanged and plain text data is still accessible via existing service ports. B. Zone Encryption Due to the expected bulk amount of anti-counterfeiting checks in the pharmaceutical supply chain, we focus on keeping server load moderate when applying any enhancements [28]. The use of encrypted message exchange is connected with additional protocol overhead, e.g. key negotiation, and increased server load, e.g. for key recreation. We propose to shift the encrypt-many/decrypt-many technique incorporated by our proposed ONSSL prototype towards an encrypt-once/decrypt-many setup. From a database architect s point of view, ONS storages can be considered as key-value stores [27]. Neither unauthorized inquirers nor operators of ONSs are able to retrieve plain text information when keys and values are encrypted. Queries are encrypted by inquirers and compared by ONS servers without decryption. Equally, the response is decrypted by the client, which eliminates additional encryption CPU load on ONS servers. However, querying parties need knowledge about how to encrypt/decrypt data and how to create encrypted queries. The EPCIS operator is responsible for encrypting resource records stored in ONS servers. We propose the use of symmetric key encryption, e.g. Advanced Encryption Standard (AES) [29]. Private keys need to be exchanged between EPCIS operator and querying parties using a dedicated, secured channel, e.g. by downloading these from a secured webpage or providing them as two-dimensional data matrix on pharmaceutical packages [30]. For long lasting business relationships it is possible to issue special partner keys, e.g. for decryption of EPC event data for multiple packages delivered to a certain business partner. Encrypted records are stored in the same way current plain text records are stored in ONS server. However, they cannot be decrypted without the knowledge of the private key. In other words, neither the operator of ONS server nor any querying party is able to decrypt the data without the knowledge of the shared key. In order to identify encrypted requests, a specific zone-suffix, e.g. enc.ons.org as shown in Tab. I, needs to be appended to the request. Querying a record involves encryption of the request using the shared key and appending of the specific domain suffix. ONS server performs a regular lookup and returns stored encrypted content. The querying party can decrypt the response using its shared key. V. Benchmark Results We performed benchmark analysis of our implemented security enhancement prototypes. Acquired results are evaluated in the following. A. ONSSL We implemented ONSSL client/server using communication protocols User Datagram Protocol (UDP) and the Transmission Control Protocol (TCP) for network communication [31]. Single ONS lookups are typically performed using UDP, but TCP is also possible, e.g. for zone negotiations. Due to the required TCP three-way handshake, UDP performs better in a reliable network environment. UDP s communication overhead is smaller compared to TCP which makes UDP preferable for bulk queries [32]. ONSSL client was installed on a workstation running Microsoft Windows 7, which was equipped with a single CPU, two cores running at 2.6 GHz clock speed, 4 GB RAM. Server was installed on Debian squeeze running kernel on a single Intel(R) Xeon(R) CPU E5450 at 3.0 GHz clock speed, 1 GB RAM. On the same

4 UDP TCP Zone I II I II I II Request Size [B] Response Size [B] 143 1, , ,045 Roundtrip [ms] TABLE II Comparison of Performance Results Single UDP, Single TCP, Zone TCP (I: DNS, II: ONSSL) Metric Traditional Lookup Zone Encryption Request Size [B] Response Size [B] Roundtrip Time [ms] Client Time [ms] TABLE III Comparison of Performance Results for Traditional Lookups and Zone Encryption system, we used a BIND 9.6-ESV-R1 and populated it with encrypted RFID event data as shown in Tab. I for the unencrypted content. All systems were equipped with Gigabit network interface cards and connected through an unmanaged Gigabit network switch. The network response time of our prototypes is addressed by measuring roundtrip times, i.e. time consumed to transfer messages between peers. We randomly looked up entries in our test data using the current ONS lookup process and compared it to using a secured connection using ONSSL client/server. Benchmark results are given in Tab. II. We found out, that key negotiation and connection setup time for the secured connection increase lookup time. In contrast to a traditional UDP lookup which consumes avg. 20 ms and a TCP lookup which consumes avg. 110 ms, roundtrip times increased to 649 ms and 656 ms respectively in the secured setup. Since the secure connection requires a TCP connection, response performance decreases when wrapping UDP requests into TCP packets. The size of encrypted TCP queries is ten times larger than a comparable UDP query without encryption, which is avg. 90 Byte. Roundtrip takes up to three times longer to retrieve the response for an encrypted query. Response size of 1,695 ms and 1,629 ms is between five to eleven times higher for TCP and UDP respectively. B. Zone Encryption The enhancement zone encryption was tested incorporating same benchmark setup used for ONSSL. We analyzed request and response size, roundtrip time, and total time consumed by the client application to decrypt the data as shown in Tab. III. As a result of the used suffix to indicate encrypted queries, request size increased by approx. 15 percent compared to traditional lookup request with avg. 90 Byte. Due to fixed block size of AES algorithm response size increases by approx. 43 percent compared to avg. 143 Byte in traditional lookups. Roundtrip times remain constant at avg. 20 ms since zone encryption only affects data stored in ONS server and not communication methods in between. We found out, that using zone encryption doubles client time from avg. 27 ms to avg. 60 ms. This is caused by performing cryptographic operations. Since operations for encrypting requests and decrypting responses are performed on client-site, zone encryption does not increase CPU load on server-site in none of the case. VI. Security Evaluation In the following, results of our threat assessment for the pharmaceutical supply chain scenario are given and our proposed enhancements are evaluated. A. Threat Assessment A transformation towards an RFID-enabled pharmaceutical industry involves the need to provide open interfaces, e.g. to query EPCISs while coping with vulnerable environments [8]. Related research work elaborated threats for an RFID-aided supply chain [33], [34], [35]. We aim to protect customer privacy in an RFID-aided pharmaceutical supply chain. Therefore, we focus in our work on the following threats. 1) Data theft: RFID event data is of high interest for competitors and for counterfeiters. It can be abused to derive business relations and to create counterfeited pharmaceuticals. We consider RFID event data stored in ONS and DNS servers as confidential, which needs to be protected against unauthorized access. Thus, we propose access control with userspecific keys to protect data and to control data access for certain users or groups. 2) Denial of service: Real-time business processes such as goods receipt processing are coupled via RFID technology with EPCISs. Thus, queries need to be performed in sub-second response time while zero downtime is required. ONS servers should be out of scope for potential attacks since its availability is crucial for business operations in a global RFIDaided supply chain. 3) Eavesdropping lookup data: Anti-counterfeiting involves lookups of EPCISs using ONS and DNS queries respectively. Eavesdropping the lookup process can be abused to derive details about involved business partners even when exchanged data is encrypted, e.g. fingerprinting [36]. B. ONSSL Our ONSSL prototype developed in Python provides a transparent encryption enhancement to prevent eavesdropping of exchanged ONS queries and responses. It is designed for easy integration in existing landscapes with minimal effort, i.e. current systems have neither to be adapted nor recompiled. This enhancement can be operated in parallel to an ONS setup without influencing

5 operation of the existing system. In addition to the default query service our ONSSL prototype exposes a SSL encrypted query service. Benchmark results for ONSSL prototype showed an increase in roundtrip time between factors six up to factor 32 compared to the plain text lookup depending on the used communication method. However, roundtrip times for the ONSSL approach are constant for all lookup methods at avg. 650 ms. In other words, although roundtrip time increased it remains constant regardless of the used query method. We found out, that the required three-way handshake to setup the TCP connection in combination with key negotiation is a major reason for this increase. We further observed increased CPU load on ONSSL server and client, which is driven by cryptographic activities. Due to increased network load and roundtrip time we do not consider ONSSL approach as optimal for use in the global RFID-aided pharmaceutical supply chain. However, since ONS servers cache lookup results we value increased network traffic as moderate for the given scenario. We consider our ONSSL prototype as a feasible and transparent way to prevent eavesdropping of ONS lookups. Thus, we suggest using it for migration towards a secured RFID-aided pharmaceutical supply chain based on integrated support for encrypted data exchange. Threats mentioned in Sect. VI-A are only partially eliminated, e.g. eavesdropping lookup data results in encrypted content. However, data theft is still possible, e.g. by attacking ONS server to obtain stored plain text records. From the security s point of view, ONSSL improves data integrity during exchange via communication network, but it does not address endpoint security. C. Zone Encryption The design of our proposed zone encryption enhancement focuses on improving roundtrip times for ONS lookups. We consider the increase of request and response size to avg. 100 and 200 bytes respectively not as significant in context of the pharmaceutical supply chain. This approach suffers from a trade-off between security and data volume. Any data set that is stored in ONS server belongs to a specific key. Therefore, if each client gets a unique key, each event record is stored multiple times encrypted by different keys. On the one hand, if a company hasnrecords andmclients, this would result inn m records stored in ONS server in the worst case without applying business semantics. On the other hand, providing different clients with identical keys impacts security. Zone encryption prevents eavesdropping during lookup of data equally to ONSSL approach since only encrypted data is stored in ONS server and exchanged. It also prevents unauthorized access to data stored in ONS server since it is stored completely encrypted. Access to encrypted data is maintained sharing encryption keys, i.e. the encrypting party and legitimate querying parties are able to decrypt data. It builds on existing lookup mechanism, thus, it minimizes network overhead. In contrast to ONSSL approach, zone encryption eliminates the need for encryption and decryption of data on server-site. As a result, CPU load of ONS server is not affected since encrypted data is handled similar to plain text records. This approach is easy to integrate into existing lookup mechanisms without the need to install additional software or to change configurations. We consider zone encryption as a feasible way to protect both RFID event data and inquirers privacy. Threats mentioned in Sect. VI-A are eliminated or limited to a minimum by applying this enhancement in a global RFIDaided pharmaceutical supply chain. Denial of service and data theft attacks against ONS servers to obtain plain text data are prevented since no plain text data is stored in ONS servers. Eavesdropping exchanged data is prevented since only encrypted content is exchanged between ONS servers and inquirers. From the security s point of view, zone encryption addresses both aspects, data integrity during data exchange and endpoint security while data is stored on public systems, such as ONS servers. VII. Conclusion The given work is motivated by requirements of an integer RFID-aided supply chain for the pharmaceutical industry. Particularly, we focused on privacy of ONS lookups to prevent exposure of product or customer profiles. We developed and tested privacy enhancements for the EPCglobal network to secure RFID event data and data exchange between querying parties and ONSs. Our first contribution ONSSL was designed to support transformation towards an entirely secured ONS lookup since it provides in addition to the existing ONS lookup a secured lookup service without the need to adapt the current ONS software and lookup process. The second contribution zone encryption is designed to support entirely secured ONS lookups. While making use of established ONS software, it prevents unsecured communication and public data to be stored in plain text. In a matter of answering queries in an EPCglobal network in sub-second response time, our future research focuses on lightweight privacy enhancements. On the one hand, we assume, that administrative overhead for encrypting all EPC event data for any querying party with a dedicated key is high. Since it is not known whether all encrypted event data is queried. Thus, storage requirements increase for this approach since data is stored redundantly encrypted by keys of potential business partners with access to the data. Overhead depends on supply chain configuration and its impact needs to be evaluated in a concrete business context. We expect storage requirements to be a limiting factor and perform further research on how to perform on-the-fly encryption to reduce storage requirements for an encrypted ONS lookup setup while keeping required system modification low.

6 On the other hand, future research activities will investigate adoptions for inquirers, e.g. how to maintain keys issued by various business partners and possibly combine them for specific user groups. References [1] S. Choi and C. Poon, An RFID-based Anti-counterfeiting System, International Journal of Computer Science, vol. 35, no. 1, [2] G. R. White, G. Gardiner, G. Prabhakar, and A. A. Razak, A Comparison of Barcode and RFID Technologies in Practice, Journal of Information, Information Technology, and Organizations, vol. 2, [3] A. Stiehler and T. Wichmann, RFID im Pharma- und Gesundheitssektor. Vision und Realität RFID-basierter Netzwerke für Medikamente, Berlecon Report, [4] European Commission Taxation and Customs Union, Report on EU Customs Enforcement of IP Rights, customs/customs_controls/counterfeit_piracy/statistics/ 2009_statistics_for_2008_full_report_en.pdf 1, [5] EPCglobal Inc., Tag Data Standard 1.4, epcglobalinc.org/standards/tds/tds_1_4-standard pdf 1, [6], EPC Information Services Specification, epcis_1_0_1-standard pdf 1, [7], EPCglobal Object Name Service 1.0.1, ons_1_0_1-standard pdf 1, [8] M.-P. Schapranow, J. Müller, A. Zeier, and H. Plattner, Security Aspects in Vulnerable RFID-Aided Supply Chains, in Proceedings of the 5th European Workshop on RFID Systems and Technologies. VDE, [9] IP Crime Group, IP Crime Report, [10] J. Jenkins, P. Mills, R. Maidment, and M. Profit, Pharma Traceability Business Case Report, [11] ICC Policy Statement, The Fight against Piracy and Counterfeiting of Intellectual Property, intellectual_property/fight_against_piracy.pdf 1, [12] T. Staake, F. Thiesse, and E. Fleisch, Extending the EPC Network: The Potential of RFID in Anti-Counterfeiting, in Proceedings of the ACM Symposium on Applied Computing. New York, NY, USA: ACM, 2005, pp [13] B. Fabian, O. Günther, and S. Spiekermann, Security Analysis of the Object Name Service, in Proceedings of the 1st International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, [14] J. Sun, H. Zhao, H. Xiao, and G. Hu, Lightweight Public Key Infrastructure and Service Relation Model for Designing a Trustworthy ONS, in Proceedings of the International Conference on Computer and Information Science. Los Alamitos, CA, USA: IEEE Computer Society, 2009, pp [15] L. Boursas and W. Hommel, Multidimensional Dynamic Trust Management for Federated Services, in Proceedings of the International Conference on Computational Science and Engineering, vol. 2. Los Alamitos, CA, USA: IEEE Computer Society, 2009, pp [16] E. Holohan and M. Schukat, Authentication Using Virtual Certificate Authorities: A New Security Paradigm for Wireless Sensor Networks, in Proceedings of the International Symposium on Network Computing and Applications, vol. 0. Los Alamitos, CA, USA: IEEE Computer Society, 2010, pp [17] P. Mockapetris, RFC1034: Domain Names Concepts and Facilities, 1, [18] R. Austein, M. Larson, D. Massey, R. Arends, and S. Rose, RFC4033: DNS Security Introduction and Requirements, 1, [19] D. J. Bernstein, How DNSCurve is integrated into DNS, 1, [20] R. Dingledine, N. Mathewson, and P. Syverson, Tor: The Second-Generation Onion Router, in Proceedings of the 13th USENIX Security Symposium, 2004, pp [21] S. Shrestha, D. S. Kim, S. Lee, and J. S. Park, A Peer-to- Peer RFID Resolution Framework for Supply Chain Network, in Proceedings of the 2nd International Conference on Future Networks. Washington, DC, USA: IEEE Computer Society, 2010, pp [22] R. R. Koch, L. E. Moser, and P. M. Melliar-Smith, The Totem Redundant Ring Protocol, in Proceedings of the 22nd International Conference on Distributed Computing Systems. Washington, DC, USA: IEEE Computer Society, 2002, p [23] Y. Amir, B. Coan, J. Kirsch, and J. Lane, Customizable Fault Tolerance for Wide-Area Replication, in Proceedings of the 26th International Symposium on Reliable Distributed Systems. Washington, DC, USA: IEEE Computer Society, 2007, pp [24] C. Decker, M. Leuchtner, and M. Beigl, A Peer-To-Peer Approach for Resolving RFIDs, Poster at at Ubicomp 2003, , seattle, USA. [25] G. Miklau and D. Suciu, Controlling Access to Published Data using Cryptography, in Proceedings of the 29th International Conference on Very Large Data Bases. VLDB Endowment, 2003, pp [26] S. Evdokimov and O. Gunther, Practical Access Control Management for Outsourced EPC-related Data in RFID-enabled Supply Chain, in Proceedings of the International Conference on e-business Engineering. Washington, DC, USA: IEEE Computer Society, 2007, pp [27] G. DeCandia, D. Hastorun, M. Jampani, G. Kakulapati, A. Lakshman, A. Pilchin, S. Sivasubramanian, P. Vosshall, and W. Vogels, Dynamo: Amazon s Highly Available Key-Value Store, in Proceedings of the 21st Symposium on Operating Systems Principles, ser. SOSP 07. New York, NY, USA: ACM, 2007, pp [28] M.-P. Schapranow, M. Nagora, and A. Zeier, CoMoSeR: Cost Model for Security-Enhanced RFID-Aided Supply Chains, in Proceedings of the 18th International Conference on Software Telecommunications and Computer Networks. IEEE, [29] M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, Strong Authentication for RFID Systems Using the AES Algorithm, in Proceedings of the 6th International Workshop on Cryptographic Hardware and Embedded Systems, 2004, pp [30] European Commission, Public Consultation in Preparation of a Legal Proposal to Combat Counterfeit Medicines for Human Use, pharmaceuticals/files/pharmacos/docs/doc2008/2008_03/ consult_counterfeit_ _en.pdf 1, [31] J. F. Kurose and K. W. Ross, Computer Networking: A Top- Down Approach, 5th ed. Addison-Wesley, [32] M.-P. Schapranow, J. Müller, A. Zeier, and H. Plattner, RFID Event Data Processing An Architecture for Storing and Searching, in Proceedings of the 4th International Workshop on RFID Technology. INSTICC PRESS, [33] J. Wang, E. C. Wong, and T. Ye, PGMAP: A Privacy Guaranteed Mutual Authentication Protocol Conforming to EPC Class 1 Gen 2 Standards, in Proceedings of the International Conference on E-Business Engineering. Los Alamitos, CA, USA: IEEE Computer Society, 2008, pp [34] M.-P. Schapranow, A. Zeier, and H. Plattner, A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access, in Proceedings of the 4th International Conference on Network and System Security, [35] Q. Xiao, C. Boulet, and T. Gibbons, RFID Security Issues in Military Supply Chains, in Proceedings of the International Conference on Availability, Reliability and Security. Los Alamitos, CA, USA: IEEE Computer Society, 2007, pp [36] R. Koch and G. Dreo, Command Evaluation in Encrypted Remote Sessions, in Proceedings of the 4th International Conference on Network and System Security, All online references were checked on Nov. 17th, 2010.

Security Challenges of the EPCglobal Network

Security Challenges of the EPCglobal Network Security Challenges of the EPCglobal Network Benjamin Fabian and Oliver Günther Humboldt-Universität zu Berlin Institute of Information Systems (bfabian, guenther)@wiwi.hu-berlin.de The Internet of Things,

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明 Spirent Abacus SIP over TLS Test 编 号 版 本 修 改 时 间 说 明 1 1. TLS Interview (Transport Layer Security Protocol) (1) TLS Feature Introduction: 1. TLS is a successor of Secure Sockets Layer (SSL), a cryptographic

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network. Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components

More information

Anonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security

Anonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security Anonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security Ehsan Saboori and Shahriar Mohammadi Abstract One of the most important issues in peer-to-peer networks is anonymity.

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

RFID. Radio Frequency IDentification: Concepts, Application Domains and Implementation LOGO SPEAKER S COMPANY

RFID. Radio Frequency IDentification: Concepts, Application Domains and Implementation LOGO SPEAKER S COMPANY RFID Radio Frequency IDentification: Concepts, Application Domains and Implementation Dominique Guinard, Patrik Fuhrer and Olivier Liechti University of Fribourg, Switzerland Submission ID: 863 2 Agenda

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Network Attached Storage. Jinfeng Yang Oct/19/2015

Network Attached Storage. Jinfeng Yang Oct/19/2015 Network Attached Storage Jinfeng Yang Oct/19/2015 Outline Part A 1. What is the Network Attached Storage (NAS)? 2. What are the applications of NAS? 3. The benefits of NAS. 4. NAS s performance (Reliability

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463

More information

Research and Application of Redundant Data Deleting Algorithm Based on the Cloud Storage Platform

Research and Application of Redundant Data Deleting Algorithm Based on the Cloud Storage Platform Send Orders for Reprints to reprints@benthamscience.ae 50 The Open Cybernetics & Systemics Journal, 2015, 9, 50-54 Open Access Research and Application of Redundant Data Deleting Algorithm Based on the

More information

Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture

Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture IEEE GLOBECOM Design and Developers Forum Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture Tim Weil CISSP, CISA Booz Allen Hamilton

More information

Lightweight DNS for Multipurpose and Multifunctional Devices

Lightweight DNS for Multipurpose and Multifunctional Devices IJCSNS International Journal of Computer Science and Network Security, VOL.13 No.12, December 2013 71 Lightweight DNS for Multipurpose and Multifunctional Devices Yogesh A. Wagh 1, Prashant A. Dhangar

More information

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173 Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Directory and File Transfer Services. Chapter 7

Directory and File Transfer Services. Chapter 7 Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major

More information

Developing Higher Density Solutions with Dialogic Host Media Processing Software

Developing Higher Density Solutions with Dialogic Host Media Processing Software Telecom Dialogic HMP Media Server Developing Higher Density Solutions with Dialogic Host Media Processing Software A Strategy for Load Balancing and Fault Handling Developing Higher Density Solutions with

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Acceleration of Data through SSL Virtual Private Networks

Acceleration of Data through SSL Virtual Private Networks Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private

More information

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:

More information

DOMAIN NAME SECURITY EXTENSIONS

DOMAIN NAME SECURITY EXTENSIONS DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions

More information

Trust areas: a security paradigm for the Future Internet

Trust areas: a security paradigm for the Future Internet Trust areas: a security paradigm for the Future Internet Carsten Rudolph Fraunhofer Institute for Secure Information Technology SIT Rheinstrasse 75, Darmstadt, Germany Carsten.Rudolph@sit.fraunhofer.de

More information

Implementation of Embedded Web server using TEA algorithm

Implementation of Embedded Web server using TEA algorithm Implementation of Embedded Web server using TEA algorithm Arunkumar G 1, Dr. T.C. Manjunath 2, Harish H.M 3, Jayaprakasha.H 4 1 Department of E&C, S.T.J.I.T, Ranebennur 2 Principal, HKBKCE, Bangalore 3,4

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

A Call Conference Room Interception Attack and its Detection

A Call Conference Room Interception Attack and its Detection A Call Conference Room Interception Attack and its Detection Nikos Vrakas 1, Dimitris Geneiatakis 2 and Costas Lambrinoudakis 1 1 Department of Digital Systems, University of Piraeus 150 Androutsou St,

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

DELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING

DELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IJCSMC, Vol. 3, Issue.

More information

DNS security: poisoning, attacks and mitigation

DNS security: poisoning, attacks and mitigation DNS security: poisoning, attacks and mitigation The Domain Name Service underpins our use of the Internet, but it has been proven to be flawed and open to attack. Richard Agar and Kenneth Paterson explain

More information

RFID Security: Threats, solutions and open challenges

RFID Security: Threats, solutions and open challenges RFID Security: Threats, solutions and open challenges Bruno Crispo Vrije Universiteit Amsterdam crispo@cs.vu.nl 1 Table of Content RFID technology and applications Security Issues Privacy Proposed (partial)

More information

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol

More information

Log Management for the University of California: Issues and Recommendations

Log Management for the University of California: Issues and Recommendations Log Management for the University of California: Issues and Recommendations Table of Contents 1 Introduction...2 2 Candidate Sources of Logged Information...3 3 Recommended Log Management Practices...4

More information

Near Sheltered and Loyal storage Space Navigating in Cloud

Near Sheltered and Loyal storage Space Navigating in Cloud IOSR Journal of Engineering (IOSRJEN) e-issn: 2250-3021, p-issn: 2278-8719 Vol. 3, Issue 8 (August. 2013), V2 PP 01-05 Near Sheltered and Loyal storage Space Navigating in Cloud N.Venkata Krishna, M.Venkata

More information

A Study on the Security of RFID with Enhancing Privacy Protection

A Study on the Security of RFID with Enhancing Privacy Protection A Study on the Security of RFID with Enhancing Privacy Protection *Henry Ker-Chang Chang, *Li-Chih Yen and *Wen-Chi Huang *Professor and *Graduate Students Graduate Institute of Information Management

More information

EE 7376: Introduction to Computer Networks. Homework #3: Network Security, Email, Web, DNS, and Network Management. Maximum Points: 60

EE 7376: Introduction to Computer Networks. Homework #3: Network Security, Email, Web, DNS, and Network Management. Maximum Points: 60 EE 7376: Introduction to Computer Networks Homework #3: Network Security, Email, Web, DNS, and Network Management Maximum Points: 60 1. Network security attacks that have to do with eavesdropping on, or

More information

Sage ERP Accpac Online

Sage ERP Accpac Online Sage ERP Accpac Online Mac Resource Guide Thank you for choosing Sage ERP Accpac Online. This Resource Guide will provide important information and instructions on how you can get started using your Mac

More information

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University

SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University ABSTRACT The growth of market for real-time IP communications is a big wave prevalent in

More information

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System ArchanaThange Post Graduate Student, DKGOI s COE, Swami Chincholi, Maharashtra, India archanathange7575@gmail.com,

More information

Network Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media

Network Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media IT 4823 Information Security Concepts and Administration March 17 Network Threats Notice: This session is being recorded. Happy 50 th, Vanguard II March 17, 1958 R.I.P. John Backus March 17, 2007 Copyright

More information

Performance Comparison of SCTP and TCP over Linux Platform

Performance Comparison of SCTP and TCP over Linux Platform Performance Comparison of SCTP and TCP over Linux Platform Jong-Shik Ha, Sang-Tae Kim, and Seok J. Koh Department of Computer Science, Kyungpook National University, Korea {mugal1, saintpaul1978, sjkoh}@cs.knu.ac.kr

More information

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1 Virtual Appliances Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V Virtual Appliance Setup Guide for Umbrella Page 1 Table of Contents Overview... 3 Prerequisites... 4 Virtualized Server

More information

High Performance Cluster Support for NLB on Window

High Performance Cluster Support for NLB on Window High Performance Cluster Support for NLB on Window [1]Arvind Rathi, [2] Kirti, [3] Neelam [1]M.Tech Student, Department of CSE, GITM, Gurgaon Haryana (India) arvindrathi88@gmail.com [2]Asst. Professor,

More information

Securing DNS Infrastructure Using DNSSEC

Securing DNS Infrastructure Using DNSSEC Securing DNS Infrastructure Using DNSSEC Ram Mohan Executive Vice President, Afilias rmohan@afilias.info February 28, 2009 Agenda Getting Started Finding out what DNS does for you What Can Go Wrong A Survival

More information

Implementation of Botcatch for Identifying Bot Infected Hosts

Implementation of Botcatch for Identifying Bot Infected Hosts Implementation of Botcatch for Identifying Bot Infected Hosts GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas A&M University-Corpus Christi Corpus

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

Single Sign-On Secure Authentication Password Mechanism

Single Sign-On Secure Authentication Password Mechanism Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,

More information

HIGH AVAILABILITY STRATEGY - GLOBAL TRAFFIC MANAGEMENT PROTOTYPE REPORT

HIGH AVAILABILITY STRATEGY - GLOBAL TRAFFIC MANAGEMENT PROTOTYPE REPORT HIGH AVAILABILITY STRATEGY - GLOBAL TRAFFIC MANAGEMENT PROTOTYPE REPORT Version 1-00 Document Control Number 2460-00004 11/04/2008 Consortium for Ocean Leadership 1201 New York Ave NW, 4 th Floor, Washington

More information

AppDirector Load balancing IBM Websphere and AppXcel

AppDirector Load balancing IBM Websphere and AppXcel TESTING & INTEGRATION GROUP SOLUTION GUIDE AppDirector Load balancing IBM Websphere and AppXcel INTRODUCTION...2 RADWARE APPDIRECTOR...3 RADWARE APPXCEL...3 IBM WEBSPHERE...4 SOLUTION DETAILS...4 HOW IT

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Windows Web Based VPN Connectivity Details & Instructions

Windows Web Based VPN Connectivity Details & Instructions VPN Client Overview UMDNJ s Web based VPN utilizes an SSL (Secure Socket Layer) Based Cisco Application that provides VPN functionality without having to install a full client for end users running Microsoft

More information

NEFSIS DEDICATED SERVER

NEFSIS DEDICATED SERVER NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis

More information

Snow Agent System Pilot Deployment version

Snow Agent System Pilot Deployment version Pilot Deployment version Security policy Revision: 1.0 Authors: Per Atle Bakkevoll, Johan Gustav Bellika, Lars, Taridzo Chomutare Page 1 of 8 Date of issue 03.07.2009 Revision history: Issue Details Who

More information

Securing Ship-to-Shore Data Flow

Securing Ship-to-Shore Data Flow Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

Seminar: Security Metrics in Cloud Computing (20-00-0577-se)

Seminar: Security Metrics in Cloud Computing (20-00-0577-se) Technische Universität Darmstadt Dependable, Embedded Systems and Software Group (DEEDS) Hochschulstr. 10 64289 Darmstadt Seminar: Security Metrics in Cloud Computing (20-00-0577-se) Topics Descriptions

More information

Executive Summary and Purpose

Executive Summary and Purpose ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on

More information

Request for Comments: 1788 Category: Experimental April 1995

Request for Comments: 1788 Category: Experimental April 1995 Network Working Group W. Simpson Request for Comments: 1788 Daydreamer Category: Experimental April 1995 Status of this Memo ICMP Domain Name Messages This document defines an Experimental Protocol for

More information

Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08

Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1 Network Security Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 2 Collaboration with Frank Akujobi

More information

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/ DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing

More information

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to

More information

An Introduction to VoIP Protocols

An Introduction to VoIP Protocols An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this

More information

Network Service, Systems and Data Communications Monitoring Policy

Network Service, Systems and Data Communications Monitoring Policy Network Service, Systems and Data Communications Monitoring Policy Purpose This Policy defines the environment and circumstances under which Network Service, Systems and Data Communications Monitoring

More information

Netsweeper Whitepaper

Netsweeper Whitepaper Netsweeper Inc. Corporate Headquarters 104 Dawson Road Suite 100 Guelph, ON, Canada N1H 1A7 CANADA T: +1 (519) 826 5222 F: +1 (519) 826 5228 Netsweeper Whitepaper Deploying Netsweeper Internet Content

More information

ENTERPRISE DATA CENTER CSS HARDWARE LOAD BALANCING POLICY

ENTERPRISE DATA CENTER CSS HARDWARE LOAD BALANCING POLICY CSS HARDWARE LOAD BALANCING POLICY Version 2.5 Date: 04/11/2014 SECURITY WARNING The information contained herein is proprietary to the Commonwealth of Pennsylvania and must not be disclosed to un-authorized

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Sage 300 ERP Online. Mac Resource Guide. (Formerly Sage ERP Accpac Online) Updated June 1, 2012. Page 1

Sage 300 ERP Online. Mac Resource Guide. (Formerly Sage ERP Accpac Online) Updated June 1, 2012. Page 1 Sage 300 ERP Online (Formerly Sage ERP Accpac Online) Mac Resource Guide Updated June 1, 2012 Page 1 Table of Contents 1.0 Introduction... 3 2.0 Getting Started with Sage 300 ERP Online using a Mac....

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

Evaluation of Two Privacy-Preserving Protocols for the DNS

Evaluation of Two Privacy-Preserving Protocols for the DNS 2009 Sixth International Conference on Information Technology: New Generations Evaluation of Two Privacy-Preserving Protocols for the DNS Sergio Castillo-Perez Universitat Autònoma de Barcelona, Dept.

More information

1. PRODUCT OVERVIEW... 3 2. PRODUCT COMPONENTS... 3

1. PRODUCT OVERVIEW... 3 2. PRODUCT COMPONENTS... 3 Contents 1. PRODUCT OVERVIEW... 3 2. PRODUCT COMPONENTS... 3 2.1. SERVER-BASED COMPONENTS:... 3 2.1.1. Interception Server... 3 2.1.2. Database server... 3 2.1.3. Data processing server... 3 2.1.3.1. Search

More information

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE Microsoft Office Communications Server 2007 & Coyote Point Equalizer DEPLOYMENT GUIDE Table of Contents Unified Communications Application Delivery...2 General Requirements...6 Equalizer Configuration...7

More information

Digi Connectware Manager:

Digi Connectware Manager: Digi Connectware Manager: Dynamic IP Address Support White Paper Abstract In the world of TCP/IP, each network device receives an identifier called an IP address. Unfortunately, there are a finite number

More information

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS *Dr Umesh Sehgal, #Shalini Guleria *Associate Professor,ARNI School of Computer Science,Arni University,KathagarhUmeshsehgalind@gmail.com

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

MAC Web Based VPN Connectivity Details and Instructions

MAC Web Based VPN Connectivity Details and Instructions MAC Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Cisco Application Networking Manager Version 2.0

Cisco Application Networking Manager Version 2.0 Cisco Application Networking Manager Version 2.0 Cisco Application Networking Manager (ANM) software enables centralized configuration, operations, and monitoring of Cisco data center networking equipment

More information

List of Promising Concepts EA6: BIG DATA

List of Promising Concepts EA6: BIG DATA List of Promising Concepts EA6: BIG DATA Project acronym Project title Project number 611961 Starting date 01/10/2013 Duration in months 24 Call identifier FP7-ICT-2013-10 CAPITAL security research Agenda

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design. Privacy-Preserving Public Auditing For Secure Cloud Storage ABSTRACT: Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared

More information

Tackling Security and Privacy Issues in Radio Frequency Identification Devices

Tackling Security and Privacy Issues in Radio Frequency Identification Devices Tackling Security and Privacy Issues in Radio Frequency Identification Devices Dirk Henrici and Paul Müller University of Kaiserslautern, Department of Computer Science, PO Box 3049 67653 Kaiserslautern,

More information

Security issues in Voice over IP: A Review

Security issues in Voice over IP: A Review www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

DnsCluster: A networking tool for automatic domain zone updating

DnsCluster: A networking tool for automatic domain zone updating DnsCluster: A networking tool for automatic domain zone updating Charalambos Alatas and Constantinos S. Hilas * Dept. of Informatics and Communications Technological Educational Institute of Serres Serres,

More information

Product Information = = = www.anynode.de e-mail sales@te-systems.de phone +49 5363 8195-0

Product Information = = = www.anynode.de e-mail sales@te-systems.de phone +49 5363 8195-0 07 2015 2 Efficient communication anynode is a Session Border Controller that is entirely a software based solution. It works as an interface for any number of SIP UAs for example, SIP phones and SIP PBXs,

More information