SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1"

Transcription

1 SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1 Contents DRM inside, Taehyun Kim ETRI, Kisoon Yoon 1 Introduction NIST (National Institute of Standards and Technology) published second draft special document 1 (SP , Recommendation for the Transitioning of Cryptographic Algorithms and Key Length) [28] in June, It includes transition recommendations through 9 items associated with the use of cryptography, whose purpose is to keep the security level being still higher as the more powerful computing techniques are available. The 9 items described in the SP are: Encryption (Sec. 2) Digital (Sec. 3) Random Number Generation (Sec. 4) Key Agreement Using Diffie-Hellman and MQV (Sec. 5) Key Agreement and Key Transport Using RSA (Sec. 6) Key Wrapping (Sec. 7) GDIO Protocol (Sec 8.) Deriving Additional Keys (Sec. 8) Hash Function (Sec. 9) Message Authentication Codes (Sec. 10) Currently, SMPTE documents 2 refer to the FIPS (Federal Information Processing Standard) to use its cryptographic algorithms which are Secure Hash Standard (FIPS 180-1, 180-2) [1][2], Digital Standard (FIPS 186-2, Jan. 2000) [4], Random Number Generation (FIPS 186-2, Jan. 2000), Advanced Encryption Standard (FIPS 197, Nov. 2001) [6] and Keyed-Hash Message Authentication Code (FIPS 198-1, Apr. 2002) [7]. As upgrade version of the FIPSs and new recommendation are published from the NIST, we need to consider impacts on the SMPTE standard documents. This report summarizes SMPTE documents in cryptographic point of view and new NIST requirements related to the cryptographic algorithm and strength to which SMPTE standards are referring. And it also verifies if current algorithms and key length used in SMPTE standards are compliant to the new requirements. 2 SMPTE Standard List with Cryptography Specification SMPTE Chapter Cryptographic item Purpose Reference S LE_Key generation Random number generation Random number - [15] Algorithm type RSA_oaep_mgf1p_sha1_2048 Key transport RFC 2437 [9] 1 It is a revised version reflecting public comments related on the delay of the imminent 2010 transition due date of the vulnerable algorithm or key length. The second draft temporarly grants delay of the deadline in some parts until 2013 or 2015 with the term deprecated. Currently NIST has received additional comments on the second version. 2 All SMPTE documents in this report are SMPTE Standards for Digital Cinema published or worked by SMPTE 21 DC. Other standard documents from other TC groups are not considered. 1

2 S429-6 [16] S429-7 [17] S429-8 [18] S430-1 [19] S430-2 [20] S430-3 [21] S430-4 [22] S430-5 [23] S430-6 [24] Hash SHA1 Integrity FIPS [1] LE Key Type AES-CTR-128 Data encryption FIPS 197 [6] 5.5 Cipher Algorithm AES-CBC-128 Data encryption FIPS MIC Algorithm HMAC-SHA1-128 Integrity RFC 2104 [8] 6.10 MIC (Optional) MIC Key derivation Random number FIPS [4] 6.13 (Optional) Digest method : SHA-1 method : RSA-SHA256 Digital signature FIPS Hash SHA-1 Integrity RFC3174 [11] 5.10 (Optional) Digest method : SHA-1 method : RSA-SHA256 Digital signature FIPS Hash SHA-1 Integrity RFC 3174 None (Refer 430-3) 5.2 Field Constraints algorithm:rsa-sha256 Digital signature RFC 3280 [13] Public Key : RSA-2048 Key algorithm RFC 3447 [14] 5.4 Thumbprint Hash for Public Key TP : SHA1 Hash for Certificate Key TP : SHA1 Key identifier FIPS [2] Encryption method rsa-oaep-mgf1p Key agreement RFC KeyInfo D-Cinema certificate (RSA-2048) Key encryption RFC EncryptedData AES-CBC-128 Data encryption FIPS Info Digest method : SHA-256 W3C XML- Digital signature method : RSA-SHA256 [29] Previous Header Hash SHA-1 FIPS Record Body Hash SHA Record Header Hash SHA-1 Digital signature (Optional) xml-signature W3C XML Log Record Digest method : SHA-256 W3C XML- Digital signature method : RSA-SHA256 Communication channel : TLS Key transport RFC 2246 [9] 6.1 Message Security Public key algorithm : RSA-2048 Key encryption RFC 3447 Cipher algorithm : AES-CBC-128 Data encryption RFC 3268 [12] HASH : SHA1 Integrity - S427: Link Encryption for 1.5Gb/s1 Serial Digital Interface S429-6: D-Cinema Packaging, MXF Track File Essence Encryption S429-7: D-Cinema Packaging, Composition Playlist S429-8: D-Cinema Packaging, Packing List S430-1: D-Cinema Operations Key Delivery Message S430-2: D-Cinema Operations Digital Certificate S430-3: D-Cinema Operations Generic Extra-Theatre Message Format S430-4: D-Cinema Operations, Log Record Format Specification S430-5: D-Cinema Operations, Security Log Event Class and Constraints S430-6: D-Cinema Operations, Auditorium Security Messages for Intra-Theater Communications FIPS 180-x: Secure Hash Standard FIPS 197: Advanced Encryption Standard FIPS 186-x: Digital Standard FIPS 198-x: The Keyed-Hash Message Authentication Code RFC 2104: HMAC: Keyed-Hashing for Message Authentication RFC 2246: The TLS Protocol Version 1.0 RFC 2437: PKCS #1: RSA Cryptography Specifications Version 2.0 RFC 3174: US Secure Hash Algorithm 1 RFC 3268: Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile RFC 3447:"Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 SP B: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography SP : Recommendation for Key Management SP : Recommendation for Random Number Generation Using Deterministic Random Bit Generators SP : Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes 3 SMPTE Transition Issues on the SP Recommendation 2

3 3.1 Encryption NIST recommends using Three-key Triple DES or above AES-128 encryption algorithm on new implementation after SMPTE currently uses only AES-128 algorithm for symmetric encryption (FIPS 197) in the S427, S429-6, S430-3 and S So there is NO transition issue on the symmetric encryption /decryption algorithm in the SMPTE standards. And under the current NIST recommendation, AES-128 is valid even beyond Therefore, there will be also no transition concern on this item for the time being. Algorithm (Encryption/Decryption) AES-128 AES-192 AES-256 Table 1 NIST Recommendation for Encryption [28] 3.2 Digital s method NIST recommends using above 112 bits symmetric key length on new implementation of digital signature after SMPTE currently uses RSA algorithm with 2048 key size in the S429-7, S429-8, S430-2 and S The asymmetric algorithm RSA with 2048 bits is regarded as having 112 bits symmetric key length [28]. So there is no transition issue on the Digital (FIPS 186-x) in those SMPTE standards. However S430-5 (Section Log record signature) specifies the algorithm to W3C s xml-signature which allows DSS algorithm as well as RSA with any key length. Although S430-5 s xml-signature implicitly indicates using the digital cinema certificate which is required to have only RSA algorithm and 2048 key length [20], S430-5 needs to consider changing signature method as RSA instead of vague xml-signature to keep consistency with other SMPTE standards at least before end of the And under the current NIST recommendation, RSA-2048 is valid until Therefore, if SMPTE wants to use this algorithm even beyond 2030, it needs to increase the key length to 3072 bits before Digital Process 80 bits of security strength: RSA: 1024 n < 2048 Deprecated from 2011 through 2013 Generation 112 bits of security strength: RSA: n bits of security strength: RSA: 1024 n < 2048 Legacy use after 2010 Verification 112 bits of security strength: RSA: n 2048 Table 2 NIST Recommendation for Digital Method [28] Digest method NIST recommends using above SHA-224 on new implementation of digital signature after SMPTE currently uses both SHA1 (in S429-7, S429-8 and S430-4) and SHA256 (in S430-2 and S430-5) for the purpose of signature digest. The SHA1 of the SMPTE digest method may not be security critical issue because SMPTE uses it only at the optional signature part. However once someone used signature function, the algorithm is required to be secure enough. So it needs to consider changing SHA1 algorithms in the S429-7, S429-8 and S430-4 into SHA 256 according to FIPS [4] at least before end of the Digital Process 3 Transition can be delayed until But it is recommended to be done as soon as possible since it said the lower bits (e.g. above 80 bits) would be deprecated from 2011 to Transition can be delayed until But it is recommended to be done as soon as possible since it said using of SHA-1 would be deprecated from 2011 to

4 SHA-1 Deprecated from 2011 through 2013 Generation SHA-224, SHA-256, SHA-284, SHA-512 SHA-1 Legacy use after 2010 Verification SHA-224, SHA-256, SHA-284, SHA-512 Table 3 NIST Recommendation for Digital Digest Method [28] 3.3 Random Number Generation NIST recommends using the RNG method described in SP [27] on new implementation of RNG after There are 2 usages of RNG in SMPTE documents. S429-6 specifies a RNG method described in FIPS and S427 mentions a RNG without specific RNG algorithm or standard reference. So S429-6 and S427 needs to consider modifying its description to use the method specified in the SP at least before end of the Description RNGs specified in SP (HASH, HMAC, CTR, DUAL_EC) and ANS X (HMAC) RNGs specified in FIPS 186-2, ANS X and ANS X Deprecated from 2011 through 2015 Table 4 NIST Recommendation for Random Number Generation [28] 3.4 Key Agreement Using Diffie-Hellman and MQV There is no reference on this cryptography in the SMPTE standards. So there is NO transition issue for SMPTE in this part. 3.5 Key Agreement and Key Transport Using RSA NIST recommends using 2048 bits key size on new implementation of Key Agreement and Key Transport after [25][28]. SMPET standard currently uses 2048 bits RSA certificate for key agreement and transport in ETM (S430-3), KDM (S430-1) format and ASM (S430-6) protocol. So there is NO transition issue for these SMPTE documents until However NIST requests new cryptographic module, even though it has 2048 key bits, to be compliant with SP B for the Key Transport after The has no problem because it uses TLS scheme as Key Transport protocol, which NIST already agreed as a proven scheme. On the other hand, S427 needs to consider to be verified if the key transport scheme of this standard is compliant with SP B at least before end of the Description SP B Key Agreement schemes n = 1024 bits Deprecated from 2011 through 2013 n = 2048 bits SP B Key Transport schemes n = 1024 bits Deprecated from 2011 through 2013 n = 2048 bits Non-56B-compliant Key Transport n 1024 bits Deprecated from 2011 through 2013 schemes n 2048 bits Deprecated after 2013 Table 5 NIST Recommendation for Key Agreement and Key Transfer [28] 3.6 Key Wrapping 5 Transition can be delayed until But it is recommended to be done as soon as possible since it said using of RNGs specified in FIPS 186-2, ANS X and ANS X would be deprecated from 2011 to Transition can be delayed until But it is recommended to be done as soon as possible since it said using 1024 bits or non-56b-compliant key transport schemes would be deprecated from 2011 to

5 Key wrapping is the encryption of a symmetric key by another symmetric key. SMPTE standard uses asymmetric key for encryption of a symmetric key. So there is NO transition issue for SMPTE in this part. 3.7 Deriving Additional Keys from a Cryptographic Key NIST allows using an approved RNG scheme to obtain derived additional key from a cryptographic key. SMPET standard uses RNG method to get MIC key value. So there is no transition issue for SMPTE in this part, only under the condition that the 3.3 Random Generation Number transition issue is resolved. 3.8 Hash Functions NIST allows SHA1 algorithm for all non-digital signature generation applications even beyond SMPTE uses SHA-1 for integrity checking and identifier in S427, S429-7, S429-8, S430-2 and S So there is NO transition issue for SMPTE in this part. Hash Function SHA-1 SHA-224 SHA-256 SHA-384 SHA-512 Table 6 NIST Recommendation for Hash Function [28] 3.9 Message Authentication Codes (MACs) NIST recommend using over 112 bits key on new implementation of HMAC algorithm after SMPTE standard currently uses HMAC-SHA1-128 for checking essence integrity in the MXF. So there is NO transition issue for SMPTE in this part. MAC Algorithm HMAC Generation HMAC Verification Key lengths 112 bits Table 7 NIST Recommendation for HMAC [28] 4 Conclusion The main objective of this report is to go over the SMPTE standards in the cryptography perspective and check if the standards abide by the latest NIST recommendation (SP ) in order that digital cinema products would not be vulnerable in more powerful computing environment. We found that the SMPTE standards refer FIPS, IETF s RFC and W3C standards or recommendations for its cryptographic specification through 9 documents. All cryptographic items in the SMPTE documents, no matter which standards the SMPTE refers, were checked if these items are complied with the new NIST recommendations. In the result, some SMPTE specifications are identified to be considered evolving like following table. SMPTE doc. # Transition Items Reason Deadline 7 Reference Ch. S427 Random number generation Not using SP Before Key transport scheme Not using SP B Before S429-6 Random number generation Not using SP Before S429-7 Digital signature Using SHA1 Before S429-8 Digital signature Using SHA1 Before The deadline was extended by 3 years than SP draft v1.0. But it is a temporal approval from 2011 to 2014 or 2016 with deprecated mark. So it is recommended to update SMPTE document related SP transition plan as soon as possible. Because it will prevent digital cinema device manufacturers who make a system based on the current obsolete SMPTE specification and want to take security validation process between 2011 and 2013, from doing the process again with new specification after

6 S S S S430-4 Digital signature Using SHA1 Before S430-5 Digital signature Algorithm Before S Table 8 SMPTE document list considered updating And under the current NIST recommendation, it is found that RSA key length needs to be increased to 3072 bits before end of the References [1] FIPS 180-1, "Secure Hash Standard", Federal Information Processing Standards Publication, Apr [2] FIPS 180-2, "Secure Hash Standard", Federal Information Processing Standards Publication, Aug [3] FIPS 180-3, "Secure Hash Standard", Federal Information Processing Standards Publication, Oct [4] FIPS 186-2, "Digital Standard", Federal Information Processing Standards Publication, Jan [5] FIPS 186-3, "Digital Standard", Federal Information Processing Standards Publication, Jan [6] FIPS 197, "Advanced Encryption Standard", Federal Information Processing Standards Publication, Nov [7] FIPS 198-1, "The Keyed-Hash Message Authentication Code ", Federal Information Processing Standards Publication, Jul [8] RFC 2104, "HMAC: Keyed-Hashing for Message Authentication", Internet Engineering Task Force, Feb [9] RFC 2246, "The TLS Protocol Version 1.0", Internet Engineering Task Force, Jan [10] RFC 2437, "PKCS #1: RSA Cryptography Specifications Version 2.0, Internet Engineering Task Force, Oct [11] RFC 3174, "US Secure Hash Algorithm 1", Internet Engineering Task Force, Sep [12] RFC 3268, "Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)", Internet Engineering Task Force, Jun [13] RFC 3280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", Internet Engineering Task Force, Apr [14] RFC 3447, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", Internet Engineering Task Force, Feb [15] SMPTE 427, "Link Encryption for 1.5Gb/s1 Serial Digital Interface", SMPTE Technology Committee DC28 on D-Cinema, Nov [16] SMPTE 429-6, "D-Cinema Packaging, MXF Track File Essence Encryption", SMPTE Technology Committee DC28 on D-Cinema, Jun [17] SMPTE 429-7, "D-Cinema Packaging, Composition Playlist", SMPTE Technology Committee DC28 on D- Cinema, May [18] SMPTE 429-8, "D-Cinema Packaging, Packing List", SMPTE Technology Committee DC28 on D-Cinema, May [19] SMPTE 430-1, "D-Cinema Operations Key Delivery Message", SMPTE Technology Committee DC28 on D-Cinema, May [20] SMPTE 430-2, "D-Cinema Operations Digital Certificate", SMPTE Technology Committee DC28 on D- Cinema, May [21] SMPTE 430-3, "D-Cinema Operations Generic Extra-Theatre Message Format", SMPTE Technology Committee DC28 on D-Cinema, May [22] SMPTE 430-4, "D-Cinema Operations, Log Record Format Specification", SMPTE Technology Committee DC28 on D-Cinema, Mar [23] SMPTE 430-5, "D-Cinema Operations, Security Log Event Class and Constraints", SMPTE Technology Committee DC28 on D-Cinema, Mar [24] SMPTE 430-6, "D-Cinema Operations, Auditorium Security Messages for Intra-Theater Communications", SMPTE Technology Committee DC28 on D-Cinema, Mar [25] SP B, "Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, National Institute of Standards and Technology, Aug [26] SP , "Recommendation for Key Management, National Institute of Standards and Technology, Mar [27] SP , "Recommendation for Random Number Generation Using Deterministic Random Bit 6

7 Generators", National Institute of Standards and Technology, Mar [28] SP , "Recommendation for the Transitioning of Cryptographic Algorithms and Key Length", National Institute of Standards and Technology, Jun [29] XML, "XML- Syntax and Processing", W3C Recommendation, Feb

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths NIST Special Publication 800-131A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths Elaine Barker and Allen Roginsky Computer Security Division Information

More information

National Security Agency Perspective on Key Management

National Security Agency Perspective on Key Management National Security Agency Perspective on Key Management IEEE Key Management Summit 5 May 2010 Petrina Gillman Information Assurance (IA) Infrastructure Development & Operations Technical Director National

More information

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc. Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

HOSPIRA (HSP US) HISTORICAL COMMON STOCK PRICE INFORMATION

HOSPIRA (HSP US) HISTORICAL COMMON STOCK PRICE INFORMATION 30-Apr-2004 28.35 29.00 28.20 28.46 28.55 03-May-2004 28.50 28.70 26.80 27.04 27.21 04-May-2004 26.90 26.99 26.00 26.00 26.38 05-May-2004 26.05 26.69 26.00 26.35 26.34 06-May-2004 26.31 26.35 26.05 26.26

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y NIST Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William E. Burr Hildegard Ferraiolo David Cooper I N F

More information

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y

More information

Median and Average Sales Prices of New Homes Sold in United States

Median and Average Sales Prices of New Homes Sold in United States Jan 1963 $17,200 (NA) Feb 1963 $17,700 (NA) Mar 1963 $18,200 (NA) Apr 1963 $18,200 (NA) May 1963 $17,500 (NA) Jun 1963 $18,000 (NA) Jul 1963 $18,400 (NA) Aug 1963 $17,800 (NA) Sep 1963 $17,900 (NA) Oct

More information

Security Policy, DLP Cinema, Series 2 Enigma Link Decryptor

Security Policy, DLP Cinema, Series 2 Enigma Link Decryptor ISIONS DESCRIPTION ECO DATE APPROVED F Initial Release 2108109 06/02/10 Lee Armstrong Copyright 2010 by Texas Instruments.. Security Policy, DLP Cinema, Series 2 Enigma Link Decryptor The data in this

More information

THE UNIVERSITY OF BOLTON

THE UNIVERSITY OF BOLTON JANUARY Jan 1 6.44 8.24 12.23 2.17 4.06 5.46 Jan 2 6.44 8.24 12.24 2.20 4.07 5.47 Jan 3 6.44 8.24 12.24 2.21 4.08 5.48 Jan 4 6.44 8.24 12.25 2.22 4.09 5.49 Jan 5 6.43 8.23 12.25 2.24 4.10 5.50 Jan 6 6.43

More information

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0 FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version 3.0.0.1, 3.0.0.2 October 22, 2012

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version 3.0.0.1, 3.0.0.2 October 22, 2012 RSA BSAFE Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy Version 3.0.0.1, 3.0.0.2 October 22, 2012 Strong encryption technology for C/C++ developers Contact Information See our Web sites

More information

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.1 Prepared for: Prepared

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Pulse Secure, LLC. January 9, 2015

Pulse Secure, LLC. January 9, 2015 Pulse Secure Network Connect Cryptographic Module Version 2.0 Non-Proprietary Security Policy Document Version 1.1 Pulse Secure, LLC. January 9, 2015 2015 by Pulse Secure, LLC. All rights reserved. May

More information

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods

More information

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals

More information

Security. 2014 Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 -

Security. 2014 Yokogawa Users Group Conference & Exhibition Copyright Yokogawa Electric Corporation Sept. 9-11, 2014 Houston, TX - 1 - Security - 1 - OPC UA - Security Security Access control Wide adoption of OPC SCADA & DCS Embedded devices Performance Internet Scalability MES Firewalls ERP Communication between distributed systems OPC

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Using BroadSAFE TM Technology 07/18/05

Using BroadSAFE TM Technology 07/18/05 Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security

More information

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst. Cryptographic Algorithms and Key Size Issues Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.edu Overview Cryptanalysis Challenge Encryption: DES AES Message

More information

Guideline for Implementing Cryptography In the Federal Government

Guideline for Implementing Cryptography In the Federal Government NIST Special Publication 800-21 [Second Edition] Guideline for Implementing Cryptography In the Federal Government Elaine B. Barker, William C. Barker, Annabelle Lee I N F O R M A T I O N S E C U R I T

More information

Public Key Cryptography Overview

Public Key Cryptography Overview Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic

More information

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 Product Support Matrix Following is the Product Support Matrix for the AT&T Global Network Client. See the AT&T Global Network

More information

Global Telehealth Conference 2012

Global Telehealth Conference 2012 A Best Practice Guide to Encryption for Telehealth Liam Caffery PhD Centre for Online Health The University of Queensland Recommendations on best practice Slide 1 of 33 Slide 2 of 33 Introduction Security

More information

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128 SPC5 Software Cryptography Library Data brief SHA-512 Random engine based on DRBG-AES-128 RSA signature functions with PKCS#1v1.5 ECC (Elliptic Curve Cryptography): Key generation Scalar multiplication

More information

Recommendation for Cryptographic Key Generation

Recommendation for Cryptographic Key Generation NIST Special Publication 800-133 Recommendation for Cryptographic Key Generation Elaine Barker Allen Roginsky http://dx.doi.org/10.6028/nist.sp.800-133 C O M P U T E R S E C U R I T Y NIST Special Publication

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved NCP Secure Client Juniper Edition Service Release: 9.30 Build 102 Date: February 2012 1. New Features and Enhancements The following describe the new features introduced in this release: Visual Feedback

More information

Authentication requirement Authentication function MAC Hash function Security of

Authentication requirement Authentication function MAC Hash function Security of UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

More information

HP LTO-6 Tape Drive Level 1 Security Policy

HP LTO-6 Tape Drive Level 1 Security Policy HP LTO-6 Tape Drive Level 1 Security Policy Version: 8 Revision Date: 1 October 2013 Hewlett Packard Company Copyright 2013 Hewlett-Packard Company This document may be freely reproduced and distributed

More information

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

Cryptography and Network Security Chapter 15

Cryptography and Network Security Chapter 15 Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

More information

NAV HISTORY OF DBH FIRST MUTUAL FUND (DBH1STMF)

NAV HISTORY OF DBH FIRST MUTUAL FUND (DBH1STMF) NAV HISTORY OF DBH FIRST MUTUAL FUND () Date NAV 11-Aug-16 10.68 8.66 0.38% -0.07% 0.45% 3.81% 04-Aug-16 10.64 8.66-0.19% 0.87% -1.05% 3.76% 28-Jul-16 10.66 8.59 0.00% -0.34% 0.34% 3.89% 21-Jul-16 10.66

More information

Card Payment Protocols Security Version 1.0 20 January 2014

Card Payment Protocols Security Version 1.0 20 January 2014 Card Payment Protocols Security Version 1.0 20 January 2014 2014 EPASOrg AISBL All rights reserved. This information is protected by international intellectual property laws and its use is governed by

More information

Information Security

Information Security SE 4472 / ECE 9064 Information Security Week 11: Transport Layer Security (TLS): Putting it all together Fall 2015 Prof. Aleksander Essex Security at the Transport Layer Where we started in this course:

More information

DRAFT Standard Statement Encryption

DRAFT Standard Statement Encryption DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held

More information

Cryptography and Key Management Basics

Cryptography and Key Management Basics Cryptography and Key Management Basics Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 23, 2007 Erik Zenner (DTU-MAT) Cryptography and Key Management

More information

Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI)

Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI) Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI) 1024431 Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure

More information

Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target

Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target Version 0.6 2015/05/08 Prepared for: Samsung SDS 123, Olympic-ro 35-gil, Songpa-gu, Seoul, Korea 138-240 Prepared By: www.gossamersec.com

More information

JUNOS-FIPS-L2 Cryptographic Module Security Policy Document Version 1.3

JUNOS-FIPS-L2 Cryptographic Module Security Policy Document Version 1.3 JUNOS-FIPS-L2 Cryptographic Module Security Policy Document Version 1.3 Juniper Networks January 10, 2007 Copyright Juniper Networks 2007. May be reproduced only in its original entirety [without revision].

More information

CRYPTOGRAPHY AS A SERVICE

CRYPTOGRAPHY AS A SERVICE CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,

More information

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager Cryptographic and Security Testing Laboratory Deputy Laboratory Director, CST Laboratory Manager About our Cryptographic and Security Testing Laboratory Bringing together a suite of conformance testing

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

FIPS 140-2 Level 1 Security Policy for Cisco Secure ACS FIPS Module

FIPS 140-2 Level 1 Security Policy for Cisco Secure ACS FIPS Module FIPS 140-2 Level 1 Security Policy for Cisco Secure ACS FIPS Module Contents Overview, page 1 Security Requirements, page 2 Cryptographic Module Specification, page 2 Cryptographic Module Ports and Interfaces,

More information

NIST Test Personal Identity Verification (PIV) Cards

NIST Test Personal Identity Verification (PIV) Cards NISTIR 7870 NIST Test Personal Identity Verification (PIV) Cards David A. Cooper http://dx.doi.org/10.6028/nist.ir.7870 NISTIR 7870 NIST Text Personal Identity Verification (PIV) Cards David A. Cooper

More information

As enterprises conduct more and more

As enterprises conduct more and more Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside

More information

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS* COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun

More information

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS* COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) 2 Fixed Rates Variable Rates FIXED RATES OF THE PAST 25 YEARS AVERAGE RESIDENTIAL MORTGAGE LENDING RATE - 5 YEAR* (Per cent) Year Jan Feb Mar Apr May Jun

More information

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Secure Socket Layer Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Abstraction: Crypto building blocks NS HS13 2 Abstraction: The secure channel 1., run a key-exchange

More information

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch 1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

More information

ATSC Standard: ATSC Security and Service Protection Standard

ATSC Standard: ATSC Security and Service Protection Standard ATSC Standard: ATSC Security and Service Protection Standard Doc. A/106 28 September 2015 Advanced Television Systems Committee 1776 K Street, N.W. Washington, D.C. 20006 202-872-9160 1 The Advanced Television

More information

, ) I Transport Layer Security

, ) I Transport Layer Security Secure Sockets Layer (SSL, ) I Transport Layer Security _ + (TLS) Network Security Products S31213 UNCLASSIFIED Location of SSL -L Protocols TCP Ethernet IP SSL Header Encrypted SSL data= HTTP " Independent

More information

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The main

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

SECURITY FOR XML MESSAGES

SECURITY FOR XML MESSAGES EAN UCC Implementation Guidelines ebmethodology Group Working Group 4 - WG4 DOCUMENT STATUS: DISCUSSION DRAFT DOCUMENT 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

More information

Security. Learning Objectives. This module will help you...

Security. Learning Objectives. This module will help you... Security 5-1 Learning Objectives This module will help you... Understand the security infrastructure supported by JXTA Understand JXTA's use of TLS for end-to-end security 5-2 Highlights Desired security

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support.

WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. 601DataPower_Security_NIST.ppt Page 1 of 17 This presentation discusses three new security features in the WebSphere DataPower

More information

VMware, Inc. VMware Java JCE (Java Cryptographic Extension) Module

VMware, Inc. VMware Java JCE (Java Cryptographic Extension) Module VMware, Inc. VMware Java JCE (Java Cryptographic Extension) Module Software Version: 1.0 FIPS 140-2 Non-Proprietary Security Policy F I P S S E C U R I T Y L E V E L 1 D O C U M E N T V E R S I O N : 1.0

More information

Recommendation for Key Management Part 1: General (Revision 3)

Recommendation for Key Management Part 1: General (Revision 3) NIST Special Publication 800-57 Recommendation for Key Management Part 1: General (Revision 3) Elaine Barker, William Barker, William Burr, William Polk, and Miles Smid C O M P U T E R S E C U R I T Y

More information

Recommendation for Applications Using Approved Hash Algorithms

Recommendation for Applications Using Approved Hash Algorithms NIST Special Publication 800-107 Recommendation for Applications Using Approved Hash Algorithms Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February

More information

Cyber Security Practical considerations for implementing IEC 62351

Cyber Security Practical considerations for implementing IEC 62351 1. Introduction Cyber Security Practical considerations for implementing IEC 62351 Frank Hohlbaum, Markus Braendle, Fernando Alvarez ABB frank.hohlbaum@ch.abb.com Switzerland Two trends are currently changing

More information

FIPS 140-2 Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

FIPS 140-2 Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0) FIPS 140-2 Non-Proprietary Security Policy IBM Internet Security Systems SiteProtector Document Version 2.3 August 5, 2010 Document Version 2.3 IBM Internet Security Systems Page 1 of 24 Prepared For:

More information

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues NCP Secure Entry Mac Client Service Release 2.05 Build 14711 December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this release:

More information

Is Your SSL Website and Mobile App Really Secure?

Is Your SSL Website and Mobile App Really Secure? Is Your SSL Website and Mobile App Really Secure? Agenda What is SSL / TLS SSL Vulnerabilities PC/Server Mobile Advice to the Public Hong Kong Computer Emergency Response Team Coordination Centre 香 港 電

More information

[SMO-SFO-ICO-PE-046-GU-

[SMO-SFO-ICO-PE-046-GU- Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It

More information

FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager

FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager LogRhythm 3195 Sterling Circle, Suite 100 Boulder CO, 80301 USA September 17, 2012 Document Version 1.0 Module Version 6.0.4 Page 1 of 23 Copyright

More information

Chapter 6 Electronic Mail Security

Chapter 6 Electronic Mail Security Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,

More information

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive FIPS 140 2 Non Proprietary Security Policy Kingston Technology Company, Inc. DataTraveler DT4000 G2 Series USB Flash Drive Document Version 1.8 December 3, 2014 Document Version 1.8 Kingston Technology

More information

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc. OpenADR 2.0 Security Jim Zuber, CTO QualityLogic, Inc. Security Overview Client and server x.509v3 certificates TLS 1.2 with SHA256 ECC or RSA cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

More information

Security Policy. Trapeze Networks

Security Policy. Trapeze Networks MP-422F Mobility Point Security Policy Trapeze Networks August 14, 2009 Copyright Trapeze Networks 2007. May be reproduced only in its original entirety [without revision]. TABLE OF CONTENTS 1. MODULE

More information

SECUDE AG. FinallySecure Enterprise Cryptographic Module. FIPS 140-2 Security Policy

SECUDE AG. FinallySecure Enterprise Cryptographic Module. FIPS 140-2 Security Policy SECUDE AG FinallySecure Enterprise Cryptographic Module (SW Version: 1.0) FIPS 140-2 Security Policy Document Version 2.4 04/22/2010 Copyright SECUDE AG, 2010. May be reproduced only in its original entirety

More information

Communication Systems SSL

Communication Systems SSL Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security

More information

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1 EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

More information

Dustin Moody Post Quantum Cryptography Team National Institute of Standards and Technology (NIST)

Dustin Moody Post Quantum Cryptography Team National Institute of Standards and Technology (NIST) Dustin Moody Post Quantum Cryptography Team National Institute of Standards and Technology (NIST) When will a quantum computer be built that breaks current crypto? 15 years, $1 billion USD, nuclear power

More information

FIPS 140-2 SECURITY POLICY FOR

FIPS 140-2 SECURITY POLICY FOR FIPS 140-2 SECURITY POLICY FOR SPECTRAGUARD ENTERPRISE SERVER August 31, 2011 FIPS 140-2 LEVEL-1 SECURITY POLICY FOR AIRTIGHT NETWORKS SPECTRAGUARD ENTERPRISE SERVER 1. Introduction This document describes

More information

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version 2.42. www.northropgrumman.

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version 2.42. www.northropgrumman. Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services FIPS Security Policy Version 2.42 www.northropgrumman.com/m5/ SCS Linux Kernel Cryptographic Services Security Policy Version

More information

SSL Protect your users, start with yourself

SSL Protect your users, start with yourself SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

IBM Global Security Kit Version 7.0.4.11 Security Target

IBM Global Security Kit Version 7.0.4.11 Security Target IBM Global Security Kit Version 7.0.4.11 Security Target Document Version: 1.7 Status: Final Last Update: 2007-07-26 atsec is a trademark of atsec GmbH. IBM, IBM logo, GSKit, ikeyman and ICC are trademarks

More information

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

More information

Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)

Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) NIST Special Publication 800-56A Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) Elaine Barker, Don Johnson, and Miles Smid C O M P U T E R S E C

More information

An Overview of Communication Manager Transport and Storage Encryption Algorithms

An Overview of Communication Manager Transport and Storage Encryption Algorithms An Overview of Communication Manager Transport and Storage Encryption Algorithms Abstract The following paper provides a description of the standard algorithms that are implemented within Avaya Communication

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information

ETSI TS 102 176-2 V1.2.1 (2005-07)

ETSI TS 102 176-2 V1.2.1 (2005-07) TS 102 176-2 V1.2.1 (2005-07) Technical Specification Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures; Part 2: Secure channel protocols and algorithms

More information

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Version 1.0 January 18, 2011 Table of Contents 1. INTRODUCTION... 3 1.1 BACKGROUND... 3 1.2 OBJECTIVE AND AUDIENCE...

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Three attacks in SSL protocol and their solutions

Three attacks in SSL protocol and their solutions Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer

More information

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for Technical Description DigitalSign 3.1 State of the art legally valid electronic signature The best, most secure and complete software for Adding digital signatures to any document, in conformance with

More information

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS Security Engineering Part III Network Security Security Protocols (I): SSL/TLS Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,

More information