Secure web transactions system
|
|
- Karen Griffith
- 8 years ago
- Views:
Transcription
1 Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends show that most of these applications are web-based applications. In this sense, a typical three-tier web Internet application, see Fig. 1, consists of clients, web server and database server. In this model, client is always an Internet browser program and web server could be web server only or a combination of the web and application server. Client 1... Internet WEB server Application server Database server Client n WEB/Application server Figure 1: A simplified block diagram of the typical web Internet three-tier application architecture Security mechanisms in this architecture consist of two segments: Security segment for communication security between client and web server, Security segment for communication and access protection between web/application server and database server. Security part between client and server is realized by implementing security mechanisms on application and transport layers in the Secure Web Transaction (SWT) environment. Security solution for communication security between web/application server and database server is realized by using Cryptographic Proxy Gateways (CPG) as proprietary application level security gateway firewall with two Ethernet interfaces. CPG should be used as the last defense in front of data sensitive financial database server. If the system uses both WEB and application servers, CPG should be placed between the application and database server. Modern security trends request the application of the proprietary firewalls that offer greater level of security, instead of standard commercial ones, for this purpose.
2 2 SECURE WEB TRANSACTION SYSTEM Secure WEB transaction system (SWT) is designed to cryptographically enhance any WEB server to browser communication by implementing originally developed cryptographic functions. SWT is a NetSeT s proprietary system which is, in the transport level part, similar to the standardized and widely used SSL protocol. However, SWT system has four main advantages compared to SSL protocol: SWT system includes data protection on the application level based on asymmetric (e.g. RSA with 1024 bits key length) and symmetric cryptographic algorithms, SWT includes a proprietary server-browser authentication procedure, stronger than the one applied in SSL, for establishing cryptographic tunneling, SWT includes originally developed symmetric cryptographic algorithms for data protection on transport level with encryption key length ( 256 bits) larger than the keys used in SSL protocol (40 or 128 bits key length). SWT system also offers three possible options for symmetric cryptographic algorithms: public algorithms (DES, 3DES, RC2, RC4, IDEA, AES), proprietary SCA-13 NetSeT s algorithm with very long non-linear pseudorandom noise sequence (>> ), and user s defined symmetric algorithm, SWT system is fully verifiable on the source code level. Additionally, SWT system is associated with smart card readers both on the client s and server s side and has also implemented the originally developed user strong authentication procedure. Client parts of SWT system are designed both for Windows and Linux-based operating systems. In the SWT system, a combination of the cryptographic tunnel on the transport level and application level protection based on symmetrical and asymmetrical cryptographic algorithms is used, see Fig. 2. In this sense, SWT system consists of the transport SWT module and application SWT module. NetSeT 's SWT system for secure WEB communication is scalable and could consist of the following solution categories: A system based on the SWT smart card based application level protection and open (unsecured) transport level communication, A system based on the SWT smart card based application level protection and SSL security protocol on transport level based on digital certificates generated by NetSeT s Certification Authority system, A system based on the SWT application and transport level protection on the basis of smart cards completely provided by NetSeT the complete SWT system.
3 3 Application Application SWT module Network Transport SWT module TCP/IP Figure 2: SWT system s stack TRANSPORT SWT MODULE This module is based on proprietary cryptographic proxy components for both on the client and server side. By applying these components, a protected communication channel cryptographic tunnel based on symmetrical cryptographic algorithm is established. This tunnel is established only if the proprietary bilateral strong authentication procedure between client and server is successfully realized. This challenge-response authentication procedure is cryptographically stronger than the one used in SSL protocol and it is based on symmetrical and asymmetrical cryptographic algorithms, two session keys and X.509 digital certificates for both client and server. HTTP AUTHENTICATION SERVER Transport SWT module is a basis of the HTTP authentication server with the following main features: Transport SWT module could be used for protection of the WEB/application server used for specific business application, HTTP authentication server used proprietary protocol for communication with clients on the top of the HTTP protocol, Direct access to the WEB server is forbidden for outside world and only HTTP authentication server has a connection to the WEB business server, Accordingly, access to the WEB server is forbidden for all users except the ones that have special gateway HTTP proxy client, HTTP proxy client and HTTP authentication server are based on smart cards and strong authentication procedures between client and server,
4 4 HTTP authentication server, for the purpose of the user certificate validation, uses the CRL published on the LDAP server or Active Directory server. APPLICATION SWT MODULE This module is used for realization of two main functions: User strong authentication based on PKI bilateral challenge-response procedure, End-to-end security on the application level based on digital signature and digital envelope technologies using asymmetrical and symmetrical cryptographic algorithms. This module realizes functions for digital signature of the application data (providing authenticity, integrity protection and non-repudiation) and encryption (providing confidentiality protection). Namely, NetSeT s cryptographic application programming interface (API) is a set of the asymmetric and symmetric cryptographic functions which could be implemented in any of the user s applications, designed for Windows 98/NT/2000/XP and Linux platforms. This set consists of the following main functions: Digital signature (RSA algorithm with a key 1024 bits), Verification of the digital signature, Encryption (use of standard, NetSeT s proprietary or user s defined symmetric algorithms), Decryption, Communication with smart card reader with implemented authentication functionality, User s authentication. These API functions are fully compatible with existing de facto standards PKCS (Public Key Cryptographic Standards), such as: PKCS#1, PKCS#7 and PKCS#11. Besides the user strong authentication functions mostly implemented in the WEB server environment or in front of the WEB server (HTTP authentication server), application level security mechanisms enable end-to-end security between the client and application server that is mostly located in a domain behind the web server (it is located on application server or even directly on the database server). On the other side, SSL protocol provides security only between the client and web server, and all the data running over the internal network (behind the WEB server) is in clear. The SWT application level security module is realized as an ActiveX component or JAVA applet both for the client and server side. In fact, client modules are mostly ActiveX components (since Windows clients are prevalent) while servers sides are ActiveX for Windows or JAVA servlet for JAVA environments. These components are installed on the client side; they are integrated into the html pages and activated through client s Internet browser program.
5 5 Two working modes are possible, regarding the type of the application. Namely, it is possible to protect data in the interactive communication between client and server (on-line) or protection of data or files could be provided in advance (prepared signed and encrypted files) through some off-line cryptographic procedure. Both on-line and off-line procedure use the same ActiveX (or JAVA applet), but in the different environment (on-line is used through Internet browser program and off-line is used through some specialized off-line cryptographic application). The components of the SWT system are based on a modular structure and both of them have an application and transport SWT module. The main difference between the two SWT components is in the server and client s local application interface (SWAL Secure Web Application Link) that has a purpose of integrating these components into the WEB application. SWAL module enables WEB applications the use of the set of cryptographic API functions, necessary for the application level protection. In order to additionally improve the functionality and overall security of the server side of the SWT system, a PCI card-based crypotgraphic coprocessor solution, called NST2000, is to be implemented. The hardware security modules, realized as coprocessors, represent strong points of the modern security solutions for the computer networks. The existence of hardware security modules is ultimate for design of the computer network system with high performance and high level of the security. In that case, the encryption algorithms and the other security related functions (e.g. access control functions) are securely executed on the hardware element and sensitive data are never loaded on the user s computer memory. Without these modules, it would not be possible to achieve the trusted aplication concept with a full control of the system access and resistant to the Trojan Horse attacks. It is proven that PC operating systems and other system software components have some security drawbacks, and this is especially critical for the software-only cryptographic tools. CPG AS THE APPLICATION LEVEL FIREWALL IN THE TRUSTED WEB SECURITY MODEL In the trusted WEB security model, CPG is used for protection of the back-office second model segment namely, for communication protection between the WEB/application server and database server. In this configuration, a simplified blockdiagram is given on Fig. 3, it is necessary to implement a special cryptographic component on the WEB/application server, named CPG gateway, which is used for establishing secure communication (strong user authentication and cryptographic tunnel) between WEB/application server and database server. In this way, all communication between WEB/application server and database server is encrypted and only servers with CPG gateway could have access to the database server.
6 6 DeMilitarized Zone (DMZ) WEB or application СЕРВЕР server БОНИТЕТ ПККС CPG Internal network Database СЕРВЕР server БАЗЕ БОНИТЕТ CPG Crypto Gateway API Figure 3: Security protection between WEB/application server and database server
Security Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationTel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com. CAIL Security Facility
Tel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com CAIL Security Facility Table of Contents A. Overview B. CAIL Security Solutions C. Summary
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationSSL VPN vs. IPSec VPN
SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationPrivyLink Internet Application Security Environment *
WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationCitrix MetaFrame XP Security Standards and Deployment Scenarios
Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document
More informationISM/ISC Middleware Module
ISM/ISC Middleware Module Lecture 13: Security for Middleware Applications Dr Geoff Sharman Visiting Professor in Computer Science Birkbeck College Geoff Sharman Sept 07 Lecture 13 Aims to: 2 Show why
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationSteelcape Product Overview and Functional Description
Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More informationIntroduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi
Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces
More informationPrivyLink Cryptographic Key Server *
WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationTop 10 Questions to Ask when Choosing a Secure File Transfer Solution
Top 10 Questions to Ask when Choosing a Secure File Transfer Solution Top 10 Questions to Ask when Choosing a Secure File Transfer Solution Companies that have made an investment in a Secure File Transfer
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationTable of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2
Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationChapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.
Chapter 2 TOPOLOGY SELECTION SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Topology selection criteria. Perform a comparison of topology selection criteria. WebSphere component
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationSnow Agent System Pilot Deployment version
Pilot Deployment version Security policy Revision: 1.0 Authors: Per Atle Bakkevoll, Johan Gustav Bellika, Lars, Taridzo Chomutare Page 1 of 8 Date of issue 03.07.2009 Revision history: Issue Details Who
More informationSECTION 1: INTRODUCTION
3117 NETWORK ARCHITECTURE STANDARD OWNER: Security Management Branch ISSUE DATE: 10/25/2011 DISTRIBUTION: All Employees REVISED DATE: 7/1/2013 SECTION 1: INTRODUCTION The California Department of Technology
More informationGlobal Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)
Managed Communications JPMorgan - Global Client Access Managed Internet (EC Gateway) Managed Communications Overview JPMorgan offers a variety of electronic communications services that are reliable and
More informationAuthorize.net modules for oscommerce Online Merchant.
Authorize.net Authorize.net modules for oscommerce Online Merchant. Chapters oscommerce Online Merchant v2.3 Copyright Copyright (c) 2014 oscommerce. All rights reserved. Content may be reproduced for
More information<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008
Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationMetaFrame Presentation Server Security Standards and Deployment Scenarios Including Common Criteria Information
MetaFrame Presentation Server Security Standards and Deployment Scenarios Including Common Criteria Information Citrix MetaFrame Presentation Server 4.0 for Windows Information in this document is subject
More informationHow To Secure Your Data Center From Hackers
Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard
More informationSecurity Goals Services
1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationTechnical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for
Technical Description DigitalSign 3.1 State of the art legally valid electronic signature The best, most secure and complete software for Adding digital signatures to any document, in conformance with
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationWeb Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict 2010. All rights reserved
Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010 Fedict 2010. All rights reserved What is Entity Authentication? Entity authentication is the process whereby one party
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationRELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.
Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON
More informationHow To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm
ULTEO OPEN VIRTUAL DESKTOP V4.0.2 ARCHITECTURE OVERVIEW Contents 1 Introduction 2 2 Servers Roles 3 2.1 Session Manager................................. 3 2.2 Application Server................................
More informationRelease Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day
NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in
More informationPkBox Technical Overview. Ver. 1.0.7
PkBox Technical Overview Ver. 1.0.7 14 September 2015 All the information in this document is and can t be used entirely or in part without a written permission from Intesi Group S.p.A. Le informazioni
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationSecuring access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
More informationERserver. iseries. Securing applications with SSL
ERserver iseries Securing applications with SSL ERserver iseries Securing applications with SSL Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users
More informationLecture VII : Public Key Infrastructure (PKI)
Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public
More informationeid Security Frank Cornelis Architect eid fedict 2008. All rights reserved
eid Security Frank Cornelis Architect eid The eid Project > Provides Belgian Citizens with an electronic identity card. > Gives Belgian Citizens a device to claim their identity in the new digital age.
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationGENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET
http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004
More informationThe Security Framework 4.1 Programming and Design
Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com Security Architecture for Development and Run Time Support of Secure Network Applications Sead Muftic, President/CEO
More information2014 IBM Corporation
2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session
More informationSECURELY CONNECTING INSTANT MESSAGING SYSTEMS FOR AD HOC NETWORKS TO SERVER BASED SYSTEMS
SECURELY CONNECTING INSTANT MESSAGING SYSTEMS FOR AD HOC NETWORKS TO SERVER BASED SYSTEMS Philipp Steinmetz Introduction Motivation for Tactical Instant Messaging Bandwidth-efficient Silent information
More informationEnhancing your security management
Technical WhitePaper Enhancing your security management Compumatica secure networks 2014 Compumatica secure networks www.compumatica.com OVERVIEW NETWORK SECURITY plays an important role for any company
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationPKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240
PKI Uncovered Andre Karamanian Srinivas Tenneti Francois Dessart Cisco Press 800 East 96th Street Indianapolis, IN 46240 Contents Introduction XIII Part I Core Concepts Chapter 1 Crypto Refresh 1 Confidentiality,
More informationSecuring Ship-to-Shore Data Flow
Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their
More informationSECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS
SECURING NETWEAVER DEPLOYMENTS A RSACCESS WHITE PAPER SECURING NETWEAVER DEPLOYMENTS 1 Introduction 2 NetWeaver Deployments 3 Safe-T RSAccess Overview 4 Securing NetWeaver Deployments with Safe-T RSAccess
More informationRelease Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved
NCP Secure Client Juniper Edition Service Release: 9.30 Build 102 Date: February 2012 1. New Features and Enhancements The following describe the new features introduced in this release: Visual Feedback
More informationThe Seven Habits of State-of-the-Art Mobile App Security
#mstrworld The Seven Habits of State-of-the-Art Mobile App Security Mobile Security 8 July 2014 Anand Dwivedi, Product Manager, MicroStrategy strworld Agenda - Seven Habits of State of the Art Mobile App
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationKey & Data Storage on Mobile Devices
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
More informationCycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
More informationINUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER
INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER ARCHITECTURE OVERVIEW AND SYSTEM REQUIREMENTS Mathieu SCHIRES Version: 1.0.0 Published March 5, 2015 http://www.inuvika.com Contents 1 Introduction 3 2 Architecture
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More information: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
More informationEnterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere
Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationWeb Security. Mahalingam Ramkumar
Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting
More informationPRIVACY, SECURITY AND THE VOLLY SERVICE
PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationVersion Highlights. CertainT 100 SSL Accelerator. Version 2.11. International. New hardware and software version. North America
Version Highlights SSL Accelerator Version 2.11 New hardware and software version North America Radware Inc. 575 Corporate Dr. Suite 205 Mahwah, NJ 07430 Tel 888 234 5763 International Radware Ltd. 22
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationFundamental Points of the ABScard Technology
Fundamental Points of the ABScard Technology Architettura ABSCARD Pagina 1 di 13 General Index 1.Architecture...3 1.1 Introduction...3 1.1.1 Security...4 1.1.2 Management...5 1.1.3 ABScard enterprise version
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationFirewalls. Outlines: By: Arash Habibi Lashkari July 2010. Network Security 06
Firewalls Outlines: What is a firewall Why an organization ation needs a firewall Types of firewalls and technologies Deploying a firewall What is a VPN By: Arash Habibi Lashkari July 2010 1 Introduction
More information[SMO-SFO-ICO-PE-046-GU-
Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It
More informationLBSEC. http://www.liveboxcloud.com
2014 LBSEC http://www.liveboxcloud.com LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationTLS/SSL in distributed systems. Eugen Babinciuc
TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History
More informationDigital Signatures and Interoperability
Setting Processes for Electronic Signature Dr. Joachim Schiff On behalf of the SPES Consortium Workgroup City of Saarbruecken IKS Nell-Breuning-Allee 1 D-66115 Saarbruecken Germany Tel. 0049 681 905 5000
More informationWhy a Reverse Proxy with My Instant Communicator for mobiles??
Why a Reverse Proxy with My Instant Communicator for mobiles?? INTEGRATED COMMUNICATION SYSTEMS 8AL020043359DRARA, February 2010 What is OmniTouch 8600 My Instant Communicator? Is an aggregator of all
More informationSoftware Tool for Implementing RSA Algorithm
Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key
More informationSecurity Protocols/Standards
Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity
More informationRemote Connectivity for mysap.com Solutions over the Internet Technical Specification
Remote Connectivity for mysap.com Solutions over the Technical Specification June 2009 Remote Connectivity for mysap.com Solutions over the page 2 1 Introduction SAP has embarked on a project to enable
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationSecurity Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Security Technical Overview Published: 2014-01-17 SWD-20140117135425071 Contents 1 New in this release...10 2 Overview...
More informationTrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More information2012 LABVANTAGE Solutions, Inc. All Rights Reserved.
LABVANTAGE Architecture 2012 LABVANTAGE Solutions, Inc. All Rights Reserved. DOCUMENT PURPOSE AND SCOPE This document provides an overview of the LABVANTAGE hardware and software architecture. It is written
More informationBlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1
BlackBerry Enterprise Server 5.0 SP3 and BlackBerry 7.1 Version: 5.0 Service Pack: 3 Security Technical Overview Published: 2012-01-17 SWD-1936256-0117012253-001 Contents 1 Document revision history...
More informationDJIGZO EMAIL ENCRYPTION. Djigzo white paper
DJIGZO EMAIL ENCRYPTION Djigzo white paper Copyright 2009-2011, djigzo.com. Introduction Most email is sent as plain text. This means that anyone who can intercept email messages, either in transit or
More information