Digital signature in insecure environments
|
|
- Nancy Page
- 8 years ago
- Views:
Transcription
1 Digital signature in insecure environments Janne Varjus Helsinki University of Technology Abstract Due to current legislation the digital signatures can be as valid as the hand written signatures. If the signing environment is compromised there is no way for the signatory to know what he/she is signing. Even if signing process is secure, data can be switched before signing by malware. Home computers are usually in a risk to get compromised by virus attacks and computers elsewhere can be untrusted. If computers in a risk cannot be used for signing it greatly reduces the applications of the digital signatures. To solve this issue hardware and software approaches have been developed that try to minimize the risks. KEYWORDS: Digital Signatures, Trusted Computing, Malware 1 Introduction Digital signatures are nowadays as legally binding as the normal signatures are in many countries [7]. Accredited certificate authorities have been around for some time now, but the current usage of the digital signatures is still rare. The digital signatures should be secure enough and easy to use to gain a wide acceptance from the public and the service providers. Current implementations lack such a security as well as the ease of the usage [4]. Also the price is a very important issue. To be able to provide services to the general public these issues must be addressed. Usable and secure digital signatures would make it possible to offer many kinds of services, which currently require a hand written signature. Numerous government and private sector services could be provided online and the need to make and archive paper documents, which will be after all inputted to the computer systems, would be eliminated. This would speed up the service and reduce the cost caused by archiving and manually processing the documents. For example the new legislation in the Finland requires the use of the digital signature for signing documents stored in the new health care information system [2]. To be more useful also patients should be able to sign the documents stored there. Places where the most of the signing would take a place are probably the home computer of the patient and a public terminal in the hospital. This requires at least addressing the security issues. 2 Technology Digital signatures are produced by using public-key cryptography. This is usually achieved by using a smart card that holds keys and does the actual signing. The private key never leaves the card. The smart card is protected by a PIN-code that must be entered before signing. [6] To be able to sign a document user needs a card reader (preferably with a pin pad) and a software that handles the signing process. Software calculates a hash value for the document, transfers it to the smart card, and the smart card signs it with the private key if the entered PIN-code is correct. After signing anyone can verify with the public key that the document is signed with the corresponding private key. [8] To be able to trust that the public key is belonging to the user it says it belongs to, it must be signed by a trusted certificate authority. The certificate authority must also have a way to revoke the certificate. Usually the certificate authority is a third party. Also some kind of service to establish the timeline between signatures is usually required to determine which signatures have been made before revoking the certificate. Signing with an old key must also be prevented. [8] 3 Legislation In Finland all signatures created using accredited certificate authority signed keys and secure signing device are legally binding. Otherwise signature is not necessarily legally valid. It could be argued that the law requires completely secure signing method and therefore no signature is legally binding. [1] Digital signatures are already required by the law in electronic medical records. After the transition period secure way to sign medical documents will be needed. [2] Internationally digital signature laws are quite different in different countries and legally binding signature in one country might not be binding in another country. Also liability of the signatory could differ between countries. There is work being done to harmonize laws between countries so international commerce could use the digital signature. [7] 4 Problem description Digital signatures are usually created by calculating a hash value from the data to be signed and then the hash value
2 is signed with a public key algorithm [8]. Signing operations and key storage are usually done with a smart card or a similar device which is a closed platform. This assures that the private keys are safe and the signing operation is secure. It however doesn t prevent malicious alteration of the hash value or the document to be signed before signing. This is because the computer used for the signing operation is an open platform, which can be infected by a trojan horse. Malware could easily alter the document to be signed when using current signing software packages. [6] Preventing this from happening would require that the malware couldn t take a part in the signing process. This could be achieved by using a completely closed system for the signing or by trying to verify that the software components taking part to the signing process are unaltered. First available solution is hardware based and requires a special display controller and a smart card reader combination. It basically signs what you see in the display. It is in practice a closed system so the malware should not affect it. [3] Second solution is software or partly software based and reduces risk that the malware could operate in the system. It is usually referred as a Trusted Computing. Hardware or software verifies the integrity of the software and detects any changes. It doesn t offer complete protection but it greatly increases the security. [6] Software solutions tested at autumn 2005 didn t have any kind of protection for modifying the data to be signed or the data to be verified. Some solutions are even allowed to execute arbitrary code in their address space. [4] Smart cards usually have PIN codes to ensure that the card is only used by the card owner. Cheaper readers do not have a numeric keypad for the PIN code. When the PIN-code is inputted by a computer keyboard, it is relatively easy to capture it. After the PIN-code is captured, the malware can use the card whenever it wants to, if the card is inserted to the reader. Alternatively someone could acquire the PINcode and then steal the card. [5] The PIN-code is relatively easy to protect with readers that have a keypad and use it for entering the PIN-code. Digital signatures that satisfy certain conditions are legally binding so care should be taken when signing any document [7]. Every time a signing operation could be misused to sign something else if the platform is compromised. However the hash should be secure so malicious information to be signed must be available at the moment when signature is performed. After signing operation the user can be very confident at least that no more forged signatures can be made using his keys, if the key material isn t exposed to the malware. Current signing software require saving the document, launching separate program for a signing operation and reviewing the document in a separate secure viewer before signature even if you just have written the document. Of course there could be only one button that reads "Sign", but it would undermine the security against malware. Also the PIN-code will be asked each time you want to sign something. [4] This should be much easier for the general public. 5 Software based secure signing environment using Trusted Computing Platform Document to be signed is saved to a SWORM medium to prevent modification. Java application will be used for signing because it can be executed in a trusted Java Virtual Machine or in the memory of a smart card when intelligent adjunct model is used. The signing application should be saved to the memory of the smart card so it will be more platform independent and always trusted. [6] This approach could be used by the general public in the future because it only requires Trusted Platform Module and a smart card reader to be in the computer, and the rest depends on the software and the smart card. Because it is very unlikely, that the malware that targets digital signatures attacks operating system loader, it could be possible to drop off the Trusted Platform Module. Then the whole solution would be software based and usable in all computers that are running operating systems supporting Trusted Computing Platform. Currently there isn t required support in any mainstream operating system so this approach is valid only in the future. [6] 5.1 Trusted Computing Platform To prevent that the malware has access to the signing process, Trusted Computing Platform could be used. It consists of a hardware module that functions as a root of the software signature verification. Previously loaded software components verify that the components they load have a valid signature. This way the whole operating system could be verified and loading the malware as trusted software prevented. At least the malware wouldn t be able to mess up with the operating system. Also path from the reader to the software and the path from the keyboard to the software are protected. Signing software is not required to be signed and it could be run for example in a trusted Java Virtual Machine. [6] 5.2 WORM and SWORM WORM means write once read multiple and SWORM is a software implementation of WORM. For example it could be securely implemented by using Trusted Computing Platform. WORM ensures that when a file is saved it cannot be modified anymore. When software saves a file to the SWORM medium it is impossible to tell if it will be signed in the future. This prevents the malware from monitoring when the document to be signed is saved. Also malware has only a short window of opportunity to change the data to be signed. This reduces the need of the secure viewer component in the signing software. [6] 5.3 Intelligent adjunct model Normally smart card controls only the signing process inside the smart card, but in the Intelligent Adjunct model the smart card is given control of resources outside the smart card. The card could for example retrieve file to be signed from the SWORM medium. This means that the Java Virtual Machine
3 running on the smart card is given access to the hardware of the computer through the smart card reader interface. [6] 5.4 Storing signing software on the smart card Signing software resides in the smart card and is loaded from there to the secure Java Virtual Machine or it could be also executed in the smart card s own internal virtual machine. Signing software should be implemented in Java so it can be run in the virtual machine. This makes it possible that integrity of the signing software is verified even if it doesn t have a signature from the Trusted Computing Platform Alliance. This makes it easier to make updates to the software. Smart card manufacturer or developer writes the signing software to the smart card and if it cannot be modified it could be considered trusted. [6] 6 Trusted Display Controller based secure signing method Trusted Display Controller is used to control the video path. Together with a smart card reader it forms a closed platform for signing. Trusted Display Controller is a modification for the Trusted Platform Module. Rest of the system can be a normal personal computer that has open platform. [3] When an application wants to sign some information it sends it to the Trusted Display Controller. Trusted Display Controller first performs mutual authentication with the smart card using secure communication between the smart card reader and the controller. Only controllers that have correct certificates can access to the smart card data. User can be guaranteed that the hardware is approved to be used with the smart card even when using computer that the user has never used before. [3] After the authentication controller fetches a seal image from the smart card and displays the bitmap of the information to be signed with it. The controller generates a random number and displays it with the seal and the document. User can confirm that the image on the display actually comes from the controller by looking at the seal image which is chosen by user, and only user knows what it looks like. To sign the bitmap user is required to input that random number with a normal keyboard. Security of the keyboard input is not an issue because the number is used only once. [3] This method could be impractical with large documents because each page must be shown and signed separately. Also because the image of the document is signed it could be hard to automatically process that data. [3] This isn t very appealing to the general public because special display controller costs too much for someone who just wants to use some services that require digital signature. Hardware based approach could be used in public computers intended for producing digital signatures. It could be a good idea if such a solution supported also viewing and signing documents in pdf-format instead of just bitmap. 7 Other hardware based solutions Secure signing operation could be performed on a completely separate hardware. To be able to trust the signing process, this hardware device should have a display to view the document and a smart card reader with a possibility to input the PIN-code. [6] The device could be a dedicated computer that has only minimal software for performing the signing process and a secure way to transfer the document to be signed. Also completely closed system that is only meant for this use is possible [6]. It could be connected to the computer via USB or by some other means. Problem with this solution would be a high price tag and therefore it wouldn t be practical for home usage. By using a PDA as a secure signing device this could be a solution for business use. Completely closed system would be difficult for most applications because it could sign only a few preselected formats. However this could be useful when the formats are known before, like for example when signing documents at some government bureau. [6] 8 Commercial software available from the store. Commercial software products for producing the digital signature are the easy way to go. These products are usually build to perform digital signature operations the user friendly way. But there isn t sufficient security against malware in these programs. More secure platform could help. [4] Many products available are vulnerable to even the most basic attacks by trojan horses. In most cases attack could be executed by using only basic user rights. Attack can be performed with a very little knowledge about the internals of the program. [4] DLL that provides an interface to the smart card reader can be replaced with another DLL that wraps functionality of the real DLL and so malicious DLL gains an access to the signing software address space. It could be used as a sniffer for the smart card traffic or to make changes to the signing software. [4] The PIN-code can be usually intercepted by just accessing to the password input box through the Windows API. Some software has protection against this, but usually the PIN-code can be still retrieved. Key pad with the smart card reader eliminates this security problem. [4] Most programs have secure viewer component that displays the document just before it will be signed. Malicious program can draw to the viewer surface or open a new window on top of the viewer. This could be prevented by refreshing the content frequently enough and by monitoring that no window is on top of the actual viewer window. [4] Most of these attacks can be prevented using simple methods, but programs do not employ them. Software manufacturers assume that environment where programs will be used is not compromised. And it is responsibility of the user to assure this. [4] This option is more appealing to the general public because it needs just the software and the smart card reader and
4 is compatible with the platforms that the software supports. Security however is not so great and for the digital signature with legal obligations it isn t a very good option. 9 Solution for the general public For the general public the security should be high because users aren t experts and the equipment should be cheap for home use. Also the solution must be easy to use. Users shouldn t be able to make any modifications that would produce a security risk. This means that the platform must be closed or at least the software must be protected from any modifications. To keep the cost of this solution low need of extra hardware should be kept minimal. To protect the software from modifications it should be loaded from read only memory and no other software should be running at the same time. Device used needs a display because of the need to inspect the document to be signed. Displays capable to view documents aren t cheap, so usually at home buying one for this reason is out of the question. A computer display is usually the only display that is found from home and is capable to view documents. This means that the computer should be used to sign the documents in home environment. I propose that a specialized Linux distribution booted from a CD-ROM could be used to perform the signing. Booting from the CD-ROM ensures that only the software that is on the CD is running and making changes to the software is impossible. This would be a good solution for home use because only needed hardware is a card reader and a normal computer. Distribution should include only the necessary tools and nothing else. Such tools would be the signing software and a collection of editors and viewers. Also tools to access file systems on the computer should be included. Distribution could be easily customized to fit any special purpose by adding software to it. If trusted service provider provides the CD, user knows that he/she has obtained a valid copy. For example the distribution could be constructed to support all the services that the government offers. It might be advantageous for the service providers to create one common distribution for every service. Security with this solution would be quite good because every time system is booted, clean copy of the operating system will be loaded and minimal Linux is a very hard target for any kind of malware that doesn t already come with the distribution. Of course any other OS could be used for this purpose if it can be customized. This Linux distribution could also be running under a virtual machine. It reduces security but could be a good option for some purposes. In this configuration the smart card reader could pose a security risk because it needs to be connected to the virtual machine through the actual computer. Otherwise well implemented virtual machine should be relatively safe place to run this Linux distribution. Normal trojan horse would have great difficulty to do something because it would have to directly modify address space used by the virtual machine. Need to boot to another operating system makes this Linux distribution a little difficult to use if it is needed frequently. Solution Price Security Software, Trusted Computing low medium Hardware high high Current software in market low low Bootable linux CD free medium Table 1: Solutions for producing digital signatures For users who use it just occasionally it could be the best solution and because the Linux is under the GPL it would also be free. This Linux distribution could also be useful for applications where whole computer is dedicated to performing digital signature operations. This could be the case for example if temporary workstation is needed to produce digital signatures. 10 Analysis of the solutions Different solutions follow the rule: When usability increases security decreases or the price increases. Trusted Computing Platform based solutions provide more secure environment and therefore increase also security of the signing software. Current software shows that the developers don t care to make even the most basic protection against malware. Usually the manual says that it is responsibility of the user to provide malware-free environment. [4] Closed platform hardware solutions are very secure and also expensive. The advantage with the closed platform is that outside influence can t interfere with it. Special hardware is also usually easy and fast to use. Linux boot CD solution seems to be a good choice compared to the other choices, but it is necessary to boot computer to this special environment. Frequent usage with one computer that is in other uses too could be very inconvenient. This solution could also be used to make workstation that is dedicated for digital signing. Solutions are compared in the Table Conclusion Emerging services that use digital signatures need to have a secure way for the user to make the signatures. As the number of the services will increase also solutions to perform digital signatures will increase and security will be taken into account more seriously. Current hardware solutions are expensive and software solutions insecure. Specialized hardware could be option when the signing of documents is very frequent. Because hardware solution also makes it possible to authenticate the hardware by the smart card, it is the best solution for use in public computers like for example the computer in the library. Current software solutions are suitable for people that can be sure that their computer doesn t contain any malware. Software solution that utilizes Trusted Computing Platform would be secure and inexpensive but operating systems that support it are not currently available for the wide audience. [6]
5 New solutions must be developed before the general public can utilize the services safely. Because of the legally binding nature of the digital signature equal to a hand written signature these solutions must be very secure. One possibility to achieve secure and inexpensive system could be using Linux system that boots from the CD. It however isn t very user friendly because user must first shut down the operating system he/she uses regularly. References [1] Laki sähköisistä allekirjoituksista /14, [2] Laki sosiaali- ja terveydenhuollon asiakastietojen sähköisestä käsittelystä /159, [3] B. Balacheff, L. Chen, D. Plaquin, and G. Proudler. A trusted process to digitally sign a document. In NSPW 01: Proceedings of the 2001 workshop on New security paradigms, pages 79 86, New York, NY, USA, ACM Press. [4] H. Langweg. Malware attacks on electronic signatures revisited. In Konferenzband der 3. Jahrestagung Fachbereich Sicherheit der Gesellschaft für Informatik., pages , [5] A. Spalka, A. B. Cremers, and H. Langweg. The fairy tale of what you see is what you sign - trojan horse attacks on software for digital signatures. In Proceedings of the IFIP WG 9.6/11.7 Working Conference., [6] A. Spalka, A. B. Cremers, and H. Langweg. Protecting the creation of digital signatures with trusted computing platform technology against attacks by trojan horse programs. In Sec 01: Proceedings of the 16th international conference on Information security: Trusted information, pages , [7] M. Wang. A review of electronic signatures regulations: do they facilitate or impede international electronic commerce? In ICEC 06: Proceedings of the 8th international conference on Electronic commerce, pages , New York, NY, USA, ACM. [8] J. Zhou and R. Deng. On the validity of digital signatures. SIGCOMM Comput. Commun. Rev., 30(2):29 34, 2000.
Understanding and Integrating KODAK Picture Authentication Cameras
Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.
More informationProtecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs
Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs Adrian Spalka, Armin B. Cremers and Hanno Langweg Department of Computer
More informationHOW SECURE ARE CURRENT MOBILE OPERATING SYSTEMS?
HOW SECURE ARE CURRENT MOBILE OPERATING SYSTEMS? Tobias Murmann, Heiko Rossnagel Chair of Mobile Commerce and Multilateral Security Johann Wolfgang Goethe-University Frankfurt D-60054 Frankfurt / Main,
More informationSecure Data Exchange Solution
Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates
More informationThat Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
More informationOverview Most of the documentation out there on the transition from SHA-1 certificates to SHA-2 certificates will tell you three things:
SHA-1 Versus SHA-2 Overview Most of the documentation out there on the transition from SHA-1 certificates to SHA-2 certificates will tell you three things: - Breaking SHA-1 is not yet practical but will
More informationWhat Are Certificates?
The Essentials Series: Code-Signing Certificates What Are Certificates? sponsored by by Don Jones W hat Are Certificates?... 1 Digital Certificates and Asymmetric Encryption... 1 Certificates as a Form
More informationBypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken
Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis
More informationExecutable Integrity Verification
Executable Integrity Verification Abstract Background Determining if a given executable has been trojaned is a tedious task. It is beyond the capabilities of the average end user and even many network
More informationS3 Control and System Call Indirection
S3 Control Confirma Technology Brief November 2008 Confirma Product Support 11040 Main St., Suite 100, Bellevue, WA 98004-6368, USA Toll free: 877.274.3045 Local: 425.691.1595 Email: support@confirma.com
More informationFirmware security features in HP Compaq business notebooks
HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationHE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK
HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK Prepared By: Raghda Zahran, Msc. NYIT-Jordan campus. Supervised By: Dr. Lo ai Tawalbeh. November 2006 Page 1 of 8 THE WAR AGAINST BEING AN INTERMEDIARY
More informationRecipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed
More informationPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationSchool of Computer Science and Engineering policy with regard to self-administered computers
School of Computer Science and Engineering policy with regard to self-administered computers CSE Computer Security Committee October, 2002 Abstract The School s Computing Support Group (CSG) provides a
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationUser Manual. HitmanPro.Kickstart User Manual Page 1
User Manual HitmanPro.Kickstart User Manual Page 1 Table of Contents 1 Introduction to HitmanPro.Kickstart... 3 2 What is ransomware?... 4 3 Why do I need HitmanPro.Kickstart?... 6 4 Creating a HitmanPro.Kickstart
More informationTrojan Horse Attacks on Software for Electronic Signatures
Informatica 26 (2002) 191-203 191 Trojan Horse Attacks on Software for Electronic Signatures Adrian Spalka, Armin B. Cremers and Hanno Langweg Department of Computer Science III, University of Bonn Roemerstrasse
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationBUSINESS COMPUTER SECURITY. aaa BUSINESS SECURITY SECURITY FOR LIFE
aaa BUSINESS SECURITY SECURITY FOR LIFE CHAPTER 1: WHY COMPUTER SECURITY IS IMPORTANT FOR YOUR BUSINESS No matter how big or small your business is, it s highly likely that you have some information stored
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationYou re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com
SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.
More informationChapter 8: Security Measures Test your knowledge
Security Equipment Chapter 8: Security Measures Test your knowledge 1. How does biometric security differ from using password security? Biometric security is the use of human physical characteristics (such
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationCD180 CeMOS/Cedar Software Package Management and Release Management Cloud Services
P/N:900-1005-20 CD180 CeMOS/Cedar Software Package Management and Release Management Cloud Services CD180 CeMOS/Cedar Software Package Management and Release Management Cloud Services (hereinafter referred
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationWatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA 98104 www.watchguard.com
SMALL BUSINESS NETWORK SECURITY GUIDE WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION AUGUST 2004 SMALL BUSINESS NETWORK SECURITY GUIDE: WHY A REAL FIREWALL PROVIDES THE BEST NETWORK PROTECTION
More informationStudying Security Weaknesses of Android System
, pp. 7-12 http://dx.doi.org/10.14257/ijsia.2015.9.3.02 Studying Security Weaknesses of Android System Jae-Kyung Park* and Sang-Yong Choi** *Chief researcher at Cyber Security Research Center, Korea Advanced
More informationLASTLINE WHITEPAPER. In-Depth Analysis of Malware
LASTLINE WHITEPAPER In-Depth Analysis of Malware Abstract Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse).
More informationInternational Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849
WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore
More informationSystem Security Policy Management: Advanced Audit Tasks
System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that
More informationSecurity Evaluation CLX.Sentinel
Security Evaluation CLX.Sentinel October 15th, 2009 Walter Sprenger walter.sprenger@csnc.ch Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel.+41 55-214 41 60 Fax+41 55-214 41
More informationGuide Installing Digital Certificates in Outlook 2000
Guide Installing Digital Certificates in Outlook 2000 Document SIGNE_PAPET. Ver. 1.0 Date of application 06/08/2012 Seguridad documental 2 Introduction This document describes the steps for configuring
More informationDigital Signatures on iqmis User Access Request Form
Digital Signatures on iqmis User Access Request Form When a user clicks in the User Signature block on the iqmis Access Form, the following window appears: Click Save a Copy and rename it with your name,
More informationTHE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE
THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationWINDOWS AZURE EXECUTION MODELS
WINDOWS AZURE EXECUTION MODELS Windows Azure provides three different execution models for running applications: Virtual Machines, Web Sites, and Cloud Services. Each one provides a different set of services,
More informationPCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core
PCI PA - DSS Point BKX Implementation Guide Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core Version 2.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566
More informationHow To Set Up A Net Integration Firewall
Net Integration Technologies, Inc. http://www.net itech.com Net Integrator Firewall Technical Overview Version 1.00 TABLE OF CONTENTS 1 Introduction...1 2 Firewall Architecture...2 2.1 The Life of a Packet...2
More informationOctober Is National Cyber Security Awareness Month!
(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationUsing Remote Desktop Clients
CYBER SECURITY OPERATIONS CENTRE December 2011 Using Remote Desktop Clients INTRODUCTION 1. Remote access solutions are increasingly being used to access sensitive or classified systems from homes and
More informationUnderstanding Digital Signature And Public Key Infrastructure
Understanding Digital Signature And Public Key Infrastructure Overview The use of networked personnel computers (PC s) in enterprise environments and on the Internet is rapidly approaching the point where
More informationDesktop and Laptop Security Policy
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
More informationMitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security
Mitigating Server Breaches with Secure Computation Yehuda Lindell Bar-Ilan University and Dyadic Security The Problem Network and server breaches have become ubiquitous Financially-motivated and state-sponsored
More informationA Roadmap for personal identity management
2010 Fifth International Conference on Systems A Roadmap for personal identity management Thomas Neubauer Vienna University of Technology Vienna, Austria neubauer@ifs.tuwien.ac.at Johannes Heurix Secure
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationBE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationPractical Mobile Digital Signatures
Practical Mobile Digital Signatures Antonio Maña and Sonia Matamoros Computer Science Department University of Málaga. Spain. {amg, sonia}@lcc.uma.es Abstract. There are important details that give legal
More informationINFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
More informationWillem Wiechers 3 rd March 2015
Willem Wiechers 3 rd March 2015 1 Why do we want Malware & Virus Protection? To make our computers save Wish to keep our data private Wish to have a safe environment to do our online banking, shopping,
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationUniversity of Kent Information Services Information Technology Security Policy
University of Kent Information Services Information Technology Security Policy IS/07-08/104 (A) 1. General The University IT Security Policy (the Policy) shall be approved by the Information Systems Committee
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationUser. Role. Privilege. Environment. Checkpoint. System
8. Security Features Motivation Viruses, spam, trojan horses have become increasingly common in PC environment In mobile environment, new kinds of opportunities offered for malicious software Potentially
More informationIntelligent Log Analyzer. André Restivo <andre.restivo@portugalmail.pt>
Intelligent Log Analyzer André Restivo 9th January 2003 Abstract Server Administrators often have to analyze server logs to find if something is wrong with their machines.
More informationTHOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE
THOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE Chris Eng Vice President, Research Session ID: Session Classification: MBS-T08 Intermediate Agenda State of Mobility in the Enterprise
More informationSTANDARD ON CONTROLS AGAINST MALICIOUS CODE
EUROPEAN COMMISSION DIRECTORATE-GENERAL HUMAN RESOURCES AND SECURITY Directorate HR.DS - Security Informatics Security Brussels, 21/06/2011 HR.DS5/GV/ac ARES (2011) 663475 SEC20.10.05/04 - Standards European
More informationServer Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access
More informationB U S I N E S S G U I D E
VeriSign Microsoft Office/Visual Basic for Applications (VBA) Code Signing Digital Certificates Realizing the Possibilities of Internet Software Distribution CONTENTS + What Is Developer Code Signing?
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationSkoot Secure File Transfer
Page 1 Skoot Secure File Transfer Sharing information has become fundamental to organizational success. And as the value of that information whether expressed as mission critical or in monetary terms increases,
More informationMASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY
MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing
More informationUNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationCourse overview. CompTIA A+ Certification (Exam 220 902) Official Study Guide (G188eng verdraft)
Overview This 5-day course is intended for those wishing to qualify with. A+ is a foundation-level certification designed for IT professionals with around 1 year's experience whose job role is focused
More informationHow To Choose An Electronic Signature
Electronic Signature Systems A Guide for IT Personnel Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents
More informationChapter 1. Introduction to ios Development. Objectives: Touch on the history of ios and the devices that support this operating system.
Chapter 1 Introduction to ios Development Objectives: Touch on the history of ios and the devices that support this operating system. Understand the different types of Apple Developer accounts. Introduce
More informationELECTRONIC SIGNATURES FACTSHEET
ELECTRONIC SIGNATURES FACTSHEET Electronic signatures mean that you can exchange information with others electronically and securely safe in the knowledge that everyone is who they claim to be and that
More informationSecure Signature Creation Devices (SSCDs)
Secure Signature Creation Devices (SSCDs) from different approaches Dr. István Zsolt BERTA istvan.berta@microsec.hu Microsec Ltd. Requirements for SSCDs Annex III of the e-signature Directive, in plain
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationScoMIS Encryption Service
Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationBoston University Security Awareness. What you need to know to keep information safe and secure
What you need to know to keep information safe and secure Introduction Welcome to Boston University s Security Awareness training. Depending on your reading speed, this presentation will take approximately
More informationContents III: Contents II: Contents: Rule Set Based Access Control (RSBAC) 4.2 Model Specifics 5.2 AUTH
Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension Tutorial Amon Ott Contents: 1 Motivation: Why We Need Better Security in the Linux Kernel 2 Overview of RSBAC 3 How
More informationAdwareMedic. About AdwareMedic... 2. How to use AdwareMedic... 3. Frequently Asked Questions... 7. Version History... 9 License Agreement...
AdwareMedic http://www.adwaremedic.com thomas@thesafemac.com About AdwareMedic... 2 System Requirements... 2 Limitations... 2 How to use AdwareMedic... 3 Scan for Adware... 4 Optional items... 5 Firefox
More informationLOCKSS on LINUX. Installation Manual and the OpenBSD Transition 02/17/2011
LOCKSS on LINUX Installation Manual and the OpenBSD Transition 02/17/2011 1 Table of Contents Overview... 3 LOCKSS Hardware... 5 Installation Checklist... 7 BIOS Settings... 10 Installation... 11 Firewall
More informationHow To Monitor The Internet In Idaho
Idaho Technology Authority (ITA) ENTERPRISE POLICY P1000 GENERAL POLICIES Category: P1050 EMPLOYEE INTERNET USE, MONITORING AND FILTERING CONTENTS: I. Authority II. Abstract III. Definitions IV. Policy
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationTechnical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for
Technical Description DigitalSign 3.1 State of the art legally valid electronic signature The best, most secure and complete software for Adding digital signatures to any document, in conformance with
More informationPCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page
More informationGuidelines for the use of electronic signature
Republic of Albania National Authority for Electronic Certification Guidelines for the use of electronic signature Guide Nr. 001 September 2011 Version 1.3 Guidelines for the use of electronic signature
More informationArticle. Electronic Notary Practices. Copyright Topaz Systems Inc. All rights reserved.
Article Electronic Notary Practices Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents Key Features and
More informationHow to Encrypt your Windows 7 SDS Machine with Bitlocker
How to Encrypt your Windows 7 SDS Machine with Bitlocker ************************************ IMPORTANT ******************************************* Before encrypting your SDS Windows 7 Machine it is highly
More informationThe Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems
The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems
More information