VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
|
|
- Edgar Cooper
- 8 years ago
- Views:
Transcription
1 VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: Fax: Internet: office@ecs.vuw.ac.nz Cloud Key Management Sriram Venkatesh Supervisor: NOT STATED Submitted in partial fulfilment of the requirements for Master of Computer Science. Abstract A short description of the project goes here.
2
3 Acknowledgments Any acknowledgments should go in here, between the title page and the table of contents. The acknowledgments do not form a proper chapter, and so don t get a number or appear in the table of contents. i
4 ii
5 Contents 1 Introduction Motivation Problem Contributions Background Security System What defines a secure system? Cryptographic Basics Symmetric Encryption Asymmetric Cryptography Basic Key Management Trust Authentication Authorization Access Control Key Management What is Key Management? Importance of Key Management Public Key Infrastructures Defining the Cloud Cloud Service Models Security in the Cloud Vendors Amazon Web Services Luna SA DNSSEC Problem Domain Description of Baseline model Threat Modeling OWASP Threat Modeling Technique Application Architecture User Roles Key Retrieval Key Bootstrapping Trust Model Application Assumptions Power of attacker Threat Scenario Evaluation iii
6 3.5.1 Threat Analysis Threat Matrix Possible Solutions Eso What is Eso? System Process Key Retrieval Key Bootstrapping Process Key Revocation Security Analysis System Threats Threat Model Evaluation CloudHSM What is CloudHSM? What is a HSM? System Process Architectural Overview Role Based Access Controls Key Retrieval Key Bootstrapping Process Key Revocation Security Analysis System Threats SoftHSM What is SoftHSM? System Process Architectural Overview Key Retrieval Key Bootstrapping Process Key Revocation Security Analysis System Threats Threat Model Evaluation Implementation Program Architecture Scenario High Level Overview Process Overview Key Bootstrap Process Key Retrieval Process Credential Storage Design Experimental Design Performance Metrics Comparison with traditional use case iv
7 6 Evaulation Security Threat Matrix Evaluation Results and Findings Security Analysis Performance Tests and Comparaison Costing Analysis Conclusions 17 v
8 vi
9 Figures vii
10 viii
11 Chapter 1 Introduction 1.1 Motivation 1.2 Problem 1.3 Contributions 1
12 2
13 Chapter 2 Background 2.1 Security System What defines a secure system? Before someone can determine whether something is secure or not, we have to first create a baseline for what is a secure system. In computer security, a typical approach is to require confidentiality, integrity, access control, availability, authentication and non-repudiation in the system[?]. These six attributes are described as follows: 1. Confidentiality is to ensure that secret information is never disclosed to unauthorized entities. 2. Access Control is to ensure that authorized entities are granted permissions to the resource. 3. Integrity is to ensure that data will not be corrupted. 4. Availability is a guarantee of accessibility of data in the system. 5. Authentication is the ability to verify the identity of an entity. 6. Non-repudiation means that one cannot claim that certain actions were never performed. For example, if a message is transmitted or the act of signing the message. Although it is important to consider all these security attributes when designing a web application, its not always possible or necessarily required that all six attributes be fulfilled completely Cryptographic Basics The basic aim of cryptography is to enable two people to communicate over an insecure channel in a secure way. The term cryptography describes a range of cryptographic services including techniques for providing both confidentiality and authentication. 3
14 Symmetric Encryption Symmetric Encryption, has a single secret key that it can use to encrypt plaintext. Then using the same secret key another user can decrypt it [?]. Symmetric key encryption is an essential mechanism for protecting data at rest. We can use this to reduce the risk of unauthorized access to sensitive data. However, the use of symmetric key encryption brings with it certain dangers. Most important is that, once encrypted, we need a robust mechanism to ensure the encryption key is protected from unauthorized access. The key management system needs to grant access to trust worthy entities, and restrict unauthorized entities to ensure that the key is secure Asymmetric Cryptography Asymmetric Cryptography is a cryptographic algorithm which requires two separate keys, one of which is private and one which is public [?]. The public and private key pair comprise of two uniquely related cryptographic keys. The public key is made available to everyone via a publicly accessible repository or directory. While on the other hand the private key must remain confidential to its respective owner. Because the key pair is mathematically related, the public key is used to encrypt the plaintext, whereas the private key is used to decrypt the ciphertext produced by the public key. Therefore, Asymmetric cryptography can provide confidentiality, as the user with the private key is only one able to decrypt the message [?] Basic Key Management Encryption Key Management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys or secrets. [?]. It considers the general management of cryptographic keys, and the means by which public keys are distributed. The study of key management can be broken down into phases concerning the life-cycle of a cryptographic key. These four phases are: 1. Key Generation which covers the creation of the keys 2. Key Establishment which is the methods by which the keys are distributed to the relevant users in the network. 3. Key Update which the techniques used to renew or refresh the keys in the system 4. Key Destruction which covers the deletion and disposal of keys when they are no longer of use. Establishing and distributing keys over an unsecured channel is an important consideration to make. An elegant and widely-applied scheme for establishing a shared key across an insecure channel is the Diffie-Hellman key exchange. The Diffie-Hellman key exchange is a specific method of exchanging cryptographic keys. The Diffie-Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communication channel. 4
15 2.1.4 Trust Authentication Authorization Access Control 2.2 Key Management What is Key Management? Importance of Key Management Public Key Infrastructures 2.3 Defining the Cloud Cloud Service Models Security in the Cloud 2.4 Vendors Amazon Web Services Luna SA DNSSEC 5
16 6
17 Chapter 3 Problem Domain 3.1 Description of Baseline model 3.2 Threat Modeling OWASP Threat Modeling Technique 3.3 Application Architecture User Roles Key Retrieval Key Bootstrapping 3.4 Trust Model Application Assumptions Power of attacker 3.5 Threat Scenario Evaluation Threat Analysis Threat Matrix 7
18 8
19 Chapter 4 Possible Solutions 4.1 Eso What is Eso? System Process Key Retrieval Key Bootstrapping Process Key Revocation Security Analysis System Threats Threat Model Evaluation 4.2 CloudHSM What is CloudHSM? To define a CloudHSM, we must first understand what is a Hardware Security Module (HSM) is, and how it functions What is a HSM? A HSM is a dedicated secure coprocessor that is designed for the management of the key during the keys lifecycle. HSM act as trust anchors that protect the cryptographic functions of an application by securely managing, processing and storing crytopgraic keys inside a hardend, tamper resistant hardware device. A HSM does not output decrypted data or decrypted program instructions on the bus except in encrypted form, therefore this means it can assume a level of security to protect itself from eavesdropping or emission attacks. There are also protections, whereby memory is zeroed when attempts of probing or scanning are sensed
20 4.2.2 System Process Architectural Overview Role Based Access Controls Each HSM partition has a special access control role called the Owner Access to destructive HSM commands (init) can be only be done if via the admin interface which is only available through the SCLI (i.e it is not permitted via Network Trust Link) The standard administrative roles associated with the Luna appliance and HSM are: Admin, who has the possibility to perform all possible commands. Operator who can perform a subset of commands, including some that affect the state of the appliance or its HSM. Monitor who can perform observational commands only, but cannot affect the state or contents of the appliance or its HSM Key Retrieval Each HSM Client is assigned one or more specific HSM partition, and they communicate with the CloudHSM interface via a Network Trust Link and authenticate with a digital certificate exchange and unique HSM partition challenge. The Network Trust Link is a layer built on top of SSL that provides a secure transport of information between the HSM Client and CloudHSM. The network trust link compromises of three parts: The network trust link server, which is hosted via the CloudHSM. Network Trust Link Agents, which is installed on the client server Network Trust Link, is the secure connection that connects between the network trust link server and agent. This Network Trust Link uses a two way digital certificate authentication, and SSL data encryption to protect the information flow between the HSM client and CloudHSM. The SSL protocol used within the network trust link used to connect the Network Trust Link agent and server creates a trusted secure channel for communication. Any application running an agent will be able to connect to the HSM via the network trust link. Authentication The HSM has a three layer authentication scheme that is used to authenticate and role based access control model to achieve high level of security between the client processes and HSM partitions. This important as the CloudHSM is different from the traditional HSM due to the fact that the HSM now exposes a network API to communicate and offer cryptographic functions. The three layers are: 10
21 1. HSM Partiion Activation: An HSM partion within the HSM remains inaccessible to clients until an administrator logs on and explicitly activates an HSM partition. HSM activation requires authentication with a password 2. Network Trust Link Activation Before an application can connect to the HSM. The administrator must authorize access for the client to access the HSM. The registration involves a generation of a self signed certificate on the server which is bound to the host name and IP address. After the client creates the certificate, the client and the HSM exchange their certificates via a secure file transfer process. After this exchange the admin with register the certificate using against the HSM.Once this process is complete, the client is able to create a network trust link. 3. To gain access to the data within the HSM partition, an application process running must first provide an HSM partion password to te LUNA sa. The password is generated during the creation of the HSM partion. The agent running the client machine, combines the password with a unique one time challenge. The application the login is a normal process of providing a password via the API call, and the additional security provided by the one-time challenge mechaninism is internal to the Network Trust Link Key Bootstrapping Process Key Revocation Security Analysis System Threats The thing to note here is that this process ensures that the key material we are protecting and placing in our HSM (in our case the private key used to encrypt/decrypt our database password) is kept safe. This is because the key material does not leave the HSM partition. In other words, the key material is not exposed within the network trust link. So, if an attacker is able to obtain the client s SSL private key it DOES NOT pose a risk to the security of the key material stored in the HSM. However, because we store the private key that is used to encrypt the database password, it does not matter. This is because if the attacker has the SSL private key, he is able to make an authenticated response, to decrypt the password using the private key stored in the HSM. Upon reading some documentation on the Luna s HSM. It mentioned that an attacker must have logical network access to steal the private key and certificate in order to move them to another platform. And, highlighted that it is necessary to have physical access to configure the network in order to masquerade as legitimate client on the network. This process seems to hide the fact, that we are working in a cloud environment. In this cloud environment we have a virtulized instances which can be easily replicated, and do not require physical access to the clients. This means that one of the assumptions that Luna make conflicts with the assumptions made when moving such an process to the cloud. Another problem faced with model is that there is no control over malicious applications that can be executed on a legitimate server where a client is located. This stems from the fact, there are not any low level authentication mechanisms that could be used to uniquely identify different applications if they are run by user, as all authenicated checks are checked via the a verfication of user of the calling process, 11
22 4.3 SoftHSM What is SoftHSM? System Process Architectural Overview Key Retrieval Key Bootstrapping Process Key Revocation Security Analysis System Threats Threat Model Evaluation 12
23 Chapter 5 Implementation 5.1 Program Architecture Scenario High Level Overview Process Overview Key Bootstrap Process Key Retrieval Process Credential Storage Design 5.2 Experimental Design Performance Metrics Comparison with traditional use case 13
24 14
25 Chapter 6 Evaulation 6.1 Security Threat Matrix Evaluation 6.2 Results and Findings Security Analysis Performance Tests and Comparaison 6.3 Costing Analysis 15
26 16
27 Chapter 7 Conclusions The conclusions are presented in this Chapter. 17
28 18
29 Bibliography 19
Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security
Mitigating Server Breaches with Secure Computation Yehuda Lindell Bar-Ilan University and Dyadic Security The Problem Network and server breaches have become ubiquitous Financially-motivated and state-sponsored
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationCommon security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon
1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly
More informationChapter 10. Cloud Security Mechanisms
Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based
More informationCryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik
Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationSecurity Goals Services
1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;
More informationDIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES
DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationWEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services
WEB SITE SECURITY Jeff Aliber Verizon Digital Media Services 1 SECURITY & THE CLOUD The Cloud (Web) o The Cloud is becoming the de-facto way for enterprises to leverage common infrastructure while innovating
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationFull Drive Encryption Security Problem Definition - Encryption Engine
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationCryptography and Key Management Basics
Cryptography and Key Management Basics Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 23, 2007 Erik Zenner (DTU-MAT) Cryptography and Key Management
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationKerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).
Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationSecurity for Ubiquitous and Adhoc Networks
Security for Ubiquitous and Adhoc Networks Mobile Adhoc Networks Collection of nodes that do not rely on a predefined infrastructure Adhoc networks can be formed merged together partitioned to separate
More informationJournal of Electronic Banking Systems
Journal of Electronic Banking Systems Vol. 2015 (2015), Article ID 614386, 44 minipages. DOI:10.5171/2015.614386 www.ibimapublishing.com Copyright 2015. Khaled Ahmed Nagaty. Distributed under Creative
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationIs your data safe out there? -A white Paper on Online Security
Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationKeySecure CUSTOMER RELEASE NOTES. Contents. Version: 8.1.0 Issue Date: 2 February 2015 Document Part Number: 007-012896-001, Rev A.
KeySecure CUSTOMER RELEASE NOTES Version: 8.1.0 Issue Date: 2 February 2015 Document Part Number: 007-012896-001, Rev A Contents Product Description... 3 Key Management... 3 High Performance... 3 Broad
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationEncrypting Data at Rest
Encrypting Data at Rest Ken Beer Ryan Holland November 2014 Contents Contents Abstract Introduction The Key to Encryption: Who Controls the Keys? Model A: You control the encryption method and the entire
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationRunning Secure Server Software on Insecure Hardware without a Parachute
Running Secure Server Software on Insecure Hardware without a Parachute SESSION ID: STU-M06B Nicholas Sullivan Systems Engineer CloudFlare @grittygrease What this talk is about! The web is changing consolidation
More informationTELE 301 Network Management. Lecture 18: Network Security
TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not
More informationUser Authentication Guidance for IT Systems
Information Technology Security Guideline User Authentication Guidance for IT Systems ITSG-31 March 2009 March 2009 This page intentionally left blank March 2009 Foreword The User Authentication Guidance
More informationThe Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems
The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationHow To Ensure Correctness Of Data In The Cloud
Ensuring Data Storage Security in Cloud Computing ABSTRACT Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationManaged Encryption Service
Amethyst Cryptographic Services Ltd Managed Encryption Service An Overview Chris Greengrass March 2011 Encryption and Cryptography The use of encryption/decryption is as old as the art of communication.
More informationSTATE OF HAWAI I INFORMATION PRIVACY AND SECURITY COUNCIL
STATE OF HAWAI I INFORMATION PRIVACY AND SECURITY COUNCIL Category Security, Breach Title Breach Best Practices Document: IPSC2009-02 Revision: 2009.08.28-01 Posted URL: http://ipsc.hawaii.gov Status Under
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationEntrust IdentityGuard Comprehensive
Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive is a five-day, hands-on overview of Entrust Course participants will gain experience planning, installing and configuring Entrust
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationCS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationSafeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST
Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationDashlane Security Whitepaper
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationIBM i Version 7.3. Security Digital Certificate Manager IBM
IBM i Version 7.3 Security Digital Certificate Manager IBM IBM i Version 7.3 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationAnalyzing the Security Schemes of Various Cloud Storage Services
Analyzing the Security Schemes of Various Cloud Storage Services ECE 646 Project Presentation Fall 2014 12/09/2014 Team Members Ankita Pandey Gagandeep Singh Bamrah Pros and Cons of Cloud Storage Services
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationCompter Networks Chapter 9: Network Security
Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau
More informationA Draft Framework for Designing Cryptographic Key Management Systems
A Draft Framework for Designing Cryptographic Key Management Systems Elaine Barker Dennis Branstad Santosh Chokhani Miles Smid IEEE Key Management Summit May 4, 2010 Purpose of Presentation To define what
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationReview On Incremental Encrypted Backup For Cloud
Review On Incremental Encrypted Backup For Cloud Rohini Ghenand, Pooja Kute, Swapnil Shinde, Amit Shinde, Mahesh Pavaskar, Shitalkumar Jain Department of Computer Engineering MIT AOE rohinighenand26@gmail.com
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More information