MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F
|
|
- Erica Jenkins
- 8 years ago
- Views:
Transcription
1 MXMedia CipherStream Preliminary Assessment 1.0 Author: T F Copyright 2012 Farncombe Belvedere Basing View Basingstoke RG21 4HG
2 This document and the information contained herein is the subject of copyright and intellectual property rights under international convention. All rights reserved. No part of this document may be produced, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, or optical, in whole or in part, without the prior written permission of the copyright holder. This report may not be copied or issued in whole or in part without the express permission of MXMedia ( MXMedia ) subject to a confidentiality agreement between all the relevant parties. This report reflects our opinion based on the information available at the time of the review and does not offer any warranty expressed or implied as to the security of the system under review. Document History Version Date Author Comment /11/2012 Tom Thomas Initial Assessment /11/2012 Tom Thomas Updates following review proprietary information. Unauthorised reproduction or disclosure of this information in whole or in part is prohibited. 2
3 Table of Contents 1. Executive Summary System Features Threats Side channel analysis Player attack Recommendations... 7 About Farncombe Consulting Group... 8 proprietary information. Unauthorised reproduction or disclosure of this information in whole or in part is prohibited. 3
4 1. Executive Summary This preliminary review of the MXMedia CipherStream system has been carried out as a paper exercise based on responses to farncombe Minimum Security Requirements questionnaire and other ancillary information provided by MXMedia. This is no substitute for a full review of a system but is a preliminary stage that avoids moving to a full review when easily identifiable problems can be found. In this case the design is still at the stage of detailed architectural design, so we have provided guidelines that will allow the design to be completed in compliance with the minimum security requirements we have provided. MXMedia are designing a bespoke hardware device that implements a secure DRM client. The device is a USB connected stick, that is designed to have an asset uploaded to it via a kiosk and stored persistently within. Bulk storage of content material can be via memory card plugged into the device or connected PC or server HDD. Decrypted content can be rendered on WiFi n HDMI connected devices (that support the appropriate link protection mechanisms). Farncombe have reviewed the initial architectural information provided by MXMedia and find the architecture to be sound, however this is caveated by the fact that the project is still pre production, and many of farncombe s recommendations are focused on the specifics of the bespoke ASIC, which is yet to reach the final design and production stage. We can only say now that if the implementation adheres to the principles outlined in the information submitted to us and follows our recommendations, then the system would be fit for distribution for premium HD content. proprietary information. Unauthorised reproduction or disclosure of this information in whole or in part is prohibited. 4
5 2. System Features MXMedia are implementing several mechanisms in their system that farncombe would regard as sound practice. These include: Asymmetric cryptography for content license encryption, signing and acquisition using RSA 2048 Symmetric cryptography for asset encryption using AES 128 Option to encrypt each asset uniquely to each user Asymmetric signing of device firmware Option to use on board LW time signal clock reference for time bound license check Option to use bespoke WBC based mobile re encryption method, else industry standard DTCP IP or HDMI with HDCP Use of unique monolithic ASIC containing unique secrets, where security is enhanced through diversity from standard off the shelf silicon Strict one way design of decryption datapath within the device ASIC Control/ownership of content path on the device through to baseband proprietary information. Unauthorised reproduction or disclosure of this information in whole or in part is prohibited. 5
6 3. Threats Although delivery of content is direct one to one (as compared with a traditional broadcast TV system for example), the system is based around persistent offline storage of content rather than a strictly streamed model. This provides the obvious opportunity for encryption protected assets and licenses to be easily passed around freely. Many systems relinquish the final decode process to a trusted party, however MXMedia s approach owns the content path through to baseband, thereby protecting the valuable compressed content by design. This means that the robustness of the system relies on: The security of the license decryption process The trust in the player instance 3.1 Side channel analysis The custom architecture of the MXMedia ASIC contains a one way content delivery pipeline serviced by two separate processors with custom instructions extensions, dedicated hardware accelerators and containing hardware cryptography operators. The design will be implemented in a sea of gates, so as to provide additional obfuscation of functional elements. The ASIC presents a no more palatable target for power, glitch and EM analysis, than any other complex SoC might. The cryptographic functions executed are analogous to those executed in a PayTV smartcard in some respects, which is a field where advanced anti snooping mechanisms are employed, such as circuit camouflage, bus scrambling, environmental sensing and hardened cryptographic elementals. 3.2 Player attack Given that the license decryption process uses strong industry standard methods, it is unlikely that an attacker would make this area their first target. The media player/rendering instance is where decrypted decompressed content will be available (transient in memory buffers for example), so care should be taken to secure these buffers from third party attack or subversion. Whilst an HDTV would be an unlikely target for this type of attack, a mobile platform would be more attractive, due to the open nature of contemporary devices. However, here the MXMedia system intends to deploy White Box cryptography rendering code, each time dynamically generated by the player device, with one time keys, the resulting one time mobility of a narrow transient memory buffer and as close as possible direct driving of final content delivery devices. proprietary information. Unauthorised reproduction or disclosure of this information in whole or in part is prohibited. 6
7 4. Recommendations Although on initial inspection we would regard the architecture as essentially sound, there are a number of, as yet, unknown areas where we would make recommendations at this stage: Where applicable, side channel attack hardened implementations of software cryptographic functions; obfuscation of cryptographic intermediaries. These features are finding their way into PayTV SoCs now, so we would expect to see them here. Where applicable, sensible silicon design and layout to mitigate against trivial reverse engineering (e.g. physical spreading and obfuscation of private key bits, bus tracking, metallisation layering, use of circuit camouflage, etc.). These features are finding their way into PayTV SoCs now, so we would expect to see them here. Where applicable, introduction of random noise elements to hardware and software functions in order to mitigate against power analysis. Sound design of device software signature verification mechanism to mitigate against subversion (by attempting to cause hash overflow for example). Hardware random number generator (at least FIPS certified) used to generate symmetric key for WiFi reencryption step. It is recommended that the device software image be encrypted, although this may be mitigated by the verification of manufacturer signature, prior to any execution. Independent penetration testing of the device (white box recommended); including software, protocol and environmental attacks. Secure memory implementation (it is understood that exclusively on chip registers and localised memory is used for transient key material and content). HSM based generation of private key material for chip personalisation. In the full review we would expect to see how these recommendations have been met and how the detail of the design meets the system requirements identified in section 2. proprietary information. Unauthorised reproduction or disclosure of this information in whole or in part is prohibited. 7
8 About Farncombe Consulting Group The Farncombe Consulting Group is a specialised professional services firm operating in the broad digital video technology, telecoms and digital media sectors. Initially focused on pay TV and digital TV technology through founder company Farncombe Technology, it has since grown into a globally recognized television consultancy, servicing a large international client roster that includes broadcasters, operators, telcos, hardware and software suppliers and a variety of government, regulatory bodies and private equity companies. The Farncombe Consulting Group s current focus is on the increased opportunities made available by a converging market which extends from cable, satellite and terrestrial delivery to telco managed IPTV, video over Internet and mobile TV offerings. The Group comprises a number of separate practices covering a wide range of core competencies. These include: Strategy Technology Consulting Programme Management Content Security System Integration Engineering Services Test and Certification Design Practice We apply these competencies to the planning, management, transport and secure delivery of video and other new content services. Farncombe Consulting Group is a private company incorporated in the UK. 100% of our shares are owned by the management team. We are not linked to any technology vendor or service provider, enabling us always to give an honest opinion and take independent decisions solely based on our fair analysis of the situation and our clients' best interests. At Farncombe, we put our customers first; our independence and our impressive track record demonstrate our ability to work over time with any players inside a given industry. Should you require our assistance, please contact us. proprietary information. Unauthorised reproduction or disclosure of this information in whole or in part is prohibited. 8
MovieLabs Specification for Enhanced Content Protection Version 1.0
MovieLabs Specification for Enhanced Content Protection Version 1.0 Introduction Digital content distribution technologies are evolving and advancing at a rapid pace. Content creators are using these technologies
More informationSECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES
SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of
More informationSide Channel Analysis and Embedded Systems Impact and Countermeasures
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side
More informationContent Protection in Silverlight. Microsoft Corporation
Content Protection in Silverlight Microsoft Corporation April 2010 Contents Contents...2 Introduction...3 What is Content Protection?... 3 Why Should You Protect Online Content?... 3 Techniques for Protecting
More informationApplications that Benefit from IPv6
Applications that Benefit from IPv6 Lawrence E. Hughes Chairman and CTO InfoWeapons, Inc. Relevant Characteristics of IPv6 Larger address space, flat address space restored Integrated support for Multicast,
More informationSmart LNB. White Paper. May 2014
Smart LNB White Paper May 2014 This document contains information proprietary to Ayecka Communication Systems Ltd. and may not be reproduced in whole or in part without the express written consent of Ayecka
More informationCryptoFirewall Technology Introduction
CryptoFirewall Technology Introduction Cryptography Research, Inc. www.cryptography.com 575 Market St., 21 st Floor, San Francisco, CA 94105 1998-2007 Cryptography Research, Inc. Protected under issued
More informationPro:Idiom System Description
Pro:Idiom System Description Introduction and Summary The Zenith Electronics copy protection system (Pro:Idiom) provides end-to-end cryptographic security for protecting digital HD and SD video (including
More informationPrivyLink Cryptographic Key Server *
WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology
More informationPUF Physical Unclonable Functions
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationDigital Transmission Content Protection (DTCP) Technical and Licensing Overview
Digital Transmission Content Protection (DTCP) Technical and Licensing Overview 1 Overview DTCP as part of Home Network Protection Framework Link Protection Technology and Licensing Chain DTCP Technical
More informationEmerging Markets for H.264 Video Encoding
Leveraging High Definition and Efficient IP Networking WHITE PAPER Introduction Already dominant in traditional applications such as video conferencing and TV broadcasting, H.264 Advanced Video Coding
More informationThe Future of Cardless Broadcast Security
The Future of Cardless Broadcast Security A Farncombe White Paper on Key Trends in the Approach to Video Security Sponsored by Verimatrix October 2012 Liberty House 222 Regent Street London, W1B 5TR T
More informationDIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES
DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the
More informationPLATFORM ENCRYPTlON ARCHlTECTURE. How to protect sensitive data without locking up business functionality.
PLATFORM ENCRYPTlON ARCHlTECTURE How to protect sensitive data without locking up business functionality. 1 Contents 03 The need for encryption Balancing data security with business needs Principles and
More informationIPTV Primer. August 2008. Media Content Team IRT Workgroup
TV Primer August 2008 Media Content Team IRT Workgroup What Is TV? TV is the delivery of video and audio programming via Internet Protocol () over a broadband network TV can run on a converged network
More informationKey Management Interoperability Protocol (KMIP)
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
More informationCryptographic Rights Management of FPGA Intellectual Property Cores
Cryptographic Rights Management of FPGA Intellectual Property Cores Tom Kean Algotronix Ltd. PO Box 23116 Edinburgh EH8 8YB United Kingdom tom@algotronix.com ABSTRACT As the capacity of FPGA s increases
More informationSecurity in ST : From Company to Products
Security in ST : From Company to Products July 2015 Thierry FENSCH Innovation, Collaboration and Efficiency Director Grenoble Site A global semiconductor leader 2014 revenues of $7.40B Who we are 2 Approximately
More informationIoT Security Concerns and Renesas Synergy Solutions
IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas
More informationDIRECTV Set Top Box and Content Protection Description
DIRECTV Set Top Box and Content Protection Description DIRECTV Set Top Boxes There are tens of millions of active DIRECTV set-top boxes (STBs). All DIRECTV STBs receive 100% digital input signals. The
More informationHardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationM-Shield mobile security technology
Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationSecuring Host Operations with a Dedicated Cryptographic IC - CryptoCompanion
Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion By Kerry Maletsky, Business Unit Director Crypto Products Summary There is a growing need for strong hardware security devices
More informationManaged Encryption Service
Amethyst Cryptographic Services Ltd Managed Encryption Service An Overview Chris Greengrass March 2011 Encryption and Cryptography The use of encryption/decryption is as old as the art of communication.
More informationSHEET 5 CABLE TELEVISION SYSTEM
SHEET 5 CABLE TELEVISION SYSTEM TRADITIONAL TELEVISION AND IPTV INTRODUCTION Access to full digital, as an inevitable technological development, clearly demonstrates the place of Digital Communication
More informationBroadSAFE Enhanced IP Phone Networks
White Paper BroadSAFE Enhanced IP Phone Networks Secure VoIP Using the Broadcom BCM11xx IP Phone Technology September 2005 Executive Summary Voice over Internet Protocol (VoIP) enables telephone calls
More informationA Robust Multimedia Contents Distribution over IP based Mobile Networks
, pp. 283-288 http://dx.doi.org/10.14257/ijseia.2015.9.9.24 A Robust Multimedia Contents Distribution over IP based Mobile Networks Ronnie D. Caytiles, Seungyong Shin and Byungjoo Park * Multimedia Engineering
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationAPWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/
DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing
More informationQiong Liu, Reihaneh Safavi Naini and Nicholas Paul Sheppard Australasian Information Security Workshop 2003. Presented by An In seok. 2010.12.
Digital Rights Management for Content Distribution Qiong Liu, Reihaneh Safavi Naini and Nicholas Paul Sheppard Australasian Information Security Workshop 2003 Presented by An In seok. 2010.12.1 Contents
More informationSecure Streaming Media and Digital Rights Management
Secure Streaming Media and Digital Rights Management Deepali Holankar Department of Computer Science San Jose State University San Jose, CA 95192 dbrahmbhatt@pacbell.net Mark Stamp Department of Computer
More informationQuantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014
Quantum Safe Security Workgroup Presentation Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014 ID Quantique Photon Counters Services Quantum Random Number Generators Technology
More informationData Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin. www.itmr.ac.in
01 0110 0001 01101 WHITE PAPER ON Data Encryption Prepared by Mohammed Samiuddin www.itmr.ac.in Contents INTRODUCTION... 2 NEED FOR DATA ENCRYPTION... 3 DUE CARE... 3 REPUTATIONAL RISK... 3 REGULATORY
More informationGuide to Data Field Encryption
Guide to Data Field Encryption Contents Introduction 2 Common Concepts and Glossary 3 Encryption 3 Data Field Encryption 3 Cryptography 3 Keys and Key Management 5 Secure Cryptographic Device 7 Considerations
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationCycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationWindows Embedded Security and Surveillance Solutions
Windows Embedded Security and Surveillance Solutions Windows Embedded 2010 Page 1 Copyright The information contained in this document represents the current view of Microsoft Corporation on the issues
More informationsystem monitor Uncompromised support for your entire network.
system monitor Uncompromised support for your entire network. CONTENTS. Introduction Uses How it works Site Manager PLUS! Network Watchdog System Requirements 4 5 6 7 8 9 10 system monitor INTRODUCTION.
More informationADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD. Olivier THOMAS Blackhat USA 2015
ADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD Olivier THOMAS Blackhat USA 2015 About Texplained Texplained [Technology Explained] refers
More informationa whitepaper on hybrid set-top-box
a whitepaper on hybrid set-top-box A Set-top-Box (STB) is a very common name heard in the consumer electronics market. It is a device that is attached to a Television for enhancing its functions or the
More informationSpiderCloud E-RAN Security Overview
SpiderCloud E-RAN Security Overview Excerpt for SpiderCloud Wireless, Inc. 408 East Plumeria Drive San Jose, CA 95134 USA -hereafter called SpiderCloud- Page 1 of 7 Table of Contents 1 Executive Summary...5
More informationSecurity Principles. Related to. Handset Theft
Security Principles Related to Handset Theft Table of Contents TABLE OF CONTENTS...2 GLOSSARY OF TERMS...3 1. INTRODUCTION...4 1.1 IMPORTANCE OF IMEI INTEGRITY...4 1.2 IMPROVED IMEI INTEGRITY PRINCIPLES...4
More informationSMALL SYSTEM ARCHITECTURE FOR DIGITAL CABLE Christopher Poli, PE and Michael Hicks Motorola Broadband Communications Sector
SMALL SYSTEM ARCHITECTURE FOR DIGITAL CABLE Christopher Poli, PE and Michael Hicks Motorola Broadband Communications Sector Abstract This paper focuses on the basic architectural elements required for
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationInternet Protocol Television (IPTV)
International Journal of Electronics and Computer Science Engineering 2221 Available Online at www.ijecse.org ISSN- 2277-1956 Internet Protocol Television (IPTV) Lokesh Mittal 1, Ritika Mittal 2 Lecturer
More informationSustainable Device Security:
Last modification: 03-03-2014 / 11:55 AM GMT+01:00 White Paper Media Protection Multiscreen Sustainable Device Security: Breaking the Hacker Business Model with Software Security February 2013 www.irdeto.com
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationInformation Rights Management
Information Rights Management EDRM Enterprise Digital Rights Management vs DFP Data Flow Protection E.ON IS, Thilo Müller April 2008 EIC 2008 Agenda E.ON IS Introduction DRM and DFP Definition Use Case
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationComputer System Management: Hosting Servers, Miscellaneous
Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation
More informationCerticom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement
certicom application notes Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement THE PROBLEM How can vendors take advantage
More informationSamsung Content Management Solution 2.0 Helping hospitality management control guest room TV viewing options
Samsung Content Management Solution 2.0 Helping hospitality management control guest room TV viewing options Property managers can tailor TV content by guest room. Control costs while catering to patrons
More informationCisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X
Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module
More informationEmbedded Java & Secure Element for high security in IoT systems
Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationIBM Crypto Server Management General Information Manual
CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationUser Agreement. Quality. Value. Efficiency.
User Agreement Quality. Value. Efficiency. Welcome to QVuE, the Leaders Network on Quality, Value and Efficiency website sponsored by The Medicines Company. The information provided in this Webinar Series
More informationPrivateServer HSM EKM Provider for Microsoft SQL Server
PrivateServer HSM EKM Provider for Microsoft SQL Server January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this
More informationExternal Supplier Control Requirements
External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration
More informationNetwork Security Technology Network Management
COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission
More informationCONTENT SECURITY KRAMER S APPROACH TO SECURING DATA WITHIN WIRELESS TRANSMISSION KRAMER WHITE PAPER WWW.KRAMERUS.COM
CONTENT SECURITY KRAMER S APPROACH TO SECURING DATA WITHIN WIRELESS TRANSMISSION KRAMER WHITE PAPER WWW.KRAMERUS.COM Executive Summary There has been a fundamental shift in how people collaborate in today
More informationELECTRONIC COMMERCE OBJECTIVE QUESTIONS
MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module
More informationEncrypting Business Files in the Cloud
Quick Guide for IT-Security and Data Privacy Encrypting Business Files in the Cloud Requirements for data security in the cloud End to end encryption Secure file transfers Data Security in the Cloud A
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationSERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security
International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS
More informationSecure Data Exchange Solution
Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates
More informationEnova X-Wall LX Frequently Asked Questions
Enova X-Wall LX Frequently Asked Questions Q: What is X-Wall LX? A: X-Wall LX is the third generation of Enova real-time hard drive cryptographic gateway ASIC (Application Specific Integrated Circuit)
More informationEnhance Service Delivery and Accelerate Financial Applications with Consolidated Market Data
White Paper Enhance Service Delivery and Accelerate Financial Applications with Consolidated Market Data What You Will Learn Financial market technology is advancing at a rapid pace. The integration of
More informationATSC Standard: ATSC Security and Service Protection Standard
ATSC Standard: ATSC Security and Service Protection Standard Doc. A/106 28 September 2015 Advanced Television Systems Committee 1776 K Street, N.W. Washington, D.C. 20006 202-872-9160 1 The Advanced Television
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More information7a. System-on-chip design and prototyping platforms
7a. System-on-chip design and prototyping platforms Labros Bisdounis, Ph.D. Department of Computer and Communication Engineering 1 What is System-on-Chip (SoC)? System-on-chip is an integrated circuit
More informationVoltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review
Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review Prepared for: Coalfire Systems, Inc. March 2, 2012 Table of Contents EXECUTIVE SUMMARY... 3 DETAILED PROJECT OVERVIEW...
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationRecipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed
More informationADSL or Asymmetric Digital Subscriber Line. Backbone. Bandwidth. Bit. Bits Per Second or bps
ADSL or Asymmetric Digital Subscriber Line Backbone Bandwidth Bit Commonly called DSL. Technology and equipment that allow high-speed communication across standard copper telephone wires. This can include
More informationWebEx. Network Bandwidth White Paper. WebEx Communications Inc. - 1 -
WebEx Network Bandwidth White Paper WebEx Communications Inc. - 1 - Copyright WebEx Communications, Inc. reserves the right to make changes in the information contained in this publication without prior
More informationADVANTAGES OF AV OVER IP. EMCORE Corporation
ADVANTAGES OF AV OVER IP More organizations than ever before are looking for cost-effective ways to distribute large digital communications files. One of the best ways to achieve this is with an AV over
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationGeneral Content Security & Service Implementation
SCHEDULE C [VOD-EST-PAYTV] CONTENT PROTECTION REQUIREMENTS AND OBLIGATIONS This Schedule C is attached to and a part of that certain [ Agreement, dated (the Agreement ), between/among ]. All defined terms
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More informationPowerKey Conditional Access System Phase 1.0. System Overview. Revision 1.0
PowerKey Conditional Access System Phase 1.0 System Overview Revision 1.0 Scientific-Atlanta, Inc, Unpublished Works of Scientific-Atlanta, Inc. Copyright 1997 Scientific-Atlanta, Inc. All Rights Reserved
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationSection 1 CREDIT UNION Member Information Security Due Diligence Questionnaire
SAMPLE CREDIT UNION INFORMATION SECURITY DUE DILIGENCE QUESTIONNAIRE FOR POTENTIAL VENDORS Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire 1. Physical security o Where is
More informationCYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS
CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS These Cybersecurity Testing and Certification Service Terms ( Service Terms ) shall govern the provision of cybersecurity testing and certification services
More information