CHAPTER 1 INTRODUCTION 1.1 MOTIVATION FOR DATA SECURITY
|
|
- Imogen Walters
- 8 years ago
- Views:
Transcription
1 CHAPTER 1 INTRODUCTION The need for data security emerges from the widespread deployment of shared file systems, greater mobility of computers and the rapid miniaturization of storage devices. It is increasingly obvious that the value of data is much more than the value of storage devices. The content stored in most of storage devices are of substantial value in terms of intellectual property. Moreover, the theft of a personal laptop or a USB connected secondary storage device leaves the victim vulnerable to the risk of identity theft in addition to the loss of personal and financial data. Hence, it becomes necessary to protect stored data using strong cryptographic methods. 1.1 MOTIVATION FOR DATA SECURITY As described above, data security in modern computing systems is a difficult problem. Network connections and remote file system services, while convenient; often make it possible for an intruder to gain access to sensitive data by compromising only a single component of a large system. Because of the difficulty of reliably protecting information, sensitive files are often not stored on networked computers, making access to them by authorized users inconvenient and putting them out of the reach of useful system services such as backup. In effect, the fear that computer data are not terribly private has led to a situation where conventional wisdom warns us not to entrust our most important information to our most modern computers. Hence, data protection system is vital in any organization where classified and secret data need to be shared and secured simultaneously. Some incidents in the recent years exemplify the need for a secure cryptographic solution to the problem of protecting data from unauthorized access. The majority of these incidents involve insiders or system administrators which accentuates the need for a secure data protection mechanism that thwarts unauthorized information thefts as well as ensures that undue power is not left in the hands of employees or administrators. Data protection systems are increasingly playing a crucial role in commercial environments too; one key factor here being that the commercial value of information stored has 1
2 skyrocketed into millions and billions of dollars which itself is reason enough for protection against theft. Today, many organizations like governments, military, different private organizations, financial institutions and hospitals store enormous amount of confidential data on their laptops. Some of the organizations were victims of data thefts/loss problems. Some organizations faced identity theft from resource centers. To illustrate the above generalization, an unencrypted hard drive was lost at the Quebec office of Human Resources and Skills Development, Canada [Fekete and Cohen (2013)]. The unencrypted external hard drive lost by the Canadian federal agency contained the personal information of half a million student loan recipients including their names, social insurance numbers, and dates of birth, loan balances and contact information from year 2000 to The Royal Canadian Mounted Police (RCMP) was called in to investigate what could be deemed as one of the largest privacy lapses in Canadian history. To follow up, the federal government had to contact all affected individuals, and a toll-free number was set up for those with concerns and questions. Apart from exposure of sensitive personal information, social insecurity and identity risks of the data owners, such incidents also cause severe impact to the reputation of organizations and the loss of their subscriber s confidence in them. In another similar incident, an unencrypted national database with names, social security numbers, dates of births, and some disability ratings for 26.5 million veterans, active-duty military personnel and spouses was stolen [Gradijan (2006)]. The data was entrusted to and owned by the US Department of Veterans Affairs (VA). The breach pointed once again to the human element being the weakest link in the security chain. The database was on a laptop and external hard drive that were both stolen in a burglary from a VA analyst's Maryland home. The VA estimated it would cost $100 million to $500 million to prevent and cover possible losses from the theft. The U.S. Department of Veterans Affairs (VA) chief information security officer and at least two other high profile senior officials along with the analyst had to resign taking accountability for the event. Instances of data theft/compromise are endless and their impacts vary from negligible to extremely severe. Data theft/loss imposes risk of losing important personnel and organization data, and hence securing this data is of utmost importance. When confidential data is compromised the outcomes are severe, costly and farfetched for the data owners, individuals, 2
3 stakeholders and organizations alike. The wide impacts are many-a-times not evident immediately after the incident in many cases and may stretch into the future when that data is put to misuse by the miscreants at their will, especially for identity theft which is the scariest of all social threats. Clearly, there is a pressing need to design and develop data protection mechanisms that cater to the above application scenarios as well as provide several security and usability features. Encrypted file systems or cryptographic file systems fill this void to enable individuals and organizations to keep their storage systems highly available and yet protected from unauthorized access at the same time. 1.2 CRYPTOGRAPHIC FILE SYSTEMS While considering file system security, several aspects should be taken into account such as authentication, authorization, access control, confidentiality and integrity. Linux systems provides authentication, authorization and access control services using Pluggable Authentication Module (PAM); policy language that defines file owner and group, along with the owner/group/world read/write/execute attributes of the file; Posix Access Control Lists (ACL s) that provides more stringent access control on a per-file basis etc. For confidentiality and integrity services, Cryptographic File System (CFS) or Encrypting File System (EFS) have to be used that provides file encryption/decryption along with integrity mechanisms, in a secure, efficient and transparent manner to the user. Distributed cryptographic file system should also provide secure remote access over the Network File System (NFS), file sharing among multiple users, possible use by non-privileged users, portability, incremental backups etc. 1.3 ISSUES WITH EXISTING CRYPTOGRAPHIC FILE SYSTEMS Cryptographic file systems introduce an extra layer of indirection at an appropriate place in the system that provides the necessary cryptographic functionality. Hence, the first decision to be taken while designing a Cryptographic File System (CFS) concerns the placement of this layer. Encryption services by cryptographic file systems can be placed at file system level or device layer level. 3
4 In device layer systems, such as Loopback Cryptographic File System (Cryptoloop) [Hoelzer (2004)] and Device-Mapper Crypto Target (DMCrypt) [Fruhwirth (2005)], encryption/decryption takes place at device layer in kernel-space, using Linux kernel device mapper infrastructure that provides a generic way to create virtual layers of block devices. These systems perform encryption with a single key on the entire block device, so file sharing is not possible among multiple users. They are also not convenient for incremental back-ups, cannot be mounted by non-privileged users and cannot be used remotely over NFS. At the file system level, CFS can be implemented either in user-space or in kernel-space. Cryptographic File System for Unix (CFS_Unix) [Blaze (1993), Blaze (1997)] and Encrypted File System (EncFS) [Ozen (2007), Gough (2011)] are two popular user-space cryptographic file systems at file system level. CFS_Unix is implemented as modified NFS server and EncFS using the File System in User-space (FUSE) API [Szeredi (2004)]. They can be mounted by any user on the system and does not require any modifications to the kernel so can be easily portable. The limitation of these systems is their poor performance due to frequent context switches and data copies between user-space and kernel-space. They perform encryption with a single key on entire directory, so sharing of individual files is not possible among different users. EncFS can be used securely over NFS. CFS_Unix is capable of acting as a remote NFS server, so it can be accessed remotely without requiring an additional NFS mount. This is, however, not recommended due to security issues with plaintext passwords and unencrypted data being transmitted over the network, and also due to poor performance of CFS. ecryptfs [Halcrow (2005), Kirkland (2011)] is the most popular kernel-space CFS, integrated with the Linux kernel since It uses stackable file system interface approach [Zadok and Badulescu (1999), Zadok and Nieh (2000), Zadok et al. (1999)] to introduce a layer of encryption that can fit over any underlying file system. ecryptfs is more efficient than existing user-space cryptographic file systems, mentioned above. It performs encryption on a per-file basis and provides support for file sharing among multiple users using Public Key Infrastructure (PKI) support. It also provides support for file integrity using keyed hashes. It can be used remotely on top of networked file systems. The limitations of ecryptfs are that, it cannot be ported across different platforms and do not provide any options for non-privileged users to mount a file system. 4
5 Public-key management in ecryptfs, for user authentication and file sharing, is performed by a user-space daemon, named ecryptfsd, which can be easily spoofed by user-space processes having superuser privileges, to provide the kernel with the wrong public-key and hence cannot be trusted. As mentioned above, performance, file sharing, portability and availability to non-privileged users, all cannot be achieved together. Existing user-space CFS have performance limitations and does not provide support for file sharing; and kernel-space CFS are not portable and cannot be mounted by non-privileged users. Key management is another crucial issue in the cryptographic file systems mentioned above. The majority of these cryptographic file systems employ only basic password protection schemes, disregarding the best practices of multi-factor authentication. Most passwords that users can reasonably expect to memorize can be successfully attacked with straightforward algorithms running on computing devices in present scenario. Token devices such as smart cards can be used for storing keys in some existing cryptographic file systems; however, the deployment of smart cards is often prohibitively expensive, cumbersome, and error-prone. Security technology, such as trusted computing [TCG (2011)], can be used for providing multi-factor authentication in a CFS without incurring additional cost. 1.4 MAIN OBJECTIVES OF THE THESIS The main objectives of this thesis are to address the above mentioned issues in user-space and kernel-space cryptographic file systems designed at file system level and are mentioned below: Design and implementation of user-space CFS, extending CFS_Unix [Blaze (1993), Blaze (1997)] and EncFS [Ozen (2007), Gough (2011)] cryptographic file systems, with performance improvements and file sharing support. Design and implementation of secure protocol for CFS_Unix, using cryptographic methods such as mutual authentication and session establishment, which enables its secure use remotely. 5
6 Design and implementation of kernel-space CFS, based on ecryptfs [Halcrow (2005), Kirkland (2011)], with improved performance and inclusion of whole PKI support in the Linux kernel to exclude privileged user-space processes from domain of trust. Use of trusted computing technologies for key management in kernel-space CFS. 1.5 ORGANIZATION OF THESIS The above listed objectives were dealt successfully during this course of study and the respective outcomes achieved are included in the below mentioned chapters. The first chapter provides motivation for data security describing several recent security incidents; and need of CFS for the same. Then, a brief introduction of CFS and distributed CFS is given. Existing cryptographic file systems at various levels of abstraction in user-space and in kernel-space has been described briefly, along with their advantages and limitations. Then, the main objectives of research work are presented. The second chapter presents in-depth literature survey of the selected research area (i.e., CFS). Various design goals and design parameters that should be considered while designing a cryptographic file system are described. Then, existing cryptographic file systems at the block device level and at file system level in user-space and in kernel space are presented with their advantages and limitations. The popular cryptographic file systems described are Cryptoloop [Hoelzer (2004)] and DMCrypt [Fruhwirth (2005)] at block device level; CFS_Unix [Blaze (1993), Blaze (1997)] and EncFS [Ozen (2007), Gough (2011)] at file system level in user-space; ecryptfs [Halcrow (2005), Kirkland (2011)] and Secure Distributed Encrypting File System (TransCryptDFS) [Modi et al., (2010)] at file system level in kernel-space. A brief description of various ciphers and modes of operations used by existing cryptographic file systems has been provided along with a detailed description of XEX-based Tweaked codebook mode with ciphertext Stealing (XTS) [IEEE (2008), Dworkin (2009) ] that can be used by cryptographic file systems for better performance. Further, a brief review of trusted computing technologies and benefits of using them for key management in cryptographic file systems has been described. Finally, Summary of the properties of existing cryptographic file systems has been presented along with the problems identified for carrying out research work. 6
7 In chapter 3, extensions in the design and implementation of two existing user-space cryptographic file systems, CFS_Unix [Blaze (1993), Blaze (1997)] and EncFS [Ozen (2007), Gough (2011)], for performance gain and file sharing support, has been presented. In chapter 4, secure protocol design and implemention for Extended CFS_Unix [Rawat and Kumar (2012)] using cryptographic methods like mutual authentication and session establishment, which enables its secure use remotely has been described. Performance of Extended CFS_Unix has been improved by using NFS version 3 [Callaghan et. al. (1995)], instead of NFS version 2 [IETF (1989)] used in CFS_Unix. Performance comparison of remote access in extended CFS has been presented with other existing cryptographic file systems mounted over NFS. Chapter 5 presents a secure and efficient approach for designing and implementing an enterprise-class cryptographic file system for Linux (ECFS) [Rawat and Kumar (2012a)] in kernel-space based on ecryptfs [Halcrow (2005), Kirkland (2011)]. Chapter 6 explains the use of trusted computing [TCG (2011)] for key management in ECFS [Rawat and Kumar (2012a)] filesystem, which benefit from a higher level of security when using a hardware-based root of trust. Open source TrouSerS PKI API version [TrouSerS (2012)] and the TPM tools version [TPM tools (2012)] package have been used for implementation of proposed architecture. Finally, the possible future scope in the area of the work presented in thesis has been discussed in Chapter 7. 7
Chapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationTransCrypt: Design of a Secure and Transparent Encrypting File System
TransCrypt: Design of a Secure and Transparent Encrypting File System Satyam Sharma Department of Computer Science & Engineering Indian Institute of Technology Kanpur August 2006 TransCrypt: Design of
More informationFile System Encryption with Integrated User Management
File System Encryption with Integrated User Management Stefan Ludwig Corporate Technology Siemens AG, Munich fsfs@stefan-ludwig.de Prof. Dr. Winfried Kalfa Operating Systems Group Chemnitz University of
More informationSecureD Technical Overview
WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD
More informationLaptop Encryption. Tom Throwe. 1 August 2007. RHIC and ATLAS Computing Facility. (Brookhaven National Laboratory) Laptop Encryption 8/1/07 1 / 17
Laptop Encryption Tom Throwe RHIC and ATLAS Computing Facility 1 August 2007 (Brookhaven National Laboratory) Laptop Encryption 8/1/07 1 / 17 Outline 1 Introduction Requirements Realities 2 Software 3
More informationAkshay Kumar Jain Department of CSE, Jaypee Institute of Engg. & Technology Guna (M.P.), India
(IJCSIS) International Journal of Computer Science and Information Security, Efficient methodology for implementation of Encrypted File System in User Space Dr. Shishir Kumar Department of CSE, Jaypee
More informationEncrypted File Systems. Don Porter CSE 506
Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationGoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey
GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With
More informationHigh Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models
A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit
More informationSecure Storage. Lost Laptops
Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include
More informationCifrarFS Encrypted File System Using FUSE
CifrarFS Encrypted File System Using FUSE Anagha Kulkarni Department of Computer Engineering and Information Technology, College of Engineering, Pune, 411005, India Vandana Inamdar Department of Computer
More informationSecurity in Storage and File Systems. Rajeev Thakur Argonne National Laboratory
Security in Storage and File Systems Rajeev Thakur Argonne National Laboratory Nice Survey Papers Securing Data in Storage: A Review of Current Research Paul Stanton, UIUC http://arxiv.org/ftp/cs/papers/0409/0409034.pdf
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationDept. of Comp. Sc. & Engg., Shri Jagdishprasad Jhabarmal Tibrewala University (JJTU) Chudella, Jhunjhunu, Rajasthan, INDIA
A Windows Based Java File Security System (JFSS) 1 Brijender Kahanwal, 2 Tejinder Pal Singh, 3 Dr. R. K. Tuteja 1 Dept. of Comp. Sc. & Engg., Shri Jagdishprasad Jhabarmal Tibrewala University (JJTU) Chudella,
More informationYOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.
YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege. Defend it with Encryption. 1.0 Keeping up with the
More informationSecuring Data at Rest ViSolve IT Security Team
Securing Data at Rest ViSolve IT Security Team 1 Table of Contents 1 Introduction... 3 2 Why Data at Rest needs to be secure?... 4 3 Securing Data... 4 3.1 Encryption - Access Control Approach... 5 3.1.1
More informationA Secure Authenticate Framework for Cloud Computing Environment
A Secure Authenticate Framework for Cloud Computing Environment Nitin Nagar 1, Pradeep k. Jatav 2 Abstract Cloud computing has an important aspect for the companies to build and deploy their infrastructure
More informationPerformance Evaluation of Java File Security System (JFSS)
Available online at www.pelagiaresearchlibrary.com Advances in Applied Science Research, 2011, 2 (6):254-260 ISSN: 0976-8610 CODEN (USA): AASRFC Performance Evaluation of Java File Security System (JFSS)
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationDid security go out the door with your mobile workforce? Help protect your data and brand, and maintain compliance from the outside
Help protect your data and brand, and maintain compliance from the outside September 2006 Copyright 2006 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States
More informationMitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security
Mitigating Server Breaches with Secure Computation Yehuda Lindell Bar-Ilan University and Dyadic Security The Problem Network and server breaches have become ubiquitous Financially-motivated and state-sponsored
More informationRecipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationRSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief
RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information
More informationDisk encryption... (not only) in Linux. Milan Brož mbroz@redhat.com
Disk encryption... (not only) in Linux Milan Brož mbroz@redhat.com FDE - Full Disk Encryption FDE (Full Disk Encryption) whole disk FVE (Full Volume Encryption) just some volumes (dis)advantages? + for
More informationIDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience
IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse
More informationModule 1: Introduction to Designing Security
Module 1: Introduction to Designing Security Table of Contents Module Overview 1-1 Lesson 1: Overview of Designing Security for Microsoft Networks 1-2 Lesson 2: Introducing Contoso Pharmaceuticals: A Case
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationGlobal security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise
Global security intelligence YoUR DAtA UnDeR siege: DeFenD it with encryption #enterprisesec kaspersky.com/enterprise Contents Your Data Under Siege: Defend it with Encryption 3 Steps Taken to Minimise
More informationFile Systems Security Encryption File Systems
ISE331: Fundamentals of Computer Security Spring 2015 Radu Sion File Systems Security Encryption File Systems 2005-15 Thanks to G. Suryanarayana and K. Thangavelu Fair-use educational use of several online
More informationSECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD
SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD www.wipro.com Table of Contents Executive Summary 03 Introduction 03 Challanges 04 Solution 05 Three Layered Approach to secure BYOD 06 Conclusion
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationSecurity of information systems secure file transfer
Security of information systems secure file transfer Who? Mateusz Grotek, 186816 Paweł Tarasiuk, 186875 When? October 30, 2012 Introduction SSH Different solutions Summary Questions Table of contents Problem
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationDesigning a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology
Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology FREDRIK ANDERSSON Department of Computer Science and Engineering CHALMERS UNIVERSITY
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationSGFS: Secure, Flexible, and Policy-based Global File Sharing
SGFS: Secure, Flexible, and Policy-based Global File Sharing Vishal Kher Eric Seppanen Cory Leach Yongdae Kim {vkher,seppanen,leach,kyd}@cs.umn.edu University of Minnesota Motivation for Network attached
More informationTELE 301 Network Management. Lecture 18: Network Security
TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not
More informationEmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions
EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationKey & Data Storage on Mobile Devices
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationCS 161 Computer Security Spring 2010 Paxson/Wagner MT2
CS 161 Computer Security Spring 2010 Paxson/Wagner MT2 PRINT your name:, (last) SIGN your name: (first) PRINT your class account login: cs161- Your T s name: Your section time: Name of the person sitting
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationTransCrypt File Server Enhancements for Secure Remote Access
TransCrypt File Server Enhancements for Secure Remote Access Salih K A Department of Computer Science & Engineering Indian Institute of Technology Kanpur July 2009 TransCrypt File Server Enhancements for
More informationA Comparative Study of Security Features in FreeBSD and OpenBSD
Department of Computer Science Magnus Persson A Comparative Study of Security Features in FreeBSD and OpenBSD Master s Thesis 2006:02 A Comparative Study of Security Features in FreeBSD and OpenBSD Magnus
More informationAegis Padlock for business
Aegis Padlock for business Problem: Securing private information is critical for individuals and mandatory for business. Mobile users need to protect their personal information from identity theft. Businesses
More informationDon't Be The Next Data Loss Story
Don't Be The Next Data Loss Story Data Breaches Don t Discriminate DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor Royal London Mutual Insurance Society
More informationBest Practices for Network Security. Name. University/College. Unit Name. Unit Code. Lecturer
1 Best Practices for Network Security Name University/College Unit Name Unit Code Lecturer 27 March 2014 2 Outline Introduction...3 Developing Network Security Best Practices...5 I. The Pillars of network
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationSafeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST
Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationKaspersky Lab s Full Disk Encryption Technology
Kaspersky Lab s Full Disk Encryption Technology In the US alone, an estimated 12,000 laptops are lost or stolen each week. According to the Ponemon Institute, a laptop is stolen every 53 seconds; more
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationOpen Source Encrypted Filesystems for Free Unix Systems
Open Source Encrypted Filesystems for Free Unix Systems George Kargiotakis kargig@noc.uoi.gr Introduction Users seek ways to secure their data with maximum comfort and minimum requirements. No application
More informationProtecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer
Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer The Data Breach Epidemic Continues.. 1 Data Encryption Choices for Businesses................... 2 The Hardware
More informationBitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
More informationSecure data storage. André Zúquete Security 1
Secure data storage André Zúquete Security 1 Problems (1/3) ( The classical file system protection is limited Physical protection assumptions Physical confinement of storage devices Logical protection
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationEMC DATA DOMAIN ENCRYPTION A Detailed Review
White Paper EMC DATA DOMAIN ENCRYPTION A Detailed Review Abstract The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers to
More informationPublic Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage
Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage P. Selvigrija, Assistant Professor, Department of Computer Science & Engineering, Christ College
More informationExcerpt of Cyber Security Policy/Standard S05-001. Information Security Standards
Excerpt of Cyber Security Policy/Standard S05-001 Information Security Standards Issue Date: April 4, 2005 Publication Date: April 4, 2005 Revision Date: March 30, 2007 William F. Pelgrin Director New
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationHost/Platform Security. Module 11
Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationNetwork Security - ISA 656 Email Security
Network Security - ISA 656 Angelos Stavrou November 13, 2007 The Usual Questions The Usual Questions Assets What are we trying to protect? Against whom? 2 / 33 Assets The Usual Questions Assets Confidentiality
More informationExam Papers Encryption Project PGP Universal Server Trial Progress Report
Exam Papers Encryption Project PGP Universal Server Trial Progress Report Introduction Using encryption for secure file storage and transfer presents a number of challenges. While the use of strong, well
More informationUsing BitLocker As Part Of A Customer Data Protection Program: Part 1
Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients
More informationOur Key Security Features Are:
September 2014 Version v1.8" Thank you for your interest in PasswordBox. On the following pages, you ll find a technical overview of the comprehensive security measures PasswordBox uses to protect your
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationHow To Protect Your Data From Theft
Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness
More informationData Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin. www.itmr.ac.in
01 0110 0001 01101 WHITE PAPER ON Data Encryption Prepared by Mohammed Samiuddin www.itmr.ac.in Contents INTRODUCTION... 2 NEED FOR DATA ENCRYPTION... 3 DUE CARE... 3 REPUTATIONAL RISK... 3 REGULATORY
More informationSecuring Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology
20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business
More informationInformation Rights Management Solution: Securing Information Exchange in Outsourcing Arrangements
Information Rights Management Solution: Securing Information Exchange in Outsourcing Arrangements Universal Banking Solution System Integration Consulting Business Process Outsourcing The data leakage
More informationLongmai Mobile PKI Solution
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationPCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards
PCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards Table of Contents PCI Security Compliance in KANA Solutions...1 The Importance of Protecting
More informationMidterm 2 exam solutions. Please do not read or discuss these solutions in the exam room while others are still taking the exam.
CS 161 Computer Security Spring 2010 Paxson/Wagner MT2 Solns Midterm 2 exam solutions Please do not read or discuss these solutions in the exam room while others are still taking the exam. CS 161, Spring
More informationENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT
ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT IS THIS ebook RIGHT FOR ME? Not sure if this is the right ebook for you? Check the following qualifications to make
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More information7 VITAL FACTS ABOUT HEALTHCARE BREACHES. www.eset.com
7 VITAL FACTS ABOUT HEALTHCARE BREACHES www.eset.com 7 vital facts about healthcare breaches Essential information for protecting your business and your patients Large breaches of Personal Health Information
More informationOpinion and recommendations on challenges raised by biometric developments
Opinion and recommendations on challenges raised by biometric developments Position paper for the Science and Technology Committee (House of Commons) Participation to the inquiry on Current and future
More informationNeoscope www.neoscopeit.com 888.810.9077
Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationGuidelines on use of encryption to protect person identifiable and sensitive information
Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted
More informationHard vs. Soft Tokens Making the Right Choice for Security
Hard vs. Soft Tokens Making the Right Choice for Security HSTE-NB0012-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationEnsuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services
Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and
More information