Why Password- Enabled PKI
|
|
- Jordan Stephens
- 8 years ago
- Views:
Transcription
1 Password Enabled Public-Key Infrastructure (PKI): Virtual Smartcards vs. Virtual Soft Tokens Ravi Sandhu Chief Scientist SingleSignOn.Net & Professor, George Mason University Mihir Bellare Chief Cryptographer SingleSignOn.Net & Professor, Univ. of California--San Diego Ravi Ganesan Chief Executive Officer SingleSignOn.Net Sunset Hills Rd., Reston, V Why Password- Enabled PKI Smartcards have not happened It s the smartcard readers stupid! Roaming capability is critical Even DoD is stretched in large-scale deployment Trends are not in favor of smartcards Deployment scale of 10 s or even 100 s of millions of users Computing devices are proliferating Large installed base of reader-less computers Smartcards are likely to remain a highassurance niche application 2 1
2 Solve PKI Gap and Silo Problem Result Phased migration path No quantum jump PKI integral, not silo d PKI with Password Convenience Strong PKI Systems Password Usability PKI Hardened Passwords PKI Capability Weak Password Systems No change for users No change for issuer Eliminate weaknesses 3 Common Misperception Fact: Password based systems are often vulnerable to attacks Myth: Passwords are inherently insecure. Fact: It is completely possible to design a sufficiently secure password system. Designing sufficiently secure password-based systems is non-trivial but it is possible. 4 2
3 nother Common Misperception Fact: Users hate current password systems that require too many passwords and force too many changes Myth: Users inherently hate passwords. Fact: It is completely possible to design a user friendly password system with PKIenabled Single Sign On. Designing user-friendly and sufficiently secure password-enabled PKI systems is non-trivial but it is possible. 5 Password Vulnerabilities and Counter-Measures Bad password selection enforce complexity rules On-line guessing attack throttling mechanism Off-line guessing (dictionary attacks) don t reveal required information (we know how to design such protocols) Undetected theft and sharing online intrusion detection to discover deter sharing, e.g., sharing reveals sensitive user information Use of same password at strong and weak servers user awareness and education Password reuse don t force unnecessary password changes Server spoofing use secure protocols to prove knowledge of password w/o sending it limit password exposure to trusted servers Server compromise use hardened servers or multiple servers 6 3
4 Instant roaming capability Proven user acceptance Password Benefits 100 s of millions of passwords usages per day in cyberspace Cheap Self-maintained Password resets Password change 7 How to distribute public-keys Digital Certificates Certificate Revocation Lists Traditional Public-Key Infrastructure (PKI) How to distribute private-keys (long-term) Smartcards The private key never leaves the smartcard Often called a hard token How to distribute private-keys (short-term) Password protected on the hard disk Not very mobile Password protected on a floppy disk Often called a soft token 8 4
5 Modern Public-Key Infrastructure (PKI) How to distribute public-keys Digital Certificates Certificate Revocation Lists On-line servers for certificate validation How to distribute private-keys (long-term) Smartcards The private key never leaves the smartcard Often called a hard token How to distribute private-keys (short-term) Password protected on the hard disk Not very mobile Password protected on a floppy disk Often called a soft token On-line servers for password-enabled mobility 9 pproaches How to marry PKI and Passwords? pproach 1: Virtual Soft Token Use password to encrypt private key and store it on remote server(s). Need password to RETREIVE private key. pproach 2: Virtual Smartcard The password is part of the composite private key. Need password to USE private key. 10 5
6 Trivial Insecure Virtual Soft Token Private key encrypted with user s password is stored on an on-line server E pwd (private-key) nyone is allowed to retrieve the encrypted private key Only the user can decrypt it using the password Unacceptable risk due to dictionary attack 11 E pwd (private-key) Cryptographic Camouflage, Hoover and Kausik Dictionary attack Knowledge of public key allows attacker to obtain known plaintext So prohibit knowledge of public key resulting in closed public-key system 12 6
7 EKE Roaming, Bellovin-Merritt et al Store E pwd (private-key) on server Transmit E K (E pwd (private-key)) where K is a strong symmetric key K is established using passwordbased authenticated key exchange protocol (such as EKE or SPEKE) Immune to off-line dictionary attack 13 Hardened Password Roaming, Kaliski-Ford User s hardened password is retrieved at any computer from two on-line servers Compromise of both servers is required to compromise hardened password Successful retrieval of hardened password requires knowledge of user s password User s private key is retrieved by means of hardened password Once retrieved the user s private key can be freely used on this computer 14 7
8 lice knows Password, P a Security Servers 1 & 2 Step 1: lice sends P a Step 3 : Get H1 Step 5 : sk for Credentials Step 2: Client Computer starts process Step 8: Use H to decrypt private key D Step 4 : Get H2 Client Computer Step 7: Return Cert and H (D) Step 9: Finally get around to logon or sign operation! Credential Servers 1 & 2 Long term private key is locked with hardened password H. Need duplicate credentials server for redundancy. Step 6: Check if Cert is revoked Revocation Servers 1 & 2 Security server with partial knowledge of H (H1). Need duplicate server for redundancy. Security Servers 3 & 4 OCSP server to check for revocation Security server with remaining knowledge of H (H2). Need duplicate server for redundancy. 15 pproaches How to marry PKI and Passwords? pproach 1: Virtual Soft Token Use password to encrypt private key and store it on remote server(s). Need password to RETREIVE private key. pproach 2: Virtual Smartcard The password is part of the composite private key. Need password to USE private key. 16 8
9 Trivial Insecure Virtual Smart Card Keep the private key on an on-line server Use the password as authentication to enable use of the private key on the server Lose non-repudiation 17 We want: 1. ppliance takes ID: Castle Corp FN: Castle LN: CCorp C. C nd creates 2. lice takes 3. But (presto!) nd creates 18 9
10 Password Secure Identity ppliance C ID: Castle Corp FN: Castle C LN: Corp. C. The Practical PKI TM pproach lice has password P which ONLY she knows. Password P expands to key d1 on computer. Secure Identity ppliance has key d2 for lice which ONLY it knows. s before, lice has public cert, with public key e, C signed by a C. Process 1. lice authenticates to appliance, sets up secure channel and sends M. 2. ppliance performs partial signature on M with its key for lice d2. 3. lice completes signature with her key d1. 19 Comparison Traditional PKI Keys: a) lice Public = e b) lice Private = d c) lice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Practical PKI TM Keys: a) lice Public = e b) lice PKCS5(password, salt, iteration count) = d1 c) lice Cert = C d) lice appliance key = d2 Signing: a) lice logs on to appliance using d1 and creates secure channel a) Spartial = Sign(M,d2) b) S = Sign(Spartial,d1) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Bob: Gets e from C Does Verify(S,e) = M? 20 10
11 Traditional PKI Keys: a) lice Public = e b) lice Private = d c) lice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Difference #2: lice has to interact with appliance to sign. Difference #1: lice has short convenient password Comparison Practical PKI TM Keys: a) lice Public = e b) lice PKCS5(password, salt, iteration count) = d1 c) lice Cert = C d) lice appliance key = d2 Signing: a) lice logs on to appliance using d1 and creates secure channel a) Spartial = Sign(M,d2) b) S = Sign(Spartial,d1) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Bob: Gets e from C Does Verify(S,e) = M? 21 Comparison Traditional PKI Keys: a) lice Public = e b) lice Private = d c) lice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Practical PKI TM Keys: a) lice Public = e b) lice PKCS5(password, salt, iteration count) = d1 c) lice Cert = C d) lice appliance key = d2 Signing: a) lice logs on to appliance using d1 and creates secure channel a) Spartial = Sign(M,d2) b) S = Sign(Spartial,d1) Send [S, C] to Bob NOTHING ELSE CHNGES!!!! Bob: Gets e from C Does Verify(S,e) = M? Bob: Gets e from C Does Verify(S,e) = M? 22 11
12 ID: lice FN: lice.. ID: lice FN: lice.. C C Strong Fraud Management Velocity Checking Easy to report ID CNNOT BE USED NY FURTHER! INSTNT, COMPLETE, REVOCTION LN: Smith alice@cc.com ID stolen Theft detected Theft reported C revokes ID Recipient (we hope) stops accepting ID 23 Every signature requires appliance interaction. So appliance logs can be used for velocity checking. Consumer or CSR can use password to revoke instantly! Strong Fraud Management Every signature requires appliance interaction. Once revoked key cannot be used further! Instant, complete revocation! Velocity Checking Easy to report ID CNNOT BE USED NY FURTHER! INSTNT, COMPLETE, REVOCTION LN: Smith alice@cc.com ID stolen Theft detected Theft reported C revokes ID Recipient (we hope) stops accepting ID 24 12
13 SingleSignOn.Net Practical PKI TM solution Ease of use: password based Quick to deploy Simple to manage with least privilege Velocity checking and instant revocation Reusable for multiple applications Web, Wireless, VPN, , etc. Use existing standards and widely deployed technologies 25 Summary Password enabled solutions are poised to jump start the stalled PKI car. Major vendors jumping into password enabled solutions using on-line servers is a good sign. Many servers are not all good, and have quality/security downside. Making password a part of the composite private key (virtual smartcards) provides substantial advantages over using password to retrieve private key (virtual soft tokens)
Password-Enabled PKI: Virtual Smartcards versus Virtual Soft Tokens
Password-Enabled PKI: Virtual Smartcards versus Virtual Soft Tokens Ravi Sandhu SingleSignOn.Net Inc., and George Mason University rsandhu@singlesignon.net Mihir Bellare SingleSignOn.Net Inc., and University
More informationSecurity Characteristics of Cryptographic Mobility Solutions
Security Characteristics of Cryptographic Mobility Solutions Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 sarbari@electrosoft-inc.com http://www.electrosoft-inc.com Agenda What is a Cryptographic
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationServer-Assisted Generation of a Strong Secret from a Password
Server-Assisted Generation of a Strong Secret from a Password Warwick Ford, VeriSign, Inc. (Joint research with Burt Kaliski, RSA Laboratories) Requirement! User who roams between client terminals needs
More informationArcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer
Arcot Systems, Inc. Securing Digital Identities FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer Today s Agenda Background Who is Arcot Systems? What is an ArcotID? Why use
More informationThat Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
More informationPASSWORD MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
PASSWORD MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationAlternative: Strong password Protocols
Using Passwords send pwd, compare against h(pwd) send h(pwd), compare against h(pwd) send h(pwd), compare against h(h(pwd)) use h(pwd) as secret in challenge/response, server stores h(pwd). Why not h(h(pwd))?
More informationFederated Identity and Single-Sign On
CS 6393 Lecture 5 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013 ravi.sandhu@utsa.edu www.profsandhu.com Ravi Sandhu 1 The Web Today User
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationWhite Paper. The Security Advantages of Hardware Tokens over Software Tokens for PKI Applications
White Paper The Security Advantages of Hardware Tokens over Software Tokens for PKI Applications A l a d d i n. c o m / e T o k e n Table of Contents Abstract...3 Background...4 Soft Tokens and Their Vulnerabilities...5
More informationUse of tablet devices in NHS environments: Good Practice Guideline
Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationWHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)
WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationChapter 16: Authentication in Distributed System
Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informatione-governance Password Management Guidelines Draft 0.1
e-governance Password Management Guidelines Draft 0.1 DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S.
More informationSECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014
SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationSharpen your document and data security HP Security solutions for imaging and printing
Sharpen your document and data security HP Security solutions for imaging and printing Recognize hidden risks You know how valuable data is to your organization. But the more data you acquire and share,
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More information1. Lifecycle of a certificate
1 1. Lifecycle of a certificate 1. Client generates Signing Request (CSR) in his secure computer or server where application will be used. Now client has two s a CSR (usually with CSR extension but it
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationAuthentication Protocols Using Hoover-Kausik s Software Token *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science
More informationAuthentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques
Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)
More informationSecure Login Issues & Solutions
Secure Login Issues & Solutions Steve Parkinson Principal Engineer, Red Hat Certificate System Agenda Login problems and corporate security Solutions LDAP solutions with Red Hat Directory Server PKI solutions
More informationLongmai Mobile PKI Solution
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
More informationServer Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access
More informationWHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords
WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline
More informationTwo-Factor Authentication
Chen Arbel Vice President, Strategic Development Authentication Unit & Software DRM Aladdin Knowledge Systems Two-Factor Authentication The key to compliance for secure online banking Legal Notice Copyright
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationFundamentals of Network Security - Theory and Practice-
Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More information7 Key Management and PKIs
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.
More informationMobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager
Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime
More informationADVANCE AUTHENTICATION TECHNIQUES
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationBuilding an Anonymous Public Storage Utility Wesley Leggette Cleversafe
Building an Anonymous Public Storage Utility Wesley Leggette Cleversafe Utility Storage r Many different target audiences r Business r Content distribution r Off-site backup r Archival r Consumer r Content
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationSecurity Considerations for DirectAccess Deployments. Whitepaper
Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift
More informationAlliance AES Key Management
Alliance AES Key Management Solution Brief www.patownsend.com Patrick Townsend Security Solutions Criteria for selecting a key management solution for the System i Key Management is as important to your
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationPROTECTING SYSTEMS AND DATA PASSWORD ADVICE
PROTECTING SYSTEMS AND DATA PASSWORD ADVICE DECEMBER 2012 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does not constitute
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationMiami University. Payment Card Data Security Policy
Miami University Payment Card Data Security Policy IT Policy IT Standard IT Guideline IT Procedure IT Informative Issued by: IT Services SCOPE: This policy covers all units within Miami University that
More informationImplementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.
Implementing two-factor authentication: Google s experiences Cem Paya (cemp@google.com) Information Security Team Google Inc. Google services and personalization Identity management at Google 1. Internal
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is
More informationDeploying Smart Cards in Your Enterprise
www.css-security.com 425.216.0720 WHITE PAPER The merging of physical access technology with public key-enabled smart card technology has been an emerging trend that has occurred in the security industry
More informationBIG DATA: CRYPTOGRAPHICALLY ENFORCED ACCESS CONTROL AND SECURE COMMUNICATION
BIG DATA: CRYPTOGRAPHICALLY ENFORCED ACCESS CONTROL AND SECURE COMMUNICATION 1 AKASH GUPTA, 2 ALOK SHUKLA, 3 S. VENKATESAN 1,2,3 Indian Institute of Information Technology, Allahabad Abstract The evolution
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationBlackShield Authentication Service
BlackShield Authentication Service Guide for Users of CRYPTOCard MP-1 Software Tokens on Smart Phones Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright Copyright 2011.
More informationSecurity + Certification (ITSY 1076) Syllabus
Security + Certification (ITSY 1076) Syllabus Course: ITSY 1076 Security+ 40 hours Course Description: This course is targeted toward an Information Technology (IT) professional who has networking and
More informationSecuring the Connection with Remote Users Leveraging Strong Authentication and VPNs to Secure Access to the Enterprise
Securing the Connection with Remote Users Leveraging Strong Authentication and VPNs to Secure Access to the Enterprise Organizations today are feeling increased pressure to lower the costs of doing business.
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationCredit Card Security
Credit Card Security Created 16 Apr 2014 Revised 16 Apr 2014 Reviewed 16 Apr 2014 Purpose This policy is intended to ensure customer personal information, particularly credit card information and primary
More informationLecture VII : Public Key Infrastructure (PKI)
Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public
More informationDigital Signatures on iqmis User Access Request Form
Digital Signatures on iqmis User Access Request Form When a user clicks in the User Signature block on the iqmis Access Form, the following window appears: Click Save a Copy and rename it with your name,
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationWhite Paper: Multi-Factor Authentication Platform
White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all
More informationSecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates
SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates As enterprises move their applications to the Web and mobile platforms, providing strong security
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationFrequently Asked Questions (FAQs) SIPRNet Hardware Token
Air Force Public Key Infrastructure System Program Office (ESC/HNCDP) Phone: 210-925-2562 / DSN: 945-2562 Web: https://afpki.lackland.af.mil Frequently Asked Questions (FAQs) SIPRNet Hardware Token Updated:
More informationSecuring Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption
THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has
More information2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.
Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout
More informationAuthentication Tokens
State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Authentication Tokens No: NYS-S14-006 Updated: 05/15/2015 Issued By: NYS ITS
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationADM:49 DPS POLICY MANUAL Page 1 of 5
DEPARTMENT OF PUBLIC SAFETY POLICIES & PROCEDURES SUBJECT: IT OPERATIONS MANAGEMENT POLICY NUMBER EFFECTIVE DATE: 09/09/2008 ADM: 49 REVISION NO: ORIGINAL ORIGINAL ISSUED ON: 09/09/2008 1.0 PURPOSE The
More informationNORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY FACULTY OF INFORMATION TECHNOLOGY, MATHEMATICS AND ELECTRICAL ENGINEERING MASTER S THESIS
NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY FACULTY OF INFORMATION TECHNOLOGY, MATHEMATICS AND ELECTRICAL ENGINEERING Student s name: Area: Title: Description: MASTER S THESIS Martin Eian - eian@stud.ntnu.no
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationCybersecurity and Secure Authentication with SAP Single Sign-On
Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle
More informationVPN Solutions FAQ www.aladdin.com/contact North America International Germany Benelux France Spain Israel Asia Pacific Japan
A l a d d i n. c o m / e T o k e n VPN Solutions FAQ VPN authentication is a critical link in the chain of trust for remote access to your organization. Compromising that trust can expose your private
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationPublic Key Infrastructure (PKI)
One of the most sought-after benefits from any Public Key Infrastructure (PKI) solution is non-repudiation 1. Passfaces TM support PKI in meeting this expectation. During any authenticated transaction,
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationChapter 10. Cloud Security Mechanisms
Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based
More informationOn the Limits of Anonymous Password Authentication
On the Limits of Anonymous Password Authentication Yan-Jiang Yang a Jian Weng b Feng Bao a a Institute for Infocomm Research, Singapore, Email: {yyang,baofeng}@i2r.a-star.edu.sg. b School of Computer Science,
More informationCSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure
CSE543 - Introduction to Computer and Network Security Module: Public Key Infrastructure Professor Trent Jaeger 1 Meeting Someone New Anywhere in the Internet 2 What is a certificate? A certificate makes
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More information