A Decentralized Method for Data Replication Among Computing Nodes in a Network
|
|
- Anabel Smith
- 8 years ago
- Views:
Transcription
1 A Decentralized Method for Data Replication Among Computing Nodes in a Network Lars K. Holte January 25, 2015 Abstract A method is presented whereby computing nodes can send data to their peers on a network for the purpose of replication ( backup ). The total number of copies of a given piece of information on the network can be verified by any of the nodes and adjusted by the information s owner. Data can be encrypted using a symmetric key system which prevents nodes from interpreting information they do not own. 1 Introdution No hardware is 100% reliable. This includes hardware designed for persistent storage of information (e.g., computer hard drives). Methods must therefore exist by which important data can be replicated among multiple storage devices. This sort of replication reduces the possibility of permanent data loss to the possibility of simultaneous failure of all devices on which the data is replicated. As long as the devices are not in the same physical location, this chance is fairly small. A fairly common way to implement data replication on a network is to have a single node (a backup server ) which duplicates important information from all the other nodes. This method has three notable limitations: 1. The client nodes must trust that the backup server actually stores the information sent to it, and that the backup server never modifies the information before sending it back. 2. The backup server most often resides in a single location, and the information it stores is therefore susceptible to catastrophic failure from hazards such as fire and water damage. 1
2 3. There are at most two copies of any given piece of information: one on the client node and one on the backup server. The probabilistic benefits of replication do not stop there, however: simultaneous failure of three or four storage devices is far less probable. The decentralized, trustless protocol for data replication detailed herein exhibits none of these characteristics. 2 Definition of Terms These terms clarify the terminology used later and also serve to set up an example case. 2.1 Network Suppose the network consists of N computing nodes. Each node is individually addressable by any other node on the network. There need not be broadcast or multicast addresses. It is assumed that failures resulting in loss of stored data on each node are probabilistically independent. 2.2 Node Each node has storage space, network connectivity, and computing power. The storage space on the node can be understood to contain four different types of data: 1. The master copies of important pieces of information which were originally created on this node and must be replicated on other nodes of the network. 2. Important information from other nodes on the network. 3. Unused space. 4. Buffer space so that the filesystem does not reach 100% capacity in a worst-case scenario. Each node has a public and private key, possibly separate from the public and private key the node may use to communicate securely over the network. 2
3 2.3 Replication Group A replication group (r-group) is a set of nodes within the network which have agreed to share the burden of replicating a certain set of data. Each node may belong to zero or more replication groups. Each replication group has a characteristic replication ratio, r, a positive integer greater than or equal to 1, which defines how many copies of each piece of information should exist among all the nodes of the group at any given time. Each replication group is identified by a UUID. Some groups might be open, meaning that any node can join simply by asking. Some groups might be closed, meaning that a password is required to join. Closed groups could also have dedicated sentry node(s), maintained by an administrator, which could be configured only to allow certain nodes (identified by their public keys) to enter. 2.4 Fragment A fragment is a piece of information which needs replication. Each fragment is owned by the node at which it originated. Each fragment is identified by its owner s public key and a 64-bit sequence number assigned to it by the owner. For all practical purposes, it may be assumed that the first 64 hexadecimal digits of the public keys of all nodes on the network are distinct. When storing a fragment for another node, therefore, the information may be identified by the 64 hexadecimal digits and the 64-bit number. This allows nodes within an r-group to easily store fragments from other nodes in a two-level directory structure. All information which needs to be replicated must be divided into fragments. For instance, if a node wishes to push an entire file out to an r-group, it must divide that file up into fragments. Only the owner maintains the knowledge of how fragment numbers are assigned, and which ones must come together to reconstruct any given piece of information. Fragments may have any size in bytes from 1 byte to 64KiB (this allows the size of each fragment to be stored as a 16-bit unsigned integer). 3 Processes 3.1 Joining an R-Group Suppose a node wants to join a specific replication group, and has the UUID for that group. It will contact one of the nodes on this group (knowing the address of at least one node in the group is a prerequisite) and ask 3
4 to join. What happens next depends on the group type. For an open group, the queried node will return a list of all the other nodes in the group. The interested node should then transmit a message to each of the nodes in the list indicating that it has joined the replication group. It is not necessary that the list be complete. For a closed group, the sentry node may prompt for a password, as discussed. Joining a group may also require human intervention, in the form of completing a Captcha, for instance. 3.2 Submitting Information for Replication Suppose important information is created on a node. A file, for instance. This node (the owner ) must divide the information into fragments, and submit each of these fragments to the other nodes in a replication group. Any reversible algorithm may be used to divide the file into fragments. Before each fragment is submitted, it is encrypted using a reversible, cryptographically secure cipher such as AES256. The cipher key is based on the node s private key. In this way the peer nodes cannot interpret the data. Each peer may accept or refuse the fragment. It may do this, for instance, based on the amount of space it has remaining. The client node continues until at least r nodes have accepted each fragment. A few minutes later, the client polls the accepting nodes to see how many can still provide the fragment. If any are unable, the client again searches the r-group for acceptors until the number of replications is r. The client node periodically performs this check. How frequently this periodic checking occurs depends on the level of trust in the network. 3.3 Determining Whether a Peer Has a Fragment In a trusted r-group, a simple query/response would be sufficient. If the node is not trusted, the original fragment must be returned verbatim. A checksum would be sufficient to prove that the peer has actually stored the data, but this opens up an attack avenue: an untrusted peer may refuse to return the actual data, returning only checksums. 3.4 Deleting a Fragment Suppose an important piece of information is deleted from the node on which it originated. The owning node must communicate to its peers that it is no longer necessary to replicate the fragments associated with that information. To do this, it sends out signed deletion messages to each node which it has recorded as storing each fragment. The nodes delete these fragments upon 4
5 receiving the message. Should a node lose its private key, it will be unable to sign deletion messages, and that information will remain resident in the replication group. No node will be able to interpret it, because the owner has lost its key. Over time, if a node needs space, it may offload some of the least-requested fragments from other nodes. In this way the information from an inactive node eventually exits the r-group. 4 Attacks The network has mechanisms for preventing untrustworthy nodes from interpreting data they do not own, from using too much disk space in an r-group, and from deleting information from the network. 4.1 Unauthorized Deletion Problem: A rogue node sends out messages indicating that a fragment it does not own is to be deleted, in an attempt to erase that information from the network. Solution: Deletion messages must be signed by the private key of the owner. It is only possible to delete another node s fragments if the private key of the owner is compromised. Additionally, without detailed knowledge of a node s state, it will be impossible for an attacker to tell which fragment numbers it has used, which are unused, and which (other) nodes in a given r-group hold copies of those fragments. Total deletion, even with a compromised key, would require a brute-force attack in two spaces: fragment address space (2 64 ) and r-group space (the number of nodes in the r-group). 4.2 Unauthorized Access Problem: A rogue node attempts to obtain fragments owned by another node. Solution: The owner s signature is required on any message querying the status of a fragment or resulting in the transmission of the fragment. 4.3 Unauthorized Interpretation Problem: A rogue node attempts to interpret information which it stores but does not own. 5
6 Solution: Each fragment passes through a cryptographically secure cipher before reaching other nodes on the network, so it is practically infeasible to recover the information without the cipher key. 4.4 Data Spamming Problem: A rogue node generates many junk fragments in an attempt to use up disk space in an r-group. Solution: It is important to note that this is identical to the situation in which a trustworthy node produces reams of useful information: the only difference is in the interpretation of the data. The best approach is to limit the amount of information any given node in an r-group will store for any single network address or public key identifier. This limits the total amount of information that any node can store on the network. Within a private ( closed ) r-group, such limits could be adjusted for certain nodes. 4.5 Creation of False Nodes Problem: A rogue node creates many asymmetric key pairs (node identifiers) and acts on behalf of many nodes, attempting to bypass the storage limit allocated for each node in an r-group. Solution: As mentioned above, storage limits are based on a matching network address or public key identifier. The storage limit cannot be bypassed, therefore, unless the node is also able to change its address. 4.6 Creation of False Nodes at Multiple Addresses Problem: A rogue node creates an asymmetric key pair (node identifier), joins an r-group, and then spams it until most fragments are refused by its peers, indicating that it has met its storage limit. The node then changes its address (for instance, through DHCP), generates a new asymmetric key pair, and repeats the process. Solution: There is no generally-applicable solution. There are three things to note: 1. Dynamically changing your address may not be possible on a public network. 2. In most cases, creation of a node will imply human intervention. It would not be unreasonable, therefore, to require a node to complete 6
7 a Captcha or some other such task best performed by a human before allowing it entrance to an r-group. This would make the attack considerably less convenient. 3. Unused fragments will be offloaded first, meaning that a lot of network activity will be required for the rogue node to maintain a large share of the total disk space if the other nodes are requesting smaller amounts and total disk space is scarce. 5 Conclusion This document has outlined in broad strokes a protocol by which computing nodes on a network can share storage space for the purpose of replicating information. The nodes do not have to trust each other, and important information can be replicated more than twice. Fairly few specifics have been given about the implementation of this protocol, but I hope that the description has been clear enough to convince the reader its implementation would not be impossible. 7
Sync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationSecuring your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.
Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate A STEP-BY-STEP GUIDE to test, install and use a thawte Digital Certificate on your MS IIS Web
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationDashlane Security Whitepaper
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationHP ProtectTools Embedded Security Guide
HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded
More informationSECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS
SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationSAS Data Set Encryption Options
Technical Paper SAS Data Set Encryption Options SAS product interaction with encrypted data storage Table of Contents Introduction: What Is Encryption?... 1 Test Configuration... 1 Data... 1 Code... 2
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationThe Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems
The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems
More information4D v11 SQL Release 6 (11.6) ADDENDUM
ADDENDUM Welcome to release 6 of 4D v11 SQL. This document presents the new features and modifications of this new version of the program. Increased ciphering capacities Release 6 of 4D v11 SQL extends
More informationVERITAS NetBackup 6.0 Encryption
VERITAS NetBackup 6.0 Encryption System Administrator s Guide for UNIX, Windows, and Linux N15274C September 2005 Disclaimer The information contained in this publication is subject to change without notice.
More informationCrashPlan Security SECURITY CONTEXT TECHNOLOGY
TECHNICAL SPECIFICATIONS CrashPlan Security CrashPlan is a continuous, multi-destination solution engineered to back up mission-critical data whenever and wherever it is created. Because mobile laptops
More informationNetwork FAX Driver. Operation Guide
Network FAX Driver Operation Guide About this Operation Guide This Operation Guide explains the settings for the Network FAX driver as well as the procedures that are required in order to use the Network
More informationTwo Factor Zero Knowledge Proof Authentication System
Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted
More informationBlackbox: Distributed Peer-to-Peer File Storage and Backup
Blackbox: Distributed Peer-to-Peer File Storage and Backup Payut Pantawongdecha Isabella Tromba Chelsea Voss Gary Wang Instructor: Ron Rivest May 14, 2014 Abstract This paper presents the design of Blackbox,
More informationCipherShare Features and Benefits
CipherShare s and CipherShare s and Security End-to-end Encryption Need-to-Know: Challenge / Response Authentication Transitive Trust Consistent Security Password and Key Recovery Temporary Application
More informationSafeGuard Enterprise upgrade guide. Product version: 6.1
SafeGuard Enterprise upgrade guide Product version: 6.1 Document date: February 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationVoteID 2011 Internet Voting System with Cast as Intended Verification
VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could
More informationA Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA
A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA Mr.Mahesh S.Giri Department of Computer Science & Engineering Technocrats Institute of Technology Bhopal, India
More informationSpreed Keeps Online Meetings Secure. Online meeting controls and security mechanism. www.spreed.com
Spreed Keeps Online Meetings Secure Online meeting controls and security mechanism www.spreed.com Spreed Online Meeting is protected by the most advanced security features. Rest assured that your meetings
More informationINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY AUTHOR: ANAS TAWILEH anas@tawileh.net Available online at: http://www.tawileh.net/courses/ia This work is released under a Creative Commons Attribution-ShareAlike 2.5 License
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationINTEGRATION OF DIGITAL SIGNATURES INTO THE EUROPEAN BUSINESS REGISTER. Abstract:
INTEGRATION OF DIGITAL SIGNATURES INTO THE EUROPEAN BUSINESS REGISTER Helmut Kurth Industrieanlagen Betriebsgesellschaft mbh Einsteinstr. 20 D-85521 Ottobrunn, Germany kurth@iabg.de Abstract: In the INFOSEC
More informationEMC VMAX3 DATA AT REST ENCRYPTION
EMC VMAX3 DATA AT REST ENCRYPTION ABSTRACT In the interconnected world, data and intellectual property is the highest value currency which can be held by corporations. From recent newsworthy examples,
More informationKey Management Interoperability Protocol (KMIP)
www.oasis-open.org Management Interoperability Protocol (KMIP) Storage Developer s Introduction SNIA Fall 2009 Gordon Arnold, garnold@us.ibm.com Chair, Storage Security Industry Forum 1 2009 Insert Copyright
More informationChapter 13 File and Database Systems
Chapter 13 File and Database Systems Outline 13.1 Introduction 13.2 Data Hierarchy 13.3 Files 13.4 File Systems 13.4.1 Directories 13.4. Metadata 13.4. Mounting 13.5 File Organization 13.6 File Allocation
More informationChapter 13 File and Database Systems
Chapter 13 File and Database Systems Outline 13.1 Introduction 13.2 Data Hierarchy 13.3 Files 13.4 File Systems 13.4.1 Directories 13.4. Metadata 13.4. Mounting 13.5 File Organization 13.6 File Allocation
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More informationMessage Authentication Codes
2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex,
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationNew Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer
New Technologies File System (NTFS) Priscilla Oppenheimer NTFS Default file system for Windows NT, 2000, XP, and Windows Server 2003 No published spec from Microsoft that describes the on-disk layout Good
More informationBackup Exec Private Cloud Services. Planning and Deployment Guide
Backup Exec Private Cloud Services Planning and Deployment Guide Chapter 1 Introducing Backup Exec Private Cloud Services This chapter includes the following topics: About Backup Exec Private Cloud Services
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationExam Papers Encryption Project PGP Universal Server Trial Progress Report
Exam Papers Encryption Project PGP Universal Server Trial Progress Report Introduction Using encryption for secure file storage and transfer presents a number of challenges. While the use of strong, well
More informationHOW ENCRYPTION WORKS. Introduction to BackupEDGE Data Encryption. Technology Overview. Strong Encryption BackupEDGE
HOW ENCRYPTION WORKS Technology Overview Strong Encryption BackupEDGE Introduction to BackupEDGE Data Encryption A major feature of BackupEDGE is the ability to protect archives containing critical client
More informationBitmessage: A Peer to Peer Message Authentication and Delivery System
Bitmessage: A Peer to Peer Message Authentication and Delivery System Jonathan Warren jonathan@bitmessage.org www.bitmessage.org November 27, 2012 Abstract. We propose a system that allows users to securely
More informationEMC DATA DOMAIN ENCRYPTION A Detailed Review
White Paper EMC DATA DOMAIN ENCRYPTION A Detailed Review Abstract The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers to
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationSafeGuard Easy upgrade guide. Product version: 7
SafeGuard Easy upgrade guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6 4.1 Upgrade
More informationWhite Paper. Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1. Copyright 2014, ezdi, LLC.
White Paper ezcac: HIPAA Compliant Cloud Solution Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1 Copyright 2014, ezdi, LLC. TECHNICAL SAFEGUARDS Access Control 164.312 (a) (1)
More informationAnalyzing the Security Schemes of Various Cloud Storage Services
Analyzing the Security Schemes of Various Cloud Storage Services ECE 646 Project Presentation Fall 2014 12/09/2014 Team Members Ankita Pandey Gagandeep Singh Bamrah Pros and Cons of Cloud Storage Services
More informationAbstract. Introduction. Section I. What is Denial of Service Attack?
Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss
More informationHow To Ensure Correctness Of Data In The Cloud
Ensuring Data Storage Security in Cloud Computing ABSTRACT Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationRS-485 Protocol Manual
RS-485 Protocol Manual Revision: 1.0 January 11, 2000 RS-485 Protocol Guidelines and Description Page i Table of Contents 1.0 COMMUNICATIONS BUS OVERVIEW... 1 2.0 DESIGN GUIDELINES... 1 2.1 Hardware Design
More informationEMC NetWorker Module for Microsoft for Windows Bare Metal Recovery Solution
EMC NetWorker Module for Microsoft for Windows Bare Metal Recovery Solution Release 3.0 User Guide P/N 300-999-671 REV 02 Copyright 2007-2013 EMC Corporation. All rights reserved. Published in the USA.
More informationDeploying EFS: Part 1
Security Watch Deploying EFS: Part 1 John Morello By now, everyone has heard reports about personal or sensitive data being lost because of laptop theft or misplacement. Laptops go missing on a regular
More informationMonitoring Traffic manager
Monitoring Traffic manager eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may be reproduced
More informationDarkFS - An Encrypted File System
1 DarkFS - An Encrypted File System Team: Arjun Narayanan, Yuta 1. Motivation In many software applications, we want to store files in a remote, untrusted file server. With an untrusted file server, we
More informationEMC Symmetrix Data at Rest Encryption
Detailed Review Abstract This white paper provides a detailed description of EMC Symmetrix Data at Rest Encryption features and operations. March 2011 Copyright 2010, 2011 EMC Corporation. All rights reserved.
More informationSECURED DATA STORAGE IN CLOUD
International Journal of Information Technology & Management Information System (IJITMIS) Volume 6, Issue 2, July-December-2015, pp. 44-48, Article ID: IJITMIS_06_02_007 Available online at http://http://www.iaeme.com/issue.asp?jtype=ijitmis&vtype=6&itype=2
More informationSafeGuard Enterprise upgrade guide. Product version: 7
SafeGuard Enterprise upgrade guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6 4.1
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationHigh Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models
A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit
More informationData Breaches and the Encryption Safe Harbor. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
Data Breaches and the Encryption Safe Harbor Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted.
More informationJK0 015 CompTIA E2C Security+ (2008 Edition) Exam
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationThe Case For Secure Email
The Case For Secure Email By Erik Kangas, PhD, President, Lux Scientiae, Incorporated http://luxsci.com Contents Section 1: Introduction Section 2: How Email Works Section 3: Security Threats to Your Email
More informationAdministration Guide. Wireless software upgrades
Administration Guide Wireless software upgrades SWDT207654-207654-0727045705-001 Contents Upgrading the BlackBerry Device Software over the wireless network... 3 Wireless software upgrades... 3 Sources
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationDen Gode Webservice - Security Analysis
Den Gode Webservice - Security Analysis Cryptomathic A/S September, 2006 Executive Summary This report analyses the security mechanisms provided in Den Gode Web Service (DGWS). DGWS provides a framework
More informationCisco Trust Anchor Technologies
Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed
More informationVPN Client User s Guide. 9235966 Issue 2
VPN Client User s Guide 9235966 Issue 2 Copyright 2004 Nokia. All rights reserved. Reproduction, transfer, distribution or storage of part or all of the contents in this document in any form without the
More informationB.Com(Computers) II Year DATABASE MANAGEMENT SYSTEM UNIT- V
B.Com(Computers) II Year DATABASE MANAGEMENT SYSTEM UNIT- V 1 1) What is Distributed Database? A) A database that is distributed among a network of geographically separated locations. A distributed database
More informationBroadSAFE Enhanced IP Phone Networks
White Paper BroadSAFE Enhanced IP Phone Networks Secure VoIP Using the Broadcom BCM11xx IP Phone Technology September 2005 Executive Summary Voice over Internet Protocol (VoIP) enables telephone calls
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationBackup and Recovery Procedures
CHAPTER 10 This chapter provides Content Distribution Manager database backup and ACNS software recovery procedures. This chapter contains the following sections: Performing Backup and Restore Operations
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationFile System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1
File System Forensics FAT and NTFS 1 FAT File Systems 2 File Allocation Table (FAT) File Systems Simple and common Primary file system for DOS and Windows 9x Can be used with Windows NT, 2000, and XP New
More informationCA ARCserve and CA XOsoft r12.5 Best Practices for protecting Microsoft SQL Server
CA RECOVERY MANAGEMENT R12.5 BEST PRACTICE CA ARCserve and CA XOsoft r12.5 Best Practices for protecting Microsoft SQL Server Overview Benefits The CA Advantage The CA ARCserve Backup Support and Engineering
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationKey Management Interoperability Protocol (KMIP)
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationIntroduction to IP v6
IP v 1-3: defined and replaced Introduction to IP v6 IP v4 - current version; 20 years old IP v5 - streams protocol IP v6 - replacement for IP v4 During developments it was called IPng - Next Generation
More information9243054 Issue 1. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation
9243054 Issue 1 Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation VPN Client User s Guide 9243054 Issue 1 Reproduction, transfer, distribution or storage of part or all of
More informationTk20 Backup Procedure
Tk20 Backup Procedure 1 TK20 BACKUP PROCEDURE OVERVIEW 3 FEATURES AND ADVANTAGES: 3 TK20 BACKUP PROCEDURE 4 DAILY BACKUP CREATION 4 TRANSFER OF BACKUPS 5 AUDITING PROCESS 5 BACKUP REPOSITORY 5 WRITE TO
More informationFIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0
FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282
More informationEnd User Encryption Key Protection Policy
End User Encryption Key Protection Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization.
More information