Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999



Similar documents
Introduction to Security and PIX Firewall

Cornerstones of Security

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

How To Understand And Understand The Security Of A Key Infrastructure

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

VPN. Date: 4/15/2004 By: Heena Patel

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Chapter 10. Network Security

Chapter 9. IP Secure

Virtual Private Networks

Case Study for Layer 3 Authentication and Encryption

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Overview. SSL Cryptography Overview CHAPTER 1

Securing an IP SAN. Application Brief

Chapter 4 Virtual Private Networking

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

As enterprises conduct more and more

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Site to Site Virtual Private Networks (VPNs):

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

NETWORK SECURITY (W/LAB) Course Syllabus

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

21.4 Network Address Translation (NAT) NAT concept

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Computer Networks. Secure Systems

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

Securing IP Networks with Implementation of IPv6

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Network Security Protocols

Protocol Security Where?

Secure Sockets Layer

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

IP Security. Ola Flygt Växjö University, Sweden

Network Security Part II: Standards

Chapter 7 Transport-Level Security

Introduction to Computer Security

EITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

TLS and SRTP for Skype Connect. Technical Datasheet

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Virtual Private Networks: IPSec vs. SSL

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

How To Pass The Information And Network Security Certificate

Internetwork Security

Using Entrust certificates with VPN

CTS2134 Introduction to Networking. Module Network Security

Protocol Data Units and Encapsulation

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Lecture 10: Communications Security

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

Intranet, Extranet, Firewall

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

VoIP Security. Seminar: Cryptography and Security Michael Muncan

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

CRYPTOGRAPHY IN NETWORK SECURITY

Chapter 32 Internet Security

Integrated Services Router with the "AIM-VPN/SSL" Module

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

VPN Technologies: Definitions and Requirements

Security Policy Revision Date: 23 April 2009

ETSF10 Part 3 Lect 2

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

Chapter 2 - The TCP/IP and OSI Networking Models

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Introduction to Computer Security

Network Authentication X Secure the Edge of the Network - Technical White Paper

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Public-Key Infrastructure

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Chapter 17. Transport-Level Security

VPN. VPN For BIPAC 741/743GE

Study on Remote Access for Library Based on SSL VPN

Security Technology: Firewalls and VPNs

Network Security Fundamentals

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Configuring a WatchGuard SOHO to SOHO IPSec Tunnel

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ISM/ISC Middleware Module

Transcription:

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999

Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks (WAN). It is currently priced to offer low cost per unit of capacity compared to other competing technologies. Capacity is packaged in terms of a committed information rate (CIR) that the vendor promises to provide all the time and an excess information rate (EIR) typically 2x the CIR that the vendor will support when capacity is available. Frame Relay circuits from international telecommunications carriers IDEA IP International Data Encryption Algorithm IDEA is a single key encryption algorithm. IDEA is not export restricted from North America. IDEA has a 128-bit key length. Internet Protocol An Internet Standard for the network layer defining an addressing mechanism and rules for routing data packets between addressed systems on interconnected networks. IDEA is implemented in the BorderGuard router and it will be used for the TSVPN encryption. IP router devices that interconnect networks and IP interface cards in computers attached to a network. Many products. IDEA was developed in Switzerland at the Swiss Federal Institute of Technology, at Züriche. It is believed to be a strong algorithm and no practical attacks on it have been published. IP routers will be used to interconnect the Frame Relay Network and patent office networks.

IPSEC Internet Protocol Security A set of protocols being developed by the Internet Engineering Task Force (IETF) to support secure exchange of packets at the IP layer. IPSEC uses public/private key technology. IPSEC is intended to be a standard that will be acceptable and attractive to equipment vendors whom will incorporate it in their products in order to provide interoperability with equipment from other vendors. CISCO Systems Intrusion Detection System A system used with the secure network packet encryptor devices to detect attempts to penetrate or intrude into the network. PKCS#7 Public Key Cryptographic Standard 7 A RSA Laboratories standard for encapsulating data that may have cryptography applied to it such as digital signatures and digital envelopes. NetRanger Probes and NetRanger Director software licensed by CISCO systems. A number of products from RSA Data Security, Inc. use PKCS#7. The final form of the IPSEC standards is being developed. Consequently, many vendors are taking a wait and see approach before going forward with plans to implement IPSEC in their products. Intrusion detection depends on recognizing packets that fail to match with what the encryptor expects to see, traffic patterns that differ from normal, or known intrusion patterns. The vendor periodically updates this software to detect new threats. The Trilateral Partners have agreed to use PCKS#7 as the standard for applying digital signatures to priority documents and for creating digital envelopes that contain secure priority documents.

Digital Signature A technique for certifying the data integrity of a digital document and associating the signer with a digital certificate from a trusted third party. To create a digital signature, the object to be signed is processed by a Secure Hash Algorithm to create a small message digest file that is uniquely associated with the signed object. This means that if the digest is recalculated after any change occurs to the signed object, the digest will be different. The digest is encrypted with the public key of the signer to create a digital signature block which is then packaged with the signed object using PKCS#7 rules. Digital Signature is provided in products from RSA, Trusted Information Systems, Netscape, Microsoft, Entrust and others. Digital Envelope A technique for packaging encrypted data that combines secret and public key cryptography. Data is encrypted using a unique secret key. The unique secret key (session key) is encrypted using the private key of a public/private key pair. Next, the encrypted data and the encrypted secret key are packaged using PKCS#7 rules for enveloped data. The result of the preceding steps is referred to as data in a digital envelope. Digital Envelope is provided in products from RSA, Trusted Information Systems, Netscape, Microsoft, Entrust and others. Export restrictions on the use of strong encryption do not apply to digital signatures provided it can be shown that the digital signature software is not readily adaptable to encrypting data content. The recipient of the digital envelope uses the public key of public/private key pair to recover the unique secret (session) key. The session key is used to decrypt the data and then it is discarded. The digital envelope technique uses fast secret key cryptography for bulk data and slower public key cryptography to encrypt the secret key.

PKI Public Key Infrastructure The standards, procedures and authorities required to issue, publish, manage and revoke digital certificates. Digital certificates are used to identify individuals and organizations that intend to use public key cryptography based services between them. Netscape Communications Entrust Systems A PKI consists of: A Certificate Authority issuing and verifying digital certificates A Registration Authority to verify certificate applicant identity Public ITU X.500 standard directories to hold certificates Procedures and software for TCP/IP Transmission Control Protocol and Intenet Protocol An Internet Standard protocol for ensuring reliable end-to-end transfer of data between TCP ports on computers attached to interconnected networks. TCP assembles a message from the IP packets used to send the message. If any message packets are missing or defective, TCP requests retransmission. Virtual Private Network (VPN) A technology for providing private communications within a public network by using data encryption. The data payload of packets sent through the network is encrypted and only the header information used to route data across the network is sent as clear text. Data that might be intercepted or monitored by parties other than the intended recipient is protected by the cryptographic system. TCP/IP is implemented in software that is normally supplied by the computer system vendor or networking software vendor. BorderGuard packet encryptor device from StorageTek, Inc. managing the certificates TCP/IP will be used for communications between software applications on computers that are connected via the TSVPN. Combined together TCP and IP implement the Network and Transport layers of the ISO 7-layer Network Protocol Model. The BorderGuard is installed between the patent office s firewall and the wide area network port in the patent office. The BorderGuards are managed by a network management system that will be located at USPTO. An export license has been obtained to allow using 128 bit cryptographic key lengths.

X.509 Ver. 3 X.509 Digital Certificate Standard An international standard for the format and content of digital certificates. A digital certificate enables a trusted third party to certify (vouch for) the relationship between a public key and information identifying the key s owner. X.509 is implemented in software that runs on the BorderGuard encryption device. X.509 certificates are authenticated by authentication servers on the patent office networks. Digital Certificates, Digital Signatures, Public Key Cryptography and procedures for verifying certificates form the basis for a Public Key Infrastructure (PKI). Although the X.509 standard is used, certificate systems from different vendors don t interoperate readily.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information