egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO
|
|
- Clarence Peters
- 6 years ago
- Views:
Transcription
1 egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO
2 e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index
3 National ID & Digital Signature Estonian Prime Minister Andrus Ansip signs an e-services agreement. (Estonian government) Estonia and Finland become first in the world to digitally sign international agreement December Japanese Prime Minister becomes Estonian e-resident Announced April Japan is the first large country who is going to implement a digital personal identification card, following Estonia s example Announced October Page 3
4 Information needs of Gov Services (and almost every business) Information Availability Make Information available for designated users Receive Information Allow Citizens and business to provide information (Fill forms), request and apply for services and perform transactions Processing and Decisions Data Integrity Allow employees and decision makers to process the requests and transactions, and record their decisions proofs to hold citizens, employees and decision makers accountable for the information they provide and the transactions they perform Protect the integrity of information from tampering both in motion and at rest Authorized Access Allow information access to authorized citizens and employees and deny access to anyone else Unified Identity Allow Citizens to use a unified way to prove their identities for various government organizations Data Exchange Exchange data between organizations Page 4
5 Ministry 2 Ministry 1 Manual paper based services Information Availability Authorized Access Document Verification Decisions Process requests Request a Service Provide Information Data Exchange Unified Identity Page 5
6 Ministry 2 Ministry 1 Business Transformation Information Availability Authorized Access Validation Decisions Process requests Request a Service Provide Information Data Exchange Page 6
7 Is it likely to be under Cyber Attack? 100% 317M 1.36M New Malware created in a year According to Symantec Business networks generate malicious traffic According to Cisco Records stolen every day 31% from Government According to Gemalto Page 7
8 How to respond to information security threats? Many techniques, protocols, mechanisms and products beyond the presentation scope Public key Infrastructure (PKI) utilization is a common factor in most if not all information security solutions - SSL/TLS certificates, SSH, IPSEC, S/MIME - epassport - Code signing - PAdES for PDF digital signature - XAdES for XML digital signature Page 8
9 PKI Overview What s PKI? PKI Definition - An approach for protecting data - A set of hardware, software, technical mechanisms, people, policies and procedures that collectively provide a framework for addressing the fundamentals of security PKI Role - The cornerstone in information security - Establishes the trust in electronic data and communication PKI basic capabilities - Protecting data confidentiality (encryption) without the need to have a shared secret - Assurance of data authenticity i.e. data source and data integrity Page 9
10 PKI Fundamentals Key Pair Correlated Randomly Generated Public Key and Private Key - Private Key: - Confidential value not known to anyone - Protected by machine/device and can be only used by its owner - In case of compromise, must be reported immediately to revoke the trust - Public Key: - Not a secret - Shared and published Digital Certificate - Contains the Public Key but not the Private Key - Proof of the certificate holder by a trusted issuing authority - Contains identification attributes of the certificate holder and the issuing authority - Has an expiration date and can be revoked even before its expiration PKI Cryptographic operations - Certificate holder (Private Key): Digital Signature, Decryption - Others (Public key): Verify Digital Signature, Encrypt Page 10
11 Public Key and Private Key a d a6 ad ab 44 f9 3f 43 e1 41 b3 c8 96 ba 8f c 1f c4 8b db 8a 19 0f a9 5e 40 3c fa ea 2c b9 8a 2e 22 fd fa fb e 19 cd 9c 98 bd c1 5e f 60 e4 04 f1 55 f4 75 3e 0a 73 1b b2 1e 7b 43 fe 5b 1b b1 8b 30 6f 6b ac 6c 8f a0 c5 0e 55 2f ac c7 ae ba bb b9 b8 80 3c 6d ed 9c ed a9 e9 aa 9d 3a b ba a 7b 81 0b 9f 2d f1 86 9e d1 dd fa c b b9 2d d7 b6 0c 4a bd a 40 6f e6 75 1e 22 fc e e ea a2 09 e7 a3 5b e5 4c 9b f9 6a c f eb 88 fd e3 d9 04 c1 92 4e ec c2 dc 79 4a 5f bc 6b 76 f2 5f e1 4f 09 1d 38 4e a ce c8 7e e0 4f c0 98 c8 72 1b 5d 06 ee 8b 18 bc d5 1f b1 8e ff c6 62 5c 4f 3e d8 19 ce 9e 8a 0e 00 c ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## Page 11
12 How does the certificate look like Page 12
13 PKI Trust Hierarchy Overview Page 13
14 Kuwait PKI Trust Hierarchy Kuwait National Root CA Government Root CA Private Root CA Oil Sector Root CA MOF CA PAI CA Diyar United CA ABC Co CA KOC CA KNPC CA Page 14
15 Why should we trust the root anyway? Page 15
16 PKI Benefits Signature Document Signing Logical Access & VPN SSO Encryption File Encryption Secure Web Identity Revocation Page 16
17 Sample Applications Page 17
18 Ministry 2 Ministry 1 PKI & Government eservices Information Availability Authorized Access Validation Decisions Process requests Request a Service Fill Information Page 18
19 Why PKI is essential for Smart Governments? Security is a chain. It s as strong as the weakest link Smart Government is Citizen Centric Information is the most valuable asset PKI is used to protect the systems that serves the citizens and manages the Information Assets It s logical to protect as well user identities and information assets PKI is InfoSec Cornerstone User centric egov Information is the most valuable asset Use PKI to protect user identity and information Page 19
20 Common questions about PKI If there is a certificate, Should we trust the identity? - The certificate is only trusted if its issuer is trusted - Certificate revocation status must be checked To build a trusted PKI, we need secure PKI HW and SW. Anything else? - A trusted PKI requires as well trustworthy and knowledgeable people, policies, procedures, physical and logical security controls We have a trusted PKI system, Are we secure? - A trusted PKI system provides trusted certificates. It s the well designed and correctly implemented utilization of the certificates to address a specific security threat that adds protection against this specific threat PKI based security is unbreakable. Isn t it? - It s always a race between attackers and defense systems. It s crucial to keep up to date to remain ahead of attackers. - Sometimes, vulnerabilities arise from mistakes in implementing systems that use PKI certificates. It s crucial to remain alert and apply patches and fixes as soon as they are available Does PKI = Smart Card? - A smart card with cryptographic capabilities is one of the secure options to host PKI keys. There are other options If someone gets access to my certificate, can he/she use it to digitally sign documents under my name? - The certificate doesn t contain the Private Key. The signing process requires the possession of the Private Key. The certificate itself is not a secret and it s shared with others to be able to verify the digital signature you create using your Private Key Page 20
21 Page 21 Thank you
CIS-331 Spring 2016 Exam 1 Name: Total of 109 Points Version 1
Version 1 Instructions Write your name on the exam paper. Write your name and version number on the top of the yellow paper. Answer Question 1 on the exam paper. Answer Questions 2-4 on the yellow paper.
More informationCIS-331 Fall 2013 Exam 1 Name: Total of 120 Points Version 1
Version 1 1. (24 Points) Show the routing tables for routers A, B, C, and D. Make sure you account for traffic to the Internet. NOTE: Router E should only be used for Internet traffic. Router A Router
More informationCIS-331 Fall 2014 Exam 1 Name: Total of 109 Points Version 1
Version 1 1. (24 Points) Show the routing tables for routers A, B, C, and D. Make sure you account for traffic to the Internet. Router A Router B Router C Router D Network Next Hop Next Hop Next Hop Next
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationCIS-331 Exam 2 Fall 2015 Total of 105 Points Version 1
Version 1 1. (20 Points) Given the class A network address 117.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 4,000 subnets? b. (5 Points) What is
More information4. Specifications and Additional Information
4. Specifications and Additional Information AGX52004-1.0 8B/10B Code This section provides information about the data and control codes for Arria GX devices. Code Notation The 8B/10B data and control
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationAcquirer JCB EMV Test Card Set
Acquirer JCB EMV Test Card Set July, 2017 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationCIS-331 Exam 2 Spring 2016 Total of 110 Points Version 1
Version 1 1. (20 Points) Given the class A network address 121.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 8,100 subnets? b. (5 Points) What is
More informationTriple DES and AES 192/256 Implementation Notes
Triple DES and AES 192/256 Implementation Notes Sample Password-to-Key and KeyChange results of Triple DES and AES 192/256 implementation For InterWorking Labs customers who require detailed information
More informationGateway Ascii Command Protocol
Gateway Ascii Command Protocol Table Of Contents Introduction....2 Ascii Commands.....3 Messages Received From The Gateway....3 Button Down Message.....3 Button Up Message....3 Button Maintain Message....4
More informationThe cache is 4-way set associative, with 4-byte blocks, and 16 total lines
Sample Problem 1 Assume the following memory setup: Virtual addresses are 20 bits wide Physical addresses are 15 bits wide The page size if 1KB (2 10 bytes) The TLB is 2-way set associative, with 8 total
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationCIS-331 Exam 2 Fall 2014 Total of 105 Points. Version 1
Version 1 1. (20 Points) Given the class A network address 119.0.0.0 will be divided into a maximum of 15,900 subnets. a. (5 Points) How many bits will be necessary to address the 15,900 subnets? b. (5
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationAcquirer JCB Dual Interface EMV Test Card Set
Acquirer JCB Dual Interface EMV Test Card Set.00 July, 2018 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing and delivering this document
More informationCIS-331 Final Exam Spring 2018 Total of 120 Points. Version 1
Version 1 Instructions 1. Write your name and version number on the top of the yellow paper and the routing tables sheet. 2. Answer Question 2 on the routing tables sheet. 3. Answer Questions 1, 3, 4,
More informationScan Results - ( Essentials - Onsharp )
Scan Results - www.onsharp.com ( Essentials - Onsharp ) Overview Open Ports (18) Scan ID: 7675527 Target: www.onsharp.com Max Score: 2.6 Compliance: Passing PCI compliance, Expires undefined Profile: 15
More informationZN-DN312XE-M Quick User Guide
ZN-DN312XE-M Quick User Guide This manual provides instructions for quick installation and basic configuration of your IP device. Step1. Connect cables to IP device Connect required cables to the device
More informationAPPLESHARE PC UPDATE INTERNATIONAL SUPPORT IN APPLESHARE PC
APPLESHARE PC UPDATE INTERNATIONAL SUPPORT IN APPLESHARE PC This update to the AppleShare PC User's Guide discusses AppleShare PC support for the use of international character sets, paper sizes, and date
More informationKey Management and Distribution
2 and Distribution : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 css441y15s2l10, Steve/Courses/2015/s2/css441/lectures/key-management-and-distribution.tex,
More informationThe Match On Card Technology
Precise Biometrics White Paper The Match On Card Technology Magnus Pettersson Precise Biometrics AB, Dag Hammarskjölds väg 2, SE 224 67 Lund, Sweden 22nd August 2001 Abstract To make biometric verification
More informationFirst Data DCC Test Card Set. Version 1.30
First Data DCC Test Card Set.30 April, 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from industry
More informationFirst Data Dual Interface EMV Test Card Set. Version 1.20
First Data Dual Interface EMV Test Card Set August, 2016 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationCIS-331 Final Exam Spring 2015 Total of 115 Points. Version 1
Version 1 1. (25 Points) Given that a frame is formatted as follows: And given that a datagram is formatted as follows: And given that a TCP segment is formatted as follows: Assuming no options are present
More informationFirst Data EMV Test Card Set. Version 1.30
First Data EMV Test Card Set.30 January, 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from industry
More informationCertificate. Certificate number: Certified by EY CertifyPoint since: July 10, 2018
Certificate Certificate number: 2018-016 Certified by EY CertifyPoint since: July 10, 2018 Based on certification examination in conformity with defined requirements in ISO/IEC 17065:2012 and ETSI EN 319
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationHow to Digital Sign a PDF document With Nexus Personal software
How to Digital Sign a PDF document With Nexus Personal software Version 1.1 Page 1 from 11 1. Introduction This document describes the procedure must be followed to digitally sign a PDF document using
More informationX.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationFirst Data EMV Test Card Set. Version 2.00
First Data EMV Test Card Set.00 February, 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from industry
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 64
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationTLS 1.2 Protocol Execution Transcript
Appendix C TLS 1.2 Protocol Execution Transcript In Section 2.3, we overviewed a relatively simple protocol execution transcript for SSL 3.0. In this appendix, we do something similar for TLS 1.2. Since
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution
Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Secured Communications: Key exchange Schneier, Applied Cryptography:
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationDigital Lighting Systems, Inc.
Digital Lighting Systems, Inc. Four Channel Dry Contacts Relays Switch Pack DMX512 compatible USER'S MANUAL -UM User's Manual - Page 1 GENERAL DESCRIPTION The is a 4-channel DMX-512 compatible electro-mechanical
More informationComodo Certificate Manager
Comodo Certificate Manager Simple, Automated & Robust SSL Management from the #1 Provider of Digital Certificates 1 Datasheet Table of Contents Introduction 3 CCM Overview 4 Certificate Discovery Certificate
More informationECHO Process Instrumentation, Inc. Modbus RS485 Module. Operating Instructions. Version 1.0 June 2010
ECHO Process Instrumentation, Inc. Modbus RS485 Module Operating Instructions Version 1.0 June 2010 ECHO Process Instrumentation, Inc. PO Box 800 Shalimar, FL 32579 PH: 850-609-1300 FX: 850-651-4777 EM:
More informationEnhanced Play Fair Cipher
P Enhanced Play Fair Cipher 1 1 Naveen KMP P, PDepartment of Information Technology, Velammal Engineering College, Chennai, Tamil Nadu, India. Abstract The theme of this research work is to design and
More informationCERN Certification Authority
CERN Certification Authority Emmanuel Ormancey (IT/IS) What are Certificates? What are Certificates? Digital certificates are electronic credentials that are used to certify the identities of individuals,
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationCertification Authority
Certification Authority Overview Identifying CA Hierarchy Design Requirements Common CA Hierarchy Designs Documenting Legal Requirements Analyzing Design Requirements Designing a Hierarchy Structure Identifying
More informationQUALIFYING ATTESTATION LETTER
TAYLLORCOX s.r.o. Member of TAYLLORCOX UK Ltd. 75 King William St., EC4N, London, UK TAYLLORCOX PCEB, certification body No. 3239, accredited in accordance with ČSN EN ISO/IEC 17065:2013 by Czech Accreditation
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationJuly Registration of a Cyrillic Character Set. Status of this Memo
Network Working Group Request for Comments: 1489 A. Chernov RELCOM Development Team July 1993 Status of this Memo Registration of a Cyrillic Character Set This memo provides information for the Internet
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationCS 425 / ECE 428 Distributed Systems Fall 2017
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your
More informationMeasuring Authentication: NIST and Vectors of Trust
SESSION ID: IDY-F01 Measuring Authentication: NIST 800-63 and Vectors of Trust auth Sarah Squire Senior Identity Solution Architect Engage Identity @SarahKSquire Eyewitness News 3 A Play in Five Acts
More informationUELMA Exploring Authentication Options Nov 4, 2011
UELMA Exploring Authentication Options Nov 4, 2011 A U T H E N T I C A T I O N M E T H O D S P R E L I M I N A R Y R E P O R T B R A D L E E C H A N G X C E N T I A L G R O U P B R A D @ X C E N T I A
More informationNext Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop
Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop PACS Integration into the Identity Infrastructure Salvatore D Agostino CEO, IDmachines LLC 8 th Annual
More informationDBK24. Isolated Digital Output Chassis. Overview
DBK24 Isolated Digital Output Chassis Overview 1 Power Requirements 2 Hardware Setup 2 Card Connection 2 Card Configuration 3 DaqBook and DaqBoard Connection 4 DaqBoard/2000 Series Board Connection 5 DaqBook
More informationCSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationIntroduction to SSL. Copyright 2005 by Sericon Technology Inc.
Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationAbout & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017
About & Beyond PKI Blockchain and PKI André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich February 9, 2017 1 Agenda Does blockchain secure PKIs in the longterm? Disadvantages of classic PKIs
More informationWHITEPAPER. Vulnerability Analysis of Certificate Validation Systems
WHITEPAPER Vulnerability Analysis of Certificate Validation Systems The US Department of Defense (DoD) has deployed one of the largest Public Key Infrastructure (PKI) in the world. It serves the Public
More informationWHITE PAPER. Secure communication. - Security functions of i-pro system s
WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro
More informationPROVING WHO YOU ARE TLS & THE PKI
PROVING WHO YOU ARE TLS & THE PKI CMSC 414 MAR 29 2018 RECALL OUR PROBLEM WITH DIFFIE-HELLMAN The two communicating parties thought, but did not confirm, that they were talking to one another. Therefore,
More informationWhat is a Digital Certificate? Basic Problem. Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections
Digital Certificates, Certification Authorities, and Public Key Infrastructure Sections 14.3-14.5 Basic Problem What does a public-key signature verification tell you? Verification parameters include public
More informationDigital Certificates, Certification Authorities, and Public Key Infrastructure. Sections
Digital Certificates, Certification Authorities, and Public Key Infrastructure Sections 14.3-14.5 Basic Problem What does a public-key signature verification tell you? Verification parameters include public
More informationAn Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationIntel and Symantec: Improving performance, security, manageability and data protection
Intel and Symantec: Improving performance, security, manageability and data protection Terry Cutler Enterprise Solution Architect Omid Meshkin Strategic Business Development 1 Session Objectives By the
More informationAn Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may
More informationLecture Notes 14 : Public-Key Infrastructure
6.857 Computer and Network Security October 24, 2002 Lecture Notes 14 : Public-Key Infrastructure Lecturer: Ron Rivest Scribe: Armour/Johann-Berkel/Owsley/Quealy [These notes come from Fall 2001. These
More informationPublic Key Infrastructure
Public Key Infrastructure Ed Crowley Summer 11 1 Topics Public Key Infrastructure Defined PKI Overview PKI Architecture Trust Models Components X.509 Certificates X.500 LDAP 2 Public Key Infrastructure
More informationLessons from the Human Immune System Gavin Hill, Director Threat Intelligence
Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are
More information6. Specifications & Additional Information
6. Specifications & Additional Information SIIGX52004-3.1 Transceier Blocks Table 6 1 shows the transceier blocks for Stratix II GX and Stratix GX deices and compares their features. Table 6 1. Stratix
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationPublic-Key Infrastructure NETS E2008
Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationDigital Lighting Systems, Inc. CD400-DMX DMX512 Four Channel Dimmer and Switch module
, Inc. DMX512 Four Channel Dimmer and Switch module Input: 5 Amps @ 6-24 VDC Outputs: 5 Amps Maximum each, total 4 outputs 8 Amps Maximum. FRONT BACK USER'S MANUAL -UM User's Manual - Page 1 GENERAL DESCRIPTION
More information6.1 Combinational Circuits. George Boole ( ) Claude Shannon ( )
6. Combinational Circuits George Boole (85 864) Claude Shannon (96 2) Signals and Wires Digital signals Binary (or logical ) values: or, on or off, high or low voltage Wires. Propagate digital signals
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationCDR File Information. Comments Direct PCM
IMPORTANT NOTICE: Robert Bosch LLC and the manufacturers whose vehicles are accessible using the CDR System urge end users to use the latest production release of the Crash Data Retrieval system software
More information