Logging System for Longlifetime
|
|
- Juniper Skinner
- 6 years ago
- Views:
Transcription
1 Logging System for Longlifetime Data Validation!
2 Lifetime of data vs. signing key Lifetime of a data packet! depends on data usage! may exist for a long time! even forever! Lifetime of a signing key! must be limited! 2
3 How to maintain long-lived data Re-sign data with a new key! maintenance is complicated! key rollover! publishing re-signed data! Can we sign data once and leave it alone?! post-facto validation! validate data with an expired key?! 3
4 Post-Facto Validation Key was valid at the moment of signing! though it is invalid now! Check if the signature was generated during the valid period of the key! Can we have a time machine to go back?! a logging system may help!! 4
5 What to log? Assume we have a honest logger! Given a long-lived data! data name: retrieve data when necessary! data digest: integrity checking! signing timestamp! But also signing key! alice key validity root key validity Add /ndn/key Add /ndn/ucla/alice/key Validate Data1 Logger Timeline Add /ndn/ucla/key Add Data1 signed by /ndn/ucla/alice/key ucla key validity Add Data2 signed by /ndn/ucla/alice/key Validate Data2 5
6 Secure logger A trusted third party?! not every one will trust the same third party! no entity lasts forever! Publicly auditable logger! anyone can audit the logger! data signers, data consumers, certificate issuers, independent third parties,! force logger to behave honestly! tamper-evident log! 6
7 Tamper-Evident Log Hash chain! Bitcoin! simple, space effient! slow to check! MerkleTree! Certificate Transparency! efficient checking! hash1 hash2 hash3 hashn slot1 slot2 slot3 slotn hashk, hash1, 0 hash1, 2 hash1, N hash00 hash01 hash02 hash0n slot0 slot1 slot2... slotn 7
8 ! MerkleTree in NDN A MerkleTree consists of sub-trees! Each sub-tree! fixed by its root! easy to verify! fixed by its index (level, seqno)! easy to retrieve! once complete, become frozen! can be cached! 3, 0 1, 0 1, 2 1, 4 1, 6 8
9 Road Map Stage 1 (Partially done)! trusted logger! single logger! single trust model! Stage 2 (TODO)! scalable merkle tree! multiple loggers! Stage 3 (TODO)! gossip protocols!
10 Stage 1
11 Log a signature Self-signed signature! only for trust anchor! logger should watch trust anchor changes and actively log new anchor! Non-self-signed signature! logged on demand! signature must be valid at the moment of logging! signer certificate must have been logged before! timestamp must satisfy the validity requirements!
12 Trust Anchor Name:! /<AnchorName>/[SeqNo]/KEY/[KeyHash]/[Version]! SeqNo! key rollover! Self-Signed! Logger requires a trust anchor list!
13 Sub-tree Data Name:! complete sub-tree! /<logger_name>/[level]/[seqno]/complete/[roothash]! incomplete sub-tree! /<logger_name>/[level]/[seqno]/[nextleafseqno]/[roothash]! MetaInfo! ContentType: Data! FreshnessPeriod:! complete: N/A! incomplete: 60 sec! Content! concatenated hash of 32 leaves! for SHA-256, 32*32=1024 bytes! Signature! DigestSha256!
14 Leaf Data Name:! /<logger_name>/leaf/[seqno]/[hash]! hash: used as the hash of merkle tree leaf! MetaInfo! ContentType: Data! FreshnessPeriod:! complete: N/A! Content! a list of TLVs! data name (with implicit digest)! timestamp (Unix time)! leaf seqno! signer leaf seqno! content hash is also the hash of the corresponding merkle tree leaf! Signature! DigestSha256!
15 Log Request Log request is expressed as an signed interest! Name! /<logger_name>/log/[original_data_name]/[signer_seqno]/<sig_components>! original data name contains implicit digest! leaf with signer_seqno should contain the signer cert that matches the KeyLocator of the original data.! only authorized user can submit the log request! for example, any legitimate users on the NDN test bed! MetaInfo:! FreshnessPeriod should be long enough for logger to respond the the request! logger needs to retrieve the original data! optimization: encode original data in request name to avoid data fetching! A signer cert must be logged before the data! Response to a log request! no response to request made by unauthorized user! result code:! 0 for accepted! others for rejected! result seqno (when code == 0)! result msg (when code!= 0)!
16 Trust Anchor Assume:! one always know current trust anchor! Current trust anchor asserts its previous anchors by publishing a data packet precedents! contains each precedent s! corresponding leaf data! corresponding logger root hash! in time order! signed by current trust anchor! Expired data validation:! determine the previous trust anchor! request a list of intermediate certificates and corresponding timestamps to authenticate data! certificates comply with the trust model! timestamps comply with validity requirements!
17 Remaining Work Client side! auditor! log requester! data verifier!
18 Stage 2
19 Multiple Loggers Multiple loggers for the same purposes! same trust anchor & trust model! different writers! Loggers may serve different purposes! different namespaces, different trust models! e.g., each organization may have its own logger to log their own data! Loggers synchronize with each other! improve redundancy! automatically audit each other! e.g., using/extending ChronoSync! each logger has its own prefix & seqno! 19
20 Scalable Merkle Tree Store log & data separately! Loggers maintain log! Sub-loggers/users maintain actual data! no need to retrieve log for unavailable data! Sub-loggers/users cannot change actual data! digest is fixed in log! Sub-loggers/users may even keep a sub-tree! contain a sub-logger/user s own data! could be incomplete! root digest is fixed in log!! Logger's MerkleTree Use's actual data Sub-Tree Sub-Tree Sub-Tree Sub-Tree 20
21 Stage 3
22 Gossip Protocol Untrusted logger! logger s behavior is auditable! clients exchange their own knowledge about the root digest of logger through a gossip protocol!
An Authentication System for Data Archives in Named Data Networking
NDN DeLorean: An Authentication System for Data Archives in Named Data Networking Yingdi Yu (UCLA), Alexander Afanasyev (Florida International University), Jan Seedorf (HFT Stuttgart), Zhiyi Zhang (UCLA),
More informationNDN specification Documentation Release 0.1a2
NDN specification Documentation Release 0.1a2 NDN Project Team March 27, 2014 Contents 1 Acknowledgment 2 2 Introduction 2 3 Type-Length-Value (TLV) Encoding 3 3.1 Variable Size Encoding for type (T) and
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationCertificate reputation. Dorottya Papp
Certificate reputation Dorottya Papp Motivation Verification on a digital certificate does not reveal important factors Is it a fake certificate? (Hash collision) Was it mistakenly issued? (Comodo scandal)
More informationL8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L8: Public Key Infrastructure Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/21/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationCONIKS: Bringing Key Transparency to End Users
CONIKS: Bringing Key Transparency to End Users Morris Yau 1 Introduction Public keys must be distributed securely even in the presence of attackers. This is known as the Public Key Infrastructure problem
More informationBugzilla ID: Bugzilla Summary:
Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationUSB Type-C Authentication
USB Type-C Authentication Stephanie Wallick Intel USB Developer Days 2017 Taipei, Taiwan October 24 25, 2017 1 USB Type-C Authentication Introduction Architecture Protocol Certificates 2 Specification
More informationDANE Best Current Practice
DANE Best Current Practice draft-dukhovni-dane-ops-01 Viktor Dukhovni & Wes Hardaker IETF 87, Berlin July 2013 General DANE Guidelines (Type Independent) Large DNS payload issues Issues with large UDP
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationNaming in Content-Oriented Architectures
Naming in Content-Oriented Architectures 1 Data publishing RWI select produce own Data Name certify Key 2 Basic bindings The ICN paper argued that RWI, Name, and Key should be bound together RWI If not,
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationAttestation Service for Intel Software Guard Extensions (Intel SGX): API Documentation. Revision: 3.0
Attestation Service for Intel Software Guard Extensions (Intel SGX): API Documentation Revision: 3.0 1 1 Abbreviations... 4 2 Attestation Service for Intel SGX... 5 Supported environments... 5 Authentication...
More informationCreate Decryption Policies to Control HTTPS Traffic
Create Decryption Policies to Control HTTPS Traffic This chapter contains the following sections: Overview of Create Decryption Policies to Control HTTPS Traffic, page 1 Managing HTTPS Traffic through
More informationValidation Policy r tra is g e R ANF AC MALTA, LTD
Maltese Registrar of Companies Number C75870 and VAT number MT ANF AC MALTA, LTD B2 Industry Street, Qormi, QRM 3000 Malta Telephone: (+356) 2299 3100 Fax:(+356) 2299 3101 Web: www.anfacmalta.com Security
More informationEfficient Data Structures for Tamper-Evident Logging
Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances
More informationETSI TS V1.2.1 ( ) Technical Specification
TS 102 778-3 V1.2.1 (2010-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles
More informationICS 180 May 4th, Guest Lecturer: Einar Mykletun
ICS 180 May 4th, 2004 Guest Lecturer: Einar Mykletun 1 Symmetric Key Crypto 2 Symmetric Key Two users who wish to communicate share a secret key Properties High encryption speed Limited applications: encryption
More informationInternet Engineering Task Force (IETF) Request for Comments: 6283 Category: Standards Track. July 2011
Internet Engineering Task Force (IETF) Request for Comments: 6283 Category: Standards Track ISSN: 2070-1721 A. Jerman Blazic S. Saljic SETCCE T. Gondrom July 2011 Abstract Extensible Markup Language Evidence
More informationBlocked Hash-Tree Status and Entitlement System
Blocked Hash-Tree Status and Entitlement System Frank W. Sudia www.fwsudia.com September, 2000 1. Synopsis This paper describes a new technology for fast, lightweight, and secure confirmation of information
More informationIntended status: Experimental Expires: July 18, 2018 T. Ritter January 14, 2018
TRANS Internet-Draft Intended status: Experimental Expires: July 18, 2018 L. Nordberg NORDUnet D. Gillmor ACLU T. Ritter January 14, 2018 Gossiping in CT draft-ietf-trans-gossip-05 Abstract The logs in
More informationElectronic Seal Administrator Guide Published:December 27, 2017
Electronic Seal Administrator Guide Published:December 27, 2017 Copyright Version 4.25.2.3 Copyright 2003-2018 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights
More informationDeliverable D8.4 Certificate Transparency Log v2.0 Production Service
16-11-2017 Certificate Transparency Log v2.0 Production Contractual Date: 31-10-2017 Actual Date: 16-11-2017 Grant Agreement No.: 731122 Work Package/Activity: 8/JRA2 Task Item: Task 6 Nature of Deliverable:
More informationAuditing TPM Commands
Chapter 16 Auditing TPM Commands As used in the TPM, audit is the process of logging TPM command and response parameters that pass between the host and the TPM. The host is responsible for maintaining
More informationDNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific
DNS/DNSSEC Workshop In Collaboration with APNIC and HKIRC Hong Kong Champika Wijayatunga Regional Security Engagement Manager Asia Pacific 22-24 January 2018 1 DNSSEC 2 2 DNS: Data Flow Zone administrator
More informationServer-based Certificate Validation Protocol
Server-based Certificate Validation Protocol Digital Certificate and PKI a public-key certificate is a digital certificate that binds a system entity's identity to a public key value, and possibly to additional
More informationEnsuring Trustworthiness of Transactions under Different Isolation Levels
Ensuring Trustworthiness of Transactions under Different Isolation Levels Rohit Jain, Sunil Prabhakar Department of Computer Sciences, Purdue University West Lafayette, IN, USA {jain29,sunil}@cs.purdue.edu
More informationDesign and Implementation of a RFC3161-Enhanced Time-Stamping Service
Design and Implementation of a RFC3161-Enhanced Time-Stamping Service Chung-Huang Yang, 1 Chih-Ching Yeh, 2 and Fang-Dar Chu 3 1 Institute of Information and Computer Education, National Kaohsiung Normal
More informationDisplaying SSL Configuration Information and Statistics
CHAPTER 7 Displaying SSL Configuration Information and Statistics This chapter describes the show commands available for displaying CSS SSL configuration information and statistics and an explanation of
More informationIntended status: Experimental Expires: January 9, 2017 T. Ritter. July 08, 2016
TRANS Internet-Draft Intended status: Experimental Expires: January 9, 2017 L. Nordberg NORDUnet D. Gillmor ACLU T. Ritter July 08, 2016 Gossiping in CT draft-ietf-trans-gossip-03 Abstract The logs in
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationAfilias DNSSEC Practice Statement (DPS) Version
Afilias DNSSEC Practice Statement (DPS) Version 1.07 2018-02-26 Page 1 of 8 1. INTRODUCTION 1.1. Overview This document was created using the template provided under the current practicing documentation.
More informationExpires in 6 months September Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP <draft-ietf-pkix-ocsp-00.
HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 06:26:11 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Thu, 23 Oct 1997 15:29:00 GMT ETag: "304c31-471a-344f6d3c" Accept-Ranges: bytes Content-Length: 18202 Connection:
More informationChapter 10: Key Management
Chapter 10: Key Management Session and Interchange Keys Key Exchange Key Generation Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #10-1 Overview Key exchange Session
More informationKey Management and Distribution
2 and Distribution : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 css441y15s2l10, Steve/Courses/2015/s2/css441/lectures/key-management-and-distribution.tex,
More informationA Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover
A Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover Duane Wessels DNS-OARC 26 San Jose, CA September 29, 2017 Background 2 2017 Root Zone KSK Rollover October 11, 2017! Root zone DNSKEY
More informationEfficient Tamper-Evident Data Structures for Untrusted Servers
Efficient Tamper-Evident Data Structures for Untrusted Servers Dan S. Wallach Rice University Joint work with Scott A. Crosby This talk vs. Preneel s talk Preneel: how hash functions work (or don t work)
More informationBitcoin and Blockchain
Bitcoin and Blockchain COS 418: Distributed Systems Lecture 18 Zhenyu Song [Credit: Selected content adapted from Michael Freedman. Slides refined by Chris Hodsdon and Theano Stavrinos] Why Bitcoin? All
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationIntroduction to Cryptography in Blockchain Technology. December 23, 2018
Introduction to Cryptography in Blockchain Technology December 23, 2018 What is cryptography? The practice of developing protocols that prevent third parties from viewing private data. Modern cryptography
More informationIBM Systems and Technology Group
IBM Systems and Technology Group Encryption Facility for z/os Update Steven R. Hart srhart@us.ibm.com 2013 IBM Corporation Topics Encryption Facility for z/os EF OpenPGP Support X.509 vs. OpenPGP Certificates
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationSecurity Proposal for PMCI Standards and Protocols Architecture for Version 1.0 Release Work in Progress Last Updated: 12/17/2018
Security Proposal for PMCI Standards and Protocols Architecture for Version 1.0 Release Work in Progress Last Updated: 12/17/2018 Copyright 2018 DMTF Disclaimer The information in this presentation represents
More informationDigital Certificates. PKI and other TTPs. 3.3
Digital Certificates. PKI and other TTPs. 3.3 1 Certification-service providers Spanish Law 59/03 Art. 2.2 or Directive 1999/93/EC Art. 2.11: Certification-service providers means an entity or a legal
More informationSignature Validity States
Validity States Danny De Cock Danny.DeCock@esat.kuleuven.be Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT) Computer Security and Industrial Cryptography (COSIC) Kasteelpark Arenberg 10, bus
More informationICN Content Security Using Encrypted Manifest and Encrypted Content Chunks
ICN Content Security Using Encrypted Manifest and Encrypted Content Chunks Dante Pacella dante@verizon.com Ashish Sardesai ashish.sardesai@verizon.com Mani Tadayon mani.tadayon@verizon.com Venkat Josyula
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationComputer Security Spring 2010 Paxson/Wagner Notes 3/8. Key Management. 1 Cryptographic Hash Functions. 2 Man-in-the-middle Attacks
CS 161 Computer Security Spring 2010 Paxson/Wagner Notes 3/8 Key Management In this lecture, we ll talk about how to manage keys. For instance, how does Alice find out Bob s public key? Does it matter?
More informationInternet Engineering Task Force (IETF) Category: Experimental Helsinki Institute for Information Technology ISSN: May 2011
Internet Engineering Task Force (IETF T. Heer Request for Comments: 6253 COMSYS, RWTH Aachen University Updates: 5201 S. Varjonen Category: Experimental Helsinki Institute for Information Technology ISSN:
More informationIntroduction to Sync
Introduction to Sync Outline NDN Sync overview Sync protocol design issues Sync protocol for mobile ad-hoc networks What is NDN Sync? New transport service for data-centric networking [1] Synchronizing
More informationBlockchain and Additive Manufacturing
Blockchain and Additive Manufacturing January 10, 2019 Presentation to the South Texas Section, AIChE Lisa M. Smith Chief Corporate Development Officer Data Gumbo Corporation Blockchain Basics Data Gumbo
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationbbc Migrating and Sharing Secuity Settings: Using Security Settings Import/Export and FDF Files Acrobat and Adobe Reader PDF Creation Date:
bbc PDF Creation Date: September 5, 2008 Migrating and Sharing Secuity Settings: Using Security Settings Import/Export and FDF Files Acrobat and Adobe Reader Version 9.0 2008 Adobe Systems Incorporated.
More informationAuthentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi
Authentication Overview of Authentication systems 1 Approaches for Message Authentication Authentication is process of reliably verifying the identity of someone. Authentication Schemes 1. Password-based
More informationTopics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols
Cryptographic Protocols Topics 1. Dramatis Personae and Notation 2. Session and Interchange Keys 3. Key Exchange 4. Key Generation 5. Cryptographic Key Infrastructure 6. Storing and Revoking Keys 7. Digital
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationEXBO e-signing Automated for scanned invoices
EXBO e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.12.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationip source-track through ivrf
ip source-track through ivrf ip source-track, page 5 ip source-track address-limit, page 7 ip source-track export-interval, page 9 ip source-track syslog-interval, page 11 ip ssh, page 13 ip ssh break-string,
More informationeidas Interoperability Architecture Version November 2015
eidas Interoperability Architecture Version 1.00 6. November 2015 1 Introduction This document specifies the interoperability components of the eidas-network, i.e. the components necessary to achieve interoperability
More informationDRAFT ISDCF Doc5 - Guideline for SMPTE KDMs and Certificates Behaviors Last revised
DRAFT ISDCF Doc5 - Guideline for KDMs and Certificates Behaviors Last revised 20170629 1 KDM Formulations Actual DCI-compliant systems are now starting to appear in the field. Some KDM providers have been
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationComputer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019
Computer Security 14. Blockchain & Bitcoin Paul Krzyzanowski Rutgers University Spring 2019 April 15, 2019 CS 419 2019 Paul Krzyzanowski 1 Bitcoin & Blockchain Bitcoin cryptocurrency system Introduced
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationManage Certificates. Certificates Overview
Certificates Overview, page 1 Show Certificates, page 3 Download Certificates, page 4 Install Intermediate Certificates, page 4 Delete a Trust Certificate, page 5 Regenerate a Certificate, page 6 Upload
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationLecture 14. Public Key Certification and Revocation
Lecture 14 Public Key Certification and Revocation 1 CertificationTree / Hierarchy Logical tree of CA-s root PK root CA1 [PKCA1]SKroot CA3 [PK CA3 ]SK root [PK CA2 CA2 ]SK CA1 CA4 [PK CA4]SK CA3 2 Hierarchical
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationDigital signatures: How it s done in PDF
Digital signatures: How it s done in PDF Agenda Why do we need digital signatures? Basic concepts applied to PDF Digital signatures and document workflow Long term validation Why do we need digital signatures?
More informationIFY e-signing Automated for scanned invoices
IFY e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.13.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationAlternatives to Blockchains. Sarah Meiklejohn (University College London)
Alternatives to Blockchains Sarah Meiklejohn (University College London) fully decentralized cryptocurrencies 2 fully decentralized cryptocurrencies tx tx(addra addrb) 2 fully decentralized cryptocurrencies
More informationRolling the Root Zone DNSSEC Key Signing Key Edward Lewis AFRINIC25 November 2016
Rolling the Root Zone DNSSEC Key Signing Key Edward Lewis AFRINIC25 November 2016 edward.lewis@icann.org 1 Motivation for this talk ICANN is about to change an important configuration parameter in DNSSEC
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationBrowser Trust Models: Past, Present and Future
Wednesday June 5, 2013 (9:00am) Browser Trust Models: Past, Present and Future Jeremy Clark & Paul C. van Oorschot School of Computer Science Carleton University, Ottawa, Canada 1 Quick Review: SSL/TLS
More informationCryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies
Intro to Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public Keys and Identities Let s design us some Digital Cash! Intro to Cryptographic
More informationCopy-Resistant Credentials with Minimum Information Disclosure
Copy-Resistant Credentials with Minimum Information Disclosure David Bauer and Douglas Blough Georgia Institute of Technology Public-key based certificates provide a standard way to prove one's identity,
More informationTO: FROM: DATE: SUBJECT: Revisions General 2.1 The Mismatch does
TO: FROM: T10 Membership Paul A Suhler, Quantum Corporation David Black, EMC DATE: 22 October 2008 SUBJECT: T10/08-46r1, SPC-4: Correction to IKEv2-SCSI Certificate Request Payload 1 Revisions 0 Initial
More informationConfiguring the Cisco APIC-EM Settings
Logging into the Cisco APIC-EM, page 1 Quick Tour of the APIC-EM Graphical User Interface (GUI), page 2 Configuring the Prime Infrastructure Settings, page 3 Discovery Credentials, page 4 Security, page
More informationOpenbankIT: a banking platform for e- money management based on blockchain technology
OpenbankIT: a banking platform for e- money management based on blockchain technology Dr. Pavel Kravchenko, Sergiy Vasilchuk, Bohdan Skriabin pavel@distributedlab.com, vsv@atticlab.net, bohdan@distributedlab.com
More informationarxiv: v2 [cs.cr] 1 Feb 2016
PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem Pawel Szalachowski, Laurent Chuat, and Adrian Perrig Department of Computer Science ETH Zurich, Switzerland arxiv:1601.03874v2
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More informationA human-readable summary of the X.509 PKI Time-Stamp Protocol (TSP)
A human-readable summary of the X.509 PKI Time-Stamp Protocol (TSP) Daan Sprenkels Radboud University Nijmegen, The Netherlands dsprenkels@science.ru.nl 1 Introduction In August 2001, the Internet Engineering
More informationTwo different chat groups Between the three ships Between the carrier and the troops
Chat Application Notional Tactical Network Two different chat groups Between the three ships Between the carrier and the troops C gro hat up 1 Chat group2 Loss cannot be tolerated In order delivery is
More informationManaging Certificates
CHAPTER 12 The Cisco Identity Services Engine (Cisco ISE) relies on public key infrastructure (PKI) to provide secure communication for the following: Client and server authentication for Transport Layer
More informationRPKI Trust Anchor. Geoff Huston APNIC
RPKI Trust Anchor Geoff Huston APNIC Public Keys How can you trust a digital signature?? What if you have never met the signer and have no knowledge of them or their keys? One approach is transitive trust
More informationModern key distribution with ClaimChains
Modern key distribution with ClaimChains A decentralized Public Key Infrastructure that supports privacy-friendly social verification NEXTLEAP Bogdan Kulynych Marios Isaakidis Carmela Troncoso George Danezis
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationEfficient Quantum-Immune Keyless Signatures with Identity
Efficient Quantum-Immune Keyless Signatures with Identity Risto Laanoja Tallinn University of Technology / Guardtime AS May 17, 2014 Estonian CS Theory days at Narva-Jõesuu TL; DR Built a practical signature
More informationCIP Security Phase 1 Secure Transport for EtherNet/IP
CIP Security Phase 1 Secure Transport for EtherNet/IP Brian Batke, Rockwell Automation Dennis Dubé, Schneider Electric Joakim Wiberg, HMS Industrial Networks October 14, 2015 The Need for a Secure Transport
More informationAbstract. 1 Introduction. Efficient Data Structures for Tamper-Evident Logging. Department of Computer Science, Rice University
Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach scrosby@cs.rice.edu dwallach@cs.rice.edu Department of Computer Science, Rice University Abstract Many real-world applications
More informationPublic Key Infrastructures
Public Key Infrastructures Ralph Holz Network Architectures and Services Technische Universität München November 2014 Ralph Holz: Public Key Infrastructures 1 Part 3: Proposals to enhance or replace X.509
More informationTCG. SNMP MIB for TPM-Based Attestation
SNMP MIB for TPM-Based Attestation Specification Version 0.8 Revision 0.02 May 22, 2018 DRAFT Contact: admin@trustedcomputinggroup.org Work in Progress This document is an intermediate draft for comment
More informationPolicy-directed certificate retrieval
SOFTWARE PRACTICE AND EXPERIENCE Softw. Pract. Exper., 0(0), 1 0 (2000) [Version: 1999/06/11 v1.1a] Policy-directed certificate retrieval Carl A. Gunter and Trevor Jim University of Pennsylvania AT&T Labs
More information