An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

Size: px
Start display at page:

Download "An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation"

Transcription

1 An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation

2 SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations and literature under the following conditions: Any slide or slides used must be reproduced without modification The SNIA must be acknowledged as source of any material used in the body of any document containing material from these presentations. This presentation is a project of the SNIA Education Committee. 2

3 Abstract An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices to establishing effective key management policies. Without the proper generation, distribution, storage, and recovery of key material, valuable data will be eventually compromised. Worse, without proper management of key information, data can be completely lost. This session explores the fundamental issues and technologies that impact key management for disk, tape, array, and other storage devices. Major issues associated symmetric encryption keys are presented, along with practical advice on effective key management issues and practices. 3

4 The Key Management Problem 9/23/2007 An Introduction to Key Management for Secure Storage 4

5 The Key Management Problem 5

6 The Key Management Problem 9/23/2007 An Introduction to Key Management for Secure Storage 6

7 Data At Rest 7

8 Data At Rest Random Access Devices Disk Drives Sequential Access Devices Tape Drives Other Media Optical Media Data in Flight (DIF) is Still Important! 8

9 Data At Rest Data-in-Flight (DIF) Data-At-Rest (DAR) Storage System Security (SSS) Storage Resource Management (SRM) Source: Introduction to Storage Security, A SNIA Security Whitepaper, Oct 14, 2005 Storage Element Data-At-Rest (DAR) Storage Resource Management (SRM) Storage System Security (SSS) Data-in-Flight (DIF) Description Protecting the confidentiality, integrity and/or availability of data residing on servers, storage arrays, NAS appliances and other media Securely provisioning, monitoring, tuning, reallocation, and controlling the storage resources so that data may be stored and retrieved. Securing embedded operating systems and applications as well as integration with IT and security infrastructure (e.g., external authentication services, centralized logging and firewalls Protecting the confidentiality, integrity and/or availability of data as they are transferred across the storage network, the LAN, and the WAN. Also applies to management traffic 9

10 Key Management Many Key Uses Private signature key Public signature verification key Symmetric authentication key Private authentication key Public authentication key Symmetric data encryption key Symmetric key wrapping key Symmetric and asymmetric random number generation keys Symmetric master key Private key transport key Private signature key Public signature verification key Symmetric authentication key Private authentication key Public authentication key Symmetric data encryption key Symmetric key wrapping key Symmetric and asymmetric random number generation keys Symmetric master key Private key transport key 10

11 Key Management Encryption Algorithms AES 128 Bit Key 192 Bit Key 256 Bit Key DES 56 Bit Key 3DES 168 Bit Key Encryption Algorithm Modes Electronic Codebook Mode (ECB) Cipher Block Chaining Mode (CBC) Cipher Feedback Mode (CFB) Output Feedback Mode (OFB) Counter Mode (CTR) Galois/Counter Mode (GCM) LWR Encryption XOR-Encrypt-XOR (XEX) XEX-TCB-CTS (XTS) CBC-Mask-CBC (CMC) ECB-Mask-ECB (EME) 11

12 Key Management Key and Data Lifetime Forever Assure Access to Data Years from Now For a Limited Time Period Ephemeral Milliseconds, Seconds Weeks, Months, Years What Happens? Mandatory Re-Encryption Destruction of Data Destruction of Key 12

13 Key Management Policies Who Can Establish Keys? Who Can Delete Keys? What is the Lifetime of a Key? Can the Key be Archived? Are the Keys Changed Periodically? Are Keys Automatically Deleted or Archived? Who Else Can Use the Key? 13

14 Key Management Auditing Track the Key over it s Lifetime Who Created the Key and When? Who Changed the Key and When? Who Created a Copy of the Key and When? Where are the Copies of the Key Who Deleted the Key and When? 14

15 Key Management Threats Confidentiality Key Disclosure Data Accessible to Anyone Integrity Key has Been Modified Data Accessible by None Archive Key has Been Lost Availability Key Cannot be Accessed 15

16 Key Management Goals Backup/Restore Key Material Archival and Retention of Key Material Distribution of Key Material Expire, Delete, Destruction of Key Material Audit of Key's Life Cycle Reporting Events and Alerts 16

17 Keying Material 9/23/2007 An Introduction to Key Management for Secure Storage 17

18 Keys Two Major Key Algorithms Symmetric Keys Asymmetric Keys Storage Systems May Use Both Asymmetric Keys to Exchange Symmetric Keys Symmetric Keys to Encrypt/Decrypt Data 18

19 Symmetric Keys One Key Used for Both Encryption and Decryption Requires Lower Computing Power Key Key Equivalent Keys Encryption Decryption ABCDEF ABCDEF Plaintext Plaintext Ciphertext 19

20 Asymmetric Key Uses Key Pair Private Key Public Key Requires Greater Computing Power Public Key Public Key Private Key Encryption Decryption ABCDEF ABCDEF Plaintext Plaintext Ciphertext 20

21 Key Formats Key Formats Any and All Key Formats Must Be Managed Keys are Viewed as Objects Key Material Key Data Key Information: Metadata Storage Generally Uses Symmetric Keys A Secure Key Exchange Assumed Easier to Implement Less Client Resources 21

22 Key Wrapping Used to Move Keys Backup Archiving Key Encryption Key Key Encryption Key AES Encryption AES Decryption Key Wrapped Key Key Source: AES Key Wrap Specification ( 22

23 Pass Phrase Used to Generate Key Encryption Key 23

24 Basic Key Metadata Value The Actual Key Unique Identifier (GUID) Unique Within a Domain (Name Space) The Domain May be World Wide Unique May be a Globally Unique Identifier World Wide Unique Name May be a Hierarchy Important for Identifying Keys that are Moved Across Domains Across Companies Across Countries 24

25 Optional Key Metadata Name User readable name, not necessarily Unique Creator name Domain name Parent GUID Previous version GUID Version string 25

26 Optional Key Metadata Timestamps Creation Modified Valid Time Expiration Time Policies Use of key Key type Access rights - who can: Access Modify Disable Destroy Vendor-Specific Metadata 26

27 Key Management Components 9/23/2007 An Introduction to Key Management for Secure Storage 27

28 Key Management Components Client-Server View The Key The Key Server The Key Transport Channel Secure Channel Authentication Key Exchange Protocol 28

29 Client-Server View Client User or Consumer of Keys Server Provider of Keys Key Request Client (Needs a Key) Server (Maintains Keys) 29

30 Client-Server Authentication Client and Server Must Authenticate Assures Identity Secrets or Certificates Pre-Shared Keys or PKI Communications are Secure Channel Encryption Client (Needs a Key) Server (Maintains Keys) 30

31 Key Clients - Lightweight Limited Resources Limited Computational Requirements Limited Memory Requirements Communication Network Based: Out of Band Host Based: In Band Applications Disk Drives Tape Drives, Libraries Array Controllers Simple Protocol Fixed Fields and Values Similar to SCSI CDBs 31

32 Key Clients - Complex Unlimited Resources Applications Key Servers Data Bases Objects File Servers May Use a Complex Protocol Requires Complex Protocol Parser 32

33 Key Server Key Server Software Application Generic Hardware Platform Dedicated Hardware Servers Hardened Multiple Key Servers Key Management Between Servers Policy Management Accounting Validation Backup 33

34 Key Clients and Servers - Disk Typical KM Scenario Client: Host PC Passes Key to Drive Host Secure Disk Key Response Key Request Key Server 34

35 Key Clients and Servers - Disk Client is the Drive Drive or Subsystem Requests Key Directly from Server Host Secure Disk or Storage System Key Response Key Request Key Server 35

36 Key Clients and Servers - Tape Manual Key Management Host Encryption Key Tape Drive Encrypted Tape Backup Encryption Key Exchange -Tape Repository -Offsite Storage -Transit Host Encryption Key Tape Drive Restore 36

37 Key Clients and Servers - Tape Automated Key Management Key Management Protocol Key Server Ethernet Interface Protocol (SCSI, FC, SATA, etc.) Backup Server Encrypting Tape Drive/Library 37

38 Key Clients and Servers - Tape Automated Key Management Key Management Protocol Key Server Key Management Protocol Ethernet Ethernet Management Commands Interface Protocol (SCSI, FC, SATA, etc.) Backup Server Encrypting Tape 9/23/2007 Drive/Library 38 An Introduction to Key Management for Secure Storage

39 Key Clients and Servers - Enterprise Host Key Management Protocol Key Management Protocol Host Key Server Vendor A Array Controller Array Controller Host Key Management Protocol Host Appliance Array Controller Key Server Vendor B Key Management Protocol Key Management Protocol 39

40 KMS Protocol Two Primary Operations Set key Server Client Get key Client Server Optional Operations Find key Update key Replicate key Disable key Destroy key Access rights Get service info Audit log functions 40

41 Key Management Best Practices 9/23/2007 An Introduction to Key Management for Secure Storage 41

42 Best Practices: Important Key Properties Use a Cryptographic Key for Only One Purpose Do Not use Key-Encrypting Keys to Encrypt Data Do Not use Data-Encrypting Keys to encrypt other keys Use Randomly Chosen Keys from the Entire Key Space Check For and Avoid the Use of Known Weak Keys Limit the Time a Key is in Plaintext Form Prevent Humans from Viewing Plaintext Keys 42

43 Best Practices: Key Management Safety Fully Automate Key Management Whenever Possible Limit the Use of Data Encryption Keys Finite Time (Cryptoperiod) Finite Amount of Data Use Long Life Keys Sparsely Separate Key-Encrypting Keys from the Data Encryption Keys Document Authorization and Protection Objectives and Constraints Key Generation Key Distribution Key Accounting Key Storage Key Use Key Destruction Enforce strict Access Controls Limit user capabilities Enforce Separation of Duties 43

44 Best Practices: Establish Keys Securely Generate Symmetric Keys Approved Random Number Generator Creates a Key from the Previous Key Approved Key Derivation Function from a Master Key Avoid Generating Keys by Concatenation Split-Key components Multi-Key Components Limit the Distribution of Data Encryption Keys Backups Other Authorized Entities Keys Must be Protected Throughout Distribution Encryption (Key Wrapping) Physical Security 44

45 Best Practices: Operational Use Key Installation Must Not: Result in Leakage of the Key Result in Leakage of Information about the Key Provide confidentiality of the Keying Material in Storage Approved Encryption Algorithm Physical Protection Prevent Modifications Detect Any Modifications Methods to Restore Keying Material when Modifications are Detected Store Symmetric Data Encryption Keys In Backup Storage During the Cryptoperiod In Archive Storage after the End of the Cryptoperiod, if required. Change the Key When: The Key May Have Been Compromised The Cryptoperiod is Nearing Expiration The Limit of the amount of Data Protected by the Key is Approached 45

46 Best Practices: Miscellaneous Key Disposition Remove Keying Material from Backups When No Longer Needed Destroy Keying Material When it is No Longer Needed Import And Export Controls Understand and Obey Government Import and Export Regulations Associated with Encryption and Key Management. Plan for Problems Have a Key Compromise Recovery Plan in Place Escrow Keying Material to Protect Critical Information 46

47 Best Practices: Encryption Strength Security Requirements NIST SP Part 1 identifies minimum symmetric security levels, defined in bits of strength (not key size) 80 bits of security until bit AES and 1024-bit RSA 112 bits of security through DES, 128-AES and 2048-bit RSA 128 bits of security beyond AES and 3072-bit RSA 47

48 For More Information NIST Special Publication : Recommendation for Key Management ( ISO/IEC Parts 1-3: Information technology - Security techniques - Key management FIPS 140-2: SECURITY REQUIREMENTS MODULES ( Trusted Computing Group ( IEEE P1619.3: Security in Storage Workgroup (SISWG) Key Management Subcommittee ( OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee ( IETF: Provisioning of Symmetric Keys (KEYPROV) ( 48

49 Q&A / Feedback Please send any questions or comments on this presentation to SNIA: tracksecurity@snia.org Many thanks to the following individuals for their contributions to this tutorial. SNIA Education Committee Larry Hofer CISSP Eric Hibbard CISSP Walt Hubis Mark Nossokoff SNIA Security TWG SNIA SSIF 49

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members

More information

A Vendor Agnostic Overview. Walt Hubis Hubis Technical Associates

A Vendor Agnostic Overview. Walt Hubis Hubis Technical Associates Practical PRESENTATION Secure TITLE GOES Storage: HERE A Vendor Agnostic Overview Walt Hubis Hubis Technical Associates SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA

More information

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2 Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level

More information

Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0

Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0 Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.3

More information

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc. Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based

More information

Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1

Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.2 12/12/2013 Copyright 2013 Oracle Corporation Table of

More information

This Security Policy describes how this module complies with the eleven sections of the Standard:

This Security Policy describes how this module complies with the eleven sections of the Standard: Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights

More information

FDE itc: Encryption Engine (EE) cpp Functional and Assurance Requirements

FDE itc: Encryption Engine (EE) cpp Functional and Assurance Requirements FDEiTC-EE-English-00 v0. 0-0- 0 0 FDE itc: Encryption Engine (EE) cpp Functional and Assurance Requirements BEV (Border Encryption Value) - the key(s) (or secret(s)) that is passed from the AA to the EE

More information

DELL EMC DATA DOMAIN ENCRYPTION

DELL EMC DATA DOMAIN ENCRYPTION WHITEPAPER DELL EMC DATA DOMAIN ENCRYPTION A Detailed Review ABSTRACT The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers

More information

Securing Data-at-Rest

Securing Data-at-Rest Securing Data-at-Rest Robert A. (Bob) Lockhart NeoScale Systems, Inc. 1655 McCarthy Blvd, Milpitas, CA 95035-7415 Phone:+1-408-473-1300 FAX: +1-408-473-1307 E-mail: rlockhart@neoscale.com Presented at

More information

Best Current Practices and Implementing the FC Security Protocol (FC-SP)

Best Current Practices and Implementing the FC Security Protocol (FC-SP) Best Current Practices and Implementing the FC Security Protocol (FC-SP) Larry Hofer, CISSP Emulex SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies

More information

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1 Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.3 2014-01-08 Copyright 2014 Oracle Corporation Table

More information

SECURE CLOUD BACKUP AND RECOVERY

SECURE CLOUD BACKUP AND RECOVERY SECURE CLOUD BACKUP AND RECOVERY Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile data protection, and

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2

More information

ECE 646 Lecture 8. Modes of operation of block ciphers

ECE 646 Lecture 8. Modes of operation of block ciphers ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.

More information

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009 Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2 Meru Networks Revision Date: June 24, 2009 Copyright Meru Networks 2008. May be reproduced only in its original entirety

More information

The Nasuni Security Model

The Nasuni Security Model White Paper Nasuni enterprise file services ensures unstructured data security and privacy, enabling IT organizations to safely leverage cloud storage while meeting stringent governance and compliance

More information

Cloud Storage Securing CDMI. Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems

Cloud Storage Securing CDMI. Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members

More information

ISO/IEC INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD INTERNATIONAL STANDARD ISO/IEC 9797-1 Second edition 2011-03-01 Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher Technologies de l'information

More information

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE INFORMATION TECHNOLOGY SECURITY GUIDANCE CRYPTOGRAPHIC ALGORITHMS FOR UNCLASSIFIED, PROTECTED A, AND PROTECTED B INFORMATION ITSP.40.111 August 2016 FOREWORD The Cryptographic Algorithms for UNCLASSIFIED,

More information

Dyadic Security Enterprise Key Management

Dyadic Security Enterprise Key Management Dyadic Security Enterprise Key Management The Secure-as-Hardware Software with a Mathematical Proof Dyadic Enterprise Key Management (EKM) is the first software-only key management and key protection system

More information

Contents. Notices Terms and conditions for product documentation.. 45 Trademarks Index iii

Contents. Notices Terms and conditions for product documentation.. 45 Trademarks Index iii Overview IBM ii Overview Contents Product overview........... 1 What's new in this release.......... 1 Supported languages........... 3 Features overview............ 3 Key serving.............. 4 Encryption-enabled

More information

Crypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.

Crypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved. Crypto Library Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved. MLA - Crypto Library Help Table of Contents 1 Crypto Library 6 1.1 Introduction

More information

Who s Protecting Your Keys? August 2018

Who s Protecting Your Keys? August 2018 Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and

More information

SCSI Security Nuts and Bolts. Ralph Weber, ENDL Texas

SCSI Security Nuts and Bolts. Ralph Weber, ENDL Texas SCSI Security Nuts and Bolts Ralph Weber, ENDL Texas SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations

More information

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National

More information

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy Security Level 2 Rev. 0.9 November 12, 2012 Seagate Technology, LLC Page 1 Table of Contents 1 Introduction...

More information

Data Deduplication Methods for Achieving Data Efficiency

Data Deduplication Methods for Achieving Data Efficiency Data Deduplication Methods for Achieving Data Efficiency Matthew Brisse, Quantum Gideon Senderov, NEC... SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points FIPS 140-2 Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points November 4, 2010 Version 2.2 Contents This security policy

More information

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection

More information

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

DIGITALSIGN - CERTIFICADORA DIGITAL, SA. DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS

More information

Symantec Corporation

Symantec Corporation Symantec Corporation Symantec PGP Cryptographic Engine FIPS 140-2 Non-proprietary Security Policy Document Version 1.0.4 Revision Date 05/01/2015 Symantec Corporation, 2015 May be reproduced only in its

More information

INF3510 Information Security University of Oslo Spring Lecture 3 Key Management and PKI. Audun Jøsang

INF3510 Information Security University of Oslo Spring Lecture 3 Key Management and PKI. Audun Jøsang INF3510 Information Security University of Oslo Spring 2010 Lecture 3 Key Management and PKI Audun Jøsang Outline Key management Key establishment Public key infrastructure Digital certificates PKI trust

More information

An Enterprise Guide to Understanding Key Management

An Enterprise Guide to Understanding Key Management An Enterprise Guide to Understanding Key Management WHITE PAPER Executive Overview Establishing effective key and policy management is a critical component to an overall data protection strategy and lowering

More information

Chapter 6 Contemporary Symmetric Ciphers

Chapter 6 Contemporary Symmetric Ciphers Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and

More information

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17

More information

Juniper Networks Pulse Cryptographic Module. FIPS Level 1 Security Policy Version: 1.0 Last Updated: July 19, 2013

Juniper Networks Pulse Cryptographic Module. FIPS Level 1 Security Policy Version: 1.0 Last Updated: July 19, 2013 Juniper Networks Pulse Cryptographic Module FIPS 140-2 Level 1 Security Policy Version: 1.0 Last Updated: July 19, 2013 Juniper Networks, Inc. 1194 N. Mathilda Ave Sunnyvale, CA 94089 Copyright 2013 Juniper

More information

Block Cipher Modes of Operation

Block Cipher Modes of Operation Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book

More information

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Google Cloud Platform: Customer Responsibility Matrix. December 2018 Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect

More information

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum

More information

Executive Summary SOLE SOURCE JUSTIFICATION. Microsoft Integration

Executive Summary SOLE SOURCE JUSTIFICATION. Microsoft Integration Executive Summary Commvault Simpana software delivers the unparalleled advantages and benefits of a truly holistic approach to data management. It is one product that contains individually licensable modules

More information

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading: C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot,

More information

TRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION. Michael Willett, Seagate Technology

TRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION. Michael Willett, Seagate Technology TRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION Michael Willett, Seagate Technology SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals

More information

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc. The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0 Xirrus, Inc. March 8, 2011 Copyright Xirrus, Inc. 2011. May be reproduced only in its original entirety [without revision]. Page 1 TABLE

More information

FIPS Non-Proprietary Security Policy

FIPS Non-Proprietary Security Policy Quantum Corporation Scalar Key Manager Software Version 2.0.1 FIPS 140-2 Non-Proprietary Security Policy Document Version 1.4 Last Update: 2010-11-03 8:43:00 AM 2010 Quantum Corporation. May be freely

More information

Cryptographic Concepts

Cryptographic Concepts Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general

More information

NIST Cryptographic Toolkit

NIST Cryptographic Toolkit Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others

More information

Deep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3. Richard Wang and Ed Morris May 20, 2016 International Crypto Module Conference

Deep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3. Richard Wang and Ed Morris May 20, 2016 International Crypto Module Conference Deep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3 Richard Wang and Ed Morris May 20, 2016 International Crypto Module Conference Topics GCM Overview AES-GCM IV Generation FIPS Requirements (IG A.5)

More information

Juniper Network Connect Cryptographic Module Version 2.0 Security Policy Document Version 1.0. Juniper Networks, Inc.

Juniper Network Connect Cryptographic Module Version 2.0 Security Policy Document Version 1.0. Juniper Networks, Inc. Juniper Network Connect Cryptographic Module Version 2.0 Security Policy Document Version 1.0 Juniper Networks, Inc. September 10, 2009 Copyright Juniper Networks, Inc. 2009. May be reproduced only in

More information

ADVANCED DEDUPLICATION CONCEPTS. Thomas Rivera, BlueArc Gene Nagle, Exar

ADVANCED DEDUPLICATION CONCEPTS. Thomas Rivera, BlueArc Gene Nagle, Exar ADVANCED DEDUPLICATION CONCEPTS Thomas Rivera, BlueArc Gene Nagle, Exar SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may

More information

Network Security Essentials

Network Security Essentials Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of

More information

Security Policy. FORTEZZA Crypto Card

Security Policy. FORTEZZA Crypto Card Security Policy for January 16, 1997 Prepared by ipower Business Unit 2900 Semiconductor Drive P.O. Box 58090, M/S 16-225, Santa Clara, CA 95052-8090 Telephone (408) 721-5000 T his page intentionally blank

More information

Using block ciphers 1

Using block ciphers 1 Using block ciphers 1 Using block ciphers DES is a type of block cipher, taking 64-bit plaintexts and returning 64-bit ciphetexts. We now discuss a number of ways in which block ciphers are employed in

More information

Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao

Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database

More information

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT

INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT SUBSCRIBER S GUIDE VERSION 1.3 ECB-PUBLIC 15-April-2014 ESCB-PKI - Subscriber's Procedures v.1.3.docx Page 2 of 26 TABLE OF CONTENTS GLOSSARY AND ACRONYMS...

More information

Security Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE)

Security Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE) Security Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE) Cryptographic module used in Motorola Solutions Astro XTL5000, XTS5000, APX2000, SRX2200, APX4000, APX6000, APX6000XE, APX6500,

More information

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Google Cloud Platform: Customer Responsibility Matrix. April 2017 Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder

More information

ADVANCED DATA REDUCTION CONCEPTS

ADVANCED DATA REDUCTION CONCEPTS ADVANCED DATA REDUCTION CONCEPTS Thomas Rivera, Hitachi Data Systems Gene Nagle, BridgeSTOR Author: Thomas Rivera, Hitachi Data Systems Author: Gene Nagle, BridgeSTOR SNIA Legal Notice The material contained

More information

Chapter 8 Information Technology

Chapter 8 Information Technology CRIM 2130 Introduction to Critical Infrastructure Protection Spring 2016 Chapter 8 Information Technology School of Criminology and Justice Studies University of Massachusetts Lowell Enterprise systems

More information

Storage Security Standards: What Are They and What Do they Mean to Storage Consumers? Andrew Nielsen CISSP, CISA, ISSAP, ISSMP SNIA Security TWG

Storage Security Standards: What Are They and What Do they Mean to Storage Consumers? Andrew Nielsen CISSP, CISA, ISSAP, ISSMP SNIA Security TWG Storage Security Standards: What Are They and What Do they Mean to Storage Consumers? Andrew Nielsen CISSP, CISA, ISSAP, ISSMP SNIA Security TWG Table of Contents Introduction... 1 Storage Management and

More information

IBM Spectrum Protect Version Introduction to Data Protection Solutions IBM

IBM Spectrum Protect Version Introduction to Data Protection Solutions IBM IBM Spectrum Protect Version 8.1.2 Introduction to Data Protection Solutions IBM IBM Spectrum Protect Version 8.1.2 Introduction to Data Protection Solutions IBM Note: Before you use this information

More information

ACOS5-64. Functional Specifications V1.04. Subject to change without prior notice.

ACOS5-64. Functional Specifications V1.04. Subject to change without prior notice. ACOS5-64 Functional Specifications V1.04 Subject to change without prior notice Table of Contents 1.0. Introduction... 4 1.1. Card Features... 4 1.2. History of Modifications... 5 2.0. Technical Specifications...

More information

Acme Packet VME. FIPS Level 1 Validation. Software Version: E-CZ Date: July 20, 2018

Acme Packet VME. FIPS Level 1 Validation. Software Version: E-CZ Date: July 20, 2018 FIPS 140-2 Non-Proprietary Security Policy Acme Packet VME FIPS 140-2 Level 1 Validation Software Version: E-CZ 8.0.0 Date: July 20, 2018 Document Version 2.0 Oracle Communications This document may be

More information

IOS Common Cryptographic Module (IC2M)

IOS Common Cryptographic Module (IC2M) IOS Common Cryptographic Module (IC2M) FIPS 140-2 Non Proprietary Security Policy Level 1 Validation Version 0.3 April 18, 2013 Table of Contents 1 INTRODUCTION... 3 1.1 PURPOSE... 3 1.2 MODULE VALIDATION

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms

More information

Multi-Vendor Key Management with KMIP

Multi-Vendor Key Management with KMIP Multi-Vendor Key Management with KMIP Tim Hudson CTO & Technical Director tjh@cryptsoft.com 1 Abstract Practical experience from implementing KMIP and from deploying and interoperability testing multiple

More information

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9 SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9 Schweitzer Engineering Laboratories, Inc. May 21, 2007 Copyright 2005-2007 Schweitzer Engineering Laboratories, Inc. May be reproduced

More information

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of

More information

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC Dolphin DCI 1.2 FIPS 140-2 Level 3 Validation Non-Proprietary Security Policy Version 1.0 DOL.TD.000921.DRM Page 1 Version 1.0 Table of Contents 1 Introduction... 3 1.1 PURPOSE... 3 1.2 REFERENCES... 3

More information

SMPTE Standards Transition Issues for NIST/FIPS Requirements

SMPTE Standards Transition Issues for NIST/FIPS Requirements SMPTE Standards Transition Issues for NIST/FIPS Requirements Contents 2010.5.20 DRM inside Taehyun Kim 1 Introduction NIST (National Institute of Standards and Technology) published a draft special document

More information

IBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM

IBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM IBM Tivoli Storage Manager Version 7.1.6 Introduction to Data Protection Solutions IBM IBM Tivoli Storage Manager Version 7.1.6 Introduction to Data Protection Solutions IBM Note: Before you use this

More information

Inventory and Reporting Security Q&A

Inventory and Reporting Security Q&A Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes

More information

Oracle Tuxedo. Using Security in CORBA Applications 11g Release 1 ( ) March 2010

Oracle Tuxedo. Using Security in CORBA Applications 11g Release 1 ( ) March 2010 Oracle Tuxedo Using Security in CORBA Applications 11g Release 1 (11.1.1.1.0) March 2010 Oracle Tuxedo Using Security in CORBA Applications, 11g Release 1 (11.1.1.1.0) Copyright 1996, 2010, Oracle and/or

More information

Double-DES, Triple-DES & Modes of Operation

Double-DES, Triple-DES & Modes of Operation Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES

More information

Cryptography Standard

Cryptography Standard Cryptography Standard Version: 1.5 Document ID: 3537 Copyright Notice Copyright 2017, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including photocopying

More information

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc. Slide 1 Course 01: Security Fundamentals The Information

More information

Category: Informational NIST August Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm

Category: Informational NIST August Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm Network Working Group Request for Comments: 5649 Category: Informational R. Housley Vigil Security M. Dworkin NIST August 2009 Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm Abstract

More information

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016 National Identity Exchange Federation Trustmark Signing Certificate Policy Version 1.0 Published October 3, 2014 Revised March 30, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents

More information

Summary. Final Week. CNT-4403: 21.April

Summary. Final Week. CNT-4403: 21.April Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic

More information

Unit 8 Review. Secure your network! CS144, Stanford University

Unit 8 Review. Secure your network! CS144, Stanford University Unit 8 Review Secure your network! 1 Basic Problem Internet To first approximation, attackers control the network Can snoop, replay, suppress, send How do we defend against this? Communicate securely despite

More information

Extended Package for Secure Shell (SSH) Version: National Information Assurance Partnership

Extended Package for Secure Shell (SSH) Version: National Information Assurance Partnership Extended Package for Secure Shell (SSH) Version: 1.1 2016-11-25 National Information Assurance Partnership Revision History Version Date Comment 0.9 2015-08-19 First Draft - Extended Package for Secure

More information

egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO

egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index National ID & Digital Signature Estonian Prime Minister Andrus Ansip

More information

IBM Client Security Solutions. Client Security Software Version 1.0 Administrator's Guide

IBM Client Security Solutions. Client Security Software Version 1.0 Administrator's Guide IBM Client Security Solutions Client Security Software Version 1.0 Administrator's Guide December 1999 1 Before using this information and the product it supports, be sure to read Appendix A - U.S. export

More information

Block Cipher Operation

Block Cipher Operation Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple

More information

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a

More information

Hughes Network Systems, LLC Hughes Crypto Kernel Firmware Version: FIPS Non-Proprietary Security Policy

Hughes Network Systems, LLC Hughes Crypto Kernel Firmware Version: FIPS Non-Proprietary Security Policy Hughes Network Systems, LLC Hughes Crypto Kernel Firmware Version: 3.1.0.4 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 0.5 Prepared for: Prepared by: Hughes Network

More information

Key Management Interoperability Protocol (KMIP)

Key Management Interoperability Protocol (KMIP) www.oasis-open.org Management Interoperability Protocol (KMIP) April 2 nd, 2009 1 Agenda The Need for Interoperable Management KMIP Overview KMIP Specification KMIP Use Cases 2 The Need for Interoperable

More information

Afilias DNSSEC Practice Statement (DPS) Version

Afilias DNSSEC Practice Statement (DPS) Version Afilias DNSSEC Practice Statement (DPS) Version 1.07 2018-02-26 Page 1 of 8 1. INTRODUCTION 1.1. Overview This document was created using the template provided under the current practicing documentation.

More information

ISO INTERNATIONAL STANDARD. Road vehicles Extended data link security. Véhicules routiers Sécurité étendue de liaison de données

ISO INTERNATIONAL STANDARD. Road vehicles Extended data link security. Véhicules routiers Sécurité étendue de liaison de données INTERNATIONAL STANDARD ISO 15764 First edition 2004-08-15 Road vehicles Extended data link security Véhicules routiers Sécurité étendue de liaison de données Reference number ISO 15764:2004(E) ISO 2004

More information

CIS 4360 Secure Computer Systems Symmetric Cryptography

CIS 4360 Secure Computer Systems Symmetric Cryptography CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

More information

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,

More information

Internet Engineering Task Force (IETF) Request for Comments: 7192 Category: Standards Track April 2014 ISSN:

Internet Engineering Task Force (IETF) Request for Comments: 7192 Category: Standards Track April 2014 ISSN: Internet Engineering Task Force (IETF) S. Turner Request for Comments: 7192 IECA Category: Standards Track April 2014 ISSN: 2070-1721 Abstract Algorithms for Cryptographic Message Syntax (CMS) Key Package

More information

Data-at-Rest Encryption

Data-at-Rest Encryption Data-at-Rest Encryption At-rest encryption in SwiftStack encrypts all object data, object etags (checksums), and any user metadata values set on objects. The feature is enabled by a cluster operator and

More information

Fabric Security (Securing the SAN Infrastructure) Daniel Cohen Solutioneer Brocade Communications Systems, Inc

Fabric Security (Securing the SAN Infrastructure) Daniel Cohen Solutioneer Brocade Communications Systems, Inc Fabric Security (Securing the SAN Infrastructure) Daniel Cohen Solutioneer Brocade Communications Systems, Inc Agenda Why Secure a SAN? SAN Security Threats Weaknesses Fabric Security Controls Security

More information

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 12 Message Authentication Codes At cats' green on the Sunday he took the message from

More information

IBM System Storage TS1140 Tape Drive Machine Type 3592, Model E07. Security Policy

IBM System Storage TS1140 Tape Drive Machine Type 3592, Model E07. Security Policy i IBM System Storage TS1140 Tape Drive Machine Type 3592, Model E07 Security Policy Document ii Table of Contents 1 Document History... 1 2 Introduction... 2 2.1 References... 4 2.2 Document Organization...

More information

Network Security Essentials Chapter 2

Network Security Essentials Chapter 2 Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need

More information

FIPS SECURITY POLICY FOR

FIPS SECURITY POLICY FOR FIPS 140-2 SECURITY POLICY FOR SPECTRAGUARD ENTERPRISE SENSOR August 26, 2011 FIPS 140-2 LEVEL-2 SECURITY POLICY FOR AIRTIGHT NETWORKS SPECTRAGUARD ENTERPRISE SENSOR 1. Introduction This document describes

More information

Security Policy for FIPS KVL 3000 Plus

Security Policy for FIPS KVL 3000 Plus Security Policy for FIPS 140-2 KVL 3000 Plus Version 01.01.19 Motorola General Business Information 1 of 21 Motorola General Business Information 2 of 21 1 INTRODUCTION... 4 1.1 SCOPE... 4 1.2 OVERVIEW...

More information