STRONG DATA PRIVACY AND SECURITY FOR THE IOT
|
|
- Dwayne Johnson
- 5 years ago
- Views:
Transcription
1 STRONG DATA PRIVACY AND SECURITY FOR THE IOT François Ambrosini, ETSI TC CYBER STF 529, IBIT Ambrosini UG Extending access control in onem2m systems with Attribute Based Encryption
2 Outline Introduction and objectives Limitations of traditional public key encryption for access control Getting to know Attribute Based Encryption (ABE) Operational models Integrating ABE in the access control stack Example usage in onem2m Outlook and conclusion 2 ETSI All rights reserved
3 Introduction ETSI Specialist Task Force 529 under supervision of TC CYBER is currently developing an access control toolkit leveraging Attribute Based Encryption (ABE) Objective: access control using encryption Bind access control to encrypted data Protect data during the complete lifecycle Goes beyond real time access control A toolbox Addressing Cloud, Mobile, and IoT That other Standard Defining Organisations can pick up Focusing on interoperability (ontologies and existing access control systems) Applicable to onem2m, would complement real time access control 3
4 Why ABE? Limitations of Traditional Public Key Encryption for access control (simplified example) shares or 2 2 requests K pub K priv 1 setup encrypts decrypts cleartext 3 ciphertext 4 cleartext Data Owner Recipients How can the data owner share with many recipients and enforce access control? Obtain K pub from each recipient and encrypt for each recipient Does not scale, puts constraints on the data owner Does not allow recipients to share data among themselves, under data owner control 4
5 Getting to know ABE (1) 1 setup MSK MPK Many to many encryption scheme Based on a secret sharing scheme (a secret is split into shares) mapped to attributes and policies The data owner remains in control the setup phase allows to declare attributes; a Master Secret Key and a Master Public Key are generated The Master Secret Key allows to generate private keys Because he owns the Master Secret Key, only the data owner can issue private keys Scales better for the data owner 2 provisioning evaluates request and generates requests a private key Could also be devices or services K priv Data Owner returns Recipient Other recipients 5
6 Getting to know ABE (2) Example using Ciphertext Policy ABE (CP ABE) a variant of ABE where the policy is in the encrypted data 3 encrypts Policy expense report encrypted expense report ( (service == finance) AND (role == auditor) ) OR (role == CFO) 4 decrypts encrypted expense report role == CFO expense report ( (service == finance) AND (role == auditor) ) OR (role == CFO) Recipient If a branch of the policy is satisfied, the recipient has enough shares to recover the secret and perform decryption Similar to permit override combining algorithm in XACML & onem2m 6
7 Getting to know ABE (3) Recipients can become contributing third parties Access control still applies 5 can encrypt as well Attributes or Policy Recipient acting as Contributor cleartext ciphertext Data Owner Other recipients e.g. results from data analytics can access new ciphertext using their K priv, or if MSK owner grants an appropriate K priv 7
8 Our operational models Long Term Storage Characteristics data at rest when the on board storage area offers low security or is remote and untrusted while keeping access control in force Basis for IoT and B2B data sharing use cases Offline Access Control Platform Provider Characteristics environment offers too little or no network connectivity limits user / device authentication and authorisation services relies on pre provisioning of keys as well as out of band methods Basis for some industrial IoT use cases with strong isolation constraints Can be extended to offline authentication / authorisation Characteristics users delegate access control over their data, to a trusted Platform Provider Platform Provider offers user friendly access control management third party service providers connect to the Platform Provider and request permission to obtain data Basis for Cloud and Mobile use cases 8
9 Intermediate Access Control Languages And relation to ontologies High-level access control frameworks Complex attributes and related operators: Locations (zones, circles, etc.) Timestamps Device types Free strings (Roles etc.) onem2m XACML Layer 2 Translator non-abe services Allow a mapping to ontologies at the level of the cryptosystem Layer 1 Translator Basic attributes and operators: Integers Booleans ABE schemes S1 S2 ABE library tools 9
10 Some possible uses of ABE in onem2m Time based access control in the Long Term Storage model Data are saved with attributes allowing comparison against accesscontroltimewindow which is expressed as a policy in K priv AE/CSE resource access control in the Offline Access Control model AE/CSE runs an ABE challenge response protocol with the Originator The protocol is successful only if the Originator possesses a K priv that satisfies the access control policy set by the AE/CSE Direct/Indirect Dynamic Authorisation, RBAC, and Privacy Policy Manager in the Platform Provider model K priv can be used to emulate tokens These are being discussed within ETSI TC CYBER and its STF 529 and not yet proposed to onem2m 10
11 Other aspects & outlook A Public Key Infrastructure is still needed in support of ABE Secure distribution of keys, proof of data origin, proof of assertions Performance and security FAME scheme from Agrawal & Chase recently selected, very promising with good security proof a normative specification will be included in the toolkit Crypto agility: the toolkit will permit use of other ABE schemes Optimisations & upgrade of cryptographic algorithms Under research: post quantum ABE schemes Current hard problems will not be so hard under quantum computing Schemes exist but are not yet practical, state of the art remains theoretical Bonus: more expressiveness could be achieved with post quantum schemes Under research: homomorphic encryption in conjunction with ABE Would allow to process information without accessing the raw data cryptographically not trivial to achieve at all 11
12 Final note ETSI TC CYBER Advises other groups in ETSI for cybersecurity matters (e.g. Lawful Interception, NFV Security) Spearheads and coordinates ETSI s technical response to EU legislation related to cybersecurity (GDPR, NIS, upcoming Cybersecurity Act ) ETSI TC CYBER WG QSC (CYBER QSC) Focus is on quantum safe cryptography Have identified ABE on their roadmap Plans to make draft TS (DTS CYBER 0025) available for public review in the near future Publication planned Feb/March
13 Thank you!? 13
14 Annex Contacts ETSI TC CYBER STF
15 Annex Examples for onem2m (KP ABE) Time based access control in the Long Term Storage model <acr> Access control rule as in onem2m TS-0003 An acr can mention allowed access time in a crontab-compatible format convert MPK 1 Configured ABE attributes: - SEC min - SEC max - MIN min - MIN max - etc. measurement data from an AE are subject to accesscontroltimewindow parameter in an access rule applying to Originator O A a datum is accessible at a specific time window; if we back it up, we can attach this information to the datum when the data is saved with ABE, the ciphertext is annotated with attributes expressing the timeframe at which the data were accessible (compatible with the crontab syntax); this is possible at the price of losing resolution and by setting rules on the calculation of attributes at AE/CSE thus this requires good granularity of the ciphertext generation frequency when O A needs access to data in the past, it requests K priv with a policy matching accesscontroltimewindow K priv MPK 4 decrypts 3 e.g You may access all data captured between Monday and Friday on any week of any year Encrypts using the attributes in order to express the timeframe of data capture in a crontab-compatible format K priv MPK 2 MPK AE/CSE ciphertext 15
16 Annex Examples for onem2m (KP ABE) AE/CSE resource access control in the Offline Access Control model <acr> An acr can mention allowed operations (CRUD and others) convert MPK Configured ABE attributes: - device_id - resource_id - operation_id Access control rule as in onem2m TS resources from an AE/CSE are subject to an access rule applying to Originator O A ABE attributes are defined to identify operations and resources of the AE/CSE AE/CSE is provisioned with the MPK When O A requests a given operation on a given resource, the AE/CSE runs a challenge response protocol by encrypting a secret using the MPK and the ABE attributes matching the request O A can solve the challenge only if they have a Kpriv with a matching policy Extensible to other access control parameters e.g. accesscontroltimewindow O A 3 2 K priv MPK Encrypt( 4 e.g You may UPDATE resource #1 on device ABC requests resource #1 update, resource_id = 1, device_id = ABC operation_id = UPDATE, secret) response with secret MPK AE/CSE update protocol continues 16 (simplified example)
Industrial IoT and Wearables
Industrial IoT and Wearables Local and Central ABAC Data Access Control Enforcement Proof Of Concept based on ABE ETSI Security Week June 2016 Mathieu DESTRIAN CEO Intellinium
More informationA QUICK INTRODUCTION TO THE NFV SEC WG. Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG
A QUICK INTRODUCTION TO THE NFV SEC WG Igor Faynberg, Cable Labs Chairman ETSI NFV SEC WG 1 The NFV SEC Working Group Misson The NFV SEC Working Group comprises computer. network, and Cloud security experts
More informationNFV SEC TUTORIAL. Igor Faynberg, CableLabs Chairman, NFV Security WG
NFV SEC TUTORIAL Igor Faynberg, CableLabs Chairman, NFV Security WG 1 The NFV SEC Working Group Mission The NFV SEC Working Group comprises Computing, Networking and Cloud security experts representing
More informationWAVE: A Decentralized Authorization Framework with Transitive Delegation
WAVE: A Decentralized Authorization Framework with Transitive Delegation Michael P Andersen, Sam Kumar, H y u n g-sin Kim, John Kolb, Kaifei C h e n, Moustafa AbdelBaky, Gabe Fierro, David E. Culler, R
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationDelegated Access for Hadoop Clusters in the Cloud
Delegated Access for Hadoop Clusters in the Cloud David Nuñez, Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab) Universidad de Málaga, Spain Email: dnunez@lcc.uma.es
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationOneID An architectural overview
OneID An architectural overview Jim Fenton November 1, 2012 Introduction OneID is an identity management technology that takes a fresh look at the way that users authenticate and manage their identities
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationTrust Enhanced Cryptographic Role-based Access Control for Secure Cloud Data Storage
1 Trust Enhanced Cryptographic Role-based Access Control for Secure Cloud Data Storage Lan Zhou,Vijay Varadharajan,and Michael Hitchens Abstract Cloud data storage has provided significant benefits by
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More information5G-ENSURE. Privacy Enablers. (Project Number )
5G-ENSURE (Project Number 671562) Privacy Enablers madalina.baltatu@telecomitalia.it luciana.costa@telecomitalia.it dario.lombardo@telecomitalia.it Privacy enhanced identity protection Privacy Enablers
More informationHow Secured2 Uses Beyond Encryption Security to Protect Your Data
Secured2 Beyond Encryption How Secured2 Uses Beyond Encryption Security to Protect Your Data Secured2 Beyond Encryption Whitepaper Document Date: 06.21.2017 Document Classification: Website Location: Document
More informationHARDWARE SECURITY MODULES (HSMs)
HARDWARE SECURITY MODULES (HSMs) Cryptography: The basics Protection of data by using keys based on complex, randomly-generated, unique numbers Data is processed by using standard algorithms (mathematical
More informationAoT: Authentication and Access Control for the Entire IoT Device Life-Cycle
AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle Noura Alomar November 7th, 2018 1 AoT The AoT paper is one of the earliest and most cited papers on IoT defense and it considers
More informationAn IBE Scheme to Exchange Authenticated Secret Keys
An IBE Scheme to Exchange Authenticated Secret Keys Waldyr Dias Benits Júnior 1, Routo Terada (Advisor) 1 1 Instituto de Matemática e Estatística Universidade de São Paulo R. do Matão, 1010 Cidade Universitária
More information1-7 Attacks on Cryptosystems
1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from
More informationETSI ESI and Signature Validation Services
ETSI ESI and Signature Validation Services Presented by: Andrea Röck For: Universign and ETSI STF 524 expert 24.10.2018 CA day ETSI 2018 Agenda Update on standardisation under eidas Signature validation
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationSecure Data Sharing in Cloud Computing: Challenges and Research Directions
Cyber Summer School Melbourne, 12-13 Feb 2018 Secure Data Sharing in Cloud Computing: Challenges and Research Directions Willy Susilo Institute of Cybersecurity and Cryptology School of Computing and Information
More informationProxy re encryption schemes for IoT and crowd sensing
Proxy re encryption schemes for IoT and crowd sensing Conference or Workshop Item Accepted Version Díaz Sánchez, D., Sherratt, R. S., Arias, P., Almenares, F. and Marín López, A. M. (2016) Proxy re encryption
More informationSecurity in ECE Systems
Lecture 11 Information Security ECE 197SA Systems Appreciation Security in ECE Systems Information security Information can be very valuable Secure communication important to protect information Today
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationAttribute-based encryption with encryption and decryption outsourcing
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Attribute-based encryption with encryption and decryption outsourcing
More informationFoundations of Cryptography CS Shweta Agrawal
Foundations of Cryptography CS 6111 Shweta Agrawal Course Information 4-5 homeworks (20% total) A midsem (25%) A major (35%) A project (20%) Attendance required as per institute policy Challenge questions
More informationSECURING FUTURE RADIO TECHNOLOGIES IN THE VIRTUALISED WORLD. The RRS impact on Security in Radio
SECURING FUTURE RADIO TECHNOLOGIES IN THE VIRTUALISED WORLD The RRS impact on Security in Radio Your speaker Scott CADZOW Director, Consultant, Security Expert, Standards developer, Pen tester, Cryptanalyst
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationDigital Identity Guidelines aka NIST SP March 1, 2017 Ken Klingenstein, Internet2
Digital Identity Guidelines aka NIST SP 800-63 March 1, 2017 Ken Klingenstein, Internet2 Topics 800-63 History and Current Revision process Caveats and Comments LOA Evolution Sections: 800-63A (Enrollment
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationSecurity and Privacy in the Internet of Things : Antonio F. Skarmeta
Security and Privacy in the Internet of Things : Antonio F. Skarmeta University of Murcia (UMU) SPAIN Motivation Security and privacy concerns were always there but we need to move from
More informationSOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE
SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE March 2018 Table of Contents Introduction...1 Design...2 Use Cases...2 Underlay...3 Overlay...3 Dynamic Segmentation...3 Non-Stop Networking...4 Summary...5
More informationPOST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG
POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK 2018 02.02.2018 DR. DANIEL SLAMANIG WHAT IS POST-QUANTUM CRYPTOGRAPHY? Also called quantum safe/resistant cryptography NOT quantum cryptography (= quantum
More informationQUANTUM SAFE PKI TRANSITIONS
QUANTUM SAFE PKI TRANSITIONS Quantum Valley Investments Headquarters We offer quantum readiness assessments to help you identify your organization s quantum risks, develop an upgrade path, and deliver
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationINFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT
INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT SUBSCRIBER S GUIDE VERSION 1.3 ECB-PUBLIC 15-April-2014 ESCB-PKI - Subscriber's Procedures v.1.3.docx Page 2 of 26 TABLE OF CONTENTS GLOSSARY AND ACRONYMS...
More informationKey Protection for Endpoint, Cloud and Data Center
Key Protection for Endpoint, Cloud and Data Center ENCRYPTION IS ONLY AS SECURE AS ITS LEAST SECURE KEY Encryption is undoubtedly one of the pillars of information security. It is used everywhere today:
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationThe Open Protocol for Access Control Identification and Ticketing with PrivacY
The Open Protocol for Access Control Identification and Ticketing with PrivacY For Secure Contactless Transactions and Enabling Logical and Physical Access Convergence October 2010 Actividentity 2 OPACITY
More informationElectronic registered delivery services (ERDS) in light of the eidas regulation. Warsaw Common Sign Conference 2015
Electronic registered delivery services (ERDS) in light of the eidas regulation Warsaw Common Sign Conference 2015 ! 1. e-delivery and the eidas regulation - EU legislative framework - French legislative
More informationDigital Platforms for 'Interoperable and smart homes and grids'
25 October 2017, Brussels Digital Platforms for 'Interoperable and smart homes and grids' Focus Area "Digitising and Transforming European Industry and Services by Svet Mihaylov DG CONNECT WP 2018-2020
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationClock-Based Proxy Re-encryption Scheme in Unreliable Clouds
Clock-Based Proxy Re-encryption Scheme in Unreliable Clouds Qin Liu [1][2], Guojun Wang [1], and Jie Wu [2], [1] Central South University, China [2] Temple University, USA 1 Outline 1. 1. Introduction
More informationLeveraging the full potential of NFC to reinvent physical access control. Friday seminar,
Leveraging the full potential of NFC to reinvent physical access control Wireless@KTH Friday seminar, 2012-08-31 NFC (Near Field Communication) A new radio communication technology for mobile phones Uses
More informationForensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation
Forensics Challenges Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation Introduction Encrypted content is a challenge for investigators Makes it difficult
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationAn Overview of Secure Multiparty Computation
An Overview of Secure Multiparty Computation T. E. Bjørstad The Selmer Center Department of Informatics University of Bergen Norway Prøveforelesning for PhD-graden 2010-02-11 Outline Background 1 Background
More informationSecure Data Storage and Data Retrieval in Cloud Storage using Cipher Policy Attribute based Encryption
Indian Journal of Science and Technology, Vol 8(S9), 318 325, May 2015 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 DOI: 10.17485/ijst/2015/v8iS9/65600 Secure Data Storage and Data Retrieval in Cloud
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationETSI GR NFV-IFA 028 V3.1.1 ( )
GR NFV-IFA 028 V3.1.1 (2018-01) GROUP REPORT Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Report on architecture options to support multiple administrative domains Disclaimer
More informationData Privacy in Your Own Backyard
White paper Data Privacy in Your Own Backyard Staying Secure Under New GDPR Employee Internet Monitoring Rules www.proofpoint.com TABLE OF CONTENTS INTRODUCTION... 3 KEY GDPR PROVISIONS... 4 GDPR AND EMPLOYEE
More informationSéminaire sur la Certification Electronique
Séminaire sur la Certification Electronique Algiers Algeria, 8-9 December, 2009 International Telecommunication Arab Regional Office Assisting Governments in Developing e-commerce Ecosystems: A Synthesis
More informationKey Escrow free Identity-based Cryptosystem
Key Escrow free Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university, located in capital of Gujarat state in India. DA-IICT offers undergraduate and postgraduate
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationSecurity and Privacy in Car2Car Adhoc Networks
Security and Privacy in Car2Car Adhoc Networks Antonio Kung Trialog www.trialog.com 15/06/2016 1 Introduction French SME Involved since 2002 in security and privacy for connected vehicles 15/06/2016 2
More informationUsing Cryptography CMSC 414. October 16, 2017
Using Cryptography CMSC 414 October 16, 2017 Digital Certificates Recall: K pub = (n, e) This is an RSA public key How do we know who this is for? Need to bind identity to a public key We can do this using
More informationFuture-Proof Security & Privacy in IoT
All rights reserved, Arthur s Legal B.V. Future-Proof Security & Privacy in IoT From State of Play, To State of The Art Arthur van der Wees, LLM Managing Director Arthur s Legal, the global tech-by-design
More informationDIGITIZING INDUSTRY, ICT STANDARDS TO
DIGITIZING INDUSTRY, ICT STANDARDS TO DELIVER ON DIGITAL SINGLE MARKET OBJECTIVES ETSI When Standards Support Policy 14 November 2016 Emilio Davila Gonzalez Unit Start ups & Innovation, EC DG Connect 72%
More informationUnbound and Oasis KMIP Interoperability
Unbound and Oasis KMIP Interoperability Thad Roemer, Solutions Architect April 2018 What does KMIP do? Security Applications or Appliances Key Material & Metadata Transport KMIP Key Management Server Create,
More informationCyber Security Beyond 2020
Paulo Empadinhas Steve Purser NLO meeting ENISA Athens 26/04/2017 European Union Agency for Network and Information Security Main findings ENISA s current tasks and product portfolio shall be retained.
More informationSieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds
Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds Frank Wang (MIT CSAIL), James Mickens (Harvard), Nickolai Zeldovich (MIT CSAIL), Vinod Vaikuntanathan (MIT CSAIL) 1 Motivation
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationIn Accountable IoT We Trust
In Accountable IoT We Trust AIOTI WG3 Security & Privacy-in-IoT Taskforces, and H2020 CSA CREATE-IoT & LSPs AG Trust in IoT Arthur van der Wees Managing Director Arthur s Legal, the global tech-by-design
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationSecurity Specification for Cloud Data Services. Enterprise Cloud Customer Council Technical Working Group
Security Specification for Cloud Data Services Enterprise Cloud Customer Council Technical Working Group October 2017 Preamble Overview The Enterprise Cloud Customer Council (E3C) is a group of enterprise
More informationCybersecurity ecosystem and TDL Antonio F. Skarmeta
Cybersecurity ecosystem and TDL Antonio F. Skarmeta University of Murcia (UMU) SPAIN CyberSecurity Challenges in a fully connected World Trust Framework 1. Policies for trust in heterogeneous
More informationSecuring cross-border exchange of ehealth data in the EU
Securing cross-border exchange of ehealth data in the EU Ioannis Komnios KONFIDO Project Coordinator EXUS Software Ltd, NCSR "Demokritos", Athens, Greece KONFIDO means Trust in Esperanto 2 KONFIDO Consortium
More informationSmart City, Internet of Things, Security and Privacy
Smart City, Internet of Things, Security and Privacy Peter Waher Abstract. This course contains a series of lectures and practical laboratory assignments spanning four days that provide the participants
More informationAgenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2
GRC3386BUS GDPR Readiness with IBM Cloud Secure Virtualization Raghu Yeluri, Intel Corporation Shantu Roy, IBM Bill Hackenberger, Hytrust #VMworld #GRC3386BUS Agenda GDPR Overview & Requirements IBM Secure
More informationDyadic Security Enterprise Key Management
Dyadic Security Enterprise Key Management The Secure-as-Hardware Software with a Mathematical Proof Dyadic Enterprise Key Management (EKM) is the first software-only key management and key protection system
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationS. Erfani, ECE Dept., University of Windsor Network Security
4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationNIS Standardisation ENISA view
NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number
More informationBuilding firmware update: The devil is in the details
Building firmware update: The devil is in the details Atsushi Haruta, IoT Services Group, Arm Arm Tech Symposia Japan 2017 Arm Mbed: Secure device management Application Cloud Mbed Cloud Secure, scalable,
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationDIGITALSIGN - CERTIFICADORA DIGITAL, SA.
DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS
More informationAuthorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin
Master s Thesis Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin Tomas Nilsson Department of Electrical and Information Technology, Faculty of Engineering, LTH, Lund University,
More informationChallenges for a quantum-safe Internet of Things
Challenges for a quantum-safe Internet of Things Oscar Garcia-Morchon, Ronald Rietman, Ludo Tolhuizen Philips 1 Agenda IoT: requirements and challenges Device lifecycle and security needs Architectural
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationSAFEcrypto: Secure Architectures of Future Emerging cryptography
SAFEcrypto: Secure Architectures of Future Emerging cryptography Máire O Neill Queen s University Belfast This project has received funding from the European Union H2020 research and innovation programme
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationTLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key
TLS 1.3 Extension for Certificate-based Authentication with an External Pre-Shared Key draft-housley-tls-tls13-cert-with-extern-psk Russ Housley TLS WG at IETF 102 July 2018 TLS 1.3 Authentication and
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationFedRAMP Digital Identity Requirements. Version 1.0
FedRAMP Digital Identity Requirements Version 1.0 January 31, 2018 DOCUMENT REVISION HISTORY DATE VERSION PAGE(S) DESCRIPTION AUTHOR 1/31/2018 1.0 All Initial document FedRAMP PMO i ABOUT THIS DOCUMENT
More informationDyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
More informationSelection of Cryptographic Algorithms, Post-Quantum Cryptography: ANSSI Views
Selection of Cryptographic Algorithms, Post-Quantum Cryptography: ANSSI Views Henri Gilbert Head of Crypto Laboratory ANSSI, France henri.gilbert@ssi.gouv.fr Issue > medium/long term security of cryptographic
More information