An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
|
|
- Blake Hudson
- 6 years ago
- Views:
Transcription
1 An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation
2 SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations and literature under the following conditions: Any slide or slides used must be reproduced without modification The SNIA must be acknowledged as source of any material used in the body of any document containing material from these presentations. This presentation is a project of the SNIA Education Committee. 2
3 Abstract An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices to establishing effective key management policies. Without the proper generation, distribution, storage, and recovery of key material, valuable data will be eventually compromised. Worse, without proper management of key information, data can be completely lost. This session explores the fundamental issues and technologies that impact key management for disk, tape, array, and other storage devices. Major issues associated symmetric encryption keys are presented, along with practical advice on effective key management issues and practices. 3
4 The Key Management Problem 9/23/2007 An Introduction to Key Management for Secure Storage 4
5 The Key Management Problem 5
6 The Key Management Problem 9/23/2007 An Introduction to Key Management for Secure Storage 6
7 Data At Rest 7
8 Data At Rest Random Access Devices Disk Drives Sequential Access Devices Tape Drives Other Media Optical Media Data in Flight (DIF) is Still Important! 8
9 Data At Rest Data-in-Flight (DIF) Data-At-Rest (DAR) Storage System Security (SSS) Storage Resource Management (SRM) Source: Introduction to Storage Security, A SNIA Security Whitepaper, Oct 14, 2005 Storage Element Data-At-Rest (DAR) Storage Resource Management (SRM) Storage System Security (SSS) Data-in-Flight (DIF) Description Protecting the confidentiality, integrity and/or availability of data residing on servers, storage arrays, NAS appliances and other media Securely provisioning, monitoring, tuning, reallocation, and controlling the storage resources so that data may be stored and retrieved. Securing embedded operating systems and applications as well as integration with IT and security infrastructure (e.g., external authentication services, centralized logging and firewalls Protecting the confidentiality, integrity and/or availability of data as they are transferred across the storage network, the LAN, and the WAN. Also applies to management traffic 9
10 Key Management Many Key Uses Private signature key Public signature verification key Symmetric authentication key Private authentication key Public authentication key Symmetric data encryption key Symmetric key wrapping key Symmetric and asymmetric random number generation keys Symmetric master key Private key transport key Private signature key Public signature verification key Symmetric authentication key Private authentication key Public authentication key Symmetric data encryption key Symmetric key wrapping key Symmetric and asymmetric random number generation keys Symmetric master key Private key transport key 10
11 Key Management Encryption Algorithms AES 128 Bit Key 192 Bit Key 256 Bit Key DES 56 Bit Key 3DES 168 Bit Key Encryption Algorithm Modes Electronic Codebook Mode (ECB) Cipher Block Chaining Mode (CBC) Cipher Feedback Mode (CFB) Output Feedback Mode (OFB) Counter Mode (CTR) Galois/Counter Mode (GCM) LWR Encryption XOR-Encrypt-XOR (XEX) XEX-TCB-CTS (XTS) CBC-Mask-CBC (CMC) ECB-Mask-ECB (EME) 11
12 Key Management Key and Data Lifetime Forever Assure Access to Data Years from Now For a Limited Time Period Ephemeral Milliseconds, Seconds Weeks, Months, Years What Happens? Mandatory Re-Encryption Destruction of Data Destruction of Key 12
13 Key Management Policies Who Can Establish Keys? Who Can Delete Keys? What is the Lifetime of a Key? Can the Key be Archived? Are the Keys Changed Periodically? Are Keys Automatically Deleted or Archived? Who Else Can Use the Key? 13
14 Key Management Auditing Track the Key over it s Lifetime Who Created the Key and When? Who Changed the Key and When? Who Created a Copy of the Key and When? Where are the Copies of the Key Who Deleted the Key and When? 14
15 Key Management Threats Confidentiality Key Disclosure Data Accessible to Anyone Integrity Key has Been Modified Data Accessible by None Archive Key has Been Lost Availability Key Cannot be Accessed 15
16 Key Management Goals Backup/Restore Key Material Archival and Retention of Key Material Distribution of Key Material Expire, Delete, Destruction of Key Material Audit of Key's Life Cycle Reporting Events and Alerts 16
17 Keying Material 9/23/2007 An Introduction to Key Management for Secure Storage 17
18 Keys Two Major Key Algorithms Symmetric Keys Asymmetric Keys Storage Systems May Use Both Asymmetric Keys to Exchange Symmetric Keys Symmetric Keys to Encrypt/Decrypt Data 18
19 Symmetric Keys One Key Used for Both Encryption and Decryption Requires Lower Computing Power Key Key Equivalent Keys Encryption Decryption ABCDEF ABCDEF Plaintext Plaintext Ciphertext 19
20 Asymmetric Key Uses Key Pair Private Key Public Key Requires Greater Computing Power Public Key Public Key Private Key Encryption Decryption ABCDEF ABCDEF Plaintext Plaintext Ciphertext 20
21 Key Formats Key Formats Any and All Key Formats Must Be Managed Keys are Viewed as Objects Key Material Key Data Key Information: Metadata Storage Generally Uses Symmetric Keys A Secure Key Exchange Assumed Easier to Implement Less Client Resources 21
22 Key Wrapping Used to Move Keys Backup Archiving Key Encryption Key Key Encryption Key AES Encryption AES Decryption Key Wrapped Key Key Source: AES Key Wrap Specification ( 22
23 Pass Phrase Used to Generate Key Encryption Key 23
24 Basic Key Metadata Value The Actual Key Unique Identifier (GUID) Unique Within a Domain (Name Space) The Domain May be World Wide Unique May be a Globally Unique Identifier World Wide Unique Name May be a Hierarchy Important for Identifying Keys that are Moved Across Domains Across Companies Across Countries 24
25 Optional Key Metadata Name User readable name, not necessarily Unique Creator name Domain name Parent GUID Previous version GUID Version string 25
26 Optional Key Metadata Timestamps Creation Modified Valid Time Expiration Time Policies Use of key Key type Access rights - who can: Access Modify Disable Destroy Vendor-Specific Metadata 26
27 Key Management Components 9/23/2007 An Introduction to Key Management for Secure Storage 27
28 Key Management Components Client-Server View The Key The Key Server The Key Transport Channel Secure Channel Authentication Key Exchange Protocol 28
29 Client-Server View Client User or Consumer of Keys Server Provider of Keys Key Request Client (Needs a Key) Server (Maintains Keys) 29
30 Client-Server Authentication Client and Server Must Authenticate Assures Identity Secrets or Certificates Pre-Shared Keys or PKI Communications are Secure Channel Encryption Client (Needs a Key) Server (Maintains Keys) 30
31 Key Clients - Lightweight Limited Resources Limited Computational Requirements Limited Memory Requirements Communication Network Based: Out of Band Host Based: In Band Applications Disk Drives Tape Drives, Libraries Array Controllers Simple Protocol Fixed Fields and Values Similar to SCSI CDBs 31
32 Key Clients - Complex Unlimited Resources Applications Key Servers Data Bases Objects File Servers May Use a Complex Protocol Requires Complex Protocol Parser 32
33 Key Server Key Server Software Application Generic Hardware Platform Dedicated Hardware Servers Hardened Multiple Key Servers Key Management Between Servers Policy Management Accounting Validation Backup 33
34 Key Clients and Servers - Disk Typical KM Scenario Client: Host PC Passes Key to Drive Host Secure Disk Key Response Key Request Key Server 34
35 Key Clients and Servers - Disk Client is the Drive Drive or Subsystem Requests Key Directly from Server Host Secure Disk or Storage System Key Response Key Request Key Server 35
36 Key Clients and Servers - Tape Manual Key Management Host Encryption Key Tape Drive Encrypted Tape Backup Encryption Key Exchange -Tape Repository -Offsite Storage -Transit Host Encryption Key Tape Drive Restore 36
37 Key Clients and Servers - Tape Automated Key Management Key Management Protocol Key Server Ethernet Interface Protocol (SCSI, FC, SATA, etc.) Backup Server Encrypting Tape Drive/Library 37
38 Key Clients and Servers - Tape Automated Key Management Key Management Protocol Key Server Key Management Protocol Ethernet Ethernet Management Commands Interface Protocol (SCSI, FC, SATA, etc.) Backup Server Encrypting Tape 9/23/2007 Drive/Library 38 An Introduction to Key Management for Secure Storage
39 Key Clients and Servers - Enterprise Host Key Management Protocol Key Management Protocol Host Key Server Vendor A Array Controller Array Controller Host Key Management Protocol Host Appliance Array Controller Key Server Vendor B Key Management Protocol Key Management Protocol 39
40 KMS Protocol Two Primary Operations Set key Server Client Get key Client Server Optional Operations Find key Update key Replicate key Disable key Destroy key Access rights Get service info Audit log functions 40
41 Key Management Best Practices 9/23/2007 An Introduction to Key Management for Secure Storage 41
42 Best Practices: Important Key Properties Use a Cryptographic Key for Only One Purpose Do Not use Key-Encrypting Keys to Encrypt Data Do Not use Data-Encrypting Keys to encrypt other keys Use Randomly Chosen Keys from the Entire Key Space Check For and Avoid the Use of Known Weak Keys Limit the Time a Key is in Plaintext Form Prevent Humans from Viewing Plaintext Keys 42
43 Best Practices: Key Management Safety Fully Automate Key Management Whenever Possible Limit the Use of Data Encryption Keys Finite Time (Cryptoperiod) Finite Amount of Data Use Long Life Keys Sparsely Separate Key-Encrypting Keys from the Data Encryption Keys Document Authorization and Protection Objectives and Constraints Key Generation Key Distribution Key Accounting Key Storage Key Use Key Destruction Enforce strict Access Controls Limit user capabilities Enforce Separation of Duties 43
44 Best Practices: Establish Keys Securely Generate Symmetric Keys Approved Random Number Generator Creates a Key from the Previous Key Approved Key Derivation Function from a Master Key Avoid Generating Keys by Concatenation Split-Key components Multi-Key Components Limit the Distribution of Data Encryption Keys Backups Other Authorized Entities Keys Must be Protected Throughout Distribution Encryption (Key Wrapping) Physical Security 44
45 Best Practices: Operational Use Key Installation Must Not: Result in Leakage of the Key Result in Leakage of Information about the Key Provide confidentiality of the Keying Material in Storage Approved Encryption Algorithm Physical Protection Prevent Modifications Detect Any Modifications Methods to Restore Keying Material when Modifications are Detected Store Symmetric Data Encryption Keys In Backup Storage During the Cryptoperiod In Archive Storage after the End of the Cryptoperiod, if required. Change the Key When: The Key May Have Been Compromised The Cryptoperiod is Nearing Expiration The Limit of the amount of Data Protected by the Key is Approached 45
46 Best Practices: Miscellaneous Key Disposition Remove Keying Material from Backups When No Longer Needed Destroy Keying Material When it is No Longer Needed Import And Export Controls Understand and Obey Government Import and Export Regulations Associated with Encryption and Key Management. Plan for Problems Have a Key Compromise Recovery Plan in Place Escrow Keying Material to Protect Critical Information 46
47 Best Practices: Encryption Strength Security Requirements NIST SP Part 1 identifies minimum symmetric security levels, defined in bits of strength (not key size) 80 bits of security until bit AES and 1024-bit RSA 112 bits of security through DES, 128-AES and 2048-bit RSA 128 bits of security beyond AES and 3072-bit RSA 47
48 For More Information NIST Special Publication : Recommendation for Key Management ( ISO/IEC Parts 1-3: Information technology - Security techniques - Key management FIPS 140-2: SECURITY REQUIREMENTS MODULES ( Trusted Computing Group ( IEEE P1619.3: Security in Storage Workgroup (SISWG) Key Management Subcommittee ( OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee ( IETF: Provisioning of Symmetric Keys (KEYPROV) ( 48
49 Q&A / Feedback Please send any questions or comments on this presentation to SNIA: tracksecurity@snia.org Many thanks to the following individuals for their contributions to this tutorial. SNIA Education Committee Larry Hofer CISSP Eric Hibbard CISSP Walt Hubis Mark Nossokoff SNIA Security TWG SNIA SSIF 49
An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationA Vendor Agnostic Overview. Walt Hubis Hubis Technical Associates
Practical PRESENTATION Secure TITLE GOES Storage: HERE A Vendor Agnostic Overview Walt Hubis Hubis Technical Associates SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationHewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0
Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.3
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationOracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.2 12/12/2013 Copyright 2013 Oracle Corporation Table of
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationFDE itc: Encryption Engine (EE) cpp Functional and Assurance Requirements
FDEiTC-EE-English-00 v0. 0-0- 0 0 FDE itc: Encryption Engine (EE) cpp Functional and Assurance Requirements BEV (Border Encryption Value) - the key(s) (or secret(s)) that is passed from the AA to the EE
More informationDELL EMC DATA DOMAIN ENCRYPTION
WHITEPAPER DELL EMC DATA DOMAIN ENCRYPTION A Detailed Review ABSTRACT The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers
More informationSecuring Data-at-Rest
Securing Data-at-Rest Robert A. (Bob) Lockhart NeoScale Systems, Inc. 1655 McCarthy Blvd, Milpitas, CA 95035-7415 Phone:+1-408-473-1300 FAX: +1-408-473-1307 E-mail: rlockhart@neoscale.com Presented at
More informationBest Current Practices and Implementing the FC Security Protocol (FC-SP)
Best Current Practices and Implementing the FC Security Protocol (FC-SP) Larry Hofer, CISSP Emulex SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies
More informationOracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.3 2014-01-08 Copyright 2014 Oracle Corporation Table
More informationSECURE CLOUD BACKUP AND RECOVERY
SECURE CLOUD BACKUP AND RECOVERY Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile data protection, and
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationMeru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009
Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2 Meru Networks Revision Date: June 24, 2009 Copyright Meru Networks 2008. May be reproduced only in its original entirety
More informationThe Nasuni Security Model
White Paper Nasuni enterprise file services ensures unstructured data security and privacy, enabling IT organizations to safely leverage cloud storage while meeting stringent governance and compliance
More informationCloud Storage Securing CDMI. Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems
Eric A. Hibbard, CISSP, CISA, ISSAP, ISSMP, ISSEP, SCSE Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9797-1 Second edition 2011-03-01 Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher Technologies de l'information
More informationUNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE
INFORMATION TECHNOLOGY SECURITY GUIDANCE CRYPTOGRAPHIC ALGORITHMS FOR UNCLASSIFIED, PROTECTED A, AND PROTECTED B INFORMATION ITSP.40.111 August 2016 FOREWORD The Cryptographic Algorithms for UNCLASSIFIED,
More informationDyadic Security Enterprise Key Management
Dyadic Security Enterprise Key Management The Secure-as-Hardware Software with a Mathematical Proof Dyadic Enterprise Key Management (EKM) is the first software-only key management and key protection system
More informationContents. Notices Terms and conditions for product documentation.. 45 Trademarks Index iii
Overview IBM ii Overview Contents Product overview........... 1 What's new in this release.......... 1 Supported languages........... 3 Features overview............ 3 Key serving.............. 4 Encryption-enabled
More informationCrypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.
Crypto Library Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved. MLA - Crypto Library Help Table of Contents 1 Crypto Library 6 1.1 Introduction
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationSCSI Security Nuts and Bolts. Ralph Weber, ENDL Texas
SCSI Security Nuts and Bolts Ralph Weber, ENDL Texas SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationSeagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy
Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy Security Level 2 Rev. 0.9 November 12, 2012 Seagate Technology, LLC Page 1 Table of Contents 1 Introduction...
More informationData Deduplication Methods for Achieving Data Efficiency
Data Deduplication Methods for Achieving Data Efficiency Matthew Brisse, Quantum Gideon Senderov, NEC... SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationFIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points
FIPS 140-2 Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points November 4, 2010 Version 2.2 Contents This security policy
More informationDyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
More informationDIGITALSIGN - CERTIFICADORA DIGITAL, SA.
DIGITALSIGN - CERTIFICADORA DIGITAL, SA. TIMESTAMP POLICY VERSION 1.1 21/12/2017 Page 1 / 18 VERSION HISTORY Date Edition n.º Content 10/04/2013 1.0 Initial drafting 21/12/2017 1.1 Revision AUTHORIZATIONS
More informationSymantec Corporation
Symantec Corporation Symantec PGP Cryptographic Engine FIPS 140-2 Non-proprietary Security Policy Document Version 1.0.4 Revision Date 05/01/2015 Symantec Corporation, 2015 May be reproduced only in its
More informationINF3510 Information Security University of Oslo Spring Lecture 3 Key Management and PKI. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2010 Lecture 3 Key Management and PKI Audun Jøsang Outline Key management Key establishment Public key infrastructure Digital certificates PKI trust
More informationAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key Management WHITE PAPER Executive Overview Establishing effective key and policy management is a critical component to an overall data protection strategy and lowering
More informationChapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationJuniper Networks Pulse Cryptographic Module. FIPS Level 1 Security Policy Version: 1.0 Last Updated: July 19, 2013
Juniper Networks Pulse Cryptographic Module FIPS 140-2 Level 1 Security Policy Version: 1.0 Last Updated: July 19, 2013 Juniper Networks, Inc. 1194 N. Mathilda Ave Sunnyvale, CA 94089 Copyright 2013 Juniper
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationExecutive Summary SOLE SOURCE JUSTIFICATION. Microsoft Integration
Executive Summary Commvault Simpana software delivers the unparalleled advantages and benefits of a truly holistic approach to data management. It is one product that contains individually licensable modules
More informationECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:
C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot,
More informationTRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION. Michael Willett, Seagate Technology
TRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION Michael Willett, Seagate Technology SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals
More informationThe Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.
The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0 Xirrus, Inc. March 8, 2011 Copyright Xirrus, Inc. 2011. May be reproduced only in its original entirety [without revision]. Page 1 TABLE
More informationFIPS Non-Proprietary Security Policy
Quantum Corporation Scalar Key Manager Software Version 2.0.1 FIPS 140-2 Non-Proprietary Security Policy Document Version 1.4 Last Update: 2010-11-03 8:43:00 AM 2010 Quantum Corporation. May be freely
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationNIST Cryptographic Toolkit
Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others
More informationDeep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3. Richard Wang and Ed Morris May 20, 2016 International Crypto Module Conference
Deep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3 Richard Wang and Ed Morris May 20, 2016 International Crypto Module Conference Topics GCM Overview AES-GCM IV Generation FIPS Requirements (IG A.5)
More informationJuniper Network Connect Cryptographic Module Version 2.0 Security Policy Document Version 1.0. Juniper Networks, Inc.
Juniper Network Connect Cryptographic Module Version 2.0 Security Policy Document Version 1.0 Juniper Networks, Inc. September 10, 2009 Copyright Juniper Networks, Inc. 2009. May be reproduced only in
More informationADVANCED DEDUPLICATION CONCEPTS. Thomas Rivera, BlueArc Gene Nagle, Exar
ADVANCED DEDUPLICATION CONCEPTS Thomas Rivera, BlueArc Gene Nagle, Exar SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationSecurity Policy. FORTEZZA Crypto Card
Security Policy for January 16, 1997 Prepared by ipower Business Unit 2900 Semiconductor Drive P.O. Box 58090, M/S 16-225, Santa Clara, CA 95052-8090 Telephone (408) 721-5000 T his page intentionally blank
More informationUsing block ciphers 1
Using block ciphers 1 Using block ciphers DES is a type of block cipher, taking 64-bit plaintexts and returning 64-bit ciphetexts. We now discuss a number of ways in which block ciphers are employed in
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationINFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT
INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT SUBSCRIBER S GUIDE VERSION 1.3 ECB-PUBLIC 15-April-2014 ESCB-PKI - Subscriber's Procedures v.1.3.docx Page 2 of 26 TABLE OF CONTENTS GLOSSARY AND ACRONYMS...
More informationSecurity Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE)
Security Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE) Cryptographic module used in Motorola Solutions Astro XTL5000, XTS5000, APX2000, SRX2200, APX4000, APX6000, APX6000XE, APX6500,
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationADVANCED DATA REDUCTION CONCEPTS
ADVANCED DATA REDUCTION CONCEPTS Thomas Rivera, Hitachi Data Systems Gene Nagle, BridgeSTOR Author: Thomas Rivera, Hitachi Data Systems Author: Gene Nagle, BridgeSTOR SNIA Legal Notice The material contained
More informationChapter 8 Information Technology
CRIM 2130 Introduction to Critical Infrastructure Protection Spring 2016 Chapter 8 Information Technology School of Criminology and Justice Studies University of Massachusetts Lowell Enterprise systems
More informationStorage Security Standards: What Are They and What Do they Mean to Storage Consumers? Andrew Nielsen CISSP, CISA, ISSAP, ISSMP SNIA Security TWG
Storage Security Standards: What Are They and What Do they Mean to Storage Consumers? Andrew Nielsen CISSP, CISA, ISSAP, ISSMP SNIA Security TWG Table of Contents Introduction... 1 Storage Management and
More informationIBM Spectrum Protect Version Introduction to Data Protection Solutions IBM
IBM Spectrum Protect Version 8.1.2 Introduction to Data Protection Solutions IBM IBM Spectrum Protect Version 8.1.2 Introduction to Data Protection Solutions IBM Note: Before you use this information
More informationACOS5-64. Functional Specifications V1.04. Subject to change without prior notice.
ACOS5-64 Functional Specifications V1.04 Subject to change without prior notice Table of Contents 1.0. Introduction... 4 1.1. Card Features... 4 1.2. History of Modifications... 5 2.0. Technical Specifications...
More informationAcme Packet VME. FIPS Level 1 Validation. Software Version: E-CZ Date: July 20, 2018
FIPS 140-2 Non-Proprietary Security Policy Acme Packet VME FIPS 140-2 Level 1 Validation Software Version: E-CZ 8.0.0 Date: July 20, 2018 Document Version 2.0 Oracle Communications This document may be
More informationIOS Common Cryptographic Module (IC2M)
IOS Common Cryptographic Module (IC2M) FIPS 140-2 Non Proprietary Security Policy Level 1 Validation Version 0.3 April 18, 2013 Table of Contents 1 INTRODUCTION... 3 1.1 PURPOSE... 3 1.2 MODULE VALIDATION
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationMulti-Vendor Key Management with KMIP
Multi-Vendor Key Management with KMIP Tim Hudson CTO & Technical Director tjh@cryptsoft.com 1 Abstract Practical experience from implementing KMIP and from deploying and interoperability testing multiple
More informationSEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9
SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9 Schweitzer Engineering Laboratories, Inc. May 21, 2007 Copyright 2005-2007 Schweitzer Engineering Laboratories, Inc. May be reproduced
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationDolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC
Dolphin DCI 1.2 FIPS 140-2 Level 3 Validation Non-Proprietary Security Policy Version 1.0 DOL.TD.000921.DRM Page 1 Version 1.0 Table of Contents 1 Introduction... 3 1.1 PURPOSE... 3 1.2 REFERENCES... 3
More informationSMPTE Standards Transition Issues for NIST/FIPS Requirements
SMPTE Standards Transition Issues for NIST/FIPS Requirements Contents 2010.5.20 DRM inside Taehyun Kim 1 Introduction NIST (National Institute of Standards and Technology) published a draft special document
More informationIBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM
IBM Tivoli Storage Manager Version 7.1.6 Introduction to Data Protection Solutions IBM IBM Tivoli Storage Manager Version 7.1.6 Introduction to Data Protection Solutions IBM Note: Before you use this
More informationInventory and Reporting Security Q&A
Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes
More informationOracle Tuxedo. Using Security in CORBA Applications 11g Release 1 ( ) March 2010
Oracle Tuxedo Using Security in CORBA Applications 11g Release 1 (11.1.1.1.0) March 2010 Oracle Tuxedo Using Security in CORBA Applications, 11g Release 1 (11.1.1.1.0) Copyright 1996, 2010, Oracle and/or
More informationDouble-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationCryptography Standard
Cryptography Standard Version: 1.5 Document ID: 3537 Copyright Notice Copyright 2017, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including photocopying
More informationCompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals
CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc. Slide 1 Course 01: Security Fundamentals The Information
More informationCategory: Informational NIST August Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm
Network Working Group Request for Comments: 5649 Category: Informational R. Housley Vigil Security M. Dworkin NIST August 2009 Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm Abstract
More informationNational Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016
National Identity Exchange Federation Trustmark Signing Certificate Policy Version 1.0 Published October 3, 2014 Revised March 30, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationUnit 8 Review. Secure your network! CS144, Stanford University
Unit 8 Review Secure your network! 1 Basic Problem Internet To first approximation, attackers control the network Can snoop, replay, suppress, send How do we defend against this? Communicate securely despite
More informationExtended Package for Secure Shell (SSH) Version: National Information Assurance Partnership
Extended Package for Secure Shell (SSH) Version: 1.1 2016-11-25 National Information Assurance Partnership Revision History Version Date Comment 0.9 2015-08-19 First Draft - Extended Package for Secure
More informationegov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO
egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index National ID & Digital Signature Estonian Prime Minister Andrus Ansip
More informationIBM Client Security Solutions. Client Security Software Version 1.0 Administrator's Guide
IBM Client Security Solutions Client Security Software Version 1.0 Administrator's Guide December 1999 1 Before using this information and the product it supports, be sure to read Appendix A - U.S. export
More informationBlock Cipher Operation
Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationHughes Network Systems, LLC Hughes Crypto Kernel Firmware Version: FIPS Non-Proprietary Security Policy
Hughes Network Systems, LLC Hughes Crypto Kernel Firmware Version: 3.1.0.4 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 0.5 Prepared for: Prepared by: Hughes Network
More informationKey Management Interoperability Protocol (KMIP)
www.oasis-open.org Management Interoperability Protocol (KMIP) April 2 nd, 2009 1 Agenda The Need for Interoperable Management KMIP Overview KMIP Specification KMIP Use Cases 2 The Need for Interoperable
More informationAfilias DNSSEC Practice Statement (DPS) Version
Afilias DNSSEC Practice Statement (DPS) Version 1.07 2018-02-26 Page 1 of 8 1. INTRODUCTION 1.1. Overview This document was created using the template provided under the current practicing documentation.
More informationISO INTERNATIONAL STANDARD. Road vehicles Extended data link security. Véhicules routiers Sécurité étendue de liaison de données
INTERNATIONAL STANDARD ISO 15764 First edition 2004-08-15 Road vehicles Extended data link security Véhicules routiers Sécurité étendue de liaison de données Reference number ISO 15764:2004(E) ISO 2004
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationProf. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG
Lecture 13: Security Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 13-1 Network Assets and Security Threats Assets: Hardware (PC, workstation,
More informationInternet Engineering Task Force (IETF) Request for Comments: 7192 Category: Standards Track April 2014 ISSN:
Internet Engineering Task Force (IETF) S. Turner Request for Comments: 7192 IECA Category: Standards Track April 2014 ISSN: 2070-1721 Abstract Algorithms for Cryptographic Message Syntax (CMS) Key Package
More informationData-at-Rest Encryption
Data-at-Rest Encryption At-rest encryption in SwiftStack encrypts all object data, object etags (checksums), and any user metadata values set on objects. The feature is enabled by a cluster operator and
More informationFabric Security (Securing the SAN Infrastructure) Daniel Cohen Solutioneer Brocade Communications Systems, Inc
Fabric Security (Securing the SAN Infrastructure) Daniel Cohen Solutioneer Brocade Communications Systems, Inc Agenda Why Secure a SAN? SAN Security Threats Weaknesses Fabric Security Controls Security
More informationCryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 12 Message Authentication Codes At cats' green on the Sunday he took the message from
More informationIBM System Storage TS1140 Tape Drive Machine Type 3592, Model E07. Security Policy
i IBM System Storage TS1140 Tape Drive Machine Type 3592, Model E07 Security Policy Document ii Table of Contents 1 Document History... 1 2 Introduction... 2 2.1 References... 4 2.2 Document Organization...
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationFIPS SECURITY POLICY FOR
FIPS 140-2 SECURITY POLICY FOR SPECTRAGUARD ENTERPRISE SENSOR August 26, 2011 FIPS 140-2 LEVEL-2 SECURITY POLICY FOR AIRTIGHT NETWORKS SPECTRAGUARD ENTERPRISE SENSOR 1. Introduction This document describes
More informationSecurity Policy for FIPS KVL 3000 Plus
Security Policy for FIPS 140-2 KVL 3000 Plus Version 01.01.19 Motorola General Business Information 1 of 21 Motorola General Business Information 2 of 21 1 INTRODUCTION... 4 1.1 SCOPE... 4 1.2 OVERVIEW...
More information