Update for TF-Storage. TF-Storage September 22nd, 2014

Similar documents
Uses of Cryptography

National Data Store 2 Secure Storage Cloud with efficient and easy data access

Synchronisation solutions,

Dyadic Security Enterprise Key Management

A team-oriented open source password manager with a focus on transparency, usability and security.

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

UNIT - IV Cryptographic Hash Function 31.1

Diffie-Hellman. Part 1 Cryptography 136

Automotive Security An Overview of Standardization in AUTOSAR

Configuring OpenVPN on pfsense

Encryption. INST 346, Section 0201 April 3, 2018

Case 1: VPN direction from Vigor2130 to Vigor2820

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

Keeping Important Data Safe and Secure Online. Norm Kaufman

Strategic Infrastructure Security

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

Cryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia

Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Acrobat file of these slides and notes can be found at:

Improving Password Management. Laura Raderman, Policy and Compliance Coordinator, ISO Ole Villadsen, Research Liaison, Cybersecurity, UL

Secret-in.me. A pentester design of password secret manager

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

The Challenges of Distributing Distributed Cryptography. Ari Juels Chief Scientist, RSA

Most Common Security Threats (cont.)

Security. Communication security. System Security

Cryptographic Systems

Using Cryptography CMSC 414. October 16, 2017

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Sharing Secrets using Encryption Facility - Handson

CS November 2018

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:

RSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Security in ECE Systems

Kurose & Ross, Chapters (5 th ed.)

FIDO AND PAYMENTS AUTHENTICATION. Philip Andreae Vice President Oberthur Technologies

PASSWORDS & ENCRYPTION

Cryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

But where'd that extra "s" come from, and what does it mean?

CS Computer Networks 1: Authentication

Information Security CS 526

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Encryption and Key Management. Arshad Noor, CTO StrongAuth, Inc. Copyright StrongAuth, Inc Version 1.1

White-Box Cryptography State of the Art. Paul Gorissen

Lamassu: Storage-Efficient Host-Side Encryption

PROTECTING CONVERSATIONS

Frequently Asked Questions. Question # Page #

CSE 127: Computer Security Cryptography. Kirill Levchenko

CloudTurbine Security White Paper

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Security Fundamentals

CPSC 467: Cryptography and Computer Security

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

RSA and ECDSA. Geoff Huston APNIC. #apricot2017

Cryptography: Practice JMU Cyber Defense Boot Camp

WHITE PAPER. Authentication and Encryption Design

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

StratusLab Cloud Distribution Installation. Charles Loomis (CNRS/LAL) 3 July 2014

Cryptographic Concepts

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Distributed Systems COMP 212. Revision 2 Othon Michail

Radius, LDAP, Radius used in Authenticating Users

Harbor Registry. VMware VMware Inc. All rights reserved.

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India

SSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

CryptoAuthentication Firmware Protection

Compatibility and Support Information Nasuni Corporation Boston, MA

DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Codebook. Codebook for OS X Introduction and Usage

Cryptography. Andreas Hülsing. 6 September 2016

Digital Certificates Demystified

Security: Cryptography

Lecture 08: Networking services: there s no place like

ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1

ARM Server s Firmware Security

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

TRANSITIONING OF CRYPTOGRAPHIC ALGORITHMS IN THE ELECTRONIC BIDDING CORE SYSTEM JACIC Hiroyuki ISHIWATA

Architecture. Steven M. Bellovin October 27,

Cloud FastPath: Highly Secure Data Transfer

Application of Cryptography in.net Framework

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

HARDWARE SECURITY MODULES (HSMs)

WELCOME TO GOOGLE DRIVE!

Architecture. Steven M. Bellovin October 31,

Creating Trust in a Highly Mobile World

GELI Disk Encryption in FreeBSD

Chapter 9 Public Key Cryptography. WANG YANG

Transcription:

Update for TF-Storage TF-Storage meeting @Uppsala, September 22nd, 2014

National Data Storage 2 Short reminder what is this about:

Security in Cloud? April 1, 2014 The Heartbleed bug Feb 26, 2014 Is catastrophic Safe enough!

Is AuthZ+AuthN enough? AuthN / AuthZ Cryptography

We need cryptography! RSA-4096 AES-256 SHA-512

Cryptography is NDS2 RSA-4096 MASTER KEY PAIR AES-256 PER-FILE AES-256 PER-FILE AES-256 PER-FILE

Cryptography is NDS2 decrypt (open the secret case) user s private directory s private ABC encrypt (lock the secret case) user s public directory s public file s symmetric unencrypted file decrypt (open the secret case) user s private group s private directory s private ABC encrypt (lock the secret case) user s public group s public directory s public file s symmetric unencrypted file

Cryptography?

SECURE DATA SYNCHRONISATION & STORAGE & ACCESS TOOLS ECOSYSTEM OPENNESS

Drive

Security vs efficiency Virtual disk for Windows bulk transfers

Data sync & virtual disk together User s home Archives HPC input data Sync Docs Spreadsheets Pictures HPC outputs

National Data Storage 2 Status: - In the beta phase - Clients available for download: + nds.psnc.pl/download - Code to be open soon (being moved to github) - Continuous integration etc. on the way - Presented and demo-ed at TNC2014 - Users: + Internal users mainly + Some external users: > clinical hospital, some universities + Rollout planned, but still sth to do - Why won t you use it? - Testers welcome!!!

National Data Storage 2 Latest developments (1): - LCFS Loopback/Local Crypto File System: + stores encrypted data in the local filesystem + enables usage of encryption on top of ANY local or networked storage + Windows version available + Linux version on the way + works with: - FAT/NTFS - samba / CIFS - NFS - Dropbox! and other clouds (e.g. Google Drive)

National Data Storage 2 Latest developments (2): - LCFS WHY? + we wanted to facilitate integration of NDS2 functionality with existing stuff + some storage providers does not support SFTP + SFTP introduces relatively high latency: => while OK in WAN (main application) => some other protocols perform better in LAN

National Data Storage 2 Latest developments (3): - Windows Phone client + re-uses some part of regular NDS2 Windows client => encryption / integrity control => SFTP client + status on the way, should be available 1Q2015 + WHY: > a lot of managers uses Windows Phone at least in Poland ios not that popular (real-life observations, confirmed by telcos) + challenges: > dealing with certificates, encryption > interface to be developed from scratch to match platform specifics

National Data Storage 2 Latest developments (5): - LDAP and Active Directory integration + running in some deployments > e.g integrated with PSNC s LDAP + proof of concept: > prepared AD PoC for large user

National Data Storage 2 Roadmap: - Go on with stabilizing the code - Further internal tests and beta-tests with users - Improving documentation + website + e.g. movies with how-tos + whitepapers explaining the details and security aspects - Possibly tests with TF-Storage partners + don t you care security? + tell us what s wrong with our solution? (we would be happy to argue)

National Data Storage 2 Roadmap (2): - NDS2 version 2 + more symmetric, less asymmetric cryptography for simple cases: > better performance with many files (less latency) > bulk transfer/encryption already acceptable + paranoic-mode options (less trust on servers) > stronger data vs meta-data integrity protection > client-side cryptography-based access control > write non-repudiability > write signing / verification

National Data Storage 2 Roadmap (3): - Storage and AAI + need to attack the problem > not a trivial task > several approaches exist but not obvious where to go + take up existing solutions?

National Data Storage 2 Roadmap (4): - Web interface? + we re examining some solutions: > testing / trying pydio > evaluating in-browser encryption options

National Data Storage 2 Lessons learnt: - Way from prototype to product: + 2x the way from idea to prototype - Real life verifies the solutions the best: + some ideas / mechanisms to be dropped + the more complexity/components the worse ;]

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback