Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Mobile Devices in the DoD
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Public Key Infrastructure (PKI) Hosting Services.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Cryptography Usage in TWIC (Draft v4 8Dec06)
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
E-Authentication: What Technologies Are Effective? Donna F Dodson April 21, 2008.
Aircraft is a Node on the Internet
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Windows 2003 and 802.1x Secure Wireless Deployments.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Bill Gates’ RSA 2006 Keynote presentation Questions and answers.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community Keith Ward TSCP.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Week #7 Objectives: Secure Windows 7 Desktop
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.
70-411: Administering Windows Server 2012
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
·
Unit 1: Protection and Security for Grid Computing Part 2
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
06 APPLYING CRYPTOGRAPHY
Module 9: Fundamentals of Securing Network Communication.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Creating and Managing Digital Certificates Chapter Eleven.
Embedded system security
Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.
Secure Software Confidentiality Integrity Data Security Authentication
Security and Encryption
CS691 M2009 Semester Project PHILIP HUYNH
CS691 M2009 Semester Project PHILIP HUYNH
NAAS 2.0 Features and Enhancements
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
NEW PRODUCT INTRODUCTION CONEKT™ Mobile Smartphone Access Control Identification Solution June 2018.
Security.
Install AD Certificate Services
WEQ-012 PKI Overview March 19, 2019
PLANNING A SECURE BASELINE INSTALLATION
Operating System Concepts
Ensure data security in a hyper-connected world
Presentation transcript:

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world What it takes to safeguard video surveillance data

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 2 Motivation for Migration to Encryption Secured Camera Technologies Cyber Network Exploitation- US Federal government Nation state and domestic surveillance/eavesdropping Supply Chain Security and embedded Malware data Firmware and software vulnerable to denial of service and malicious attack Cyber Data Breaches from endpoint devices Lack of confidence in securing end point devices

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 2 Relevant News Events Firmware and software vulnerable to denial of service and malicious attack Surveillance cameras turned into zombie computers turned-into-zombie-computers-says-imperva IP Cameras and DVR’s wide open to hacking _wide_open_to_hacking_say_security_analysts/ Peeping into 73,000 Security Cameras t-subnet/peeping-into unsecured-security- cameras-thanks-to-default-passwords.html

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 3 Need for data security in security surveillance  Security focus extends from the physical level into the digital domain  Exploits of personal data is rising March 2013: Products shipped with unauthenticated firmware, left port 9000 open with UPnP enabled March 2015: Network Video Recorder hacked an turned into a bitcoin miner June 2015: Buffer overflow vulnerability that can be exploited by a remote attacker for arbitrary code execution September 2015: Malicious X code used in app downloading malware onto users devices

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 4 What to expect? Malware Privilege misuse Physical theft Intrusion of privacy Denial of service Side channel attacks

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 5 What is data security?  “Data security means protecting data, such as a database, from destructive forces and from the unwanted actions of unauthorized users.”  Securing stored data involves preventing unauthorized people from accessing it as well as preventing accidental or intentional destruction, infection or corruption of information.

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 6 What is needed in a hyper-connected world? Systematic approach: Create trust Secure data Manage user access rights Meet industry standards Four-step approach: CHAVE Technology Provides the Solution

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 7 What is CHAVE?  CHAVE stands for Credentialed High Assurance Video Encryption  CHAVE will consist of three major components 1.Selected CHAVE-enabled Bosch Cameras 2.CHAVE-enabled Genetec Security Center VMS 3.Digital Certificate Services provided by SecureXperts, Inc.

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 8 Create trust  Assigning each component authentication keys  Data exchange only between trusted partners  Data of verified devices can serve as legal evidence CHAVE  CHAVE cameras are pre-loaded with X.509 certificates from trusted authorities  Highly-vulnerable user names and password authorization for workstations and cameras replaced by secure credential- based authentication  Genetec CHAVE-enabled Security Center software requires the use of either a US government issued HSPD-12 compliant smart card or Non-federal issuers (PIV-I) compliant card.  Users are subject to strong validation of identities including a background check with proof of citizenship, proof of identity, biometrics, and agency affiliation.  Automatic camera certificate renewal (certificates have three-year validity)  Signed camera firmware ensures authenticity of firmware updates

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 9 Secure data  Creating and distributing cryptographic keys for protecting recorded data  Modern encryption algorithms ensure high security CHAVE  X.509 compliant private/public encryption key pairs are used to ensure secure communication  CHAVE cameras support 2048bit RSA and 256bit elliptic curve cryptography, meeting NSA Suite B Secret protection level.  Trusted Platform Module within cameras protects data even in case of a breach (FIPS level 3 data protection)

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 10 Manage user access rights  Only authorized individuals get access to the data  Ensure easy management of user access rights CHAVE  Smart card-based multi-factor authentication required to gain access to Genetec Security Center  Active directory integration for enterprise wide access rights management

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 11 Meet industry standards  Meet industry standards in public key infrastructure and IT  Support 3rd party solutions for:  Public key infrastructure  Management of user access rights CHAVE  Based on X.509 and PKI compliant certificates  Supports HTTPS with the latest TLS 1.2 Encryption  Supports 2048bit RSA and up to 256bit elliptic curve cryptography  Genetec Security Center compatible with LDAP and Active Directory for User Management  Genetec Security Center compatible with HSPD-12 and PIV-I Compliant smart cards (among others)

© 2016 Robert Bosch LLC and affiliates. All rights reserved. 7

7 How CHAVE Works  Hardware Security Module (HSM) on circuit board  (HSM) Secure Digital Chip with Encryption Certificates  FIPS Level 3 (High Assurance) HSPD-12 / Personal Identity Verification Card With Authentication, Signing and Encryption Certificates

© 2016 Robert Bosch LLC and affiliates. All rights reserved. 7 How CHAVE Works No username password/combination Requires user to have a government or commercial issued smartcard and smart card reader to connect to camera

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 12 Typical CHAVE system Smart Card (E.g. Government issued PIV card or commercially issued PIV-I card) Certificate Authority (Entrust SCC for Federally-trusted certificates or Entrust NFI for commercially-trusted) Genetec Security Center Workstations Servers (optionally cloud-hosted) Certificate validity checks, certificate renewals Secure access, encrypted video & data Genetec Archiver Servers Encrypted Storage Local Area Network LDAP Server (Certificate-based user access & privileges management) Genetec Security Center Server

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 12 Use Case for High Assurance Framework US Department of Homeland Security

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 12 Key Solution Benefits Interoperability with disparate solutions and vendors Cyber security alignment with NIST and FedRAMP Force Multiplication /Operational Effectiveness Compliance with federal regulations and mandates Cost effectiveness leveraging cloud hosted shared services model

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.