Mt Fuji Meeting June 5th/6th, 2007 SecurDisc. Nero action items SecurDisc 1.DUID redundancy 2.Drive and host Revocation 1. Revocation mechanism 1. Authentication.

Slides:



Advertisements
Similar presentations
Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.
Advertisements

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Public Key Management and X.509 Certificates
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
Chapter 5 Network Security Protocols in Practice Part I
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
+======-========-========-========-========-========-========-========-========+ | Bit| 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |Byte | | | | | | | | | |======+=======================================================================|
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Georgy Melamed Eran Stiller
A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’
COMP4690, by Dr Xiaowen Chu, HKBU
CONTENT PROTECTION AND DIGITAL RIGHTS MANAGMENT
Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.
1 © 2001, Cisco Systems, Inc. All rights reserved. Voice Connector Features Voic Interoperability – 4.0(5) Voice Connector features Rahul Singh.
Dan Boneh Authenticated Encryption Case study: TLS Online Cryptography Course Dan Boneh.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Using ISO tags for Authentication Eddie LaCost Embedded RF.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
1. Chapter 25 Protecting and Preparing Documents.
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
HDCP1.4+ Material for Certification 10 August 2012 Sony Corporation 2012/8/10 Sony Confidential 1.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.
Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
March 7, 2008Security Proposal 1 CCSDS Link Security Proposal Ed Greenberg Greg Kazz Howard Weiss March 7, 2008.
(c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/ Nobuhiro Electric.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
Microsoft’s Concerns about Pioneer Proposal 21-Feb-2008.
Class ID: Renesas Electronics America Inc. © 2012 Renesas Electronics America Inc. All rights reserved. Implementing Bootloaders on Renesas MCUs.
RL78 Code & Dataflash.
ACCESS CONTROL MANAGEMENT Poonam Gupta Sowmya Sugumaran PROJECT GROUP # 3.
UDAC( Universal Distribution with Access Control ) 99/05/03All Rights Reserved, Copyright (c) FUJITSU LIMITED UDAC IPR (Intellectual Property Rights)
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
The Content Scrambling System (CSS) Carlos Garcia Jurado Suarez 03/10/2006.
Template vertLeftWhite2 Authenticated Encryption Attacking non-atomic decryption Online Cryptography Course Dan Boneh.
Proposal for an Open Source Flash Failure Analysis Platform (FLAP) By Michael Tomer, Cory Shirts, SzeHsiang Harper, Jake Johns
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
FILE MANAGEMENT Computer Basics 1.3. FILE EXTENSIONS.txt.pdf.jpg.bmp.png.zip.wav.mp3.doc.docx.xls.xlsx.ppt.pptx.accdb.
Understanding Security
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
©Contrinex JDC PPT_HF_RWMTAGCommands HF RWM and TAG Commands J.-D. Chatelain HF RWM Commands HF TAG Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
TRF79xx/MSP430/Stellaris Mifare Direct Mode 0 Training Texas Instruments NFC/RFID Apps Team 12/2011 (updated 12/2012) (added slides 13, 21-24)
2013Prof. Reuven Aviv, Mail Security1 Pretty Good Privacy (PGP) Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
Information Systems Design and Development Security Precautions Computing Science.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Review ATA - IDE Project name : ATA – IDE Training Engineer : Minh Nguyen.
Proposal to Update KMIP State Model Addition of Suspended, Revoked and Shredded key states.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Chapter 5 Network Security Protocols in Practice Part I
Binary Lesson 4 Classful IP Addresses
Direct Attached Storage and Introduction to SCSI
Chapter 5: The Art of Ensuring Integrity
CCSDS Link Security Proposal
Instructor Materials Chapter 5: The Art of Ensuring Integrity
Instructor Materials Chapter 5: The Art of Ensuring Integrity
Instructor Materials Chapter 5: Ensuring Integrity
Group Key Optimizations
Presentation transcript:

Mt Fuji Meeting June 5th/6th, 2007 SecurDisc

Nero action items SecurDisc 1.DUID redundancy 2.Drive and host Revocation 1. Revocation mechanism 1. Authentication 2. Writer application 3. Reader application 2. Updating revocation information 3.Command set changes 1. SecurDisc Feature Descriptor, CPA bit 2. Send Key, Key Format 0

1. DUID redundancy The Disc Unique ID (DUID) is written in an unused Lead-In area. In order to increase the reliability against scratches, defects etc it is written in different ECC blocks.

2. Drive and host revocation Drive and host revocation can be performed in two steps: 1.During authentication process 2.Before reading and decrypting SecurDisc protected user data In order to perform revocation following elements are needed:  Drive Revocation Block (DRB): build in host, used to revoke compromised drives during authentication  Application Authentication Revocation Block (AARB): stored in the drive, used to revoke compromised applications during authentication  Application Revocation Block (ARB): stored in the user data area of the disc, used to revoke compromised applications before reading and decrypting SecurDisc protected user data

2. Drive and host revocation – revocation mechanism 1. Authentication During authentication the drive checks if the application identified by his Application Unique ID (AUID) is valid using the AARB stored in the drive. The host checks if the drive identified by his Device Unique ID (DEVID) is valid using the DRB included in the application.

2. Drive and host revocation – revocation mechanism 2. Writer application Before writing starts, the host writes his build-in ARB into the user data area of the disc and uses the ARB as a key ingredient for encrypting user data.

2. Drive and host revocation – revocation mechanism 3. Reader application In order to decrypt the SecurDisc protected user data on a written disc the host needs to read the ARB from the disc and build a key ingredient for decrypting the user data using the ARB and the Application Unique ID (AUID).

2. Drive and host revocation – updating can revokelocationupdated DRB Drive Revocation Block DriveHost application Update of host application AARB Application Authentication Revocation Block Host application DriveDrive firmware update ARB Application Revocation Block Host application DiscUpdate of host application …which writes an updated ARB on a new disc. Compromised reader applications cannot build the key ingredient for decrypting data.

3. Command Set changes 1. SecurDisc Feature Descriptor, CPA bit Bit Byte (MSB)Feature Code = 113h (LSB) 1 2 ReservedVersion = 0hPersistentCurrent 3 Additional Length = 04h 4 CPA 5 Reserved 6 7 CPA bit will be removed for version 0 (Version = 0) of this Feature Descriptor. Future versions may have this or additional bits in case additional drive features will be added and specified.

3. Command Set changes 2. SEND KEY, Key Format 0 Key Format code definitions for SEND KEY command (Key Class = 21h) Key FormatSent DataDescriptionAGID Use b b Host Key Contribution Send host random number and protocol version Valid AGID required bNone Invalidate Specified AGID. Invalidating an invalid AGID shall not be considered an error. An AGID that has not been granted shall be considered invalid. All other values Reserved In order to be conform with the SEND KEY definitions in Mt. Fuji where each Key Format number of REPORT KEY has a functional equivalent for SEND KEY, we changed the Key Format for Host Key Contribution from b to b.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.