Security Profiles: AMS, CFDP Scott Burleigh NASA JPL 13 June 2006.

Slides:

Advertisements

Similar presentations

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Advertisements

CIS 193A – Lesson6 CRYPTOGRAPHY RAPELCGRQ. CIS 193A – Lesson6 Focus Question Which cryptographic methods help computer users maintain confidentiality,

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Encryption Methods By: Michael A. Scott

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

What is Encryption? - The translation of data into a secret code - To read an encrypted file, you must have access to a secret key or password that enables.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Electronic Mail Security

Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

COEN 351 E-Commerce Security Essentials of Cryptography.

Asymmetric-Key Cryptography Also known as public-key cryptography, performs encryption and decryption with two different algorithms. Each node announces.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Cryptography, Authentication and Digital Signatures

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Pretty Good Privacy (PGP) Security for Electronic .

CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.

NETWORK SECURITY.

Security PGP IT352 | Network Security |Najwa AlGhamdi 1.

Csci5233 computer security & integrity 1 Cryptography: an overview.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

19 December 1998EMGnet meeting INRIA Rhône-Alpes1 An Overview of Security Issues in the Web José KAHAN OBLATT W3C/INRIA 19 December 1998.

1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

COEN 351 E-Commerce Security

PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

Chapter 7 – Confidentiality Using Symmetric Encryption.

Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Network Security Celia Li Computer Science and Engineering York University.

CIA AAA. C I A Confidentiality I A Confidentiality Integrity A.

Copyright 2004 MayneStay Consulting Group Ltd. - All Rights Reserved Jan-041 Security using Encryption Security Features Message Origin Authentication.

Lifecycle Metadata for Digital Objects October 9, 2002 Transfer / Authenticity Metadata.

Encryption Name : Maryam Mohammed Alshami ID:H

Security. Cryptography (1) Intruders and eavesdroppers in communication.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

6.033 Quiz3 Review Spring How can we achieve security? Authenticate agent’s identity Verify the integrity of the request Check the agent’s authorization.

M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.

Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.

The Secure Sockets Layer (SSL) Protocol

Cryptography: an overview

VNF Package Integrity and Authenticity – Public key based

Unit 3 Section 6.4: Internet Security

Symmetric and Asymmetric Encryption

Security at the Application Layer: PGP and S/MIME

Security in Network Communications

Secure Electronic Transaction (SET) University of Windsor

The Secure Sockets Layer (SSL) Protocol

Cryptography: an overview

Introduction to Cryptography

Presentation transcript:

Security Profiles: AMS, CFDP Scott Burleigh NASA JPL 13 June 2006

AMS Security – General Requirements –Authentication of service providers and consumers –Control of service access, at message subject granularity –Message integrity and confidentiality Mechanisms –Asymmetric encryption of authenticators –Symmetric encryption of message content –Pre-placed keys and access control lists (MIB) No dynamic key distribution or ACL update mechanism identified yet.

AMS Security – Overview (1) MAMS message header authenticator: 1.4-byte “hood” (four randomly selected ASCII characters) in clear text. 2.Concatenation of hood plus a well-known message-type- specific name, encrypted in the private key of the sender. Receiver of MAMS message decrypts the encrypted part of the authenticator using the public key of the sender, verifies it. MIB at each node contains all relevant asymmetric keys.

AMS Security – Overview (2) MIB contains, for each message subject: –List of authorized senders. –List of authorized receivers. –Symmetric key for encryption/decryption of messages on this subject.

CFDP Security – General Currently, none at all. Tentative requirements: –Mutual authentication of CFDP entities –Metadata integrity and confidentiality –File data integrity and confidentiality Proposed mechanisms –Optional inclusion of authenticator in Metadata PDU –Asymmetric encryption of Metadata –Symmetric encryption of file data –Pre-placed keys (MIB)

CFDP Security – General (2) An alternate proposal: –Implement security at the PDU level rather than the file level. A better fit for users that want to make immediate use of partially received data, i.e., individual PDUs. Unaffected by loss of Metadata PDU. –Add per-segment metadata (an LV) to each file data segment PDU: Brief authenticator, as for AMS. Pre-placed keys in MIB, one per known CFDP entity: –Asymmetric keys for encryption/decryption of authenticator –Symmetric key for encryption/decryption of segment data