Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani."— Presentation transcript:

1 Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani

2 Out Line What does it mean? Identity Information Identity Trust Domain Security Analysis Security Requirement A suggestive solution Conclusion

3 What does it mean? Securing Information Transfer in Distributed Computing Environment … A collection of loosely coupled processors interconnected by a communication network

4 Identity Information Cryptographic key Unsigned credentials Signed credentials Hypride credentials

5 User credentials High-Level Low-Level

6 Identity Trust Domain Presistent Mobile Shared

7 Do we need to transfer Identity informations?

8 Call For a Solution 1.Maintain data conf. 2.Maintain data intg. 3.Perform in a controlled manner 4.Prevent the policies corruption 5.Ensure the solution’s accountability and compliance with policy

9 Key Approches Policy-based encryptions Tamper-resistant hardware during the migration Use a third parties to provide a basis for trust, accountability and policy checking Audited access to data, based on stated policy

10

11 Terms Security Policy – A statement of what is,and what is not, allowed Security Michanism – Methodes used to enforce the policy Threat – A potential violation of security Confidentiality: Keeping data and resources hidden Integrity: Preventing unauthorized modification

12 Encryptions Most computer encryption systems belong in one of two categories: – Symmetric-key encryption – Public-key encryption

13 Control Access

14 Back to the main topic …

15 TCG Not-for-profit organization formed to – Develop – Define – and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices.

16 TPM Trusted Platform Module Low-Cost TPMs are becoming commodities in business computing devices, laptops and desktops Act as a root of trust Used mainly to protect keys and other platform secrets and to exe cryptography operations

17 But … TCG specifications are based on a monolithic platform TPM is bounded to that platform Requires the platform owner to explicitly authorize credential migration to specific destination platform

18 Additional requirement is needed !!

19 A Policy-Driven Migration Providing a mechanism to migrated user- credentials associated with policy that govern there use, security, accountability and privicy during the migration Adding a Trusted Third Party (TTP) – Address the problem of not knowing the dest. in advance

20 Credential-Managment System (CMS) Security mechanism Running in local platform to protect credential Define how to migtrate data Also, adding a trusted HW for encryption And adding the policy mech. to ensure that the target meet the required policy to receive data and key

21 The Root of Trust CMS TPM

22 Policy Remotely verify the software state and identify the target platform as belonging to a known partner Migrate only within a given set of platforms Check for stated purposes for which data will be used in the new system TTP will be used as an interpreter for the policy

23 Putting things together.. We can relay on TCG protocols to migrate low-level user-credentials TPM act as a local credential and as a source for used authenticate TTP will be working as trusted authority and used to generate IBE decryption keys, the same entity as CMS

24 Example …

25 Summary What does it mean? Identity Information Identity Trust Domain Security Analysis Security Requirement A suggestive solution

26 In Conclusion

27

Download ppt "Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Using the CC2420 with AES Support

Using the CC2420 with AES Support
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google