Presentation is loading. Please wait.

Presentation is loading. Please wait.

153 Brooks Road, Rome, NY | 315.336.3306 | 153 Brooks Road, Rome, NY | 315.336.3306 |

Published byThomasina Booker Modified over 9 years ago

Similar presentations

Presentation on theme: "153 Brooks Road, Rome, NY | 315.336.3306 | 153 Brooks Road, Rome, NY | 315.336.3306 |"— Presentation transcript:

1 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Enterprise Data Protection Against Exfiltration Dave ClimekAFRL Program Manager Sal PaladinoAIS Program Manager Rick Gloo AIS Principal Investigator Dan Kalil AIS Commercialization Lead Trent BrunsonTechnical Lead Dave ClimekAFRL Program Manager Sal PaladinoAIS Program Manager Rick Gloo AIS Principal Investigator Dan Kalil AIS Commercialization Lead Trent BrunsonTechnical Lead Localized Encryption Groups Phase II SBIR Localized Encryption Groups Phase II SBIR Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

2 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com The necessity for increased information sharing across organizations complicates the methods required to detect and prevent the exfiltration of sensitive data. The problem of detecting and preventing all possible data exfiltration paths has become nearly insurmountable with the changing landscape in data file formats, network protocols, and data sharing technologies.  Current approaches are limited by: File Locker Files are only safe while stored in the secure folder, not if data is stored elsewhere on HD or portable media or during data transfer. DoD Encryption Wizard and Microsoft Encrypting File System Manual process that interferes with user workflow. Does not protect files in transit. File Vault Data protect while computer is logged out or shut down. Localized Encryption Groups Problem Statement and Current Tech Localized Encryption Groups Problem Statement and Current Tech Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

3 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Objective Create automated encryption service that never leaves data at rest or in transit in cleartext. Approach the data exfiltration problem on a per-file basis at the origin of creation and provide per-file metadata to track the data files. Perform all cryptography and policy enforcement behind the scenes and not interfere with user productivity. Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

4 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com LEG Architecture  Monitors the file system for reads and writes.  Handles encrypted/decrypted traffic between application and LEG Enterprise component  Communicates to LEG Enterprise processes that can read/write  Maintains a whitelist of applications  Handles cryptographic operations  Checks whitelisted processes from kernel driver  Builds header  Creates cryptographic keys from user certificates  Handles communication between Enterprise systems Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

5 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com LEG File Diagram  Users in the header will be searchable via public keys  Each block of the header has a length and type ◦Length: length of the block ◦Type: Public key or Symmetric key Current header implementation File Content User N’s encrypted symmetric keyUser N’s public keyUser 1’s encrypted symmetric keyUser 1’s public keyLEG header ID, version, and length Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

6 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Additional Developments CAC Capabilities LEG extracts: –CHUID: User and agency identification –x509 Certificates for encryption purposes Will be able to decrypt data with stored private keys Can hold up to 20 retired private keys Clipboard Restrictions LEG notified when user updates clipboard LEG receives name/dir. of active application Global hooks to be implemented to handle paste/print actions Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

7 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com LEG Demo  The application queries active directory for the LEG certificate.  Authorized LEG users are given access to the certificate, unauthorized users are not.  A random symmetric key is generated to encrypt the file.  The certificate is used to encrypt and decrypt the symmetric key.  The symmetric key is encrypted and stored in the header for later decryption. Certificates for encryption and decryption Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

8 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com LEG Driver Demo All file types default to “Out-of-Policy” “In-Policy” Files have an Application Whitelist and Graylist –Programs opening “In-Policy” Files are implicit deny –A whitelisted application may encrypt/decrypt the file –A graylisted application may move the “raw” file Explorer.exe should be universally graylisted –Responsible for moving, copying, zipping and accessing files In-Policy File TypeWhitelisted AppsGraylisted Apps *.txtNotepadExplorer, Internet Explorer *.rtfWord, WordpadExplorer, Firefox *.sd0NotepadExplorer, Internet Explorer *.sd1NotepadExplorer, Internet Explorer Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

9 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Commercialization Activities  LEG is being developed to run on Microsoft® Windows operating systems, supporting enterprise systems in both government and industry  Integration with existing applications may reduce time to market and ensure LEG’s diverse availability within multiple markets ◦Considering integration with McAfee Host Based Security System (HBSS) and the McAfee Vendor Alliance ◦Exploring partnership with Wetstone Technologies to leverage relationships with industry leading security providers Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

10 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Questions Thank You Approved for Public Release; Distribution Unlimited: 88ABW-2013-3505, 7 AUG 2013

Download ppt "153 Brooks Road, Rome, NY | 315.336.3306 | 153 Brooks Road, Rome, NY | 315.336.3306 |"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Secure Socket Layer.

Secure Socket Layer.
System Center Configuration Manager Push Software By, Teresa Behm.

System Center Configuration Manager Push Software By, Teresa Behm.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

Similar presentations

Ads by Google