SlideShare una empresa de Scribd logo

READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS

Gregory McNulty
Gregory McNulty

Cryptography is a fundamental building block of secure system design that security architects use as part of a layered approach to keep information private, and protect systems against fake communications. Potential attacks against networks and systems can be achieved by subverting communications and introducing havoc using specially constructed false messages. These types of attacks are safeguarded against when using proper modern cryptography to check the authenticity of messages and guard their privacy.

Tecnología
1 de 9
Descargar para leer sin conexión
1 CRYPTOGRAPHIC AGILITY: FUTURE PROOFING TODAY’S SECURE SYSTEMS Cryptography is a fundamental building block of secure system design that security architects use as part of a layered approach to keep information private, and protect systems against fake communications. Potential attacks against networks and systems can be achieved by subverting communications and introducing havoc using specially constructed false messages. These types of attacks are safeguarded against when using proper modern cryptography to check the authenticity of messages and guard their privacy. Commercial systems that use encryption methods typically use only a handful of cryptographic algorithms that are well studied by mathematicians who are responsible for designing the ciphers and trying to break them. Outside of mathematics, cipher design is often viewed as a black art, and it is difficult to discern the security merits of one algorithm from the next in an objective way. Security designers therefore rely on a very small number of standards groups and governments to specify cryptographic algorithms and the resulting standards tend to be rigid and long lived. A unique challenge of encryption standards is having to deal with future proofing their effectiveness over time. While other types of technology standards tend to become outdated as new and better technology takes its place, in the case of cryptography, the mathematics becomes less secure over time by the virtue of researchers and cryptanalysts who are constantly discovering new mathematical methods to solve problems faster, the types of problems on which cryptography derives its security, and effectively breaking the cryptographic methods. In other words, cryptography becomes weaker over time because mathematicians learn to be smarter. This highlights a recurring problem in the security field in that security breaches occur very often and need to be addressed over time. Security designers take a layered approach in dealing with the high likelihood of a future breach and include safeguards, mechanisms and controls to recover and repair the security posture of a system once a break has occurred. For instance, many systems have a secure bootstrap mechanism that uses cryptographic keys stored in hardware to authenticate new software that is installed into the system. In the event that a system is compromised, a new and preferably fixed version of the system software can be installed to recover the overall system security. Using cryptography permits these types of upgradable systems to be fixed when a security hole is discovered. But what happens to a system if the cryptography primitive is the broken component that needs to be upgraded? Even the strongest modern cryptographic algorithms are not designed to be unbreakable. Instead they are de- signed to balance effectively strong security with convenience and manageability.
2 As a counter example, the cipher that is best known to be resilient to breaking is called the one- time-pad, which is very strong, and also extremely difficult to use. One-time-pad requires keys that are as long as the message attempting to be sent, making the scheme completely impractical for modern encrypted communications. Modern ciphers are designed to strike a balance between convenience and security. Once a cipher has been well studied and accepted by the cryptographic community, it can be proposed for use in cryptographic and protocol standards where the algorithm’s parameters are narrowed and documented. At this point, the standard will de ne the security levels by specifying the required minimum key sizes to be used during encryption operations. Standards will also anticipate that security levels of ciphers will diminish over time, and so key sizes are specified that allow for programmers and product vendors to tune the security level of the cipher higher as computational and cryptanalytic methods improve over time. Higher level security standards, for instance protocol standards like TLS, will also build in support for a number of ciphers which can be used optionally or interchangeably. However, in order to control the number of permutations by designers that implement the standard, algorithm support still tends to be rigid in the sense that deviating from the handful of specialized algorithms and key sizes is either difficult or impossible. As standards proliferate and gain acceptance, application software and vendor products adopt the protocol standard and often narrow the cryptographic options even further in order to limit implementation complexity, and reduce time-to-market as well as support and maintenance headaches. In effect, this creates a value chain where cryptography standards are adopted by higher level protocol standards for integration into application software and devices. Product vendors tend to further narrow cryptographic options during their development cycle in order to limit complexity. In the short term, limited complexity is good for security because less errors tend to be made, however, the long term security posture of end products becomes limited with respect to features that allow cryptographic ciphers and implementations to be changed over time. THE AGING ENTRENCHMENT PROBLEM Cryptographic algorithms have a shelf life, they do not maintain their security level over time, instead they get weaker as time passes. Contrast this with the tendency for important secure systems to become more rigid and entrenched over time. For instance, financial industry payment systems are well known for implementing two-factor authentication schemes, like chip and pin payment cards, however, once implemented and deployed to tens of thousands of customers it becomes extremely difficult to change the cards which could be in a customer’s hands for five years or longer. Similarly, in the Industrial Internet of Things use case, where an autonomous sensor could be installed in a remote location and expected to operate with secure communications over a period of 10+ years. While a single device might be easy to retrieve and replace, it is much harder to upgrade thousands of devices spread over a large geographic area.
3 These types of long lived and highly distributed secure devices will often outlive the usefulness of the cryptography that is built into them, and for security purposes will need to be replaced or upgraded. Security architects often use protocol standards to justify their cryptography choices, because choices are limited. Designers should be choosing ciphers that are robust enough for the lifecycle of their long lived applications and systems, or implement a design that can accommodate future security updates to protocols and cryptography as they age. THE TRUSTED ORIGINATOR PROBLEM Cryptography and security protocol standards are created by national and international standards bodies, however, they are sometimes perceived to be influenced by governments. Some governments are wary of foreign influence on the security found in commercial international standards, and for certain use cases, a wary government might mandate the use of a custom cryptographic algorithm for domestic use. Often this may involve starting with a well-known standards based algorithm and making parameter changes, or making slight alterations to the structure of the cipher. Regardless, the new resulting custom algorithm is much like a new language in that it is not compatible with broad-based standard ciphers. CHALLENGES OF NEW ENCRYPTION New cipher introduction creates a number of challenges for many types of businesses that rely on cryptography for privacy and authentication. Government/industry regulators that do not trust standards based cryptography may have a desire to mandate ciphers that were created domestically in order to avoid foreign influence and potential back-doors. However, industry still needs commercial security tools and products in order for the regulated companies to adopt and use the new ciphers in networks and systems. If commercial off the shelf technology products do not support the custom ciphers, then companies need to augment products with long and expensive custom development projects. Governments tend to be the first to define and use custom ciphers, and they rely on government integrators to add the custom ciphers to information security systems. This is often done for the purposes of national security related projects where secrecy is of the utmost importance and requires that the custom ciphers remain a guarded secret that is only known to cleared national citizens. In this case, the dilemma is how to separate product procurement from state secret cipher integration? Products are typically imported and stringently evaluated against security criteria. If custom secret ciphers need to be integrated into the product, special care must be taken to ensure that foreign nationals supplying security products are not privy to the implementation details of the custom secret ciphers. Software and hardware product vendors are also at a disadvantage when multiple customers request slightly different variants of their products to support their custom cryptographic needs. Product variants can cause product inventory headaches and complicate ongoing support and maintenance of products over the long term, adding additional expenses to the bottom line. IMPLEMENTING CRYPTOGRAPHIC AGILITY
4 Cryptographic Agility is a design technique for allowing products, systems and protocols to replace the cryptographic implementations over time. This can be accomplished in a variety of ways, but like any other system, security systems are built using a variety of sub-components working together, and all sub-components in the system need to be crypto agile. Many low level security protocols have cryptographic agility built in, for instance, the popular web security proto- col TLS/SSL allows for cipher suites to be changed, and X.509 digital certificates can support new cryptographic algorithms. If a system needs to simply be “future proofed” to allow new cryptography to be substituted at some time in the future, then there are many solid security framework choices that product makers and system designers can use to ensure cryptographic agility using manual reconfiguration. Although manual reconfiguration is often not practical in today’s communication systems. Much more sophistication and care is required when dealing with cryptographic reconfiguration in an automated fashion. For instance, in cases like payment card systems or Internet of Things, there is typically a very large deployment of autonomous end-points, and visiting each device to reconfigure cryptographic subsystems in a secure way is very impractical. AUTOMATED CRYPTOGRAPHIC CONFIGURATION AND MANAGEMENT InfoSec Global’s Globus Multi-Crypto is an example of a platform security system that is designed to automate the distribution and management of custom cryptographic implementations across a diverse set of remote software and devices. The product consists of a cryptographic toolkit that is built into end points, and a management server infrastructure that remotely deploys and sets policy for cryptography usage. On the end- point products, the toolkit includes a software agent that can receive, authenticate and securely store custom cipher implementations. The toolkit is also responsible for dynamically linking cryptographic code into applications at runtime, in accordance with cryptographic policies that are provided remotely by the cryptographic management service. In the case of the Aging Entrenchment Problem, a solution like Globus Multi-Crypto allows large scale deployments of devices that are geographically spread out to stay current with industry security requirements that change over time in systems that are intended to be long lived. These long lived systems tend to become more expensive to support over time, if such a system is intended to last 15+ years, crypto that is current today tends to become antiquated within 5-10 years, Globus Multi-Crypto introduces managed cryptographic agility into long lived applications to keep their security posture strong over time. In the case of the Trusted Originator problem, a solution like Globus Multi-Crypto allows large scale solutions to be developed and tested using standards based cryptography, and subsequently permit customers with their own secret cryptography, to reconfigure the final system with their own ciphers, after the system has been deployed on their own home soil. This permits non- nationals to develop secure systems without the need for them to be privy to the internal national secrets of their customers.
5 Globus Crypto, Network Protection and Cyber Assurance products and services are designed to meet cyber security needs today and in to the future. Globus solutions meet the demands of highly complex regulatory requirements for government and enterprise. The InfoSec Global Agile Crypto Platform STRICTLY CONFIDENTIAL 1 C & JAVA programming languages PKCS11 & OpenSSL API support Cryptography GLOBUS CRYPTO Operating systems Applications Standards-Based: AES, ECDSA, ECDH, SHA-2 Platform Optimized Custom Crypto: Country Specific, Proprietary Algorithms Efficient and localized cryptography for software applications & embedded devices. GLOBUS CRYPTO Efficient and Localized Cryptography 11/11/16
6 STRICTLY CONFIDENTIAL 5 The GLOBUS CRYPTO™ Security Platform provides a solid basis to implement application security. • Uses the strongest encryption methodology and security mechanisms. • Protects application data using popular standards or sovereign algorithms. • Fully portable and quickly integrated. • Advanced cryptographic engine optimized for common platforms such as Windows, Android, iOS, and Linux. DEFINING THE SECURITY ENGINE State of the Art Encrypted Protection 11/11/16 STRICTLY CONFIDENTIAL 6 C-Based Multiple Context Support Thread-safe Change Underlying Crypto without changing Application Code Symmetric Key Encryption • Set Mode • Encrypt/Decrypt • Key Import/Gen • Public Key • Set Parameters • Key Pair Import/Gen • Key Establishment GLOBUS SECURITY PLATFORM Abstract Crypto API’s HMAC • Keyed authentication codes/Hash Applications can control the underlying cryptography. • Dual Implementations • Dynamically change algorithms • Change cryptography in fielded product 11/11/16
7 STRICTLY CONFIDENTIAL 7 Algorithm Implementation auto-selection Hardware Cryptographic Acceleration AES-NI Support 32-bit, 64-bit optimizations when available GLOBUS SECURITY PLATFORM Automatically Use Hardware Optimizations 11/11/16 STRICTLY CONFIDENTIAL 8 Side channels leak information about cryptographic keys Countermeasures include special, unique methods for performing math Mask information about the key to a watching adversary GLOBUS SECURITY PLATFORM Countermeasures for Side Channel Attacks 11/11/16
8 STRICTLY CONFIDENTIAL 9 Stores crypto provider implementations securely Prevents theft of crypto provider implementations Enforces usage rights of crypto providers under license GLOBUS SECURITY PLATFORM Secure Storage and Management of Ciphers 11/11/16 STRICTLY CONFIDENTIAL 10 Providers can be linked into fielded product. NIST standards based crypto (SuiteB) Custom 3rd party cryptography support Cipher suite selected by ISG cryptographic advisory board Interfaces to crypto provided by Hardware Security Modules (PKCS11) FIPS140 validated cipher implementations (FIPS140) GLOBUS SECURITY PLATFORM Crypto Plugin Providers for Any Security Use Case 11/11/16
READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS

Recomendados

Watchguard short introduction
Watchguard short introductionWatchguard short introduction
Watchguard short introductionJimmy Saigon
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationKaveh Khosravi
 
VMworld 2014: The Goldilocks Zone
VMworld 2014: The Goldilocks ZoneVMworld 2014: The Goldilocks Zone
VMworld 2014: The Goldilocks ZoneVMworld
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...Amazon Web Services
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DeviceWireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DevicePriyanka Aash
 

Recomendados

Watchguard short introduction
Watchguard short introductionWatchguard short introduction
Watchguard short introductionJimmy Saigon
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationKaveh Khosravi
 
VMworld 2014: The Goldilocks Zone
VMworld 2014: The Goldilocks ZoneVMworld 2014: The Goldilocks Zone
VMworld 2014: The Goldilocks ZoneVMworld
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0Shah Sheikh
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...Amazon Web Services
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DeviceWireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DevicePriyanka Aash
 
Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudCloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudTom Janetscheck
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)TI Safe
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityRobert Herjavec
 
A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...finalsemprojects
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanAsad Zaman
 
Security technology
Security technologySecurity technology
Security technologyPraveen Kumar V
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)CloudMask inc.
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident ResponseEC-Council
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementSatya Harish
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsPriyanka Aash
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
Taller
TallerTaller
TallerDeivi Fernando Ladino Camargo
 
El estres ocupacional
El estres ocupacionalEl estres ocupacional
El estres ocupacionalELBA VELAZQUEZ
 

Más contenido relacionado

La actualidad más candente

Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudCloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudTom Janetscheck
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)TI Safe
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityRobert Herjavec
 
A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...finalsemprojects
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanAsad Zaman
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)CloudMask inc.
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident ResponseEC-Council
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementSatya Harish
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsPriyanka Aash
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 

La actualidad más candente (20)

Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudCloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
 
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
 
A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
 
Security technology
Security technologySecurity technology
Security technology
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event Management
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 

Destacado

Autoevaluación Institucional - una mirada desde la innovación educativa
Autoevaluación Institucional - una mirada desde la innovación educativaAutoevaluación Institucional - una mirada desde la innovación educativa
Autoevaluación Institucional - una mirada desde la innovación educativaDeivi Fernando Ladino Camargo
 
Knowledge to Business
Knowledge to BusinessKnowledge to Business
Knowledge to BusinessK2B
 
2010-01-21 LLAVE 52 ,CASTELLANO - TRON :LA OFRENDA DEL FENIX
2010-01-21 LLAVE 52 ,CASTELLANO - TRON :LA OFRENDA DEL FENIX2010-01-21 LLAVE 52 ,CASTELLANO - TRON :LA OFRENDA DEL FENIX
2010-01-21 LLAVE 52 ,CASTELLANO - TRON :LA OFRENDA DEL FENIXDominique TRON
 
Algoritmo - jlaya
Algoritmo - jlayaAlgoritmo - jlaya
Algoritmo - jlayajuanlaya
 
La seguridad en el lugar de empleo
La seguridad en el lugar de empleoLa seguridad en el lugar de empleo
La seguridad en el lugar de empleoELBA VELAZQUEZ
 
Copia De Presentaciondediapositivas
Copia De PresentaciondediapositivasCopia De Presentaciondediapositivas
Copia De Presentaciondediapositivasmaryories
 

Destacado (15)

Taller
TallerTaller
Taller
 
El estres ocupacional
El estres ocupacionalEl estres ocupacional
El estres ocupacional
 
Autoevaluación Institucional - una mirada desde la innovación educativa
Autoevaluación Institucional - una mirada desde la innovación educativaAutoevaluación Institucional - una mirada desde la innovación educativa
Autoevaluación Institucional - una mirada desde la innovación educativa
 
Knowledge to Business
Knowledge to BusinessKnowledge to Business
Knowledge to Business
 
Situació
SituacióSituació
Situació
 
2010-01-21 LLAVE 52 ,CASTELLANO - TRON :LA OFRENDA DEL FENIX
2010-01-21 LLAVE 52 ,CASTELLANO - TRON :LA OFRENDA DEL FENIX2010-01-21 LLAVE 52 ,CASTELLANO - TRON :LA OFRENDA DEL FENIX
2010-01-21 LLAVE 52 ,CASTELLANO - TRON :LA OFRENDA DEL FENIX
 
Biblia3395
Biblia3395Biblia3395
Biblia3395
 
Algoritmo - jlaya
Algoritmo - jlayaAlgoritmo - jlaya
Algoritmo - jlaya
 
Mava montaje
Mava montajeMava montaje
Mava montaje
 
Modelos de stabilidad
Modelos de stabilidadModelos de stabilidad
Modelos de stabilidad
 
La seguridad en el lugar de empleo
La seguridad en el lugar de empleoLa seguridad en el lugar de empleo
La seguridad en el lugar de empleo
 
Redes Wi-FI
Redes Wi-FIRedes Wi-FI
Redes Wi-FI
 
2017 Massage Therapy Resume
2017 Massage Therapy Resume2017 Massage Therapy Resume
2017 Massage Therapy Resume
 
Copia De Presentaciondediapositivas
Copia De PresentaciondediapositivasCopia De Presentaciondediapositivas
Copia De Presentaciondediapositivas
 
Presentacion Comgente
Presentacion ComgentePresentacion Comgente
Presentacion Comgente
 

Similar a READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS

7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docxblondellchancy
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448IJRAT
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET Journal
 
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET Journal
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET Journal
 
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...IRJET Journal
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sLinaCovington707
 
Importance of Secure Coding with it’s Best Practices
Importance of Secure Coding with it’s Best PracticesImportance of Secure Coding with it’s Best Practices
Importance of Secure Coding with it’s Best PracticesElanusTechnologies
 
Cloud computing tp ny
Cloud computing tp nyCloud computing tp ny
Cloud computing tp nyprekubatortto
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexera
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET Journal
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADAcsandit
 
CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)Michael DeLaGarza
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldIdentive
 

Similar a READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS (20)

Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
7222019 TestOut LabSimhttpscdn.testout.comclient-v5-.docx
 
Paper id 27201448
Paper id 27201448Paper id 27201448
Paper id 27201448
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
 
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure Authentication
 
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...
IRJET- An Implementation of Secured Data Integrity Technique for Cloud Storag...
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
 
Importance of Secure Coding with it’s Best Practices
Importance of Secure Coding with it’s Best PracticesImportance of Secure Coding with it’s Best Practices
Importance of Secure Coding with it’s Best Practices
 
Prepare For Post-Quantum Cryptography
Prepare For Post-Quantum CryptographyPrepare For Post-Quantum Cryptography
Prepare For Post-Quantum Cryptography
 
Cloud computing tp ny
Cloud computing tp nyCloud computing tp ny
Cloud computing tp ny
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
FlexNet Publisher Licensing Security
FlexNet Publisher Licensing SecurityFlexNet Publisher Licensing Security
FlexNet Publisher Licensing Security
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
 
CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)
 
1784 1788
1784 17881784 1788
1784 1788
 
1784 1788
1784 17881784 1788
1784 1788
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 

Último

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Último (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

READ ON HOW TO FUTURE PROOFING TODAY’S SECURE SYSTEMS

  • 1. 1 CRYPTOGRAPHIC AGILITY: FUTURE PROOFING TODAY’S SECURE SYSTEMS Cryptography is a fundamental building block of secure system design that security architects use as part of a layered approach to keep information private, and protect systems against fake communications. Potential attacks against networks and systems can be achieved by subverting communications and introducing havoc using specially constructed false messages. These types of attacks are safeguarded against when using proper modern cryptography to check the authenticity of messages and guard their privacy. Commercial systems that use encryption methods typically use only a handful of cryptographic algorithms that are well studied by mathematicians who are responsible for designing the ciphers and trying to break them. Outside of mathematics, cipher design is often viewed as a black art, and it is difficult to discern the security merits of one algorithm from the next in an objective way. Security designers therefore rely on a very small number of standards groups and governments to specify cryptographic algorithms and the resulting standards tend to be rigid and long lived. A unique challenge of encryption standards is having to deal with future proofing their effectiveness over time. While other types of technology standards tend to become outdated as new and better technology takes its place, in the case of cryptography, the mathematics becomes less secure over time by the virtue of researchers and cryptanalysts who are constantly discovering new mathematical methods to solve problems faster, the types of problems on which cryptography derives its security, and effectively breaking the cryptographic methods. In other words, cryptography becomes weaker over time because mathematicians learn to be smarter. This highlights a recurring problem in the security field in that security breaches occur very often and need to be addressed over time. Security designers take a layered approach in dealing with the high likelihood of a future breach and include safeguards, mechanisms and controls to recover and repair the security posture of a system once a break has occurred. For instance, many systems have a secure bootstrap mechanism that uses cryptographic keys stored in hardware to authenticate new software that is installed into the system. In the event that a system is compromised, a new and preferably fixed version of the system software can be installed to recover the overall system security. Using cryptography permits these types of upgradable systems to be fixed when a security hole is discovered. But what happens to a system if the cryptography primitive is the broken component that needs to be upgraded? Even the strongest modern cryptographic algorithms are not designed to be unbreakable. Instead they are de- signed to balance effectively strong security with convenience and manageability.
  • 2. 2 As a counter example, the cipher that is best known to be resilient to breaking is called the one- time-pad, which is very strong, and also extremely difficult to use. One-time-pad requires keys that are as long as the message attempting to be sent, making the scheme completely impractical for modern encrypted communications. Modern ciphers are designed to strike a balance between convenience and security. Once a cipher has been well studied and accepted by the cryptographic community, it can be proposed for use in cryptographic and protocol standards where the algorithm’s parameters are narrowed and documented. At this point, the standard will de ne the security levels by specifying the required minimum key sizes to be used during encryption operations. Standards will also anticipate that security levels of ciphers will diminish over time, and so key sizes are specified that allow for programmers and product vendors to tune the security level of the cipher higher as computational and cryptanalytic methods improve over time. Higher level security standards, for instance protocol standards like TLS, will also build in support for a number of ciphers which can be used optionally or interchangeably. However, in order to control the number of permutations by designers that implement the standard, algorithm support still tends to be rigid in the sense that deviating from the handful of specialized algorithms and key sizes is either difficult or impossible. As standards proliferate and gain acceptance, application software and vendor products adopt the protocol standard and often narrow the cryptographic options even further in order to limit implementation complexity, and reduce time-to-market as well as support and maintenance headaches. In effect, this creates a value chain where cryptography standards are adopted by higher level protocol standards for integration into application software and devices. Product vendors tend to further narrow cryptographic options during their development cycle in order to limit complexity. In the short term, limited complexity is good for security because less errors tend to be made, however, the long term security posture of end products becomes limited with respect to features that allow cryptographic ciphers and implementations to be changed over time. THE AGING ENTRENCHMENT PROBLEM Cryptographic algorithms have a shelf life, they do not maintain their security level over time, instead they get weaker as time passes. Contrast this with the tendency for important secure systems to become more rigid and entrenched over time. For instance, financial industry payment systems are well known for implementing two-factor authentication schemes, like chip and pin payment cards, however, once implemented and deployed to tens of thousands of customers it becomes extremely difficult to change the cards which could be in a customer’s hands for five years or longer. Similarly, in the Industrial Internet of Things use case, where an autonomous sensor could be installed in a remote location and expected to operate with secure communications over a period of 10+ years. While a single device might be easy to retrieve and replace, it is much harder to upgrade thousands of devices spread over a large geographic area.
  • 3. 3 These types of long lived and highly distributed secure devices will often outlive the usefulness of the cryptography that is built into them, and for security purposes will need to be replaced or upgraded. Security architects often use protocol standards to justify their cryptography choices, because choices are limited. Designers should be choosing ciphers that are robust enough for the lifecycle of their long lived applications and systems, or implement a design that can accommodate future security updates to protocols and cryptography as they age. THE TRUSTED ORIGINATOR PROBLEM Cryptography and security protocol standards are created by national and international standards bodies, however, they are sometimes perceived to be influenced by governments. Some governments are wary of foreign influence on the security found in commercial international standards, and for certain use cases, a wary government might mandate the use of a custom cryptographic algorithm for domestic use. Often this may involve starting with a well-known standards based algorithm and making parameter changes, or making slight alterations to the structure of the cipher. Regardless, the new resulting custom algorithm is much like a new language in that it is not compatible with broad-based standard ciphers. CHALLENGES OF NEW ENCRYPTION New cipher introduction creates a number of challenges for many types of businesses that rely on cryptography for privacy and authentication. Government/industry regulators that do not trust standards based cryptography may have a desire to mandate ciphers that were created domestically in order to avoid foreign influence and potential back-doors. However, industry still needs commercial security tools and products in order for the regulated companies to adopt and use the new ciphers in networks and systems. If commercial off the shelf technology products do not support the custom ciphers, then companies need to augment products with long and expensive custom development projects. Governments tend to be the first to define and use custom ciphers, and they rely on government integrators to add the custom ciphers to information security systems. This is often done for the purposes of national security related projects where secrecy is of the utmost importance and requires that the custom ciphers remain a guarded secret that is only known to cleared national citizens. In this case, the dilemma is how to separate product procurement from state secret cipher integration? Products are typically imported and stringently evaluated against security criteria. If custom secret ciphers need to be integrated into the product, special care must be taken to ensure that foreign nationals supplying security products are not privy to the implementation details of the custom secret ciphers. Software and hardware product vendors are also at a disadvantage when multiple customers request slightly different variants of their products to support their custom cryptographic needs. Product variants can cause product inventory headaches and complicate ongoing support and maintenance of products over the long term, adding additional expenses to the bottom line. IMPLEMENTING CRYPTOGRAPHIC AGILITY
  • 4. 4 Cryptographic Agility is a design technique for allowing products, systems and protocols to replace the cryptographic implementations over time. This can be accomplished in a variety of ways, but like any other system, security systems are built using a variety of sub-components working together, and all sub-components in the system need to be crypto agile. Many low level security protocols have cryptographic agility built in, for instance, the popular web security proto- col TLS/SSL allows for cipher suites to be changed, and X.509 digital certificates can support new cryptographic algorithms. If a system needs to simply be “future proofed” to allow new cryptography to be substituted at some time in the future, then there are many solid security framework choices that product makers and system designers can use to ensure cryptographic agility using manual reconfiguration. Although manual reconfiguration is often not practical in today’s communication systems. Much more sophistication and care is required when dealing with cryptographic reconfiguration in an automated fashion. For instance, in cases like payment card systems or Internet of Things, there is typically a very large deployment of autonomous end-points, and visiting each device to reconfigure cryptographic subsystems in a secure way is very impractical. AUTOMATED CRYPTOGRAPHIC CONFIGURATION AND MANAGEMENT InfoSec Global’s Globus Multi-Crypto is an example of a platform security system that is designed to automate the distribution and management of custom cryptographic implementations across a diverse set of remote software and devices. The product consists of a cryptographic toolkit that is built into end points, and a management server infrastructure that remotely deploys and sets policy for cryptography usage. On the end- point products, the toolkit includes a software agent that can receive, authenticate and securely store custom cipher implementations. The toolkit is also responsible for dynamically linking cryptographic code into applications at runtime, in accordance with cryptographic policies that are provided remotely by the cryptographic management service. In the case of the Aging Entrenchment Problem, a solution like Globus Multi-Crypto allows large scale deployments of devices that are geographically spread out to stay current with industry security requirements that change over time in systems that are intended to be long lived. These long lived systems tend to become more expensive to support over time, if such a system is intended to last 15+ years, crypto that is current today tends to become antiquated within 5-10 years, Globus Multi-Crypto introduces managed cryptographic agility into long lived applications to keep their security posture strong over time. In the case of the Trusted Originator problem, a solution like Globus Multi-Crypto allows large scale solutions to be developed and tested using standards based cryptography, and subsequently permit customers with their own secret cryptography, to reconfigure the final system with their own ciphers, after the system has been deployed on their own home soil. This permits non- nationals to develop secure systems without the need for them to be privy to the internal national secrets of their customers.
  • 5. 5 Globus Crypto, Network Protection and Cyber Assurance products and services are designed to meet cyber security needs today and in to the future. Globus solutions meet the demands of highly complex regulatory requirements for government and enterprise. The InfoSec Global Agile Crypto Platform STRICTLY CONFIDENTIAL 1 C & JAVA programming languages PKCS11 & OpenSSL API support Cryptography GLOBUS CRYPTO Operating systems Applications Standards-Based: AES, ECDSA, ECDH, SHA-2 Platform Optimized Custom Crypto: Country Specific, Proprietary Algorithms Efficient and localized cryptography for software applications & embedded devices. GLOBUS CRYPTO Efficient and Localized Cryptography 11/11/16
  • 6. 6 STRICTLY CONFIDENTIAL 5 The GLOBUS CRYPTO™ Security Platform provides a solid basis to implement application security. • Uses the strongest encryption methodology and security mechanisms. • Protects application data using popular standards or sovereign algorithms. • Fully portable and quickly integrated. • Advanced cryptographic engine optimized for common platforms such as Windows, Android, iOS, and Linux. DEFINING THE SECURITY ENGINE State of the Art Encrypted Protection 11/11/16 STRICTLY CONFIDENTIAL 6 C-Based Multiple Context Support Thread-safe Change Underlying Crypto without changing Application Code Symmetric Key Encryption • Set Mode • Encrypt/Decrypt • Key Import/Gen • Public Key • Set Parameters • Key Pair Import/Gen • Key Establishment GLOBUS SECURITY PLATFORM Abstract Crypto API’s HMAC • Keyed authentication codes/Hash Applications can control the underlying cryptography. • Dual Implementations • Dynamically change algorithms • Change cryptography in fielded product 11/11/16
  • 7. 7 STRICTLY CONFIDENTIAL 7 Algorithm Implementation auto-selection Hardware Cryptographic Acceleration AES-NI Support 32-bit, 64-bit optimizations when available GLOBUS SECURITY PLATFORM Automatically Use Hardware Optimizations 11/11/16 STRICTLY CONFIDENTIAL 8 Side channels leak information about cryptographic keys Countermeasures include special, unique methods for performing math Mask information about the key to a watching adversary GLOBUS SECURITY PLATFORM Countermeasures for Side Channel Attacks 11/11/16
  • 8. 8 STRICTLY CONFIDENTIAL 9 Stores crypto provider implementations securely Prevents theft of crypto provider implementations Enforces usage rights of crypto providers under license GLOBUS SECURITY PLATFORM Secure Storage and Management of Ciphers 11/11/16 STRICTLY CONFIDENTIAL 10 Providers can be linked into fielded product. NIST standards based crypto (SuiteB) Custom 3rd party cryptography support Cipher suite selected by ISG cryptographic advisory board Interfaces to crypto provided by Hardware Security Modules (PKCS11) FIPS140 validated cipher implementations (FIPS140) GLOBUS SECURITY PLATFORM Crypto Plugin Providers for Any Security Use Case 11/11/16