• PDF / 830,056 Bytes
• 29 Pages / 439.37 x 666.142 pts Page_size
• 92 Downloads / 227 Views

DOWNLOAD

REPORT

The CONVERGENCE Security Infrastructure Thomas Huebner, Andreas Kohlos, Amit Shrestha and Carsten Rust

Abstract This chapter describes the Convergence security infrastructure. The core component for Convergence Security (CoSec) has a distributed architecture. It encompasses subcomponents on different computing platforms such as client computers and smart cards, application servers and peers. An essential feature of Co-Sec is the use of smart cards as a secure token. This Convergence token provides sensitive security functions on a tamper-resistant device. The chapter first introduces the concepts and the architecture of the security infrastructure. Based on a description of the basic cryptographic primitives, as well as of the advanced cryptographic schemes applied by the project, we describe the high-level security functions provided for the Convergence middleware and network layer.

6.1 Introduction In the architectural design of Convergence, CoSec is the component in the Computing Platform level responsible for handling cryptographic protocols and other security-related tasks. CoSec has a distributed architecture encompassing several independent and possibly distant components with each component comprising software as well as hardware. In the application flow of security protocols, these components interact with each other. As a consequence, their APIs can be quite complex. CoSec offers security support mainly to CoMid, the middleware layer of Convergence. It provides for instance encryption of content, authentication of users, signing of VDIs etc. It offers also similar support to CoNet, e.g. high-level functions for utilizing a hybrid encryption scheme in distributing media content T. Huebner  A. Kohlos  A. Shrestha  C. Rust (&) Morpho Cards, Paderborn, Germany e-mail: [email protected]

F. Almeida et al. (eds.), Enhancing the Internet with the CONVERGENCE System, Signals and Communication Technology, DOI: 10.1007/978-1-4471-5373-3_6,  Springer-Verlag London 2014

135

136

T. Huebner et al.

over an Information-centric network. In CoMid, the security services implemented by CoSec are provided to all CoMid engines through the Security TE. The Security TE on the one hand exposes high level functions as described in the previous paragraph, thereby allowing for abstraction from the CoSec cryptographic functionality (such as key-generation, random-number generation). On the other hand, these low-level functions are also included in the MPEG API for the Security TE, so that they are accessible for higher level engines and applications. The cryptographic operations of CoSec must be executed in a trustworthy environment. In theory, we could assume that the entire network is safe, and that registered devices (laptops, PCs, etc.), once checked, will remain secure devices and can be trusted. In reality, however, networks can be anything but secure, and devices (even if initially correct) can be tampered with by fraudulent users, or manipulated by third parties. Many of these problems can be solved, or at le

Recommend Documents

Network Fundamentals and Infrastructure Security

149 89 9MB

Convergence of Food Security, Energy Security and Sustainable Agriculture

211 87 6MB

Towards Security of Internet Naming Infrastructure

185 81 959KB

Advanced Sciences Convergence for Defense and Security

192 37 2MB

Environmental Security of the European Cross-Border Energy Supply Infrastructure

145 63 12MB

Fighting Terror Online The Convergence of Security, Technology, and

151 32 2MB

Security Infrastructure Technology for Integrated Utilization of Big Data

152 80 7MB

Critical Infrastructure Security and Resilience Theories, Methods, T

174 30 7MB

IT Convergence and Security Proceedings of ICITCS 2020

181 84 7MB

Quantitative Information Security Vulnerability Assessment for Norwegian Critical Infrastructure

176 102 8MB

Intelligent Monitoring, Control, and Security of Critical Infrastructure Systems

183 47 11MB

Strengthening the Infrastructure

147 69 2MB