SlideShare a Scribd company logo

Whitepaper - Protecting Data in Transit

Phil Bartlett
Phil Bartlett

Layer 1 Encryption for WDM transport networks

Internet
1 of 5
Download to read offline
Page 1 PROTECTING YOUR DATA AES-256 Encryption Using the ODC2 Line Card Author: Gene Norgard – Vice President, Sorrento Networks International April 2015 INTRODUCTION The abundance of hacking and espionage in the world has created an unsecure network environment. Despite ever increasing attempts by corporations and governments to protect its data, major attacks are still common. But with the volume of critical data transfer in today’s world – from government agencies to retailers, banks and corporations – the need for secure data sharing remains critical. Sorrento Networks International has taken the steps to provide a solution for both public and private network structures, based on the most recent government standards. The Advanced Encryption Standard (AES) went into effect as a government standard on May 26, 2002. AES is the first publicly accessible and open cipher approved by the U.S. National Security Agency (NSA) for top secret information. Sorrento’s Optical Data Center (ODC2) line card provides a complete and automated solution to ensure data is transported reliably and fully secure. The main features of the ODC line card are: • Use of standard 256-bit AES algorithm based on the National Institute of Standards and Technology (NIST) FIPS 140 publication. • An additional safeguard that scrambles the shared encryption key as it is exchanged end-to-end over a public or private network. • Automatic generation of a 256-bit seed used in the encryption and decryption key generation. • Secure encryption handshaking using the recommended Diffie-Hellman key exchange. • Constant altering of the encryption key synchronously at each end of the line without data disruption. Diffie-Hellman The first step for a secure encryption process is the establishment of a shared key used by the encryption and decryption algorithm. The important aspects of this operation is that it must be extremely difficult to decode and only shared with the two designated end points. There are several recommended methods within the industry that provide a means for two parties to secretly handshake in order to negotiate a shared key over an insecure communications network. One of the earliest methods developed and now widely used is the Diffie-Hellman key exchange. The key part of the process is that a coded message is shared across the network and used to generate an identical key that is nearly impossible to reverse by another party that might be listening. Part of the Comtek Group
Page 2 The original implementation of the Diffie-Hellman protocol used the multiplicative group of integers: modulo p, where p is prime and g is a primitive root modulo p. Since there isn’t a reverse operation for modulus calculations, the security stems from the difficulty of calculating the discrete logarithms of very large numbers. In order to start the Diffie-Hellman exchange, the two parties must agree on two non-secret numbers. The first number is g, the generator, and second number is p, the modulus. These numbers can be made public and are usually chosen from a table of known values. g is usually a very small number while p is a very large prime number. Next, each party generates its own secret value. Then, based on g, p, and the secret value, each party calculates its public value. The public value is computed according to the formula: Y = gx mod p. In this formula, x is the secret value and Y is the public value. After computing the public values, the two parties exchange their public values. Each party then exponentiates the received public value with its secret value to compute a common shared secret value. When the algorithm completes, both parties have the same shared secret which they have computed from their secret value and the public value of the other party. The following explains the steps executed by the encryption algorithm (Gracie) and decryption algorithm (George). 1. Gracie and George agree to use a prime number p=23 and base g=5 (which is a primitive root modulo 23). 2. Gracie chooses a secret integer a=6, then sends George A, where A=ga mod p. For this example, A = 56 mod 23 = 8. 3. George chooses a secret integer b=15, then sends Gracie B, where B=gb mod p. For this example, B = 515 mod 23 = 19. 4. Gracie then computes e = Ba mod p, that is, e = 196 mod 23 = 2. 5. George computes e = 815 mod 23 = 2. 6. Gracie and George now share a secret encryption number e=2. I. Gracie (encryption circuit) becomes Master II. Master Node generates a prime number (p) and a base number (g) III. Gracie shares prime and base numbers with George IV. Gracie generates a 256-bit secret number (a) V. Gracie calculates A = g mod p VI. Gracie sends A to George VII. Gracie computes e = B mod p VIII.Encryption key is now generated a a I. II. III. George receives prime and base numbers from Gracie IV. George generates a 256-bit secret number (b) V. George calculates B = g mod p VI. George sends B to Gracie VII. George computes e = A mod p VIII.Encryption key is now generated b b e = B mod p = A mod pa b
Page 3 Both the encryption and decryption circuits have arrived at the same value because (ga )b and (gb )a are equal mod p. Note that only a. b, and (gab mod p = gba mod p) are kept secret. All the other values are sent in the clear. Once the secret encryption number is computed and sent, the resultant encryption key can be used for sending messages across the same open communications channel. Of course, much larger values of a, b, and p would be needed to make this example secure. However, if p is a prime number of at least 256 digits, and a and b are at least 100 digits long, the fastest modern computer could not determine a given any or all of the other variables. The previous paragraphs describe the key exchange process, but this alone is not enough to provide a secure network. It’s possible for a hacker to tap onto a communications channel with an equivalent decryption machine and override the destination node with its own. To prevent unwanted “listeners” to participate in the key exchange, further scrambling and handshaking needs to take place across the network to insure the correct endpoints are synchronized. The Sorrento ODC2 line card takes this extra step by requiring the user to enter a 32-character word that is password protected. The 32-character word will be identical at each end point and used to scramble the handshaking sequence and secret scrambling number shared between the encryption and decryption circuits. AES Encryption Process AES comprises three block ciphers, AES-128, AES-192, and AES-256. Each cipher encrypts and decrypts data blocks of 128 bits using cryptographic keys of 128-, 192-, and 256-bits, respectively. Symmetric or secret-key ciphers use the same key for encrypting and decrypting, so both the sender and the receiver must know and use the same secret key. All key lengths are deemed sufficient to protect classified information up to the “Secret” level with “Top Secret” information requiring 192- or 256-bit lengths. There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. A round consists of several processing steps that include substitution, transposition, and mixing of the input plaintext and transform it into the final output of ciphertext. Sorrento Networks’ ODC2 Encryption Operation The ODC2 line card performs encryption/decryption over standard optical traffic following the AES-256 specifications. The unique design allows encryption to be used at any of the line rates supported by the ODC2 line card. The Diffie-Hellman key exchange is used to share a secret key between the two end- points of the data channel. The encryption process utilizes the AES-GCM core with a 64-bit word-based data interface to implement the block cipher confidentiality and authentication routines. The core can support various key sizes (GCM = 256 for this design), a fixed nonce/IV size of 128 bits, and a fixed length tag (Message Integrity Check or MIC). The AES-256 Core integrates together all of the AES and Hash functions together with the counter mode logic, hash length counters, final block padding, and tag appending and checking features. External framing circuitry is also included. The frames establish a demarcation where frame overhead and
Page 4 collateral system information such as Initial Vectors (IV), Key Update messages, and Message Integrity Codes are passed in the clear while the data itself is encrypted. The hardware has a Crypto Layer Management interface which implements commands for encryption to be enabled or disabled, allows new keys to be loaded slightly ahead of time, coordinates key changes to be initiated at the transmit end, and provides status on MIC failures at the receive end. The GigaMux system includes a key management task in the embedded software. This task is responsible for negotiating and computing keys at each end of the link, and communicates with its peer using an unencrypted low rate communications channel in the encrypted frame overhead. At power-up (or on demand), fresh master session keys for each direction are autonomously negotiated using the Diffie-Hellman key exchange. A cryptographic grade deterministic pseudo-random number generator (PRNG) based on NIST SP800- 90A which is iterated identically at each end of the link, provides a sequence of 256-bit AES link keys. These keys are used to calculate a shared value used to calculate a common encryption/decryption key. The lifetime of a link key is operator-selectable from 10 minutes through to 1 day, thus limiting the amount of data encrypted under a single key. Although the link key is automatically updated at least once per day, an internal counter is used to change the keys on every frame boundary. Link key changes are seamless to the optical client, and are performed at multi-frame boundaries. The encryption module maintains operation with the current key, and has a holding register for the next key. Sometime ahead of each key change, the GigaMux Management Card (MPM2) calculates a new key. The Tx encryption module then takes the lead by setting a “key change” flag in the crypto overhead which is sent across the optical link just before a multi-frame boundary. The Rx encryption module acts on receipt of this flag and changes to the next key at the same point in the data stream. The client frames are grouped into cryptographic messages covering 8 x 510 64-bit words. Each cryptographic message is processed by the hardware encryption module using AES-256 which provides confidentiality using counter mode (CTR) and integrity using a Galois hash calculation. Overhead is added to the proprietary frame format to allow transmission of a cryptographic Initialization Vector (12 bytes) and Message Integrity Check (16 bytes) for each message. The overhead also provides status flags for controlling key changes and reverse indication of MIC and IV replay failures from the receiving end. The generation of IVs is autonomous in the Tx encryption module. The Tx end inserts the IV into the frame overhead before each message, and the Rx end extracts it from the frame for decryption. For GCM, the requirement for each message IV to be unique is met by using a simple counter for the IV, which is reset every time a new key is loaded. Note that IV exhaustion is not possible as the IV counter size (32-bits) can accommodate data rates up to 14.025G within the lifetime of the key. Replay attacks can be detected at the Rx end very easily. Because a simple counter is used for the GCM IV, the ODC simply rejects any IVs numerically less than or equal to the last successfully received IV for the duration of a link key.
Page 5 The GCM algorithm requires that data is not forwarded on until the MIC is verified. This requires a store & forward stage after the line-rate decryption for the entire cryptographic message, since the MIC validation cannot be completed until a short time after the last message data is received. This buffering adds a latency of approximately 17.3us at the Rx end at 14Gbps (60us at 4Gbps). A message in which the MIC fails has the frame payloads replaced with a NULL payload, and the appropriate alarms and statistics counters are updated. Conclusion Encryption is essential to insure the private transfer of sensitive data across a public or private network. AES-256 has been tested and approved by the US government and is the standard means for high security networks. Another aspect for secure networks is the ability to exchange encryption keys across the network in a secretive fashion. Diffie-Hellman is an accepted method but this alone is not enough as an unknown source could be listening and trying to synchronize with the encryption source. To prevent this, another layer of coordinated handshaking between the two end-points must be created. Sorrento Networks International has built these processes into its ODC2 line card to insure complete privacy of all encryption functions and most importantly, your private data. For more information, please email us at info@sorrentonet.com or view our website at www.sorrentonet.com.

Recommended

Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)Vinod Kumar Gorrepati
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)Vinod Kumar Gorrepati
 
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys IJECEIAES
 
Lecture12
Lecture12Lecture12
Lecture12Hardik Padhy
 
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...IJECEIAES
 
Unit 4
Unit 4Unit 4
Unit 4Vinod Kumar Gorrepati
 
Elgamal & schnorr digital signature scheme copy
Elgamal & schnorr digital signature scheme copyElgamal & schnorr digital signature scheme copy
Elgamal & schnorr digital signature scheme copyNorth Cap University (NCU) Formely ITM University
 
Unit 2
Unit 2Unit 2
Unit 2Vinod Kumar Gorrepati
 

Recommended

Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)Vinod Kumar Gorrepati
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)Vinod Kumar Gorrepati
 
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys
Enhanced RSA Cryptosystem based on Multiplicity of Public and Private Keys IJECEIAES
 
Lecture12
Lecture12Lecture12
Lecture12Hardik Padhy
 
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...
DARE Algorithm: A New Security Protocol by Integration of Different Cryptogra...IJECEIAES
 
Unit 4
Unit 4Unit 4
Unit 4Vinod Kumar Gorrepati
 
Elgamal & schnorr digital signature scheme copy
Elgamal & schnorr digital signature scheme copyElgamal & schnorr digital signature scheme copy
Elgamal & schnorr digital signature scheme copyNorth Cap University (NCU) Formely ITM University
 
Unit 2
Unit 2Unit 2
Unit 2Vinod Kumar Gorrepati
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functionsDr.Florence Dayana
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10Infinity Tech Solutions
 
Email Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on AndroidEmail Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on AndroidIRJET Journal
 
Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1vmuniraja
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Key Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemKey Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemMerlin Florrence
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...IOSR Journals
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocolsphanleson
 
Ch10
Ch10Ch10
Ch10Joe Christensen
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Hybrid AES DES
Hybrid AES DESHybrid AES DES
Hybrid AES DESHardik Manocha
 
Digital signature
Digital signatureDigital signature
Digital signatureSadhana28
 
HifnCrypto101
HifnCrypto101HifnCrypto101
HifnCrypto101Jim Faith
 
Computer security module 3
Computer security module 3Computer security module 3
Computer security module 3Deepak John
 
Pgp smime
Pgp smimePgp smime
Pgp smimeTania Agni
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 
Anexo 1 clasificador_ingresos_
Anexo 1 clasificador_ingresos_Anexo 1 clasificador_ingresos_
Anexo 1 clasificador_ingresos_SAYUC
 
Оценка значимости подводного флота для России
Оценка значимости подводного флота для РоссииОценка значимости подводного флота для России
Оценка значимости подводного флота для РоссииAndrei Zhuravlev
 

More Related Content

What's hot

Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functionsDr.Florence Dayana
 
Email Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on AndroidEmail Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on AndroidIRJET Journal
 
Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1vmuniraja
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Key Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemKey Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemMerlin Florrence
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...IOSR Journals
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocolsphanleson
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Digital signature
Digital signatureDigital signature
Digital signatureSadhana28
 
HifnCrypto101
HifnCrypto101HifnCrypto101
HifnCrypto101Jim Faith
 
Computer security module 3
Computer security module 3Computer security module 3
Computer security module 3Deepak John
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 

What's hot (20)

Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functions
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
Email Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on AndroidEmail Encryption using Tri-Cryptosystem Based on Android
Email Encryption using Tri-Cryptosystem Based on Android
 
Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Key Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemKey Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating system
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...
A Secure Encryption Technique based on Advanced Hill Cipher For a Public Key ...
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocols
 
Ch10
Ch10Ch10
Ch10
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
 
Hybrid AES DES
Hybrid AES DESHybrid AES DES
Hybrid AES DES
 
Digital signature
Digital signatureDigital signature
Digital signature
 
HifnCrypto101
HifnCrypto101HifnCrypto101
HifnCrypto101
 
Computer security module 3
Computer security module 3Computer security module 3
Computer security module 3
 
Pgp smime
Pgp smimePgp smime
Pgp smime
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
 

Viewers also liked

Anexo 1 clasificador_ingresos_
Anexo 1 clasificador_ingresos_Anexo 1 clasificador_ingresos_
Anexo 1 clasificador_ingresos_SAYUC
 
Оценка значимости подводного флота для России
Оценка значимости подводного флота для РоссииОценка значимости подводного флота для России
Оценка значимости подводного флота для РоссииAndrei Zhuravlev
 
Батарейка плюсы и минусы
Батарейка плюсы и минусыБатарейка плюсы и минусы
Батарейка плюсы и минусыAndrei Zhuravlev
 
Catalyst Top 20 2015
Catalyst Top 20 2015Catalyst Top 20 2015
Catalyst Top 20 2015Robert Pearce
 
Sorrento Networks GigaMux for the Datacenter
Sorrento Networks GigaMux for the DatacenterSorrento Networks GigaMux for the Datacenter
Sorrento Networks GigaMux for the DatacenterPhil Bartlett
 
Project Management to Enterprise Agile Product Delivery
Project Management to Enterprise Agile Product DeliveryProject Management to Enterprise Agile Product Delivery
Project Management to Enterprise Agile Product DeliveryLeadingAgile
 
Product Owner Team - Agile Day Atlanta 2015
Product Owner Team - Agile Day Atlanta 2015Product Owner Team - Agile Day Atlanta 2015
Product Owner Team - Agile Day Atlanta 2015LeadingAgile
 
How To Successfully Scale Agile In Your Enterprise
How To Successfully Scale Agile In Your EnterpriseHow To Successfully Scale Agile In Your Enterprise
How To Successfully Scale Agile In Your EnterpriseLeadingAgile
 
Product Owner Team: Leading Agile Program Management from Agile2015 by Dean S...
Product Owner Team: Leading Agile Program Management from Agile2015 by Dean S...Product Owner Team: Leading Agile Program Management from Agile2015 by Dean S...
Product Owner Team: Leading Agile Program Management from Agile2015 by Dean S...LeadingAgile
 

Viewers also liked (14)

Anexo 1 clasificador_ingresos_
Anexo 1 clasificador_ingresos_Anexo 1 clasificador_ingresos_
Anexo 1 clasificador_ingresos_
 
Оценка значимости подводного флота для России
Оценка значимости подводного флота для РоссииОценка значимости подводного флота для России
Оценка значимости подводного флота для России
 
Батарейка плюсы и минусы
Батарейка плюсы и минусыБатарейка плюсы и минусы
Батарейка плюсы и минусы
 
Catalyst Top 20 2015
Catalyst Top 20 2015Catalyst Top 20 2015
Catalyst Top 20 2015
 
Rubrica diploma
Rubrica diplomaRubrica diploma
Rubrica diploma
 
JST2
JST2JST2
JST2
 
Sorrento Networks GigaMux for the Datacenter
Sorrento Networks GigaMux for the DatacenterSorrento Networks GigaMux for the Datacenter
Sorrento Networks GigaMux for the Datacenter
 
Криптовалюты
КриптовалютыКриптовалюты
Криптовалюты
 
mark amt resume
mark amt resumemark amt resume
mark amt resume
 
Project Management to Enterprise Agile Product Delivery
Project Management to Enterprise Agile Product DeliveryProject Management to Enterprise Agile Product Delivery
Project Management to Enterprise Agile Product Delivery
 
Product Owner Team - Agile Day Atlanta 2015
Product Owner Team - Agile Day Atlanta 2015Product Owner Team - Agile Day Atlanta 2015
Product Owner Team - Agile Day Atlanta 2015
 
Howto sai [edit]
Howto sai [edit]Howto sai [edit]
Howto sai [edit]
 
How To Successfully Scale Agile In Your Enterprise
How To Successfully Scale Agile In Your EnterpriseHow To Successfully Scale Agile In Your Enterprise
How To Successfully Scale Agile In Your Enterprise
 
Product Owner Team: Leading Agile Program Management from Agile2015 by Dean S...
Product Owner Team: Leading Agile Program Management from Agile2015 by Dean S...Product Owner Team: Leading Agile Program Management from Agile2015 by Dean S...
Product Owner Team: Leading Agile Program Management from Agile2015 by Dean S...
 

Similar to Whitepaper - Protecting Data in Transit

REU Group 2 - Paper
REU Group 2 - PaperREU Group 2 - Paper
REU Group 2 - PaperScott Payne
 
IRJET- Secure Data on Multi-Cloud using Homomorphic Encryption
IRJET- Secure Data on Multi-Cloud using Homomorphic EncryptionIRJET- Secure Data on Multi-Cloud using Homomorphic Encryption
IRJET- Secure Data on Multi-Cloud using Homomorphic EncryptionIRJET Journal
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communicationijsrd.com
 
IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...
IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...
IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...IRJET Journal
 
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...CAS
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographySarthak Patel
 
New Technique Using Multiple Symmetric keys for Multilevel Encryption
New Technique Using Multiple Symmetric keys for Multilevel EncryptionNew Technique Using Multiple Symmetric keys for Multilevel Encryption
New Technique Using Multiple Symmetric keys for Multilevel EncryptionIJERA Editor
 
IRJET- Comparative Analysis of Encryption Techniques
IRJET- Comparative Analysis of Encryption TechniquesIRJET- Comparative Analysis of Encryption Techniques
IRJET- Comparative Analysis of Encryption TechniquesIRJET Journal
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...editor1knowledgecuddle
 
Cryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using VerilogCryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using Verilogijcncs
 
Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Jayanth Dwijesh H P
 
Securing Personal Information in Data Mining
Securing Personal Information in Data MiningSecuring Personal Information in Data Mining
Securing Personal Information in Data MiningIJMER
 
Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified MailMatthew Chang
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfKailasS9
 
Certificate less key management scheme in
Certificate less key management scheme inCertificate less key management scheme in
Certificate less key management scheme inIJNSA Journal
 
CERTIFICATE LESS KEY MANAGEMENT SCHEME IN MANET USING THRESHOLD CRYPTOGRAPHY
CERTIFICATE LESS KEY MANAGEMENT SCHEME IN MANET USING THRESHOLD CRYPTOGRAPHYCERTIFICATE LESS KEY MANAGEMENT SCHEME IN MANET USING THRESHOLD CRYPTOGRAPHY
CERTIFICATE LESS KEY MANAGEMENT SCHEME IN MANET USING THRESHOLD CRYPTOGRAPHYIJNSA Journal
 
Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2editor1knowledgecuddle
 

Similar to Whitepaper - Protecting Data in Transit (20)

REU Group 2 - Paper
REU Group 2 - PaperREU Group 2 - Paper
REU Group 2 - Paper
 
Cryptography
CryptographyCryptography
Cryptography
 
IRJET- Secure Data on Multi-Cloud using Homomorphic Encryption
IRJET- Secure Data on Multi-Cloud using Homomorphic EncryptionIRJET- Secure Data on Multi-Cloud using Homomorphic Encryption
IRJET- Secure Data on Multi-Cloud using Homomorphic Encryption
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communication
 
Hybrid encryption ppt
Hybrid encryption pptHybrid encryption ppt
Hybrid encryption ppt
 
IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...
IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...
IRJET- FPGA Implementation of Image Encryption and Decryption using Fully Hom...
 
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...
 
IS Unit 3_Public Key Cryptography
IS Unit 3_Public Key CryptographyIS Unit 3_Public Key Cryptography
IS Unit 3_Public Key Cryptography
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
 
New Technique Using Multiple Symmetric keys for Multilevel Encryption
New Technique Using Multiple Symmetric keys for Multilevel EncryptionNew Technique Using Multiple Symmetric keys for Multilevel Encryption
New Technique Using Multiple Symmetric keys for Multilevel Encryption
 
IRJET- Comparative Analysis of Encryption Techniques
IRJET- Comparative Analysis of Encryption TechniquesIRJET- Comparative Analysis of Encryption Techniques
IRJET- Comparative Analysis of Encryption Techniques
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
 
Cryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using VerilogCryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using Verilog
 
Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.
 
Securing Personal Information in Data Mining
Securing Personal Information in Data MiningSecuring Personal Information in Data Mining
Securing Personal Information in Data Mining
 
Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified Mail
 
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdfAn Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
An Understanding And Perspectives of END TO END ENCRYPTION (4).pdf
 
Certificate less key management scheme in
Certificate less key management scheme inCertificate less key management scheme in
Certificate less key management scheme in
 
CERTIFICATE LESS KEY MANAGEMENT SCHEME IN MANET USING THRESHOLD CRYPTOGRAPHY
CERTIFICATE LESS KEY MANAGEMENT SCHEME IN MANET USING THRESHOLD CRYPTOGRAPHYCERTIFICATE LESS KEY MANAGEMENT SCHEME IN MANET USING THRESHOLD CRYPTOGRAPHY
CERTIFICATE LESS KEY MANAGEMENT SCHEME IN MANET USING THRESHOLD CRYPTOGRAPHY
 
Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2Documenting Software Architectural Component and Connector with UML 2
Documenting Software Architectural Component and Connector with UML 2
 

More from Phil Bartlett

Sorrento Gigamux 3200 brochure
Sorrento Gigamux 3200 brochureSorrento Gigamux 3200 brochure
Sorrento Gigamux 3200 brochurePhil Bartlett
 
Comtek - Network and Telecom Products
Comtek - Network and Telecom ProductsComtek - Network and Telecom Products
Comtek - Network and Telecom ProductsPhil Bartlett
 
Comtek asset recovery
Comtek asset recoveryComtek asset recovery
Comtek asset recoveryPhil Bartlett
 
Comtek deinstallation and consignment service
Comtek deinstallation and consignment serviceComtek deinstallation and consignment service
Comtek deinstallation and consignment servicePhil Bartlett
 
Sorrento Networks DMM
Sorrento Networks DMMSorrento Networks DMM
Sorrento Networks DMMPhil Bartlett
 
Sorrento Networks OCM10GF
Sorrento Networks OCM10GFSorrento Networks OCM10GF
Sorrento Networks OCM10GFPhil Bartlett
 
Sorrento Networks ODC2
Sorrento Networks ODC2Sorrento Networks ODC2
Sorrento Networks ODC2Phil Bartlett
 

More from Phil Bartlett (7)

Sorrento Gigamux 3200 brochure
Sorrento Gigamux 3200 brochureSorrento Gigamux 3200 brochure
Sorrento Gigamux 3200 brochure
 
Comtek - Network and Telecom Products
Comtek - Network and Telecom ProductsComtek - Network and Telecom Products
Comtek - Network and Telecom Products
 
Comtek asset recovery
Comtek asset recoveryComtek asset recovery
Comtek asset recovery
 
Comtek deinstallation and consignment service
Comtek deinstallation and consignment serviceComtek deinstallation and consignment service
Comtek deinstallation and consignment service
 
Sorrento Networks DMM
Sorrento Networks DMMSorrento Networks DMM
Sorrento Networks DMM
 
Sorrento Networks OCM10GF
Sorrento Networks OCM10GFSorrento Networks OCM10GF
Sorrento Networks OCM10GF
 
Sorrento Networks ODC2
Sorrento Networks ODC2Sorrento Networks ODC2
Sorrento Networks ODC2
 

Recently uploaded

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 

Whitepaper - Protecting Data in Transit

  • 1. Page 1 PROTECTING YOUR DATA AES-256 Encryption Using the ODC2 Line Card Author: Gene Norgard – Vice President, Sorrento Networks International April 2015 INTRODUCTION The abundance of hacking and espionage in the world has created an unsecure network environment. Despite ever increasing attempts by corporations and governments to protect its data, major attacks are still common. But with the volume of critical data transfer in today’s world – from government agencies to retailers, banks and corporations – the need for secure data sharing remains critical. Sorrento Networks International has taken the steps to provide a solution for both public and private network structures, based on the most recent government standards. The Advanced Encryption Standard (AES) went into effect as a government standard on May 26, 2002. AES is the first publicly accessible and open cipher approved by the U.S. National Security Agency (NSA) for top secret information. Sorrento’s Optical Data Center (ODC2) line card provides a complete and automated solution to ensure data is transported reliably and fully secure. The main features of the ODC line card are: • Use of standard 256-bit AES algorithm based on the National Institute of Standards and Technology (NIST) FIPS 140 publication. • An additional safeguard that scrambles the shared encryption key as it is exchanged end-to-end over a public or private network. • Automatic generation of a 256-bit seed used in the encryption and decryption key generation. • Secure encryption handshaking using the recommended Diffie-Hellman key exchange. • Constant altering of the encryption key synchronously at each end of the line without data disruption. Diffie-Hellman The first step for a secure encryption process is the establishment of a shared key used by the encryption and decryption algorithm. The important aspects of this operation is that it must be extremely difficult to decode and only shared with the two designated end points. There are several recommended methods within the industry that provide a means for two parties to secretly handshake in order to negotiate a shared key over an insecure communications network. One of the earliest methods developed and now widely used is the Diffie-Hellman key exchange. The key part of the process is that a coded message is shared across the network and used to generate an identical key that is nearly impossible to reverse by another party that might be listening. Part of the Comtek Group
  • 2. Page 2 The original implementation of the Diffie-Hellman protocol used the multiplicative group of integers: modulo p, where p is prime and g is a primitive root modulo p. Since there isn’t a reverse operation for modulus calculations, the security stems from the difficulty of calculating the discrete logarithms of very large numbers. In order to start the Diffie-Hellman exchange, the two parties must agree on two non-secret numbers. The first number is g, the generator, and second number is p, the modulus. These numbers can be made public and are usually chosen from a table of known values. g is usually a very small number while p is a very large prime number. Next, each party generates its own secret value. Then, based on g, p, and the secret value, each party calculates its public value. The public value is computed according to the formula: Y = gx mod p. In this formula, x is the secret value and Y is the public value. After computing the public values, the two parties exchange their public values. Each party then exponentiates the received public value with its secret value to compute a common shared secret value. When the algorithm completes, both parties have the same shared secret which they have computed from their secret value and the public value of the other party. The following explains the steps executed by the encryption algorithm (Gracie) and decryption algorithm (George). 1. Gracie and George agree to use a prime number p=23 and base g=5 (which is a primitive root modulo 23). 2. Gracie chooses a secret integer a=6, then sends George A, where A=ga mod p. For this example, A = 56 mod 23 = 8. 3. George chooses a secret integer b=15, then sends Gracie B, where B=gb mod p. For this example, B = 515 mod 23 = 19. 4. Gracie then computes e = Ba mod p, that is, e = 196 mod 23 = 2. 5. George computes e = 815 mod 23 = 2. 6. Gracie and George now share a secret encryption number e=2. I. Gracie (encryption circuit) becomes Master II. Master Node generates a prime number (p) and a base number (g) III. Gracie shares prime and base numbers with George IV. Gracie generates a 256-bit secret number (a) V. Gracie calculates A = g mod p VI. Gracie sends A to George VII. Gracie computes e = B mod p VIII.Encryption key is now generated a a I. II. III. George receives prime and base numbers from Gracie IV. George generates a 256-bit secret number (b) V. George calculates B = g mod p VI. George sends B to Gracie VII. George computes e = A mod p VIII.Encryption key is now generated b b e = B mod p = A mod pa b
  • 3. Page 3 Both the encryption and decryption circuits have arrived at the same value because (ga )b and (gb )a are equal mod p. Note that only a. b, and (gab mod p = gba mod p) are kept secret. All the other values are sent in the clear. Once the secret encryption number is computed and sent, the resultant encryption key can be used for sending messages across the same open communications channel. Of course, much larger values of a, b, and p would be needed to make this example secure. However, if p is a prime number of at least 256 digits, and a and b are at least 100 digits long, the fastest modern computer could not determine a given any or all of the other variables. The previous paragraphs describe the key exchange process, but this alone is not enough to provide a secure network. It’s possible for a hacker to tap onto a communications channel with an equivalent decryption machine and override the destination node with its own. To prevent unwanted “listeners” to participate in the key exchange, further scrambling and handshaking needs to take place across the network to insure the correct endpoints are synchronized. The Sorrento ODC2 line card takes this extra step by requiring the user to enter a 32-character word that is password protected. The 32-character word will be identical at each end point and used to scramble the handshaking sequence and secret scrambling number shared between the encryption and decryption circuits. AES Encryption Process AES comprises three block ciphers, AES-128, AES-192, and AES-256. Each cipher encrypts and decrypts data blocks of 128 bits using cryptographic keys of 128-, 192-, and 256-bits, respectively. Symmetric or secret-key ciphers use the same key for encrypting and decrypting, so both the sender and the receiver must know and use the same secret key. All key lengths are deemed sufficient to protect classified information up to the “Secret” level with “Top Secret” information requiring 192- or 256-bit lengths. There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. A round consists of several processing steps that include substitution, transposition, and mixing of the input plaintext and transform it into the final output of ciphertext. Sorrento Networks’ ODC2 Encryption Operation The ODC2 line card performs encryption/decryption over standard optical traffic following the AES-256 specifications. The unique design allows encryption to be used at any of the line rates supported by the ODC2 line card. The Diffie-Hellman key exchange is used to share a secret key between the two end- points of the data channel. The encryption process utilizes the AES-GCM core with a 64-bit word-based data interface to implement the block cipher confidentiality and authentication routines. The core can support various key sizes (GCM = 256 for this design), a fixed nonce/IV size of 128 bits, and a fixed length tag (Message Integrity Check or MIC). The AES-256 Core integrates together all of the AES and Hash functions together with the counter mode logic, hash length counters, final block padding, and tag appending and checking features. External framing circuitry is also included. The frames establish a demarcation where frame overhead and
  • 4. Page 4 collateral system information such as Initial Vectors (IV), Key Update messages, and Message Integrity Codes are passed in the clear while the data itself is encrypted. The hardware has a Crypto Layer Management interface which implements commands for encryption to be enabled or disabled, allows new keys to be loaded slightly ahead of time, coordinates key changes to be initiated at the transmit end, and provides status on MIC failures at the receive end. The GigaMux system includes a key management task in the embedded software. This task is responsible for negotiating and computing keys at each end of the link, and communicates with its peer using an unencrypted low rate communications channel in the encrypted frame overhead. At power-up (or on demand), fresh master session keys for each direction are autonomously negotiated using the Diffie-Hellman key exchange. A cryptographic grade deterministic pseudo-random number generator (PRNG) based on NIST SP800- 90A which is iterated identically at each end of the link, provides a sequence of 256-bit AES link keys. These keys are used to calculate a shared value used to calculate a common encryption/decryption key. The lifetime of a link key is operator-selectable from 10 minutes through to 1 day, thus limiting the amount of data encrypted under a single key. Although the link key is automatically updated at least once per day, an internal counter is used to change the keys on every frame boundary. Link key changes are seamless to the optical client, and are performed at multi-frame boundaries. The encryption module maintains operation with the current key, and has a holding register for the next key. Sometime ahead of each key change, the GigaMux Management Card (MPM2) calculates a new key. The Tx encryption module then takes the lead by setting a “key change” flag in the crypto overhead which is sent across the optical link just before a multi-frame boundary. The Rx encryption module acts on receipt of this flag and changes to the next key at the same point in the data stream. The client frames are grouped into cryptographic messages covering 8 x 510 64-bit words. Each cryptographic message is processed by the hardware encryption module using AES-256 which provides confidentiality using counter mode (CTR) and integrity using a Galois hash calculation. Overhead is added to the proprietary frame format to allow transmission of a cryptographic Initialization Vector (12 bytes) and Message Integrity Check (16 bytes) for each message. The overhead also provides status flags for controlling key changes and reverse indication of MIC and IV replay failures from the receiving end. The generation of IVs is autonomous in the Tx encryption module. The Tx end inserts the IV into the frame overhead before each message, and the Rx end extracts it from the frame for decryption. For GCM, the requirement for each message IV to be unique is met by using a simple counter for the IV, which is reset every time a new key is loaded. Note that IV exhaustion is not possible as the IV counter size (32-bits) can accommodate data rates up to 14.025G within the lifetime of the key. Replay attacks can be detected at the Rx end very easily. Because a simple counter is used for the GCM IV, the ODC simply rejects any IVs numerically less than or equal to the last successfully received IV for the duration of a link key.
  • 5. Page 5 The GCM algorithm requires that data is not forwarded on until the MIC is verified. This requires a store & forward stage after the line-rate decryption for the entire cryptographic message, since the MIC validation cannot be completed until a short time after the last message data is received. This buffering adds a latency of approximately 17.3us at the Rx end at 14Gbps (60us at 4Gbps). A message in which the MIC fails has the frame payloads replaced with a NULL payload, and the appropriate alarms and statistics counters are updated. Conclusion Encryption is essential to insure the private transfer of sensitive data across a public or private network. AES-256 has been tested and approved by the US government and is the standard means for high security networks. Another aspect for secure networks is the ability to exchange encryption keys across the network in a secretive fashion. Diffie-Hellman is an accepted method but this alone is not enough as an unknown source could be listening and trying to synchronize with the encryption source. To prevent this, another layer of coordinated handshaking between the two end-points must be created. Sorrento Networks International has built these processes into its ODC2 line card to insure complete privacy of all encryption functions and most importantly, your private data. For more information, please email us at info@sorrentonet.com or view our website at www.sorrentonet.com.