Tag Archives: comsec

Free Crypto course with Stanford University

27 Friday Jan 2012

Posted by in ComSec, Education & Certification

4 Comments

Tags

, ,

For those, like myself, involved in crypto, Stanford University are offering a free online course in cryptography. It covers the internal workings of crypto (not for those who don’t like the more advance mathematics).

The course information:

Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them.   Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications.   The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic.  We will examine many deployed protocols and analyze mistakes in existing systems.   The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption, digital signatures, and authentication protocols. Towards the end of the course we will cover more advanced topics such as zero-knowledge, distributed protocols such as secure auctions, and a number of privacy mechanisms.   Throughout the course students will be exposed to many exciting open problems in the field.

The course will include written homeworks and programming labs.  The course is self-contained, however it will be helpful to have a basic understanding of discrete probability theory.

The course starts in Feb so sign up now at http://www.crypto-class.org/

In addition, Sanford have an online Computer Security course also starting in Feb you might be interested in – visit http://www.security-class.org/ today.

Decision on IL3 Traffic Transiting the PSN

20 Thursday Oct 2011

Posted by in ComSec, PSN, GCN & G-Cloud

Leave a Comment

Tags

,

Looks like the PSN (Public Services Network) body is having trouble defining the method to be used for IL3 (for confidentiality) data transiting the PSN.

The PSN is accredited to IL2 (for confidentiality), storage and processing of data up to and including a protective marking of PROTECT, but is capable of carrying traffic at higher confidentiality levels via encryption.

With the high number of inter-site interactions expected that would be working with IL3 data and the complexity of the method for managing discovery of these endpoints increases, an approach based on manual configuration becomes too costly, demanding automation. The only problem is at the moment there is no automated method available that CESG will approve.

The current proposal by CESG is to use a commercially implemented IPSec solution known as PRIME with certificate based key management. This approach however may require some degree of manual work and at scale also becomes a costly overhead. CESG are working with industry to review this overhead and move to an automated process.

It has been decided that until a cost effective automated discovery method is available, the interim solution will be to ensure the number of IL3 inter-active endpoints remains at a level acceptable for manual discovery.

The approved method is for PSN service providers to create a Transit layer which connects the security domains witha  static PRIME-compliant IPSec tunnel. At the moment, as long as the threat and risk mitigations are met from the pan-PSN and pan-government transition requirements, domain owners can utilise and appropriate solution including encryption such as TLS.

Link: http://www.cabinetoffice.gov.uk/sites/default/files/resources/il3decision.pdf