Computer Security – Cryptography
There is a symbiotic relationship between cryptography and the development of high-performance computing systems. Modern-day computers were created at the behest of twentieth-century cryptanalysts. As the complexity of cryptographic systems progressed from mechanical to electronic systems, so did the need to develop more efficient methods to cryptanalyze them.
Cryptographic Module – Operator Authentication & Logical Interfaces
This post is part of the Computer Security – Cryptography posts series.
Operator Authentication
Authentication mechanisms could be demanded within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and execute services within that role. For Security Levels 2-5, a cryptographic module shall [...]
Operational Environments and OS Requirements for Modificable Operational Enviroments
This post is part of the Computer Security – Cryptography posts series.
Operational Environment
The requirements of this section apply only to modules containing software that run in a modifiable operational environment. The requirements do not apply to hardware only modules or anymodules with a non-modifiable operational environment.
The operational environment of a cryptographic module is the set [...]
Multiple-Chip Standalone and Embeded Cryptographic Modules
This post is part of the Computer Security – Cryptography posts series.
Standalone
SECURITY LEVEL 1
In plus to the necessities for Security Levels 1 and 2, the succeeding necessities shall implement to multiple-chip standalone cryptographic modules for this level of security.
The multiple-chip embodiment of the circuitry within the cryptographic module shall be covered with a hard potting [...]
Development of a Cryptographic Module
A proper development process provides assurance that the implementation of a cryptographic module corresponds to the module functional specification and Security Policy, that the cryptographic module is maintainable, and that the validated cryptographic module is reproducible.
We specifies the security requirements for the representation of a cryptographic module’s security functionality at various levels of abstraction from the functional specification to the implementation [..]
The following requirements shall apply to cryptographic
Cryptography – SSP Entry and Output
SSPs may be entered into or output from a module. If SSPs are entered into or output from a module, theentry or output of SSPs is performed using manual (e.g., entered via a keyboard or output via a visual display) or electronic (e.g., via a smart card/tokens, PC card, other electronic key loading device, or the module operating system) methods or some combination thereof.
Documentation shall specify the SSP entry and [..]
Mobile | Electronic Tracking | Cloning | Server-Resident Data
Electronic Tracking
Several companies offer location tracking services for registered cell phones to allow the whereabouts of the user to be known by friends and family . It is also touted as a means to track employees’ whereabouts .
Registration can take place quickly, making temporary misplaced devices or unattended devices a possible target. Some tracking services periodically send the phone a notification for the user that monitoring is taking place, and [..]
Security of Handheld Devices
Maintaining handheld device security requires constant effort, sufficient resources, and vigilance from an organization. Maintaining the security of a handheld device usually involves the following steps [..]
Smartphones | Security Management Practices and Controls
Appropriate management practices are essential to maintaining and operating a secure infrastructure that incorporates smartphones and PDAs. Security practices entail the identification of an organization’s information system assets and the development, documentation, and implementation of policies, procedures, standards, and guidelines that help to ensure the [..]
Computer security
What is computer security?
Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as “intruders”) from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, [..]