Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-and-a-half-years collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of,,,, and, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.


17 June 1998: Link to CORBA and CRYSTINA

1 June 1998: Add message and correct URL for OMG

31 May 1998

From: "masson" <>
To: <>
Date: Sat, 30 May 1998 18:50:25 +0200

Dear John, 

Thanks for formating as you wish, bye.    C.
PART II will be CORBA security
PART III will be CrySTINA security



Security architecture


CrySTINA is aligned with the OMG's CORBA Security specification
but enhances it with regard to security interoperability despite the 
heteorogeneity of securities policies and technologies that must be 
excepted in Tina networks. 

Tina specifies an open architecture for telecommunications services
(multimedia, broadband,...)

Security concerns all parts of a Tina system.

It's pervasive and cannot be addressed in isolation. All services and 
resources may be subject to attacks. Attacks may be the illegitimate use 
of compoments or the modification of data, state, or programs. Potential
attackers are outsiders, but also other stakeholders in the Tina network. 
Motives of the attackers may be the illegitimate use of services, fraud 
(in online businesses, as well as with regard to the charging of service 
use), eavesdropping on and observation of consumers or providers, or the 
deliberate prevention of service provision (denial of service attack).

The ultimate goal of an attack may be achieved directly or indirectly.
In the latter case, an attacker may install a backdoor during a first
successful attack, which enables him later on (and possibly at multiple 
times) the actually intented misuse.

The architectural levels defined in the overall architecture, and the type
of information, i.e., control messages (KTN) or communication contents 
(Transport Network).


- System security. It includes the NCCE (operating system and communication
ports), since intrusions may not only occur over communication ports of the
NCCE that are used by the DPE, but also over the other ports of the NCCE.
The latter point concerns mainly the administrative domains of end users
(customers) whose CPE (e.g., PCs or workstations) cannot be assumed to be
exclusively used as the endpoint of the Tina network.

- Service security. Subcription, the accounting for billing purposes,
authorization. Integrity an confidentiality of the messages exchanged
between the service components via operationel interfaces must be achieved 
by the activation of the appropriate features of the DPE security services.

- DPE security. Illegal access. Protection of transmitted messages
containing arguments, results, and exceptions of object invocations and
notifications. DPE node security also provides the means to audit and
report security relevant events o the node according to the audit 
specifications. Including the security of the DPE implementation and it 
basic services. The security of the security services is part of DPE 

- Communication contents security. Authenticity, integrity and
confidentiality of the service contents information. Since all serice content 
information in Tina is delivered in the form of streams, it deals only with 
streams. Streams are protected using cryptographic mechanisms, preferably 
stream ciphers (Rueppel 1986; Schneier 1996) or special cipher for certain 
information formats (e.g., voice, video data,...). The management of the 
necesary keys is part of the service control.

The most important criteron for the horizontal allocation of security
functionality is: 

- who administers a domain and the security functionality installed in
the domain and has the physical control over both. In Tina, each stakeholder 
in the network has its own administrative domain (intradomain security).
It's achieved by local means (operating system security measures,...).

For interactions with others domains (interdomain interactions), limited
trust relationship must be established. The communication channels between
domains cannot be assumed to be secure. Protection must be achieved by
cryptographic means. DPE implementation (i.e. CORBA;

Date: Mon, 01 Jun 1998 19:07:30 +0200 From: meir <> To: Subject: TINA Dear John, For PART I Please add over: "This work has been supported by the Swiss National Foundation as part of the Swiss Priority Programme Information and Communications Structures under project number 5003-045364. In Tina, serices are realized as distributed applications. They consist of service components that interact with each other via as Distributed Processing Environnment (DPE). THe DPE is a software sub-layer that operates above the Native computing and Comunications Environnment (NCCE), which is an abstraction of the computing hardware and the operating system of the service nodes. While the NCCE is technology dependent, the DPE offers a uniform interface to the distributed environnment. The DPE consist of CORBA implementations as the DPE kernel and additional TINA specific services. Bye, Christian