|
|||||||
|
Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-and-a-half-years collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. |
17 June 1998: Link to CORBA and CRYSTINA
1 June 1998: Add message and correct URL for OMG
31 May 1998
From: "masson" <interception@ii-mel.com> To: <jya@pipeline.com> Subject: SECURITY IN TINA Date: Sat, 30 May 1998 18:50:25 +0200 Dear John, Thanks for formating as you wish, bye. C. PART II will be CORBA security PART III will be CrySTINA security ---------------------------------------------------------------------------- PART I Security architecture CRYPTO SEARCH CrySTINA is aligned with the OMG's CORBA Security specification but enhances it with regard to security interoperability despite the heteorogeneity of securities policies and technologies that must be excepted in Tina networks. Tina specifies an open architecture for telecommunications services (multimedia, broadband,...) Security concerns all parts of a Tina system. It's pervasive and cannot be addressed in isolation. All services and resources may be subject to attacks. Attacks may be the illegitimate use of compoments or the modification of data, state, or programs. Potential attackers are outsiders, but also other stakeholders in the Tina network. Motives of the attackers may be the illegitimate use of services, fraud (in online businesses, as well as with regard to the charging of service use), eavesdropping on and observation of consumers or providers, or the deliberate prevention of service provision (denial of service attack). The ultimate goal of an attack may be achieved directly or indirectly. In the latter case, an attacker may install a backdoor during a first successful attack, which enables him later on (and possibly at multiple times) the actually intented misuse. The architectural levels defined in the overall architecture, and the type of information, i.e., control messages (KTN) or communication contents (Transport Network). Problems: - System security. It includes the NCCE (operating system and communication ports), since intrusions may not only occur over communication ports of the NCCE that are used by the DPE, but also over the other ports of the NCCE. The latter point concerns mainly the administrative domains of end users (customers) whose CPE (e.g., PCs or workstations) cannot be assumed to be exclusively used as the endpoint of the Tina network. - Service security. Subcription, the accounting for billing purposes, authorization. Integrity an confidentiality of the messages exchanged between the service components via operationel interfaces must be achieved by the activation of the appropriate features of the DPE security services. - DPE security. Illegal access. Protection of transmitted messages containing arguments, results, and exceptions of object invocations and notifications. DPE node security also provides the means to audit and report security relevant events o the node according to the audit specifications. Including the security of the DPE implementation and it basic services. The security of the security services is part of DPE security. - Communication contents security. Authenticity, integrity and confidentiality of the service contents information. Since all serice content information in Tina is delivered in the form of streams, it deals only with streams. Streams are protected using cryptographic mechanisms, preferably stream ciphers (Rueppel 1986; Schneier 1996) or special cipher for certain information formats (e.g., voice, video data,...). The management of the necesary keys is part of the service control. The most important criteron for the horizontal allocation of security functionality is: - who administers a domain and the security functionality installed in the domain and has the physical control over both. In Tina, each stakeholder in the network has its own administrative domain (intradomain security). It's achieved by local means (operating system security measures,...). For interactions with others domains (interdomain interactions), limited trust relationship must be established. The communication channels between domains cannot be assumed to be secure. Protection must be achieved by cryptographic means. DPE implementation (i.e. CORBA; http://www.omg.org)
Date: Mon, 01 Jun 1998 19:07:30 +0200 From: meir <interception@ii-mel.com> To: jya@pipeline.com Subject: TINA Dear John, For PART I Please add over: "This work has been supported by the Swiss National Foundation as part of the Swiss Priority Programme Information and Communications Structures under project number 5003-045364. In Tina, serices are realized as distributed applications. They consist of service components that interact with each other via as Distributed Processing Environnment (DPE). THe DPE is a software sub-layer that operates above the Native computing and Comunications Environnment (NCCE), which is an abstraction of the computing hardware and the operating system of the service nodes. While the NCCE is technology dependent, the DPE offers a uniform interface to the distributed environnment. The DPE consist of CORBA implementations as the DPE kernel and additional TINA specific services. http://www.omg.org Bye, Christian