Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
1
Research & Development for Internet Security in Japan
November 24, 2000
Ryoichi Sasaki ( [email protected] )Senior Chief Researcher
Systems Development Laboratory, Hitachi, Ltd.
14th AFSIT
AFSIT : Asian Forum for the Standardization of Information Technologies
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
2
Table of Contents
1. Introduction2. Security Threats and Countermeasures3. Status on Security Countermeasures in Japan4. Security Technology Creates Internet New Era5. Current Status on Security R&D in Japan6. R & D on Security Technologies in Hitachi7. On Security Standards
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
3
1. Introduction
Current Situation of Internet in Japan
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
4
0
200
400
600
800
1,000
1,200
1,400
1,600
1,800
2,000
1995 1996 1997 1998 1999
USA(.com)J apa n ( .j p )Ger man y ( .d e )Franc e ( .f r )tota l
0
200
400
600
800
1,000
1,200
1,400
1,600
1,800
2,000
1995 1996 1997 1998 1999
USA(.com)
Japan(.jp)Germany(.de)
France(.fr)total
Trend on Number of Hosts Connected to Internet
(Number in '95 is 100% for each country) (%)
Japan
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
5
Number of Internet Users in Japan
From White Paper 2000 of Ministry of Posts and Telecommunications
76.7
11.616.9
27.1
10
20
30
40
50
60
70
Number(M Persons)
10
20
30
40
50
60
70
(%)
1997 1998 1999 2005 (Year)
Diffusion Rate
1996
19.1%
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
6
Predicted Amount of E-Commerce (Business to Business)
020406080
100120140160180
1998 1999 2000 2001 2002 2003
JapanUSA
Trillion Yen
Year
Announced by MITIin 1999
920 12
30
19
50
29
79
45
117
68
165
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
7
Background of Increase of Security Threat
Big Digital Money Flow on Internet:
More Powerful Attack to Get Big Money
Increase of Victim CandidatesRapid Spread of Internet
インターネットの普及Increased Connection of Enterprise Network to Internet : Attack Increase via Internet to Extreme Valuable Information
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
8
Loss Caused by Attack to Security in USA
Estimated by FBI / CSI
1996
1997
100M$
100 150M$
1998
1999
50 200 250
130M$
120M$
260M$
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
9
Number of Reported Security Incidents in Japan
Data from JPCERT
971Q
972Q
973Q
974Q
981Q
982Q
981Q
983Q
984Q
991Q
992Q
993Q
994Q
001Q
0
100
200
300
400
500
600
700
800
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
11
Objects
ElectronicCommerce
Threats to Security
Computer
Files
Threats to Security
Loss of Confidentiality
Loss of Integrity
Loss of Availability
(Repudiation)
(Eavesdropping)
(Interruption)
(Improper Use)
Loss of Evidence
Network
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
12
(1) Protection against Intrusion (a) Access Control (Firewall etc.) (b) Encryption(2) Prevention,Detection, Recovery (a) Security Surveillance (b) Security Audit etc.
Countermeasure against Attacker
Countermeasure by Technology
Countermeasure by Management
(a) Security Policy Establishment(b) Security Education
Attacker
Intrusion
MasqueradeSecurity Hole Attack
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
13
3. Status on Security Countermeasures in Japan
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
14
Rate %
18.99.3
25.8
43.5
0.7
1.7
Decided Deciding Under ConsiderationNot Decided Unnecessary No Answer
Investigated by JIPDEC in 1999
No. of Companies : 867No. of Mean Employees : 2194 persons
Security Policy
Investigated Results on Security Measure Status (1)
is decided in only less than one fifth of companies.
JIPDEC: Japan Information Processing Development Corporation
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
15
Rate(%)
23.8
12.562.2
1
0.6
Exist Under Consideration Not Exist
Security Specialistexists in less than one fourth of companies.
Investigated Results on Security Measure Status (2)
Not Necessary No Answer
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
16
Investigated Results on Security Measure Status (3)
83.4
50.7
21.3
14.2
40.9
25.8
33.6
1.5
10.4
0
10
20
30
40
50
60
70
80
90
1
Usage of Password
Usage of Firewall
Usage of Access Control Soft
Access Control to Outside
Inhibition of Changing LAN Connection Log Analysis
Others
No Measure
Firewall is used in more than 50% companies.
Limitation of Network Operator
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
17
82.6
2.7
Usage of Cipher
Not Usage
No Answer
Cipher is used in less than 15% companies.
Investigated Results on Security Measure Status (3)
14.7
Rate(%)
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
18
4. Security Technology Creates Internet New Era
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
19
Inter Individuals
•Information Sharing•GroupWare
•Mail, News, WEB
Inner Companies
Inter Companies
Public,Home etc.
•EC(B to C)EC(B to C)
•E-Government
•EC(B to EC(B to B)B)
•E-Election
•New Social New Social InfrastructureInfrastructure
Internet*Internet*
IntranetIntranet
ExtranetExtranet
SocialnetSocialnet
CoveraCoveragege
•E-Auction
Future Direction
Security Technologies Support Internet New Era
Digital Signature Digital Watermarking
Security Technologies
AdditionalFeatures
InformationExchange
Improvement of work efficiency
Application toManagementStrategy
Creation of new value of services
E-Library
Note : * Narrow Meaning
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
20
Outline of Digital Signature
< Objectives of Digital Signature or Electronic Seal > (1) Entity Authentication : Protection from Masquerade (2) Message Authentication : Detection of Message Manipulation
Real World Digital WorldObjectives
(1) Entity Authentication
(2) Message Authentication
Usage of Seal or Signature for Identifying Originator
Usage of Paper and Ink for Detecting Manipulation
Digital Signature or Electronic Seal
Usage of Asymmetric Cipher* : It is possible to identify single signature key user.
Usage of Hash Function : It is possible to detect manipulation by checking hash value.
* Asymmetric Cipher equals Public Key Cipher
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
21
Digital Signature Scheme
Massage(M)
Alice
Encryption by Using Sa and Asymmetric Cipher
Private Key of Bob ( Sa ) :Secret
Hash Function(h)
Hash Value( h(M))
M+Digital Signature
Digital Signature(S=Sa(h(M)))
Bob
Decryption by Using Pa and Asymmetric Cipher
Public Key of Bob( Pa ) : Open
h’=Pa(S)
h”=h(M)
Compare
AuthenticatedAuthenticated
If only one bit of M was changed, the hash value will be changed totally
Pair Keys
Digital Signature(S=Sa(h(M)))
Hash Function(h)
M+Digital Signature
=
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
22
Necessity of Certification Authority
Objective:Certificate the real owner of public key Pa ( Protect to pretend Pc generated by Carol as Pa of Bob)
Certification Authority:CA
Bob Alice
(1) Generate Private Key:SaPublic Key :Pa
Private Key of CA: Sn Secret
(2) Pa
with Sn (Pa)
(5) Signed Message+ X.509 Certificate
(6) Pn
(7) Calculate Pa Pa= Pn(Sn(Pa))(8) Use Pa for Verification
Public Key of CA: Pn Open
(4) Public Key Certificate(X.509 V.3)
(3) Registration of Pa and the Owner
(Note:There was same system in the era of King Hammurabi about 4100 years ago .)
(Asymmetric Cipher )
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
23
Example of Structure for CAs
Root CA
CA11 CA12
EE1 EE2 EE3 EE4
EE: End Entity ( User of CA )
Hierarchical Structure of CAs
Certificate
CA1 CA2
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
24
PKI for Supporting Certification
Root CA
CA11 CA12
EE1 EE2 EE3 EE4
Certificate
CA1 CA2
PKI consists of protocols, services, and standards supporting applications of public-key cipher (asymmetric cipher), especially related the use of Certificate Authority(CA).
PKI : Public Key Infrastructure
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
25
Inter Individuals
•Information Sharing•GroupWare
•Mail, News, WEB
Inner Companies
Inter Companies
Public,Home etc.
•EC(B to C)EC(B to C)
•E-Government
•EC(B to EC(B to B)B)
•E-Election
•New Social New Social InfrastructureInfrastructure
Internet*Internet*
IntranetIntranet
ExtranetExtranet
SocialnetSocialnet
CoveraCoveragege
•E-Auction
Future Direction
Security Technologies Support Internet New Era
Digital Signature Digital Watermarking
Security Technologies
AdditionalFeatures
InformationExchange
Improvement of work efficiency
Application toManagementStrategy
Creation of new value of services
E-Library
Note : * Narrow Meaning
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
26
Example of WatermarkingOriginal Image Embedded Image
OwnerHtachibuyerSasaki
Embedd-ingsoftware
OwnerHitachiBuyerSasaki
Extract-ing Software
Embedded Position
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
28
Main Players on Security R & D in Japan
CollaborationUniversities Companies
GovernmentMITI - IPAMPT - TAO
Fund for Security Projects
MITI : Ministry of International Trade and IndustryMPT : Ministry of Posts and TelecommunicationsIPA : Information - Technology Promotion Agency, JapanTAO : Telecommunications Advancement Organization of JapanSTA : Science and Technology Agency
STA
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
29
Main Players on Security R & D in Japan
Collaboration
Universities Companies
GovernmentMITI - IPA
MPT - TAO
Fund for Security Projects
MITI : Ministry of International Trade and IndustryMPT : Ministry of Posts and TelecommunicationsIPA : Information - Technology Promotion Agency, Japan
(1) Anti-Computer-Virus Activities(2) Countermeasures Against Unauthorized Access to Computers in Cooperation with JPCERT(3) Study of Cryptography and Authentication Technologies(4) Study of IT Security Evaluation and Certification / Validation Scheme
IPA - Security Center
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
30
Main Players on Security R & D in Japan
Collaboration
Universities Companies
GovernmentMITI - IPA
MPT - TAO
Fund for Security Projects
MITI : Ministry of International Trade and IndustryMPT : Ministry of Posts and TelecommunicationsIPA : Information - Technology Promotion Agency, JapanTAO : Telecommunications Advancement Organization of Japan
O Tokyo University (Professor IMAI), O Chuo University (Professor TSUJII), O Yokohama National University,O Kyushu University, O Keio University etc.
Universities
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
31
Main Players on Security R & D in Japan
Collaboration
Universities Companies
GovernmentMITI - IPA
MPT - TAO
Fund for Security Projects
MITI : Ministry of International Trade and IndustryMPT : Ministry of Posts and TelecommunicationsIPA : Information - Technology Promotion Agency, JapanTAO :Telecommunications Advancement Organization of Japan
O NTT,O Hitachi,O Mitsubishi,O NEC, O NTT Data,O Fujitsu, O Panasonic, etc.
COMPANY
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
32
Security Technologies for Research
Field Technology
Element Technology
System Technology
Social Technology
1
2
34
5
6
78
9
10
11
12
Certification
Access Control
Encryption
Digital Signature
Computer Virus
Secure Network
Recovery
Vulnerability
Risk Assessment
Interdependency
Risk Communication
Security User Interface
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
33
Comparison of Research Area in USA and Japan
Field Technology
Element Technology
System Technology
Social Technology
1
2
34
5
6
78
9
10
11
12
Certification
Access Control
Encryption
Digital Signature
Computer Virus
Secure Network
Recovery
Vulnerability
Risk Assessment
Interdependency
Risk Communication
Security User Interface
USA* Japan+Research Area (%)
* Ratio of number of papers in ACM and IEEE for this ten years (Total No.:4696)+ Ratio of number of papers in IPSJ and IEICE for this ten years (Total No.:555)
29
28
24
4
6
3
3
4
31
3
3
33
2
1
4
61
47
6
0
0
0
0
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
34
Main Players on Security R & D in Japan
Collaboration
Universities Companies
GovernmentMITI - IPA
MPT - TAO
Fund for Security Projects
MITI : Ministry of International Trade and IndustryMPT : Ministry of Posts and TelecommunicationsIPA : Information - Technology Promotion Agency, JapanTAO :Telecommunications Advancement Organization of Japan
O NTT,O Hitachi,O Mitsubishi,O NEC, O NTT Data,O Fujitsu, O Panasonic, etc.
COMPANY
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
35
6. R & D on Security Technologies in Hitachi
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
36
Hitachi’s Security Concept
Secureplaza
Attack!
Router
Crypt LSI
Smart Card
Attack!
Message
EC
Hitachi’s Total Power
Hitachi’s Security Services and ProductsHardware Products
SoftwareProductsSystems
Integration Services
OperationServices
Encryption Library
Firewall
EC SystemInter-Corporate EC
Certificate Authority
Security Monitoring
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
37
History on R&D of Security in Hitachi
Phase 3 (1998 - )
Business Establishment Period
Phase 2 (1993 - 1997)
Products Development Period
Phase 1 (1987 - 1993)
Technology Development Period
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
38
Business Area and Developed Security
TechnologiesBusiness Area
Service
Soft-ware
Hard-Ware
Developed Security Technologies
SI & Operation
Special Service
Security Monitoring, Key Recovery
Certificate Authority, Notary System
Middle Software
Library
Subsystem
Component LSI for Encryption, Smart Card
Encryption for Hardware EquipmentBiometrics for Authentication
Encryption Algorithms Digital Water Marking
Secure Commerce Protocol, Key Management ,Group Security
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
39
Common Key Cipher and Public Key Cipher
Public Key Cipher
Examples DES RSA
Relation betweenEncryption/Decryption Keys
Encryption Key = Decryption Key
Encryption Key ≠ Decryption Key
Secret Key Delivery Not Necessary
Digital Signature Difficult Straightforward
Speed Fast Slow
Applications Data EncryptionKey DeliveryDigital Signature
Common Key Cipher
Necessary
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
40
Common Key Cipher Developed in Japan
Company Name Year Comment
NTT
Mitsubishi
NEC
FEAL-NE2
MULTI2MULTI-S01
MISTY
Unicorn
1990
19892000
1996
1997
Candidate of AES
Stream CipherHitachi
1998
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
41
Products Related MULTI
(b) Encryption LSI for Satellite Broadcast
(a) Encryption Software Library ( Keymate/MULTI )
(Japan Standard for Digital Satellite Broadcast)
PerfecTV
DirecTV Japan
TV
IRD
MULTI Chip
MULTI is the baseline cipher recommend by CPTWG for IEEE1394 CPTWG: Copy Protection Technology Working Group
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
42
Common Key Cipher and Public Key Cipher
Public Key Cipher
Examples DES RSA
Relation betweenEncryption/Decryption Keys
Encryption Key = Decryption Key
Encryption Key ≠ Decryption Key
Secret Key Delivery Not Necessary
Digital Signature Difficult Straightforward
Speed Fast Slow
Applications Data EncryptionKey DeliveryDigital Signature
Common Key Cipher
Necessary
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
43
Necessity of New Public Key Cipher
RSARequired key length for safe enough 1990 512 bits 1998 1024 bits 2004 2048 bits
Computation time when key length becomes twice 6 times - 8 times
Improvement of Hardware and Integer Factorization Method
Hitachi has decide to develop new public key cipher in 1996.
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
44
Hitachi Elliptic Curve Cryptosystem(ELCURVE)
Type ofElliptic Curve
SchemeDigitalSignature
Encryption/Decryption
K-out-of-NScheme
Elliptic Curvebased on2 powers
Elliptic Curvebased on largeprime numbers
Hitachi original scheme
ELCURVE
Software Library for PC and WS (Product:Keymate/Crypto)
Software for Smart Card( Prototype )
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
45
Development of ELCURVE on Smart Card
PCSmart Card H8/3111 BLOCK DIAGRAM
ROM 14K BYTES
RAM 512 BYTES
EEPROM
8K BYTES
CO-PROCESSOR
RAM 288 BYTES
H8/300 CPU I/O PORT
EXTERNAL CLOCK: 10MHZ
CPU : 5MHZ 、CO-PROCESSOR : 10MHZ
DIGITAL SIGNATURE(160BITS) 0.17 SEC
・ High speed calculation by utilizing co-processor in smart card designed for fast RSA calculation
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
46
Business Area and Developed Security
TechnologiesBusiness Area
Service
Soft-ware
Hard-Ware
Developed Security Technologies
SI & Operation
Special Service
Security Monitoring, Key Recovery
Certificate Authority, Notary System
Middle Software
Library
Subsystem
Component LSI for Encryption, Smart Card
Encryption for Hardware EquipmentBiometrics for Authentication
Encryption Algorithms Digital Water Marking
Secure Protocol, Key Management ,Group Security
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
47
paint-ing
Application Areas of WatermarkingProtection by watermarkingneeded
1month
$10
Life span
catalogue
news-paper
TV-news
educationsoftware
music
movie
karaoke
magazine
Stillpictur
e
painting
Motionpicture
Picture in digital bookVoic
e
MusicVoice in movie
Text
Sentence in digital book
Program
Application programs
Contents
kind
Examplesprogra
m
book
high
lowshort long
Movies in DVDPric
e
Photography
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
48
Actual Applications of Water Mark
(1) Copy Detection in Toppan Co. for Selling Digital Arts ( Still Picture )(2) Copy Protection Standard Proposal for DVD - RAM in CPTWG ( Motion Picture )(3) Internet - Marks For WWW
paint-ing
Protection by watermarkingneeded
1month
$10
Life span
catalogue
news-paper
TV-news
educationsoftware
music
movie
karaoke
magazine
program
book
short long
Pric
e
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
49
Problems
• Web systems are important social infrastructures.
– Means for effective information delivery and collection– Bases for most EC systems
• However they have trust problems.
– Impersonation (e.g., fake Web site represents itself as an established site) – Criminal actions (e.g., receives money and then disappears without sending goods)– Unclear service policies (e.g., on returning goods)
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
50
Authentication using visual seals
• Authority issues seals guaranteeing or rating Web sites.
• Seals are pasted on the Web pages.
• Consumers trust or know service levels of the Web sites via the seals.
Problems
Seals are easily forged and copied onto unauthorized Web pages.
Reliable seal system is needed.
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
51
Recommend forRecommend forSchool EducationSchool Education
SCIENCE
ΕΔΩ Assoc.ΕΔΩ Assoc.
Internet-Mark technology• Internet-Marks are verifiable seals because digital signatures are embedded in them by digital watermarking.
Material image (JPEG, bit map, etc.)
Internet-Mark(JPEG, bit map, etc.)
Watermarking
Embedded digital signature
Recommend forRecommend forSchool EducationSchool Education
SCIENCE
ΕΔΩ Assoc.ΕΔΩ Assoc.
Digital object forwhich Internet-markwill be used.
Private keyof issuer
Digital signature
Internet-Marks can be verified viathe embedded digital signatures.
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
52
Details of Internet-Mark
Recommend forRecommend forSchool EducationSchool Education
SCIENCE
Ε ΔΩΕ ΔΩ Assoc Assoc..
Watermarking
Material Image
Web site address
Web page
Internet-Mark
Signature, etc.
Recommend forRecommend forSchool EducationSchool Education
SCIENCE
Ε ΔΩΕ ΔΩ Assoc Assoc..
Additional info.- term of validity etc.
Certificate for issuer
Private keyof issuer
Paste
Recommend forRecommend forSchool EducationSchool Education
SCIENCE
Ε ΔΩΕ ΔΩ Assoc Assoc..
Digitalsignature
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
53
Business Area and Developed Security
TechnologiesBusiness Area
Service
Soft-ware
Hard-Ware
Developed Security Technologies
SI & Operation
Special Service
Security Monitoring, Key Recovery
Certificate Authority, Notary System
Middle Software
Library
Subsystem
Component LSI for Encryption, Smart Card
Encryption for Hardware EquipmentBiometrics for Authentication
Encryption Algorithms Digital Water Marking
Secure Commerce Protocol, Key Management ,Group Security
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
54
Prototype model for Product
Biometric Authentication Devices of Hitachi
Demonstration model
Fingerprint DeviceVeridicom FPS100A300×300×8bits12Mbps USBI/FHitachi’s Contactless Smart Card & R/W
8bits CPU 8kB EEPROM 9600bps
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
55
Outline of Secured Office System
DoorControl unit
Smart cardR/W
Door
Log DB
TemporalFingerprint
file
DB
Entrance
X.509
User’s Office
UserList
EnrollmentServerCard Issuer
System
CertificationAuthority
Issuer Center
Smart Cardcertificatedfingerprint
Smart Cardcertificatedfingerprint
PCs for End UserLive
scannerLive
scanner
DB access control Log-on access control
VerificationServer
Entrance control
Workflow control
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
56
Business Area and Developed Security
TechnologiesBusiness Area
Service
Soft-ware
Hard-Ware
Developed Security Technologies
SI & Operation
Special Service
Security Monitoring, Key Recovery
Certificate Authority, Notary System
Middle Software
Library
Subsystem
Component LSI for Encryption, Smart Card
Encryption for Hardware EquipmentBiometrics for Identification
Encryption Algorithms Digital Water Marking
Secure Commerce Protocol, Key Management ,Group Security
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
57
インタネット
For Operator
CA system
Against Invasion Against Invasion FirewallFirewall EncryptionEncryption
Hitachi Certificate Authority Server
CA Server
Certificate
Store Bank/Card CompanyConsumer
CertificationList
Against Inside Crime Prevent Single Operation
Front End Server
Firewall
CertificateCertificate
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
58
Certificate Authority
Notary Authority
Corporate A Corporate B
AB
NA
A NA B NA
NA
A B
1998/3/614:10
NA
Time StampingTime Stamping
NA
Archiving a digital documentArchiving a digital document
Notary Service
Certificate
Authorize
NAB
A
B
NA A
B
NA
Making(Writing) a notarial deedMaking(Writing) a notarial deed
CA認CA
CA
CACA
Authorizing a private documentAuthorizing a private document
Image of CA & NA System for Ministry of Justice
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
59
Business Area and Developed Security
TechnologiesBusiness Area
Service
Soft-ware
Hard-Ware
Developed Security Technologies
SI & Operation
Special Service
Security Monitoring, Key Recovery
Certificate Authority, Notary System
Middle Software
Library
Subsystem
Component LSI for Encryption, Smart Card
Encryption for Hardware EquipmentBiometrics for Identification
Encryption Algorithms Digital Water Marking
Secure Commerce Protocol, Key Management ,Group Security
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
61
Security Standards and Related Organizations
National Level
World WideSecurity
ApplicationFieldOfficial : ISO-SC27, ITU etc.
Private : IETF(Protocol) etc.
Official: NIST(AES), JIS etc.
Private : IEEE (1394) etc.
SET (Certification)MULTOS (Card OS )CPTWG (Copy Protection )etc.
Security Basic Field
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
62
On Cryptography Standard
(1) USA: AES Project by NISTAES (Advanced Encryption Standard ) was selected in Oct. 2000.- > Rijndael Proposed from Belugium
(2) JAPAN: CRYPTEC Project by IPA and TAO ( Chair: Prof. Imai )Assessment of Security and the Implementation of Available Cryptographic Techniques to Achieve information Security in the Electronic Government-> Technical Report Including a List of Analytical Results on Security Profile and Implementation Aspects for Proposed Cryptographic Technologies ( in March, 2001 )
(3) EC : NESSIE Project by the Information Technology Programme of the European Commission
1.National Level / Official
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
63
On Cryptography Standard
2. World Wide / Official
Standardization of Ciphers has started at ISO/IEC JTC1 SC 27 (#18033) from 1999.< From Registration to Real Standard >
Standardization Items(1) Asymmetric Ciphers(2) Block Ciphers(3) Stream Ciphers
Symmetric Ciphers(Common Key Ciphers)
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
64
Security Standards and Related Organizations
National Level
World WideSecurity
ApplicationFieldOfficial : ISO-SC27, ITU etc.
Private : IETF(Protocol) etc.
Official: NIST(AES), JIS etc.
Private : IEEE (1394) etc.
SET (Certification)MULTOS (Card OS )CPTWG (Copy Protection )etc.
Security Basic Field
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
65
IETF WG on Security
Common Authentication Technology (cat) IP Security Protocol (ipsec) Intrusion Detection Exchange Format (idwg) Public-Key Infrastructure (X.509) (pkix) Simple Public Key Infrastructure (spki)XML Digital Signatures (xmldsig)
Authenticated Firewall Traversal (aft) One Time Password Authentication (otp) Secure Shell (secsh) Transport Layer Security (tls)
An Open Specification for Pretty Good Privacy (openpgp) Domain Name System Security (dnssec) S/MIME Mail Security (smime) Web Transaction Security (wts)Secure Network Time Protocol (stime)
Infrastructure
Middleware
Application
Category WG
Copyright (c) 2000 Hitachi, Ltd. All rights reserved.
67
Conclusions
1. R & D on security technologies in Japan were explained.2. Future Tendency (1) Attack will increase and be harder in future. (2) More powerful countermeasures will be required, especially in security surveillance, audit, evaluation and education. (3) Attack will be given from all over the world. Therefore, world wide collaborations must be performed to protect against the attacks.
Top Related