security and protection of information 2001 1 decros spol. s r.o. member of the icz group radovan...
TRANSCRIPT
Security and Protection of Information 2001
1
DECROS spol. s r.o.Member of the ICZ group
Radovan Pekárek [email protected]
Security and Protection of Information 2001 2
lCZ group
Top 5 of the best IT Czech Companies of the year 2000
More than 400 employees Turn-over about 20 mil. US $ Typical Czech Companies
Security and Protection of Information 2001 3
ICZ Partners Baltimore Technologies BEA Systems Cisco Systems Compaq IBM Hewlett Packard Microsoft Sun Microsystems
Security and Protection of Information 2001 4
DECROS
SW and HW developer Consultation and analysis in the area of IT Security Own department of cryptology Solution provider, business partner
Security and Protection of Information 2001 5
AWARDS
European IT Prize1998 awarded
ActivCard Digital Identity Award 2000
2000 awarded; „The best integration“
CHIP Tip „Choice of the Year“ ‘96, ‘97, ‘98
(Czech edition)
INVEX – „Crystal Disk“
Security and Protection of Information 2001 6
Cooperation with CNSA
1999 the company handed over a request to be certified on the level „Confidential“
Employees are to be verified on the level „TOP SECRET“
Security and Protection of Information 2001 7
Cooperation with CNSA
Development of cryptographic tools designed for protection of classified information according to the law n. 148/98 Coll.:
- Krydec- CSP-I MicroCzech- CSP-II MicroCzech
Security and Protection of Information 2001 8
KRYDEC
Provide cryptographic protection of files
Secure identification and autentication of users by CNSA smart card
Audit independent on PC or OS
Security and Protection of Information 2001 9
Krydec - basic properties
For SECRET and TOP SECRET inf. Long PCI Internal smart card reader OS Win NT 4.0 National encryption algorithm Max. 256 encryption keys Max. 64 users
Security and Protection of Information 2001 10
CSP-I MicroCzech
Cryptographic SW module Designed for integration into the
CryptoAPI subsystem in Win NT 4.0 Provides cryptographic service for all
aplications using CryptoAPI (typical applications – MS Outlook and Internet Explorer)
Security and Protection of Information 2001 11
CSP-I MicroCzech basic properties
Digital Signature (RSA) Asymmetric encryption of symetric
keys (RSA) Symmetric ciphers (3DES,RC2,RC4) Hash Functions (SHA-1,MD5,MAC) Random Number Generator
Security and Protection of Information 2001 12
CSP-I MicroCzech advantage
Implementation of many special security mechanisms that are not a part of the standart CSP modules.
designed for the protection of classified information at the level “Restricted”
Security and Protection of Information 2001 13
CSP-II MicroCzech This is a HW version of CSP-I
MicroCzech with certain additions. A smart card is used for storing keys. This device is designed for the protection of classified information up to the security level “Confidential”.
Security and Protection of Information 2001 14
CSP-II MicroCzech basic properties:
Local processor of the PowerPC line (MPC 850), 50 MHz
1Kb data cache,2 Kb instruction cache Operating memory 16 MB SDRAM Flash ROM 2MB RS232 interface for smart card reader Universal OS AES support
Security and Protection of Information 2001 15
Law n.148/98 Coll
Successful IS certification does not depend only on using certified cryptographic components (CNSA n. 76/1999 Coll.)
According to CNSA n. 56/1999 Coll. About security IS that manipulate with classified information, it is necessary to solve the security of the IS as of a complex system
Security and Protection of Information 2001 16
Law n.148/98 Coll. – our offer:
Risk analysis Security policy proposal Security guidelines Testing system security Produce security and operating IS
dokumentation Training users