Network Security

1
Data Communications and Computer Networks A
Business Users Approach

• Chapter 13
• Network Security

2
What we will cover

• Security measures
• Firewalls
• Business on the internet - Encryption

3
(No Transcript)
4
Introduction
While computer systems today have some of the
best security systems ever, they are more
vulnerable than ever before. This vulnerability
stems from the world-wide access to computer
systems via the Internet. Computer and network
security comes in many forms encryption
algorithms access to facilities digital
signatures fingerprints and face scans as
passwords. Where do most security breaches come
from?

5
What is network security?

• Network security is preventing attackers from
  achieving objectives through unauthorized access
  or unauthorized use of computers and networks.
• www.cert.org

6
Basic Security Measures

The basic security measures for computer systems
fall into eight categories External
security Operational security Surveillance Pa
sswords/authentication Auditing Access
rights Standard system attacks Viruses/worms
7
External Security

Protection from environmental damage such as
floods, earthquakes, and heat. Physical security
such as locking rooms, locking down computers,
keyboards, and other devices. Electrical
protection from power surges. Noise protection
from placing computers away from devices that
generate electromagnetic interference.
8
Personnel security

• Most security violations have one common
  characteristic
• They are caused by people!
• Training, Auditing, Least Privilege, ...

9
Operational Security

Deciding who has access to what. Limiting time of
day access. Limiting day of week access. Limiting
access from a location, such as not allowing a
user to use a remote login during certain periods
or any time.
10
Sample dialog box from a network operating
system for the setting the time of day
restrictions

11
Surveillance

Proper placement of security cameras can deter
theft and vandalism. Cameras can also provide a
record of activities. Intrusion detection is a
field of study in which specialists try to
prevent intrusion and try to determine if a
computer system has been violated.
12
Passwords and ID Systems

• Passwords are the most common form of security
  and the most abused.
• Simple rules help support safe passwords,
  including
• Change your password often.
• Pick a good, random password (minimum 8
  characters, mixed symbols).
• Dont share passwords or write them down.
• Dont select names and familiar objects as
  passwords.
• Most common password?

13
List of common passwords

• !_at_   !_at_   !_at_   !_at_   000000  
  00000000   0007   007   007007   0246   0249  
  1022   10sne1   111111   121212   1225   123  
  123123   1234   12345   123456   1234567  
  12345678   1234qwer   123abc   123go   1313  
  131313   13579   14430   1701d   1928   1951  
  1a2b3c   1p2o3i   1q2w3e   1qw23e   1sanjose  
  2112   21122112   2222   2welcome   3   369   4  
  4444   4runner   5   5252   54321  5555   5683  
  654321   666666   6969   696969   777   7777  
  80486   8675309   888888   90210   911   92072  
  99999999   _at_   a   a12345   a1b2c3  
  a1b2c3d4   aaa   aaaaaa   aaron   abby   abc  
  abc123   abcd   abcd1234   abcde   abcdef  
  abcdefg   abigail   about   absolut   academia  
  access   action   active   acura   adam   adams  
  adg   adidas   admin   adrian   advil   aeh  
  aerobics   after   again   aggies   aikman  
  airhead   airplane   alan   alaska   albany  
  albatross   albert   alex   alex1   alexande  
  alexander   alexandr   alexis   alfred   algebra
    aliases   alice   alicia   aliens   alison  
  all   allen   allison   allo   alpha   alpha1  
  alphabet   alpine   always   alyssa   ama  
  amanda   amanda1   amber   amelie   america  
  america7   amiga   amorphous   amour   amy   an  
  analog   anchor   and   anderson   andre   andrea
    andrew   andromache   andy   angel   angela  
  angela1   angels   angie   angus   animal  
  animals   ann   anna   anne   annie   answer  
  anthony   anthropogenic   antonio   anvils   any
    anything   apache   apollo   apollo13   apple  
  apple1   apples   april   archie   arctic   are  
  aria   ariadne   ariane   ariel   arizona  
  around   arrow   arthur   artist   as   asdf
   asdfg   asdfgh   asdfghjk   asdfjkl   asdfjkl  
  ashley   ask   aspen   ass   asshole   asterix  
  at   ate   ath   athena   atmosphere   attila  
  august   austin  

14
Authentication

• Authentication is the process of reliably
  verifying the identity of someone (or something)
  by means of
• A secret (password one-time, ...)
• An object (smart card, ...)
• Physical characteristics (fingerprint, retina,
  ...)
• Trust
• Do not mistake authentication for authorization!

15
Controlling a user password with Novell Netware

16
Passwords and ID Systems - Authentication?

• Many new forms of passwords are emerging
• Fingerprints
• Face prints
• Retina scans and iris scans
• Voice prints
• Ear prints

17
Auditing

Creating a computer or paper audit can help
detect wrongdoing. Auditing can also be used as a
deterrent. Many network operating systems allow
the administrator to audit most types of
transactions. Many types of criminals have been
caught because of computer-based audits.
18
Windows NT Event Viewer example

19
Access Rights

Two basic questions to access right who and
how? Who do you give access right to? No one,
group of users, entire set of users? How does a
user or group of users have access? Read, write,
delete, print, copy, execute? Most network
operating systems have a powerful system for
assigning access rights.
20
Novell Netware assigning access rights to a
resource

21
Viruses

Many different types of viruses, such as
parasitic, boot sector, stealth, polymorphic, and
macro. A Trojan Horse virus is a destructive
piece of code that hides inside a harmless
looking piece of code. Sending an e-mail with a
destructive attachment is a form of a Trojan
Horse virus.
22
Virus Detection and Scanning

Signature-based scanners look for particular
virus patterns or signatures and alert the
user. Terminate-and-stay-resident programs run in
the background constantly watching for viruses
and their actions. Multi-level generic scanning
is a combination of antivirus techniques
including intelligent checksum analysis and
expert system analysis. http//www.symantec.com/av
center/
23
http//www.symantec.com/avcenter/
24
(No Transcript)
25
What is the difference between a computer virus
and a computer worm?

• Viruses are computer programs that are designed
  to spread themselves from one file to another on
  a single computer. A virus might rapidly infect
  every application file on an individual computer,
  or slowly infect the documents on that computer,
  but it does not intentionally try to spread
  itself from that computer to other computers. In
  most cases, that's where humans come in. We send
  e-mail document attachments, trade programs on
  diskettes, or copy files to file servers. When
  the next unsuspecting user receives the infected
  file or disk, they spread the virus to their
  computer, and so on.
• Worms, on the other hand, are insidious because
  they rely less (or not at all) upon human
  behavior in order to spread themselves from one
  computer to others.
• The computer worm is a program that is designed
  to copy itself from one computer to another over
  a network (e.g. by using e-mail). The worm
  spreads itself to many computers over a network,
  and doesn't wait for a human being to help. This
  means that computer worms spread much more
  rapidly than computer viruses.

26
HOAXES
27
Standard System Attacks

Denial of service attacks, or distributed denial
of service attacks, bombard a computer site with
so many messages that the site is incapable of
answering valid request. In e-mail bombing, a
user sends an excessive amount of unwanted e-mail
to someone. Smurfing is a nasty technique in
which a program attacks a network by exploiting
IP broadcast addressing operations. Ping storm is
a condition in which the Internet Ping program is
used to send a flood of packets to a server.
28
Standard System Attacks

Spoofing is when a user creates a packet that
appears to be something else or from someone
else. Trojan Horse is a malicious piece of code
hidden inside a seemingly harmless piece of
code. Stealing, guessing, and intercepting
passwords is also a tried and true form of attack.
29
Web Spoofing

• Web Spoofing is a security attack that allows an
  adversary to observe and modify all web pages
  sent to the victim's machine, and observe all
  information entered into forms by the victim. Web
  Spoofing works on both of the major browsers and
  is not prevented by "secure" connections. The
  attacker can observe and modify all web pages and
  form submissions, even when the browser's "secure
  connection" indicator is lit. The user sees no
  indication that anything is wrong.
• The attack is initiated when the victim visits a
  malicious Web page, or receives a malicious email
  message (if the victim uses an HTML-enabled email
  reader).

30
Smurfing to cripple a web server

31
Smurfing

• Smurfing is the attacking of a network by
  exploiting Internet Protocol (IP) broadcast
  addressing and certain other aspects of Internet
  operation. Smurfing uses a program called Smurf
  and similar programs to cause the attacked part
  of a network to become inoperable. The exploit of
  smurfing, as it has come to be known, takes
  advantage of certain known characteristics of the
  Internet Protocol (IP) and the Internet Control
  Message Protocol (ICMP). The ICMP is used by
  network nodes and their administrators to
  exchange information about the state of the
  network. ICMP can be used to ping other nodes to
  see if they are operational. An operational node
  returns an echo message in response to a ping
  message. A smurf program builds a network packet
  that appears to originate from another address
  (this is known as spoofing an IP address). The
  packet contains an ICMP ping message that is
  addressed to an IP broadcast address, meaning all
  IP addresses in a given network. The echo
  responses to the ping message are sent back to
  the "victim" address. Enough pings and resultant
  echoes can flood the network making it unusable
  for real traffic.
• One way to defeat smurfing is to disable IP
  broadcast addressing at each network router since
  it is seldom used. This is one of several
  suggestions provided by the CERT Coordination
  Center.

32
What is SSH?

• SSH (Secure Shell) is a full replacement for rsh,
  rlogin, rcp, telnet, rexec, and ftp
• Automatic authentication (?) of users, no
  passwords are sent in clear text
• Secure remote login, file copying, and tunneling
  X11 and TCP connections (POP, IMAP, SMTP, HTTP)

33
www.cert.org
34
What is a firewall?

• Used to control the flow of traffic (both inflows
  and outflows, but primarily inflows) between
  networks
• The connected networks can be internal or a
  combination of internal and external networks

35
Firewalls

A system or combination of systems that supports
an access control policy between two networks. A
firewall can limit the types of transactions that
enter a system, as well as the types of
transactions that leave a system. Firewalls can
be programmed to stop certain types or ranges of
IP addresses, as well as certain types of TCP
port numbers (applications such as ftp, telnet,
etc.)
36
Transmission Control Protocol/ Internet Protocol
- TCP/IP

• A conglomeration of underlying protocols
  designed to enable communications between
  computers across networks

37
4 Basic Layers of TCP/IP

• Physical/Network Layer - Accepts and transmits
  network packets over the physical network.
  Physical networking protocols, such as Ethernet,
  and logical protocols, such as Address Resolution
  Protocol (ARP), are run at this layer.
• IP Layer - Responsible for routing packets across
  the network. Routing protocols, such as Routing
  Information Protocol (RIP) and Interior Gateway
  Routing Protocol (IGRP), are run at this layer.

38
4 Basic Layers of TCP/IP (cont.)

• Transport Layer - Manages the virtual session
  between two computers for TCP for providing
  end-to-end communication.
• Application Layer - Manages the networking
  applications and formats data for transmission.

39
Open Systems Interconnect (OSI)

• Developed by the International Organization for
  Standardization
• A seven layer model that further divides the
  layers from the TCP/IP model

40
APPLICATION HTTP the desired
program LAYER TRANSPORT TCP provides
the LAYER or connection
UDP NETWORK IP locates the
destination LAYER IP address
routes message LINK Ethernet physical
devices LAYER
Application-based filtering- firewall Packet-fi
ltering- routers
TCP/IP
41
TCP/IP MODEL
OSI MODEL
APPLICATION
APPLICATION
PRESENTATION
SESSION
TRANSPORT
TRANSPORT
NETWORK
INTERNET (IP)
DATA LINK
NETWORK INTERFACE
PHYSICAL
42
Characteristics of Good Firewalls

• All traffic from inside the corporate network to
  outside the network, and vice-versa, must pass
  through it
• Only authorized traffic, as defined by the
  security policy, is allowed to pass through it
  and the system itself is immune to penetration.

43
A firewall as it stops certain internet and
external transactions

44
Firewalls 2 types

A packet filter firewall is essentially a router
that has been programmed to filter out or allow
to pass certain IP addresses or TCP port
numbers. A proxy server is a more advanced
firewall that acts as a doorman into a corporate
network. Any external transaction that request
something from the corporate network must enter
through the proxy server. Proxy servers are more
advanced but make external accesses slower.
45
Firewall Filtering

• Firewall features that are standard on routers.
• Separate input and output filters on
• Source and destination address
• Protocol (TCP/IP, IPX, UDP, ICMP, RIP, OSPF, BGP)
• Protocol service (Web, e-mail, FTP)
• Established sessions
• Packet logging
• Extended Frame Relay filtering (variable-length
  packet switching data transmission)

www.lucent.com
46
Static Firewalls

• Pre-configured rulebases are used for traffic
  passing decisions
• Default permit - the firewall allows all traffic
  except that which is explicitly blocked by the
  firewall rulebase
• Default deny - the firewall denies all traffic
  except that which is explicitly allowed by the
  firewall rulebase

47
Dynamic Firewalls

• Also uses rulebases, but the denial and
  permission of any service can be established for
  a given time period
• Stateful inspection is also a dynamic
  configuration
• A stateful inspection firewall also monitors the
  state of the connection and compiles the
  information in a state table. Because of this,
  filtering decisions are based not only on
  administrator-defined rules (as in static packet
  filtering) but also on context that has been
  established by prior packets that have passed
  through the firewall.

48
Components of Firewalls

• Chokes - limit the flow of packets between
  networks. Read packets and determine, based on
  the rules, if the traffic should pass
• Gates - act as a control point for external
  connections. They control the external
  connections.

49
TELNET FTP SMTP SMTP
HTTP TELNET FTP FTP SMTP HTTP
SMTP FTP FTP SMTP TELNET
PACKETS
Rejected Packets
SMTP HTTP SMTP
CHOKE DEFAULT DENY
GATE
Application Level Filtering Rule - Deny
everything except Telnet FTP
Corporate Internal Network
FTP FTP TELNET
50
Firewall Functions

• Packet Filtering
• Network Address Translation
• Application-level Proxies
• Stateful Inspection
• Virtual Private Networks
• Real-time Monitoring

51
Proxy Server sitting outside the protection of
the corporate network

52
Last time

• Security issues
• Firewalls

This time

• Business over the internet
• Cryptography

53
So you want to do businessover the internet

• What do you have to worry about?

54
Message is reassembled at destination
Message is split into packets and may
travel along different paths
B
A
Intended destination is Point B
Message originating from Point A
?
?
Did Point B receive the message?
Was the message really sent by Point A?
?
?
Did anyone else see the message? If Point B did
in fact receive the message - Is it exactly the
same message or could it have been altered in any
way? Was it delivered promptly or could it have
been stalled?
55
Important Techniques used to prevent/detect data
interception

• Message Origin Authentication
• Proof of Delivery (non-repudiation)
• Message Integrity
• Same message
• Not seen by others
• Timely Delivery of Messages

56
Encryption.

• Is the best device for ensuring message (and
  data) confidentiality
• involves transforming plaintext into ciphertext
  using a KEY
• the level of secrecy is a function of
• strength of the algorithm
• key length
• key management policies

57
What is cryptography?

• hidden writing
• versus steganography (hiding the message)
• Until recently military tool
• Like any military technology methods change
  over time
• Two sides designing codes breaking
  codes (cryptanalysis)
• Computers have changed both

58
Basic Encryption and Decryption
Terms Cryptography is the study of creating and
using encryption and decryption
techniques. Encryption vs decryption Plaintext
(sometimes called cleartext) is the the data that
exists before any encryption has been
performed. Ciphertext is the data after
encryption has been performed. The key(s) is(are)
the unique piece of information that is used to
create ciphertext and decrypt the ciphertext back
into plaintext. Key is also called the
cryptovariable. The cipher is the algorithm for
encrypting and decrypting also called the
protocol or scheme.

59
Uses of Cryptography

• Besides confidentiality, cryptography provides
• Authentication knowing who sent the message
  actually sent it.
• Integrity message has not been tampered with
  and/or the message is legit
• Nonrepudiation a user should not be able to deny
  that he sent the message

60
Basic encryption and decryption procedure

The Cipher
61
Simple encryption methods

• Pig Latin
• Decoder rings

62
Monoalphabetic Substitution-based
Ciphers Monoalphabetic substitution-based ciphers
replace a character or characters with a
different character or characters, based upon
some key. Replacing abcdefghijklmnopqrstuvwxyz Wi
th the key POIUYTREWQLKJHGFDSAMNBVCXZ The
message how about lunch at noon encodes into
EGVPO GNMKN HIEPM HGGH

63
Simple example Caesar Shift

• Protocol shift each letter by the same amount
• Key amount to shift

IBM
HAL
-1
Veni, vidi, vici
Foxs, fsns, fsms
10
Decryption shift back the same amount
64
Caesar Cipher
ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHI
JKLM
rotate 13 positions
Plaintext
THE GOTHS COMETH
Key
13
Ciphertext
FUR TAFUE PAYRFU
65
Example Caesar Shift

• What is
• ozqsx shld

66
Polyalphabetic Substitution-based Ciphers

Similar to monoalphabetic ciphers except multiple
alphabetic strings are used to encode the
plaintext. For example, a matrix of strings, 26
rows by 26 characters or columns can be used. A
key such as COMPUTERSCIENCE is placed repeatedly
over the plaintext. COMPUTERSCIENCECOMPUTERSCIENCE
COMPUTER thisclassondatacommunicationsisthebest
67
Polyalphabetic Substitution-based Ciphers

To encode the message, take the first letter of
the plaintext, t, and the corresponding key
character immediately above it, C. Go to row C
column t in the 26x26 matrix and retrieve the
ciphertext character V. Continue with the other
characters in the plaintext.
68
Transposition-based Ciphers
In a transposition-based cipher, the order the
plaintext is not preserved. As a simple example,
select a key such as COMPUTER. Number the letters
of the word COMPUTER in the order they appear in
the alphabet. 1 4 3 5 8 7 2 6 C O M P U T E R

69
Transposition-based Ciphers
Now take the plaintext message and write it under
the key. 1 4 3 5 8 7 2 6 C O M P U T E R t h i s
i s t h e b e s t c l a s s i h a v e e v e r t a
k e n

Then read the ciphertext down the columns,
starting with the column numbered 1, followed by
column number 2. TESVTLEEIEIRHBSESSHTHAENSCVKITAA
70
Types of Keys

• Symmetric (one key)
• Asymmetric (two keys)

71
SYMMETRIC ENCRYPTION METHOD
Receiver
Sender
Encoded Message
Plaintext Message
Plaintext Message
encrypt
decrypt
Same key for encryption and decryption. How is
key shared?
72
Enigma Machine Key changed daily 3 scramblers in
one of 6 orders In 1938 3 of 5, so 60
arrangements 263 17,576 settings for
scramblers Billions of plugboard settings Alan
Turing bypassed plugboard Used known plaintext,
exhausted over space British were able to read
traffic!
73
Paradigm Shift!

• Alice wants to mail Bob a letter securely
• If they share a key, Alice locks, Bob unlocks
• If not Alice puts on padlock, sends box to Bob
• Bob adds his padlock, sends box back to Alice
• Alice removes her padlock, sends box to Bob
• Bob unlocks box, reads letter
• Problem how to translate this to a protocol?

74

• Public Key Cryptography
• Very powerful encryption technique in which two
  keys are used
• first key (the public key) encrypts the message
• second key (the private key) decrypts the
  message
• Not possible to deduce one key from the other.
• Not possible to break the code given the public
  key.
• If you want someone to send you secure data, give
  them your public key, you keep the private key.
• Secure sockets layer (SSL) on the Internet is a
  common example of public key cryptography
• Connection between application layer and
  transport layer (TCP)
• S-HTTP another method

75
(No Transcript)
76
Sender Johnny B.
Receiver - Professor
Plaintext message from Johnny B. explaining his
personal medical condition
By encrypting his message with his Professors
publicly available key, Johnny B. can be assured
that no one besides that professor can read his
message. Confidentiality
77
Sender - Professor
Receiver Johnny B.
Plaintext message from Professor requesting a
conference with Johnny B.
Because the professor encrypted the message with
his private key, Johnny B. can be assured that
the message really is from that professor by
decrypting it with the professors public
key. Authenticate sender
78
Sender - Professor
Receiver Johnny B.
Message from Professor requesting a
conference with Johnny B. and disclosing his
grade.
By decrypting the message with the professors
private key and Johnnys publicly available key,
Johnny can be assured that the message really is
from that professor and that no one else can read
the message containing his grade. Authenticate
and confidentiality of sender
79
Data Encryption Standard (DES) making good
keys GOT TO HAVE GOOD KEYS! Created in 1977 and
in operation into the 1990s, the data encryption
standard took a 64-bit block of data and
subjected it to 16 levels of encryption. The
choice of encryption performed at each of the 16
levels depends on the 56-bit key applied. Even
though 56 bits provides over 72 quadrillion
combinations, a system using this standard has
been cracked. Larger keys is the answer to better
security.

80
Basic operations of the data encryption standard

81
Triple-DES

A more powerful data encryption standard. Data is
encrypted using DES three times the first time
by the first key, the second time by a second
key, and the third time by the first key
again. While virtually unbreakable, triple-DES is
CPU intensive. With more smart cards, cell
phones, and PDAs, a faster (and smaller) piece of
code is highly desirable.
82
Advanced Encryption Standard (AES)
Selected by the U.S. government to replace
DES. National Institute of Standards and
Technology selected the algorithm Rijndael
(pronounced rain-doll) in October 2000 as the
basis for AES. AES has more elegant mathematical
formulas, requires only one pass, and was
designed to be fast, unbreakable, and able to
support even the smallest computing device. Key
size of AES 128, 192, or 256 bits Estimated time
to crack (assuming one machine could try 255 keys
per second (NIST)) 149 trillion years Very
fast execution with very good use of
resources AES should be widely implemented by 2004

83
(No Transcript)
84
Pretty Good privacy

• PGP is a digital data encryption program created
  by Phil Zimmerman.
• Provides confidentiality, authentication, and
  compression for email and data storage.
• Its building blocks are made of the best
  available cryptographic algorithms RSA, DSS,
  Diffie-Hellman.
• It is independent of operating system and
  processor.
• It has a small set of easy-to-use commands

85
PGP

• Because PGP is freely available via the Internet,
  and has a fully compatible low-cost commercial
  version it is now widely used.
• It has a wide range of applicability from
  corporations to individuals who wish to
  communicate worldwide securely over the Internet
  and other networks.
• It is not controlled by any government which
  makes it attractive to many.

86
Digital Signatures

• A digital signature is much like a hand signature
  in that it provides proof that you are the
  originator of the message (Authentication)
  assigns a code to a document.
• Used to bound the message originator with the
  exact contents of the message through the use of
  key pairs. This allows for the feature of
  non-repudiation to be achieved - this is crucial
  for electronic commerce.
• Non-repudiation is a property achieved through
  cryptographic methods which prevents an
  individual or entity from denying having
  performed a particular action related to data.
• The private key of the sender is used to compute
  a message digest.

87
Digital Signatures Reason for digital signatures?
integrity of transactions How they work Document
to be signed is sent through a complex
mathematical computation that generates a hash,
called the message digest. (reduces the size of
the message) Hash is encoded with the owners
private key. To prove future ownership, the hash
is decoded using the owners public key and the
hash is compared with a current hash of the
document. If the two hashes agree, the document
belongs to the owner. The U.S.A. approved
legislation to accept digitally signed documents
as legal proof.

88
Sender
Receiver
Plaintext Message
89
Public Key Infrastructure Putting it all
together!!

The combination of encryption techniques,
software, and services that involves all the
necessary pieces to support digital certificates,
certificate authorities, and public key
generation, storage, and management. A
certificate, or digital certificate, is an
electronic document, similar to a passport, that
establishes your credentials when you are
performing transactions.
90
Public Key Infrastructure (PKI)

• Applications that benefit from PKI
• World Wide Web transactions
• Virtual private networks
• Electronic mail
• Client-server applications
• Banking transactions

91
Security Policy Design Issues

What is the companys desired level of
security? How much money is the company willing
to invest in security? If the company is serious
about restricting access through an Internet
link, what about restricting access through all
other entry ways? The company must have a
well-designed security policy.
92
Network Security In Action Banking and PKI

If you want to perform online banking
transactions, how does the system know you are a
legitimate user? ScotiaBank uses a PKI system
designed by Entrust. Each customer is assigned a
digital certificate. Whenever a customer wants to
perform an online transaction, they present
their certificate.
93
What did we cover?

• Security for internet communications
• Message Origin Authentication
• Proof of Delivery (non-repudiation)
• Message Integrity
• Same message
• Not seen by others
• Cryptography
• Keys
• PKI

94
SECURITY ISSUE SECURITY OBJECTIVE SECURITY
TECHNIQUES
Confidentiality Privacy of Message Encryption

Message Integrity Detecting Message Hashing
(Digest) Tampering
Authentication Origin Verification Digital
Signatures Biometric Devices
Non-repudiation Proof of Origin,
Receipt, Digital Signatures and
Contents Transaction Certificates Time
Stamps Confirmation Services Bi-Direct
ional Hashing
Access Controls Limiting entry to
Firewalls authorized users Passwords B
iometric devices