Encryption & VPNs
Featuring 98 Papers as of July 28, 2015
PKI Trust Models: Whom do you trust?
by Blaine Hein - July 28, 2015
There has been a substantial amount of attention in the media recently regarding Public Key Infrastructures (PKI). Most often, secure web server exploits and signed malware have generated this attention and have led to the erosion of trust in PKI. Despite this negative media attention, there has been very little detailed discussion of the topic of PKI Trust proliferation and control. PKI is an integral part of our daily lives even though, for the most part, we never notice it. Europe is several years ahead of North America in the ubiquitous deployment of PKI to its citizens, but North America has begun to catch up. This paper covers four major areas including the definition of trust and trust models, implementation of trust, auditing of trust, and managing trust. The paper provides proof of concept tools to allow administrators to understand their current level of PKI trust and techniques manage trust.
Implementing Hardware Roots of Trust: The Trusted Platform Module Comes of Age
by Gal Shpantzer - June 18, 2013
Discussion of trends that are driving adoption of TPM, with advice on how to take advantage of this increasingly commonplace technology without disrupting your security infrastructure.
Transparent Data Encryption: New Technologies and Best Practices for Database Encryption
by Tanya Baccam - April 7, 2010
- Sponsored By: Oracle
A look at the basics of encryption with a discussion the pros and cons of leading encryption architectures available today.
Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data
by nuBridges, inc - September 29, 2009
Exploring the use of tokenization as a best practice in improving PCi dss compliance, while at the same time minimizing the cost and complexity of PCi dss compliance by reducing audit scope.
Regulations and Standards: Where Encryption Applies
by Dave Shackleford - November 17, 2007
- Sponsored By: Utimaco
This paper describes the types of data under protection regulation and basic best practices for implementing appropriate encryption technologies.
The challenge of securely storing and transporting large files across a corporate Wide Area Network
by Jeremy Gibb - October 26, 2007
The majority of organizations that use Wide Area Networks (WANs) to connect Local Area Networks (LANs) together have a requirement to transfer large amounts of data across the wire, between different locations. A number of widely available desktop applications such as Microsoft Outlook and Windows Explorer provide built-in functionality that support the basic data transfer needs of most users (e.g. attaching a file to an email, creating a share on a remote machine and mapping a local drive to that share), but such solutions have limitations when there is a requirement from backend applications or system administrators to reliably transfer large files that are often numerous Gigabytes (Gig), or more, in size. This challenge is further complicated when the data is of a sensitive nature and needs to be transported securely, on a repetitive (i.e. automated) basis, and must be held in a secure format before and after transmission.
Hardware Versus Software: A Usability Comparison of Software-Based Encryption with Seagate Secure Hardware-Based Encryption
by Jim D. Hietala - September 10, 2007
- Sponsored By: Seagate Technology
This paper explores the factors driving adoption of encryption in laptop and desktop systems and then compares two different approaches to providing encryption, software-based and hardware-based.
Encryption Procurement: Setting a Standard
by Stephen Northcutt, Barbara Filkins - June 6, 2007
- Sponsored By: Utimaco
Information and checklist to help organizations develop an RFP for enterprise encryption.
OpenVPN and the SSL VPN Revolution
by Charlie Hosner - August 25, 2004
True SSL VPNs are beginning to appear in the market. One of the best, and definitely the least expensive, is the open source SSL VPN, OpenVPN.
Securing Key Distribution with Quantum Cryptography
by Bradford Bartlett - August 15, 2004
Quantum cryptography recently made headlines this year when European Union members announced their intention to invest $13 million in the research and development of a secure communications system based on this technology.
Elliptic Curve Cryptography and Smart Cards
by Ahmad Kayali - April 8, 2004
Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems (for example, a 160 bit ECC has roughly the same security strength as 1024 bit RSA).
Understanding and Configuring IPSec between Cisco Routers
by Ryan Ettl - March 25, 2004
This paper will provide insight for a secure solution to address this business need using Virtual Private Networking.
SSL Remote Access VPNs: Is this the end of IPSec?
by Steven Ferrigni - December 13, 2003
This paper looks at the two VPN technologies with respect to remote access, discusses the advantages and disadvantages of each and whether they can co-exist.
Cryptography - Business Value Behind the Myth
by Jeff Christianson - October 31, 2003
The purpose of this paper is to help information technology professionals make informed decisions about using cryptographic solutions to secure electronic business transactions.
Demystifying DSS: The Digital Signature Standard
by Richard Brehove - August 22, 2003
This paper examines the requirements of signatures, outlines the technologies involved in creating digital signatures, and describes the components of the Digital Signature Standard (DSS).
Security Implications of SSH
by Bill Pfeifer - August 22, 2003
This paper provides a high-level discussion of some of the security considerations associated with SSH, as well as some potential methods of addressing those considerations.
IPSec Interoperability between OpenBSD, Linux and Sonicwall
by Daniel Young - August 8, 2003
This paper discusses OpenBSD project, Linux FreeS/WAN project and Sonicwall Inc., each providing cost effective IPSec implementations with excellent reliability and some of the issues surrounding their interoperability.
Instant Message Security - Analysis Of Cerulean Studios Trillian Application
by Michael Murphy - July 14, 2003
This paper outlines the underlying security risks of Instant Messaging (IM) focusing on an analysis of Cerulean Studios' Trillian application.
MPLS - VPN Services and Security
by Ravi Sinha - July 14, 2003
The information will provide the foundation for the discussion on providing scalable VPN services in a MPLS environment.
IPSec Tunnel Creation
by Chris Gutridge - July 11, 2003
The purpose of this paper is to detail, explain, and illustrate the specific processes that occur in creating an IPSec VPN tunnel.
Using GPL Software For Email and File Encryption
by David Tucker - June 19, 2003
Privacy is important, the security of information is sometimes legally required, and internet communication often does not provide this necessary security inherently.
Attacks on PGP: A Users Perspective
by Ryan Thomas - June 19, 2003
The focus of this paper is to inform users of the practical and theoretical strategies that may be used in an attempt to compromise PGP (Pretty Good Privacy), potentially exposing the contents of a PGP encrypted message to an attacker.
Network Based VPNs
by Olivier Strahler - May 23, 2003
This paper focuses on this particular type of VPN. First, it provides a short history on the evolution of VPNs, then it explains what is meant by Network based VPNs.
Cryptanalysis of RSA: A Survey
by Carlos Cid - May 8, 2003
In this paper we give a survey of the main methods used in attacks against the RSA cryptosystem. We describe the main factoring methods, attacks on the underlying mathematical function, as well as attacks that exploit details in implementations of the algorithm.
Multiprotocol Label Switching Virtual Private Networks and the enterprise - Do they fit in the security model?
by Michael Stoos - May 8, 2003
Multiprotocol label switching virtual private networks have gained press as a new service provider method to provide a secure path in the public Internet space.
When Security Counts: Securing a Test Server with a VPN Connection
by Patricia Hulsey - March 25, 2003
This paper describes the design choices of a deployment for a router-to-router VPN connection using the Windows 2000 platform VPN server.
The Risks Involved With Open and Closed Public Key Infrastructure
by Philip Hlavaty - March 22, 2003
This paper will present some of the risks and liability issues involved with PKI, such as the enormous risks behind the open PKI model and why it never flourished in the marketplace.
Remote Access VPN - Security Concerns and Policy Enforcement
by Mike Stines - March 16, 2003
The recommendations contained within this paper can assist in a secure and successful implementation of a remote-access VPN.
A Review of Chaffing and Winnowing
by David Spence - March 13, 2003
This paper presents an overview of Chaffing and Winnowing as described by Ronald Rivest and a review of a secure Chaffing and Winnowing scheme called Chaffinch.
PGP for Everyday Use
by Jeremy Hoel - March 10, 2003
This paper has shown how to get PGP, protect files on your drive, protect your e-mail messages and manipulate your key ring.
Prime Numbers in Public Key Cryptography
by Gerald Crow - March 9, 2003
This paper explores some of the basic properties of prime numbers and several theorems associated with them, and presents moderate detail on two of the most common asymmetric algorithms and the manner in which they employ prime numbers.
Remote Access IPSec VPNs: Pros and Cons of 2 Common Clients
by Jason Everard - February 27, 2003
This paper discusses two client options for creating this encrypted and authenticated connection, as well as options for working around the deficiencies of the current IPSec standard by combining IPSec with L2TP or by using proprietary functions to accomplish the same.
Randomness and Entropy - An Introduction
by Chris Thorn - February 26, 2003
This paper will attempt to bring together information pertaining to concepts and definitions of randomness and entropy.
Quantum Encryption - A Means to Perfect Security?
by Bruce Auburn - February 26, 2003
This paper addresses the issue of public key cryptography.
Applied Encryption: Ensuring Integrity of Tactical Data
by Jennifer Skalski-Pay - February 21, 2003
This paper will provide the reader with a low-level understanding of the Global Command and Control System-Maritime (GCCS-M), CST, Track Database Manager (Tdbm) and SIPRNet.
Cryptography: What is secure?
by Willy Jiang - February 14, 2003
This paper looks at how security is achieved by discussing basic substitution and transposition operations, to get an appreciation of security in cryptography and recommend basic approach to implement cryptography.
An Overview of Cryptographic Hash Functions and Their Uses
by John Silva - February 6, 2003
This paper provides a discussion of how the two related fields of encryption and hash functions are complementary, not replacement technologies for one another.
A Consumer Guide for Personal File and Disk Encryption Programs
by Scott Baldwin - January 25, 2003
This paper will give you the knowledge to select an encryption product that matches your needs.
BUSINESS PARTNER VPN: NEEDED NOW
by Karen Duncanson - January 1, 2003
This paper takes a look at Business Partner VPN and focus on challenges now being dealt with in the face of requirements for a VPN that promises end to end security between two separate business entities and even between the users within those entities.
No Single Killer App for PKI
by Cliff Schiller - December 18, 2002
This paper presents the author's perspective on the real benefits of PKI as a technology.
Is the future of cryptography in qubits
by Wayne Redmond - December 12, 2002
In a beautiful irony, quantum computers may break current cryptography but quantum mechanics also offer hope to cryptography in quantum key distribution.
The mathematics behind the security features that the computing industry takes for granted
by Ricky Wald - December 8, 2002
This paper aims to explain mathematical/encryption concepts that are fundamental to security as it was in the past, as it is today and my vision for the future.
Appropriate Use of Network Encryption Technologies
by Kenneth Forward - September 20, 2002
This paper will describe virtual private networks and other network encryption technologies such as secure sockets layer - what they are, and what protections they provide.
Issues When Using IPsec Over Geosynchronous Satellite Links
by Greg Totsline - August 12, 2002
This paper describes the salient points of TCP over satellite links, performance enhancing proxies, IPsec, and the issues with the combined use of these technologies.
Configuring Secure Shell with TCP Wrappers on Solaris 2.8
by Jane Micheller - August 8, 2002
This paper shows how to setup the OpenSSH version 3.4 on Solaris 2.8 platform, beginning with the development of the product and illustrates packet captures.
S-Box Modifications and Their Effect in DES-like Encryption Systems
by Joe Gargiulo - July 25, 2002
This paper presents the substitution boxes (s-boxes) found in many block ciphers, and more specifically in DES-like encryption systems.
Creating a Secure VPN with Cisco Concentrator and ACE Radius/SecurID
by Nathan Lasnoski - June 30, 2002
Using a VPN, companies can expand the reach of their corporate network beyond their expensive leased lines by using the assets provided by the Internet.
Infrastructure Design Considerations When Using Client Certificates
by Tim Hollingshead - May 9, 2002
This paper will investigate some of the considerations that should be evaluated when looking to bring a new technology into the design of an application.
VPN-1 SecureClient - Check Point's Solution for Secure Intranet Extension
by Ryan Gibbons - April 9, 2002
This paper addresses why SecureClient is widely compatible and has a small footprint, making it appealing to organizations that use Check Point products and are considering such functionality.
PKI, The What, The Why, and The How
by Duncan Wood - March 26, 2002
This paper discusses Public Key Architecture (PKI) and why governments are introducing legislation for information privacy.
A Vulnerability Assessment of Roaming Soft Certificate PKI Solutions
by Stephen Wilson - March 25, 2002
This paper highlights the security engineering and deployment considerations by presenting a systematic vulnerability assessment of the common roaming architecture.
The Ease of Steganography and Camouflage
by John Bartlett - March 17, 2002
In this paper we will look at the ease of use of one particular program, and the ability to detect steganographic material created by the program.
Vulnerability's of IPSEC: A Discussion of Possible Weaknesses in IPSEC Implementation and Pro
by Daniel Clark - March 14, 2002
This paper will discuss the protocol suite IPSEC, with a view to analyzing the various weaknesses have been or could be identified within the protocol.
Decommissioning Certification Authorities
by Claudia Lukas - March 10, 2002
This paper reviews these guidelines and discusses terminating a Certification Authority.
Secure Access of Network Resources by Remote Clients
by Glendon MacDonald - February 20, 2002
This paper will identify the threats that remote access poses to corporate network security including those involving hackers, malicious applications and the use of weak access and physical controls.
Roll Your Own Crypto Services (Using Open Source and Free Cryptography)
by Edward Donahue - January 24, 2002
This paper surveys the open source software available to secure the most common applications: email and file encryption, web access and server oriented services, IPsec and VPNs, and finally, remote session encryption.
An Overview of Hardware Security Modules
by Jim Attridge - January 14, 2002
This paper intends to introduce the concept of a cryptographic hardware device. It will describe its functions, uses and implementations.
Comparing BGP/MPLS and IPSec VPNs
by Gary Alterson - January 9, 2002
This paper gives an overview of MPLS and then discusses the mechanisms used to provide VPNs based upon BGP/MPLS and IPSec.
Knock Knock...Who's there? Do you know who is accessing your VPN?
by Norma Schaefer - December 1, 2001
Although VPNs secure data across public networks, potential information security risks include remote users' networks, PCs, systems, and this paper focuses on the need for strong authentication.
Stunnel: SSLing Internet Services Easily
by Wesley Wong - November 24, 2001
This paper provides a method to securely use existing clear-text protocols under SSL without any need to modify the existing software or source code.
Implementing Site-to-Site IPSec Between a Cisco Router and Linux FreeS/WAN
by Neil Cleveland - November 23, 2001
This paper begins by providing a brief overview of IPSec, the features, differences, issues surrounding Cisco's IOS IPSec offering versus the FreeS/WAN offering and then describes an example implementation.
Basic Cryptanalysis Techniques
by Craig Smith - November 17, 2001
Because of the complexity involved with cryptanalysis work, this paper focuses on the basic techniques needed to decipher monoalphabetic encryption ciphers and cryptograms.
A Review of the Diffie-Hellman Algorithm and its Use in Secure Internet Protocols
by David Carts - November 5, 2001
This paper will present an overview of the Diffie-Hellman Key Exchange algorithm and review several common cryptographic techniques in use on the Internet today that incorporate Diffie-Hellman.
Strong Authentication and Authorization model Using PKI, PMI, and Directory
by Jong Lee - October 25, 2001
This paper presents a strong authentication and authorization model using three standard frameworks.
Analysis of a Secure Time Stamp Device
by Chris Russell - October 17, 2001
This paper discusses the design of a Secure Time Stamp device used to securely timestamp digital data, such as computer documents, files, and raw binary data of arbitrary format.
PKI and Information Security Awareness: Opportunity and Obligation
by Jerry Brown - October 15, 2001
This paper discusses the single most difficult criterion for a successful PKI rollout: user acceptance.
Cryptographic Services - A Brief Overview
by Larry Bennett - October 10, 2001
This paper examines the use of cryptography in implementing the services of authentication, integrity, non-repudiation, and confidentiality.
Using SSL with Client Access Express for AS/400
by Jose Guerrero - October 9, 2001
This paper is meant to help those who are in need of securing a Client Access connection with their AS/400.
Integrate HMAC Capable Token into User Authentication Mechanism and Public Key Infrastructure
by Shanhui Tan - October 1, 2001
This paper describes using a HMAC capable token in user authentication or public key infrastructure (PKI) to derive user private key or produce message digest for digital signature scheme.
Implementing "Dual-Sided" VPN's
by Kenneth Boudreaux - September 21, 2001
This paper discusses a solution for using a public network for data communications that could satisfy the security requirements for data transmission.
Securing Certificate Revocation List Infrastructures
by Eddie Turkaly - September 19, 2001
This paper takes a closer look at the security issues when implementing a secure CRL infrastructure.
IPsec's Role in Network Security: Past, Present, Future
by Christopher Smith - September 17, 2001
IPSec is used to create tunnels for Virtual Private Networks (VPN), and also provide confidentiality, authenticity, and integrity of data through use of encryption algorithms.
Public Key Infrastructure Issues in an Academic Healthcare Setting
by Liviu Groza - September 11, 2001
The paper intends to give a general overview several specific issues related to the PKI deployment process emphasizing the particularities of a mixed environment.
AES: The Making of a New Encryption Standard
by Mitch Richards - September 5, 2001
This paper describes the issues, programs, and processes related to the development of standards.
E-Mail Security with S/MIME
by George Kuzmowycz - August 31, 2001
The intent of this paper is to present an overview of the history, design, usage and the current state of market and community acceptance of S/MIME while contrasting it, where appropriate, to PGP.
The Weakest Link: The Human Factor Lessons Learned from the German WWII Enigma Cryptosystem
by Bradley Fulton - August 29, 2001
This paper highlights the need for security professionals and management to not overlook the weakest link in security systems - that being the human factor.
Implementing PKI in a Heterogeneous Environment A Primer on Digital Certificate And Key Formats
by Tim Sills - August 27, 2001
This document will discuss the various file formats for both X.509 digital certificates and encryption keys.
The Advanced Encryption System (AES) Development Effort: Overview and Update
by William Tatun - August 26, 2001
The purpose and objective of this paper is to provide a brief overview of where we've been and an update of where we are headed in the United States Department of Commerce's quest for a suitable standard algorithm that can be used to protect sensitive data in the future.
Key and Certificate Management in Public Key Infrastructure Technology
by Sriram Ranganathan - August 20, 2001
The intent of this paper is to provide an overview and briefly discuss the various phases involved in Key and Certificate management.
Protecting Sensitive Data in Secure Domains
by Mikael Trosell - August 17, 2001
The basic idea of Secure Domains is to move parts of the network into secure zones, either based on the classification of the data or their being part of a project that can be centralized in a specific zone and are considered as sensitive.
Who's Who in AES?
by Kyle Jones - August 16, 2001
This paper is going to introduce the new Advanced Encryption Standard, or AES, the winning algorithm, its competitors, the specifications set forth, and decision making process of NIST.
Implementing NAT on Checkpoint Firewall-1
by Eugene Ng - August 16, 2001
This paper addresses implementing secure NAT rules and policies and excellent documentation on network topologies.
NAT Traversal: Peace Agreement Between NAT and IPSec
by Haluk Aydin - August 12, 2001
After merging two different works from different vendors, NAT-T is the most promising solution for the near future so that some vendors started implementing it in their VPN products.
History of Encryption
by Melis Jackob - August 8, 2001
This paper shows that the field of Cryptography has evolved tremendously since the Assyrian and Egyptian time, and as the technology progresses, it will be easier to cultivate the power of distributed processing and break the different encryption algorithms such DES or triple DES.
A Discussion of SSH Secure Shell
by Shawn Lewis - August 4, 2001
The purpose of this paper is to build on the Introduction to SSH Secure Shell paper written by Damian Zwamborn (www.sans.org/infosecFAQ/encryption.intro_SSH.htm).
A Business Perspective on PKI: Why Many PKI Implementations Fail, and Success Factors To Consider
by Leslie Peckham - August 2, 2001
This paper is intended to provide an overview of PKI and how a PKI implementation affects the entire organization.
Securing Remote Users VPN Access to Your Company LAN
by Klavs Klavsen - July 29, 2001
This paper is intended to be an introduction to the Security issues you face and the solutions you can choose between, when you want to give your remote users access to your Company Network via VPN.
One Fish, Two Fish, Red Fish, Blowfish A History of Cryptography and it's Application in Soci
by Joseph Kasten - July 27, 2001
Crypto sciences are used in almost every electronic device to ordinary computer based software on the home personal computer.
An Overview of Computer Security as Told Through War Stories
by Ronald Seidl - July 26, 2001
This paper discusses awareness training by telling stories that show problems in way that most people can clearly see.
Interoperability in PKI
by Roger Pyon - July 25, 2001
This paper will introduce some of the interoperability issues in PKI which applies to processing and managing the establishment of those trust and the challenges it faces.
Encryption Regulation: A First Amendment Perspective
by Linda Mickna - July 23, 2001
Through the use of cryptography, communications and information transmitted and stored by computers can be protected from unauthorized access.
The Day DES Died
by Paul Zande - July 22, 2001
This paper takes a look at DES, the characteristics of the RSA challenges and compare DES to other cryptosystems to discover which ones are secure and why.
Virtual Network Computing and Secure Shell
by Damian Koziel - July 20, 2001
Many hightech professionals to work from home increasing the system administrator's challenge of maintaining and troubleshooting a company's heterogeneous and sprawling computing system from a central location through Virtual Network Computing.
Identification with Zero Knowledge Protocols
by Annarita Giani - July 13, 2001
The idea of proving knowledge of some assertion without revealing any information about the assertion itself is very attractive. This paper discusses Zero-Knowledge protocols which allow this kind of scenario.
What Is an MPLS VPN Anyway?
by Kelly DeGeest - July 12, 2001
This paper will give a basic understanding of how a MPLS VPN works.
PGP: A Hybrid Solution
by Jessica Benz - July 11, 2001
Symmetric and asymmetric cryptography both have advantages and disadvantages that will be discussed in this paper.
Quantum Cryptography: Is Your Data Safe Even When Somebody Looks?
by Tom Klitsner - July 3, 2001
While, for the most part, quantum computing devices are decades away (at least) from being practical, in the area of quantum cryptography - in particular the secure distribution of cryptographic keys - there exist strategies and systems that are feasible (perhaps even practical) today.
Quantum Encryption vs Quantum Computing: Will the Defense or Offense Dominate?
by Bob Gourley -
Quantum encryption will soon provide unbreakable ciphers and this paper examines these topics by providing a snapshot of current research.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.