eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic
filesystem for Linux.
It is derived from Erez Zadok's Cryptfs, implemented through the FiST
framework for generating stacked filesystems. eCryptfs extends Cryptfs to
provide advanced key management and policy features. eCryptfs stores
cryptographic metadata in the header of each file written, so that encrypted
files can be copied between hosts; the file will be decryptable with the
proper key, and there is no need to keep track of any additional information
aside from what is already in the encrypted file itself. Think of eCryptfs as
a sort of ``gnupgfs.''
Inference/Controlled Disclosure
Information Warfare
Intellectual Property Protection
Intrusion and Attack Detection
Intrusion and Attack Response
Key Management
Privacy-Enhancing Technology
Secure Networking
Secure System Design
Security Management
Security for Mobile Code
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic
filesystem for Linux.
It is derived from Erez Zadok's Cryptfs, implemented through the FiST
framework for generating stacked filesystems. eCryptfs extends Cryptfs to
provide advanced key management and policy features. eCryptfs stores
cryptographic metadata in the header of each file written, so that encrypted
files can be copied between hosts; the file will be decryptable with the
proper key, and there is no need to keep track of any additional information
aside from what is already in the encrypted file itself. Think of eCryptfs as
a sort of ``gnupgfs.''
It's an interesting document. There's more info about FIPS and it's relation with Common Criteria here:
http://csrc.nist.gov/groups/STM/cmvp/index.html#05
On that link you can read:
"The Common Criteria (CC) and FIPS 140-2 are different in the abstractness and focus of tests. FIPS 140-2 testing is against a defined cryptographic module and provides a suite of conformance tests to four security levels. FIPS 140-2 describes the requirements for cryptographic modules and includes such areas as physical security, key management, self tests, roles and services, etc. The standard was initially developed in 1994 - prior to the development of the CC. CC is an evaluation against a created protection profile (PP) or security target (ST). Typically, a PP covers a broad range of products."
I can read the term "roles"...
If you read the "FIPS 140-2 Non-Proprietary Security Policy" you will see that:
"FIPS Mode Configuration
Details
=======
IPsec is an IP security feature that provides robust authentication
and encryption of IP packets. IKE is a key management protocol
standard that is used in conjunction with the IPsec standard.
IKE is a hybrid protocol that implements the Oakley and SKEME key
exchanges inside the Internet Security Association and Key Management
Protocol (ISAKMP) framework. (ISAKMP, Oakley, and SKEME are security
Details
=======
IPsec is an IP security feature that provides robust authentication
and encryption of IP packets. IKE is a key management protocol
standard that is used with the IPsec standard.
IKE is a hybrid protocol that implements the Oakley and SKEME key
exchanges inside the Internet Security Association and Key Management
Protocol (ISAKMP) framework. (ISAKMP, Oakley, and SKEME are security
SafeGuard Enterprise is too different from SafeGuard Easy that any observations on SGE could be applied to it.
While SafeGuard Easy was explicitly designed to be as undemanding as possible in terms of infrastructure and had no real central management,
SG Enterprise uses a Client/Server model with central management and database, allowing administrators to centrally
control all policies and key management.
The only things needed to install a client is the client software package, and a digitally signed configuration package that identifies the client's home server and its certificate.
All policies, keys, etc are transported to clients using session-key encrypted network connections. In addition, critical data is digitally signed using company-specific keys.
The topics include social engineering, security of the GSM air interface,
design of secure protocols, physical security, Web 2.0, exploit/malware
analysis & design, security awareness, abusing device drivers, #twitter
risks, attacks on smart-card secured online banking, security risks and
defence for developers, advanced database exploits, abusing firmware,
security analysis of the TCP & IP protocols, key management, incident
response, e-voting, advanced keyboard sniffing, malware for routers,
large-scale network attack simulation, cloud computing, next generation
intrusion detection/prevention, among others. We also show a demonstration
of an DoS attack against a GSM network by means of a phone with modified
firmware.
