Data Security Architecture Considerations for Telemetry Post Processing Environments
AffiliationDXC Technology Company
Hardware Security Module
Format Preserving Encryption (FPE)
MetadataShow full item record
RightsCopyright © held by the author; distribution rights International Foundation for Telemetering
Collection InformationProceedings from the International Telemetering Conference are made available by the International Foundation for Telemetering and the University of Arizona Libraries. Visit http://www.telemetry.org/index.php/contact-us if you have questions about items in this collection.
AbstractTelemetry data has great value, as setting up a framework to collect and gather it involve significant costs. Further, the data itself has product diagnostic significance and may also have strategic national security importance if the product is defense or intelligence related. This potentially makes telemetry data a target for acquisition by hostile third parties. To mitigate this threat, data security principles should be employed by the organization to protect telemetry data. Data security is in an important element of a layered security strategy for the enterprise. The value proposition centers on the argument that if organization perimeter/internal defenses (e.g. firewall, IDS, etc.) fail enabling hostile entities to be able to access data found on internal company networks; they will be unable to read the data because it will be encrypted. After reviewing important encryption background including accepted practices, standards, and architectural considerations regarding disk, file, database and application data protection encryption strategies; specific data security options applicable to telemetry post processing environments will be discussed providing tangible approaches to better protect organization telemetry data.
SponsorsInternational Foundation for Telemetering
Showing items related by title, author, creator and subject.
ENCRYPTED CORRELATING SOURCE SELECTORReid, Eric; RT Logic Inc. (International Foundation for Telemetering, 2006-10)Modern telemetry and data streams are often encrypted. The majority of range testing activities require multiple ground stations to collect these streams and send them to a central processing location. Each of these streams currently needs to be individually decrypted before best source selection, processing and analysis. Using innovative techniques, it is possible to time correlate these encrypted streams, compare them with each other and create an output stream of better quality than any of the individual streams. This stream can then be decrypted by a single decryption device, greatly reducing cost and complexity.
Secure Geometric Search on Encrypted Spatial DataWang, Boyang (The University of Arizona., 2017)Spatial data (e.g., points) have extensive applications in practice, such as spatial databases, Location-Based Services, spatial computing, social analyses, computational geometry, graph design, medical imaging, etc. Geometric queries, such as geometric range queries (i.e., finding points inside a geometric range) and nearest neighbor queries (i.e., finding the closest point to a given point), are fundamental primitives to analyze and retrieve information over spatial data. For example, a medical researcher can query a spatial dataset to collect information about patients in a certain geometric area to predict whether there will be a dangerous outbreak of a particular disease (e.g., Ebola or Zika). With the dramatic increase on the scale and size of data, many companies and organizations are outsourcing significant amounts of data, including significant amounts of spatial data, to public cloud data services in order to minimize data storage and query processing costs. For instance, major companies and organizations, such as Yelp, Foursquare and NASA, are using Amazon Web Services as their public cloud data services, which can save billions of dollars per year for those companies and organizations. However, due to the existence of attackers (e.g., a curious administrator or a hacker) on remote servers, users are worried about the leakage of their private data while storing and querying those data on public clouds. Searchable Encryption (SE) is an innovative technique to protect the data privacy of users on public clouds without losing search functionalities on the server side. Specifically, a user can encrypt its data with SE before outsourcing data to a public server, and this public server is able to search encrypted data without decryption. Many SE schemes have been proposed to support simple queries, such as keyword search. Unfortunately, how to efficiently and securely support geometric queries over encrypted spatial data remains open. In this dissertation, to protect the privacy of spatial data in public clouds while still maintaining search functions without decryption, we propose a set of new SE solutions to support geometric queries, including geometric range queries and nearest neighbor queries, over encrypted spatial data. The major contributions of this dissertation focus on two aspects. First, we enrich search functionalities by designing new solutions to carry out secure fundamental geometric search queries, which were not supported in previous works. Second, we minimize the performance gap between theory and practice by building novel schemes to perform geometric queries with highly efficient search time and updates over large-scale encrypted spatial data. Specifically, we first design a scheme supporting circular range queries (i.e., retrieving points inside a circle) over encrypted spatial data. Instead of directly evaluating compute-then-compare operations, which are inefficient over encrypted data, we use a set of concentric circles to represent a circular range query, and then verify whether a data point is on any of those concentric circles by securely evaluating inner products over encrypted data. Next, to enrich search functionalities, we propose a new scheme, which can support arbitrary geometric range queries, such as circles, triangles and polygons in general, over encrypted spatial data. By leveraging the properties of Bloom filters, we convert a geometric range search problem to a membership testing problem, which can be securely evaluated with inner products. Moving a step forward, we also build another new scheme, which not only supports arbitrary geometric range queries and sub-linear search time but also enables highly efficient updates. Finally, we address the problem of secure nearest neighbor search on encrypted large-scale datasets. Specifically, we modify the algorithm of nearest neighbor search in advanced tree structures (e.g., R-trees) by simplifying operations, where evaluating comparisons alone on encrypted data is sufficient to efficiently and correctly find nearest neighbors over datasets with millions of tuples.
FLEXIBLE SECURE DATA COMMUNICATIONS WITH THE RANGE ENCRYPTION MODULEWatkins, Stan M.; L3 Communications Corp. (International Foundation for Telemetering, 1999-10)This paper discusses the design, application and flexibility of the Range Encryption Module (REM) developed by L3 Communications Conic Division for the Range Application Joint Program Office (RAJPO) located at Eglin Air Force Base in Florida. The REM is a burst encrypter that utilizes the National Security Agency Thornton CTIC/DS- 101 Hybrid (CDH) encryption algorithm. The CDH device operates under the control of a Conic-designed digital ASIC. The CDH, ASIC, Power Management and parallel bus interface circuits reside on a single card within the REM called the Common Encryption Core (CEC). The REM and CEC card within the REM offer flexibility in many operational features, as described below.