Technology Positioning Statement Report

3.1.10 Communications Security Technologies

Description: Mechanisms for identification of origination of an electronic transmission, providing assurance of authorship and guarantee against forgery.

Category: 3 - Communication Technologies   Subcategory: 1 - General Purpose Communication Technologies
Old Category: Security – Digital Authentication

Vision

RetirementContainmentCurrentTacticalStrategic
     

Standards

Industry UsageSC Usage
  

Performance Metrics

Government certified security process and technology; adequate rules-based features; compliance with SC infrastructure; overhead (speed and data size effects); ease of administration.


Usage and Dependencies

Industry Usage: Communications security involves a number of different processes and technologies. Digital authentication from a network perspective guarantees identification of the originator of a message or transaction. It is the result of mathematically mixing ("hashing") the message with the originator's private key to provide assured identification and security against forgery (non-repudiation). At the network level originators include automated equipment such as servers, workstation computers, and network switches. Digital authentication normally also requires access to a trusted "certificate authority" which assists in verifying electronic identification.

Encryption of data, especially when sent via the Internet, is becoming increasingly applied. The web's Secure Socket Layer Protocol (HTTPS) supports 128-bit encryption in Internet Explorer and Netscape browsers. Full data encryption can be provided by means of the Public Key Infrastructure (PKI), which requires use of hosted digital certificates. Leading Certificate Authorities (CA) include Entrust, VeriSign, GTE, etc. These authorities are used by banks and any other organizations for maintaining secure encrypted communications between computers over the Internet.

On March 8, 2001, Entrust.net became the world's first Certificate Authority (CA) to be awarded the WebTrust for Certification Authorities (CAs) Seal of Assurance. The WebTrust program was developed jointly by the American Institute of Certified Public Accountants (AICPA), and the Canadian Institute of Chartered Accountants (CICA) and represents one of the most stringent benchmarks of web site disclosure, security and control that a Public Certification Authority can achieve. The WebTrust for Certification Authorities program includes standards for the issuance of digital certificates so that users of these certificates can feel confident that the certificate is valid, credible and trustworthy. These standards are designed to increase confidence in the security of the public key infrastructure used by Certification Authorities.

SC Usage: The DOE has selected Entrust as the source of certificates for its implementation of a PKI. This will be accomplished as an aspect of the Cybersecurity initiative.

SC Application Impacts: Some SC business applications in IMSC involve access to sensitive information such as financial transactions and human resources data that requires security at a high technical level.

Last Update: Valid Until:
3/27/20014/27/2001

References

Previous TPS Report


List all Categories

Administer the Database