DOCSLIB.ORG

Tamper Proof Certification System Based on Secure Non-Volatile

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Tamper Proof Certification System Based on Secure Non-Volatile Tamper proof certification system based on secure non-volatile FPGAs Diogo Alcoforado da Gama de Oliveira Parrinha Thesis to obtain the Master of Science Degree in Electrical and Computer Engineering Supervisor(s): Prof. Ricardo Jorge Fernandes Chaves Prof. Leonel Augusto Pires Seabra de Sousa Examination Committee Chairperson: Prof. Gonçalo Nuno Gomes Tavares Supervisor: Prof. Ricardo Jorge Fernandes Chaves Member of the Committee: Prof. Fernando Manuel Duarte Gonçalves November 2017 ii Acknowledgments I would like to start by thanking the constant support from my family and everything they did for me, which allowed me to close this chapter of my life. Without them, this would have been much harder. A special thanks to my mother Marina and my father Ricardo. Throughout the years I spent in IST, I have enjoyed working with a lot of people, from colleagues to professors. I have made some great friends and I am happy to realize that we have spent amazing moments together. However, I would like to offer a particular thanks to Diogo Prata for being a good friend throughout the degree and for overcoming many common adversities together. Finally, I would like to extend my sincere thanks to my supervisor Prof. Ricardo Chaves, for his con- tinuous support and guidance throughout this project. His technical expertise and constant motivation have helped me to conclude this thesis. May this be the start of a new beginning. Thank you! iii iv Resumo Os sistemas embebidos suportados por FPGAs temˆ um papel cada vez maior em sistemas cr´ıticos e de seguranc¸a. Um exemplo particular destes sistemas sao˜ os Modulos´ de Seguranc¸a em Hardware (HSM), que fornecem gestao˜ e utilizac¸ao˜ de chaves privadas, de modo seguro e confiavel.´ Contudo, os sistemas que estao˜ dispon´ıveis comercialmente sao˜ demasiado caros e limitados nas funcionalidades disponibilizadas. Por outro lado, as soluc¸oes˜ baseadas em FPGAs volateis´ que existem ate´ a` data, nao˜ sao˜ adequadas para a criac¸ao˜ de um Modulo´ de Seguranc¸a em Hardware, pois nao˜ contemˆ as carac- ter´ısticas de seguranc¸a necessarias,´ como funcionalidades anti-adulterac¸ao,˜ gestao˜ de chaves interna segura e capacidade de prevenir clonagem. Neste trabalho, e´ proposto um HSM que seja de codigo´ aberto, de baixo custo, reconfiguravel´ e altamente flex´ıvel. O sistema e´ suportado por um System- on-Chip que contem´ uma FPGA nao-vol˜ atil,´ com diversos servic¸os e caracter´ısticas de seguranc¸a. A soluc¸ao˜ apresentada opera como um sistema de certificac¸ao˜ versatil,´ capaz de providenciar gestao˜ se- gura de chaves, assinaturas digitais e de emitir certificados digitais confiaveis,´ suportando uma interface PKCS#11 com func¸oes˜ adicionais. Para melhor ilustrar a flexibilidade da soluc¸ao˜ proposta, um caso-de- uso, denominado Log-Chain, e´ tambem´ proposto e implementado. O Log-Chain consiste numa cadeia de logs que pode ser incrementada e verificada, nao˜ podendo ser modificada ou repudiada. Os resulta- dos experimentais sugerem que o sistema consegue calcular ate´ 2 operac¸oes˜ de assinatura/certificac¸ao˜ por segundo, com uma abordagem de baixo custo, adaptavel´ e segura. Palavras-chave: FPGA nao-vol˜ atil,´ Modulo´ de Seguranc¸a em Hardware, Sistema de Certificac¸ao,˜ Microsemi Smartfusion2 SoC v vi Abstract Embedded systems supported by FPGAs are increasingly playing a bigger role in safety-critical areas. A particular example of such safety-critical systems are Hardware Security Modules (HSM), which pro- vide private key management and usage, in a secure and reliable way. However, commercially available systems are too expensive and limited in the provided functionality. On the other hand, existing volatile FPGA solutions do not adequately provide the needed security characteristics, such as anti-tampering features, secure internal key management and anti-cloning capabilities. Herein, an open-source, low- cost and highly flexible reconfigurable HSM is proposed, supported by a System-on-Chip with a non- volatile FPGA that contains several security characteristics and services. The presented solution oper- ates as a versatile certification system that provides secure key management, digital signatures services and is able to issue trustworthy certificates, using an extended PKCS#11 interface. To further illustrate the flexibility of the proposed solution, a Log-Chain certification use-case is also presented, which con- sists of a chain-of-logs that can be incremented and verified, but cannot be repudiated or modified. Experimental results suggest that the system is able to compute up to 2 sign/certification operations per second with a low-cost, adaptable, and secure approach. Keywords: Non-volatile FPGA, Hardware Security Module, Certification System, Microsemi Smartfusion2 SoC vii viii Contents Acknowledgments........................................... iii Resumo.................................................v Abstract................................................. vii List of Tables.............................................. xi List of Figures............................................. xiii List of Acronyms............................................ xv 1 Introduction 1 1.1 Objectives and Requirements..................................2 1.2 Main contributions........................................3 1.3 Thesis Outline..........................................4 2 Background 5 2.1 Cryptographic Services and Mechanisms...........................5 2.1.1 Symmetric Key Cryptography..............................5 2.1.2 Asymmetric Key Cryptography.............................6 2.1.3 Hashing Function.....................................7 2.1.4 Secret Key Establishment................................8 2.1.5 Digital Signatures....................................9 2.1.6 Key Certification and PKI................................ 10 2.1.7 Physically Unclonable Function............................. 11 2.2 Secure Computing Platforms.................................. 11 2.3 Implementation Technologies.................................. 13 2.4 Smartfusion2 SoC........................................ 14 2.4.1 Device Description.................................... 15 2.4.2 Security Features.................................... 15 2.5 Summary............................................. 18 3 State of the Art 19 3.1 FPGA as Secure Platform.................................... 19 3.2 Key Generation and Storage.................................. 20 3.3 Full Security Systems...................................... 21 ix 3.4 Discussion............................................ 24 4 Proposed Solution 27 4.1 Users and Key Management.................................. 28 4.2 Communication and Session Establishment.......................... 30 4.3 Log-Chain............................................. 32 4.4 Conclusions............................................ 34 5 Implementation 37 5.1 Device Configuration and Setup................................. 38 5.2 Cryptographic Operations.................................... 39 5.3 Key Generation and Management............................... 41 5.4 Memory.............................................. 42 5.5 Log-Chain............................................. 44 5.6 Communication Channel..................................... 45 5.7 Middleware............................................ 46 5.8 Simple Time Service....................................... 47 5.9 Conclusions............................................ 49 6 Results 51 6.1 Cryptographic Operations.................................... 51 6.1.1 SHA-256......................................... 52 6.1.2 AES-256......................................... 53 6.1.3 EC Scalar Multiplication................................. 54 6.2 System Operations........................................ 55 6.3 Communication Channel..................................... 56 6.4 Comparison with the State of the Art.............................. 57 6.5 Conclusions............................................ 58 7 Conclusions 61 7.1 Future Work............................................ 62 Bibliography 63 A Communication Protocol 67 x List of Tables 2.1 X.509v3 certificate fields..................................... 10 2.2 Single-threaded performance (signatures/second) for different HSMs [12].......... 13 2.3 HSM Key Storage capacity [12]................................. 13 2.4 Protection mechanisms for FPGA configuration data...................... 14 2.5 Key Features for Secure Hardware [4].............................. 16 3.1 Comparison of Security Features of the different system proposals.............. 25 3.1 Comparison of Security Features of the different system proposals.............. 26 4.1 Key generation and storage.................................... 29 4.2 Secure session establishment.................................. 30 4.3 Available Device commands................................... 31 5.1 Non-volatile memory usage requirements for the implemented system............ 43 5.2 Additional API functions...................................... 47 5.3 Supported official PKCS#11 API functions........................... 47 6.1 Operation times for the three SHA-256 implementations.................... 52 6.2 Operation times for the two AES-256 implementations..................... 54 6.3 Operation times for the three versions conceived........................ 55 6.4 Operation times for the three versions conceived........................ 56 xi xii List of Figures 2.1 An example of an elliptic curve. Example equation: y2 = x3 + ax + b ............7 2.2 SmartFusion2
Load more

Recommended publications
  • Crypto Wars of the 1990S
    Danielle Kehl, Andi Wilson, and Kevin Bankston DOOMED TO REPEAT HISTORY? LESSONS FROM THE CRYPTO WARS OF THE 1990S CYBERSECURITY June 2015 | INITIATIVE © 2015 NEW AMERICA This report carries a Creative Commons license, which permits non-commercial re-use of New America content when proper attribution is provided. This means you are free to copy, display and distribute New America’s work, or in- clude our content in derivative works, under the following conditions: ATTRIBUTION. NONCOMMERCIAL. SHARE ALIKE. You must clearly attribute the work You may not use this work for If you alter, transform, or build to New America, and provide a link commercial purposes without upon this work, you may distribute back to www.newamerica.org. explicit prior permission from the resulting work only under a New America. license identical to this one. For the full legal code of this Creative Commons license, please visit creativecommons.org. If you have any questions about citing or reusing New America content, please contact us. AUTHORS Danielle Kehl, Senior Policy Analyst, Open Technology Institute Andi Wilson, Program Associate, Open Technology Institute Kevin Bankston, Director, Open Technology Institute ABOUT THE OPEN TECHNOLOGY INSTITUTE ACKNOWLEDGEMENTS The Open Technology Institute at New America is committed to freedom The authors would like to thank and social justice in the digital age. To achieve these goals, it intervenes Hal Abelson, Steven Bellovin, Jerry in traditional policy debates, builds technology, and deploys tools with Berman, Matt Blaze, Alan David- communities. OTI brings together a unique mix of technologists, policy son, Joseph Hall, Lance Hoffman, experts, lawyers, community organizers, and urban planners to examine the Seth Schoen, and Danny Weitzner impacts of technology and policy on people, commerce, and communities.
    [Show full text]
  • Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives
    Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password).
    [Show full text]
  • Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996
    Phil’s Pretty Good Software Presents... PGPfone Pretty Good Privacy Phone Owner’s Manual Version 1.0 beta 7 -- 8 July 1996 Philip R. Zimmermann PGPfone Owner’s Manual PGPfone Owner’s Manual is written by Philip R. Zimmermann, and is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Pretty Good Privacy™, PGP®, Pretty Good Privacy Phone™, and PGPfone™ are all trademarks of Pretty Good Privacy Inc. Export of this software may be restricted by the U.S. government. PGPfone software is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Phil’s Pretty Good engineering team: PGPfone for the Apple Macintosh and Windows written mainly by Will Price. Phil Zimmermann: Overall application design, cryptographic and key management protocols, call setup negotiation, and, of course, the manual. Will Price: Overall application design. He persuaded the rest of the team to abandon the original DOS command-line approach and designed a multithreaded event-driven GUI architecture. Also greatly improved call setup protocols. Chris Hall: Did early work on call setup protocols and cryptographic and key management protocols, and did the first port to Windows. Colin Plumb: Cryptographic and key management protocols, call setup negotiation, and the fast multiprecision integer math package. Jeff Sorensen: Speech compression. Will Kinney: Optimization of GSM speech compression code. Kelly MacInnis: Early debugging of the Win95 version. Patrick Juola: Computational linguistic research for biometric word list. -2- PGPfone Owner’s
    [Show full text]
  • Dell EMC Unity: Data at Rest Encryption a Detailed Review
    Technical White Paper Dell EMC Unity: Data at Rest Encryption A Detailed Review Abstract This white paper explains the Data at Rest Encryption feature, which provides controller-based encryption of data stored on Dell EMC™ Unity storage systems to protect against unauthorized access to lost or stolen drives or system. The encryption technology as well as its implementation on Dell EMC Unity storage systems are discussed. June 2021 H15090.6 Revisions Revisions Date Description May 2016 Initial release – Unity OE 4.0 July 2017 Updated for Unity OE 4.2 June 2021 Template and format updates. Updated for Unity OE 5.1 Acknowledgments Author: Ryan Poulin The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license. This document may contain certain words that are not consistent with Dell's current language guidelines. Dell plans to update the document over subsequent future releases to revise these words accordingly. This document may contain language from third party content that is not under Dell's control and is not consistent with Dell's current guidelines for Dell's own content. When such third party content is updated by the relevant third parties, this document will be revised accordingly. Copyright © 2016-2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc.
    [Show full text]
  • Encryption in SAS 9.4, Sixth Edition
    Encryption in SAS® 9.4, Sixth Edition SAS® Documentation July 31, 2020 The correct bibliographic citation for this manual is as follows: SAS Institute Inc. 2016. Encryption in SAS® 9.4, Sixth Edition. Cary, NC: SAS Institute Inc. Encryption in SAS® 9.4, Sixth Edition Copyright © 2016, SAS Institute Inc., Cary, NC, USA All Rights Reserved. Produced in the United States of America. For a hard copy book: No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, or otherwise, without the prior written permission of the publisher, SAS Institute Inc. For a web download or e-book: Your use of this publication shall be governed by the terms established by the vendor at the time you acquire this publication. The scanning, uploading, and distribution of this book via the Internet or any other means without the permission of the publisher is illegal and punishable by law. Please purchase only authorized electronic editions and do not participate in or encourage electronic piracy of copyrighted materials. Your support of others' rights is appreciated. U.S. Government License Rights; Restricted Rights: The Software and its documentation is commercial computer software developed at private expense and is provided with RESTRICTED RIGHTS to the United States Government. Use, duplication, or disclosure of the Software by the United States Government is subject to the license terms of this Agreement pursuant to, as applicable, FAR 12.212, DFAR 227.7202-1(a), DFAR 227.7202-3(a), and DFAR 227.7202-4, and, to the extent required under U.S.
    [Show full text]
  • Dynamic Cryptographic Hash Functions
    Dynamic Cryptographic Hash Functions William R. Speirs II and Samuel S. Wagstaff, Jr. Center for Education and Research in Information Assurance and Security (CERIAS) Department of Computer Sciences, Purdue University Abstract. We present the dynamic cryptographic hash function, a new type of hash function which takes two parameters instead of one. The additional parameter, the security parameter, specifies the internal work- ings and size of the digest produced. We provide a formal definitions for a dynamic cryptographic hash function and for the traditional security properties, modified for dynamic hash functions. Two additional prop- erties, security parameter collision resistance and digest resistance, are also defined. The additional properties are motivated by scenarios where a dynamic hash functions more cleanly provides a solution to a typical cryptographic problem. Keywords: Hash function, dynamic hash function, security parameter. 1 Introduction In this paper we introduce a new type of cryptographic hash function that is a natural extension of traditional hash functions. We call this new type of hash function a dynamic hash function. Dynamic hash functions take a second input, besides the message, that specifies the level of security required from the func- tion. By changing the security parameter the function dynamically changes the way a digest is computed, hence the reason for the name. The change might be as simple as changing the number of rounds used for processing a message block or the size of the output of the function. Requiring a hash function to have a security parameter is advantageous for a number of reasons. First, it allows designers to more easily test functions by scaling down the number of rounds to a manageable number and then launching attacks against this reduced version.
    [Show full text]
  • Modern End-To-End Encrypted Messaging for the Desktop
    Die approbierte Originalversion dieser Diplom-/ Masterarbeit ist in der Hauptbibliothek der Tech- nischen Universität Wien aufgestellt und zugänglich. http://www.ub.tuwien.ac.at The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology. http://www.ub.tuwien.ac.at/eng Modern End-to-End Encrypted Messaging for the Desktop DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Software Engineering and Internet Computing eingereicht von Richard Bayerle Matrikelnummer 1025259 an der Fakultät für Informatik der Technischen Universität Wien Betreuung: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Mitwirkung: Dr. Martin Schmiedecker Wien, 2. Oktober 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Modern End-to-End Encrypted Messaging for the Desktop DIPLOMA THESIS submitted in partial fulfillment of the requirements for the degree of Diplom-Ingenieur in Software Engineering and Internet Computing by Richard Bayerle Registration Number 1025259 to the Faculty of Informatics at the TU Wien Advisor: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Assistance: Dr. Martin Schmiedecker Vienna, 2nd October, 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Erklärung zur Verfassung der Arbeit Richard Bayerle Seestraße 67 78315 Radolfzell am Bodensee Deutschland Hiermit erkläre ich, dass ich diese Arbeit selbständig verfasst habe, dass ich die verwen- deten Quellen und Hilfsmittel vollständig angegeben habe und dass ich die Stellen der Arbeit – einschließlich Tabellen, Karten und Abbildungen –, die anderen Werken oder dem Internet im Wortlaut oder dem Sinn nach entnommen sind, auf jeden Fall unter Angabe der Quelle als Entlehnung kenntlich gemacht habe.
    [Show full text]
  • Winter 2016 E-Newsletter
    WINTER 2016 E-NEWSLETTER At Digital Mountain we assist our clients with their e-discovery, computer forensics and cybersecurity needs. With increasing encryption usage and the recent news of the government requesting Apple to provide "backdoor" access to iPhones, we chose to theme this E-Newsletter on the impact data encryption has on attorneys, litigation support professionals and investigators. THE SHIFTING LANDSCAPE OF DATA ENCRYPTION TrueCrypt, a free on-the-fly full disk encryption product, was the primary cross-platform solution for practitioners in the electronic discovery and computer forensics sector. Trusted and widely adopted, TrueCrypt’s flexibility to perform either full disk encryption or encrypt a volume on a hard drive was an attractive feature. When TrueCrypt encrypted a volume, a container was created to add files for encryption. As soon as the drive was unmounted, the data was protected. The ability to add a volume to the original container, where any files or the folder structure could be hidden within an encrypted volume, provided an additional benefit to TrueCrypt users. However, that all changed in May 2014 when the anonymous team that developed TrueCrypt decided to retire support for TrueCrypt. The timing of TrueCrypt’s retirement is most often credited to Microsoft’s ending support of Windows XP. The TrueCrypt team warned users that without support for Windows XP, TrueCrypt was vulnerable. Once support for TrueCrypt stopped, trust continued to erode as independent security audits uncovered specific security flaws. In the wake of TrueCrypt’s demise, people were forced to look for other encryption solutions. TrueCrypt’s website offered instructions for users to migrate to BitLocker, a full disk encryption program available in certain editions of Microsoft operating systems beginning with Windows Vista.
    [Show full text]
  • Introduction to Truecrypt
    Introduction to TrueCrypt WELCOME 11 January 2012 SLUUG - St. Louis Unix Users Group http://www.sluug.org/ A Very Basic Tutorial and Demonstration By Stan Reichardt [email protected] 1 Introduction to TrueCrypt DEFINITIONS Encryption Secrecy Privacy Paranoia Human Rights Self-determination See http://www.markus-gattol.name/ws/dm-crypt_luks.html#sec1 2 Introduction to TrueCrypt WHO Who uses TrueCrypt? Who here has NOT used TrueCrypt? Who here has used TrueCrypt? 3 Introduction to TrueCrypt WHO ELSE Used by Businesses Military forces Government agencies Suspects (Possibly Bad people) Freedom Fighters (Against Bad Governments) Everyday People (That Want Privacy or Security) 4 Introduction to TrueCrypt WHO WATCHES Who watches the watchmen? http://en.wikipedia.org/wiki/Quis_custodiet_ipsos_custodes%3F 5 Introduction to TrueCrypt WHAT What is it? GENERAL TrueCrypt is powerful encryption software for your personal data. It works by creating creating a virtual hard drive within a file and mounts it, so your computer treats it as a real hard drive. You can choose to encrypt an entire hard drive, certain folders, or removable media such as a USB flash drive. Encryption is automatic, real-time and transparent, so all the hard work is handled for you. It also provides two levels of plausible deniability, and supports various encryption algorithms depending on your needs, including AES-256, Serpent, and 6 Twofish. Introduction to TrueCrypt WHAT IT DOES What can it do? The capabilities of TrueCrypt (taken from Users Guide, Introduction on page 6): TrueCrypt is a software system for establishing and maintaining an on-the-fly- encrypted volume (data storage device).
    [Show full text]
  • Pretty Good Privacy
    1 Pretty Good Privacy Pretty Good Privacy 2 Pretty Good Privacy 1. Introduction 1.1. What is cryptography? Cryptography originates from the Greek word “kryptos” meaning hidden [1]. It is one of the main branches of cryptology which studies methods of securing and authenticating information. Cryptography is concerned with the design of these methods whereas cryptanalysis, the other main branch of cryptology, looks at overcoming them. Cryptography is also described as the science of using mathematics to encrypt and decrypt data for secure transmissions [2 p. 11]. 1.2. Why is cryptography important? The Computer Emergency Response Team (CERT) recorded the total number of computer vulnerabilities from 1995 to 2008 (Q1-Q3) based on reports submitted to them and from other public sources [3]. Security vulnerabilities were included from operating systems on individual machines, routers in networks and other network devices [4 p. 10]. Their statistics show a general trend of the total number of vulnerabilities rising from 171 in 1995 to a peak of 8064 in 2006. Clearly this shows Internet security is a problem albeit a problem which is possibly starting to be tackled more effectively as tenaciously indicated by the decrease in the total number of vulnerabilities from 8064 in 2006 to 6058 in 2008 (Q1-Q3) [3]. Moreover the Internet Architecture Board (IAB) submitted a report in 1994 called “Security in the Internet Architecture” (RFC 1636). The overall conclusion of the report was that “security must be added to the Internet” [5 p. 44] outlining the necessity to secure network infrastructure and traffic by authentication and encryption.
    [Show full text]
  • Technology Primer: Overview of Technological Solutions to Support Privacy-Preserving Record Linkage
    Technology Primer: Overview of Technological Solutions to Support Privacy-Preserving Record Linkage Version 1.0, December 7, 2017 Primer Writing Team: Dixie Baker, Mark Phillips, David van Enckevort, Peter Christen, Ken Gersing, Maximilian Haeussler, Cenk Sahinalp, and Adrian Thorogood 1. Background This Technology Primer is intended to serve the dual purposes of: 1) Informing the policy work of the Global Alliance for Genomics and Health (GA4GH) Regulatory and Ethics Working Group (REWG) and the International Rare Diseases Research Consortium (IRDiRC) by identifying and characterising technology approaches and solutions designed to enable coded data records associated with the same individual to be linked without disclosing the individual’s identity; and 2) Recommending to GA4GH and to IRDiRC existing and emerging privacy-preserving record linkage (PPRL) technology approaches and solutions that warrant further exploration and assessment with respect to the functional, performance, and scalability requirements of the data stewards, data service providers, and researchers who support the GA4GH ecosystem. The primary motivation of the GA4GH in this endeavour is its conviction that because linkage enables the creation, availability, and precision of data, it therefore improves the quality of both research and the health care provided to people. The GA4GH believes that this reinforces the right to share in scientific advancement and its benefits as guaranteed by Article 27 of the Universal Declaration of Human Rights, as mobilized in the GA4GH Framework for Responsible Sharing of Genomic and ​ Health-Related Data. ​ 2. Problem Statement The Privacy-Preserving Data Linkage (PPRL) project addresses two primary problems that lie at the intersection of biomedical research and clinical practice: 1.
    [Show full text]
  • Encryption Software
    Technical White Paper Dell EMC PowerProtect DD Series Appliances: Encryption Software Abstract This document describes the Dell EMC™ PowerProtect DD series appliance encryption software and its capabilities with the Dell EMC Data Domain™ Operating System (DDOS). October 2020 H18559 Revisions Revisions Date Description June 2013 Initial release October 2020 Updated for DDOS 7.3 release Acknowledgments Author: Vinod Kumar Kumaresan The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license. Copyright © 2020 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [10/20/2020] [Technical White Paper] [H18559] 2 Dell EMC PowerProtect DD Series Appliances: Encryption Software | H18559 Table of contents Table of contents Revisions............................................................................................................................................................................. 2 Acknowledgments ..............................................................................................................................................................
    [Show full text]