|
IEC 62351
IEC 62351 is a standard developed by WG15 of IEC TC57. This is developed for handling the security of TC 57 series of protocols including IEC 60870-5 series, IEC 60870-6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series. The different security objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection. Standard details * ''IEC 62351-1'' — Introduction to the standard * ''IEC 62351-2'' — Glossary of terms * ''IEC 62351-3'' — Security for any profiles including TCP/IP. ** TLS Encryption ** Node Authentication by means of X.509 certificates ** Message Authentication * ''IEC 62351-4'' — Security for any profiles including MMS (e.g., ICCP-based IEC 60870-6, IEC 61850, etc.). ** Authentication for MMS ** TLS (RFC 2246)is inserted between RFC 1006 & RFC 793 to provide transport layer security * ''IEC 62351-5'' — Securi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
International Electrotechnical Commission
The International Electrotechnical Commission (IEC; in French: ''Commission électrotechnique internationale'') is an international standards organization that prepares and publishes international standards for all electrical, electronic and related technologies – collectively known as " electrotechnology". IEC standards cover a vast range of technologies from power generation, transmission and distribution to home appliances and office equipment, semiconductors, fibre optics, batteries, solar energy, nanotechnology and marine energy as well as many others. The IEC also manages four global conformity assessment systems that certify whether equipment, system or components conform to its international standards. All electrotechnologies are covered by IEC Standards, including energy production and distribution, electronics, magnetics and electromagnetics, electroacoustics, multimedia, telecommunication and medical technology, as well as associated general disciplines such ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Management Information Base
A management information base (MIB) is a database used for managing the entities in a communication network. Most often associated with the Simple Network Management Protocol (SNMP), the term is also used more generically in contexts such as in OSI/ ISO Network management model. While intended to refer to the complete collection of management information available on an entity, it is often used to refer to a particular subset, more correctly referred to as MIB-module. Objects in the MIB are defined using a subset of Abstract Syntax Notation One ( ASN.1) called "Structure of Management Information Version 2 (SMIv2)" . The software that performs the parsing is a MIB compiler. The database is hierarchical (tree-structured) and each entry is addressed through an object identifier (OID). Internet documentation RFCs discuss MIBs, notably , "Structure and Identification of Management Information for TCP/IP based internets", and its two companions, , "Management Information Base f ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
IEC Standards
This is an incomplete list of standards published by the International Electrotechnical Commission (IEC). The numbers of older IEC standards were converted in 1997 by adding 60000; for example IEC 27 became IEC 60027. IEC standards often have multiple sub-part documents; only the main title for the standard is listed here. * IEC 60027 Letter symbols to be used in electrical technology * IEC 60028 International standard of resistance for copper * IEC 60034 Rotating electrical machines * IEC 60038 IEC Standard Voltages * IEC 60041 Field acceptance tests to determine the hydraulic performance of hydraulic turbines, storage pumps and pump-turbines * IEC 60044 Instrument transformers * IEC 60045 Steam turbines * IEC 60050 International Electrotechnical Vocabulary * IEC 60051 Direct acting indicating analogue electrical measuring instruments and their accessories * IEC 60052 Voltage measurement by means of standard air gaps * IEC 60055 Paper-insulated metal-sheathed cables for rat ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
List Of IEC Technical Committees
The International Electrotechnical Commission (IEC) is a standards-making body in the field of electrical and electronics technologies. The IEC works with National Committees in different countries in preparing and maintaining standards in this space. IEC is one of the oldest standards making bodies in existence. Standards The IEC standards making process, similar to many other standards making processes, is handled by various technical committees (TC) and subcommittees (SC). TCs report to the SMB (Standardization Management Board). Each TC defines its scope (or area of activity) which is submitted to the SMB for approval. Any TC can form one or more SCs depending on the extent of its work programme. SCs define their scope under the parent TC to which they report directly. TC membership is composed of the IEC NCs (National Committees), all of which are free to take part in the work of any given TC. IEC has more than technical experts working on standards voluntarily. This list ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internet Key Exchange
In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.The Internet Key Exchange (IKE), RFC 2409, §1 Abstract IKE uses X.509 certificates for authentication ‒ either pre-shared or distributed using DNS (preferably with DNSSEC) ‒ and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived. In addition, a security policy for every peer which will connect must be manually maintained. History The Internet Engineering Task Force (IETF) originally defined IKE in November 1998 in a series of publications (Request for Comments) known as RFC 2407, RFC 2408 and RFC 2409: * defined the Internet IP Security Domain of Interpretation for ISAKMP. * defined the Internet Security Association and Key Management Protocol (ISAKMP). * defined the Internet Key Excha ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Group Domain Of Interpretation
Group Domain of Interpretation or GDOI is a cryptographic protocol for group key management. The GDOI protocol is specified in an IETF Standard, RFC 6407, and is based on Internet Security Association and Key Management Protocol (ISAKMP), RFC 2408, and Internet Key Exchange version 1 (IKE). Whereas IKE is run between two peers to establish a "pair-wise security association", GDOI protocol is run between a group member and a "group controller/key server" (controller) and establishes a security association among two or more group members. Functional Overview GDOI "interprets" IKE or ISAKMP for the group security domain in addition to pair-wise security associations. GDOI uses an IKE v1 Phase 1 security association for authenticating a GDOI member to a GDOI controller. The IKE/GDOI Phase 1 cryptographic protocol exchange protects a new type of Phase 2 exchange in which the member requests ("pulls") group state from the controller. The "group key" is the most important state in a G ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Online Certificate Status Protocol
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed ''OCSP responders''. Some web browsers (Firefox) use OCSP to validate HTTPS certificates, while others have disabled it. Most OCSP revocation statuses on the Internet disappear soon after certificate expiration. Comparison to CRLs * Since an OCSP response contains less data than a typical certificate revocation list (CRL), it puts less burden on network and client resources. * Since an OCSP response has less data to pa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Revocation List
In cryptography, a certificate revocation list (or CRL) is "a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted". CRLs are no longer required by the CA/Browser forum, as alternate certificate revocation technologies (such as OCSP) are increasingly used instead. Nevertheless, CRLs are still widely used by the CAs. Revocation states There are two different states of revocation defined in RFC 5280: ; Revoked: A certificate is irreversibly revoked if, for example, it is discovered that the certificate authority (CA) had improperly issued a certificate, or if a private-key is thought to have been compromised. Certificates may also be revoked for failure of the identified entity to adhere to policy requirements, such as publication of false documents, misrepresentation of software behaviour, or violation of any other policy specified by the CA operator or its customer. The ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Enrollment Over Secure Transport
The Enrollment over Secure Transport, or EST is a cryptographic protocol that describes an X.509 certificate management protocol targeting public key infrastructure (PKI) clients that need to acquire client certificates and associated certificate authority (CA) certificates. EST is described in . EST has been put forward as a replacement for SCEP, being easier to implement on devices already having an HTTPS stack. EST uses HTTPS as transport and leverages TLS for many of its security attributes. EST has described standardized URLs and uses the well-known Uniform Resource Identifiers (URIs) definition codified in . Operations EST has a following set of operations: Usage example The basic functions of EST were designed to be easy to use and although not a REST API, it can be used in a REST-like manner using simple tools such as OpenSSL and cURL. A simple command to make initial enrollment with a pre-generated PKCS#10 Certificate Signing Request (stored as device.b64), usi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Certificate Management Protocol
The Certificate Management Protocol (CMP) is an Internet protocol standardized by the IETF used for obtaining X.509 digital certificates in a public key infrastructure (PKI). CMP is a very feature-rich and flexible protocol, supporting any types of cryptography. CMP messages are self-contained, which, as opposed to EST, makes the protocol independent of the transport mechanism and provides end-to-end security. CMP messages are encoded in ASN.1, using the DER method. CMP is described in . Enrollment request messages employ the Certificate Request Message Format (CRMF), described in . The only other protocol so far using CRMF is Certificate Management over CMS (CMC), described in . History An obsolete version of CMP is described in , the respective CRMF version in . CMP Updateis in preparation as well as Lightweight CMP Profilefocusing on industrial use. PKI Entities In a public key infrastructure (PKI), so-called end entities (EEs) act as CMP client, requesting one or more c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Simple Certificate Enrollment Protocol
Simple Certificate Enrollment Protocol (SCEP) is described by the informational . Older versions of this protocol became a de facto industrial standard for pragmatic provisioning of digital certificates mostly for network equipment. The protocol has been designed to make the request and issuing of digital certificates as simple as possible for any standard network user. These processes have usually required intensive input from network administrators, and so have not been suited to large-scale deployments. Popularity The Simple Certificate Enrollment Protocol still is the most popular and widely available certificate enrollment protocol, being used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users. It is used for example by the Cisco IOS operating system (even if Cisco is now pushing the slightly more featured EST) and iPhones to enroll in enterprises PKI. M ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Public Key Infrastructure
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred. In cryptography, a PKI is an arrangement that ''binds'' public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an aut ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
