Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
Security Features of CoCo Node 4.5
Page 2
Hop-by-hop Encryption
Algorithms Two nodes on the same network public keys can compute a shared
used in hop-by-hop medium exchange packets directly, secret, without transmitting that
encryption without passing those packets secret across the network. Each node
through intermediary nodes. To takes its partner’s public key and its
Cipher: protect these packets against own private key, and runs these
256-bit AES eavesdropping or impersonation, values through a mathematical
(CFB mode) they create a secret key that only formula to produce a value; the
those two nodes can know. All data node’s partner uses the opposite set
Key Exchange: passed between those nodes is of keys to produce the same value.
Diffie-Hellman encrypted with this key. An attacker can read both of their
public keys, but can’t compute the
When CoCo Node software is shared value without one of their
installed on a machine, the private keys as well.
installation process creates a Diffie-
Hellman (DH) public/private key pair. When two nodes detect one another
Each Node broadcasts its DH public on the same network medium, they
key once per second, so all nodes on compute this shared secret using
that share a medium learn each each other’s DH public keys, and
other’s public keys within a second of initialize a 256-bit AES cipher in CFB
joining the network. mode using the shared secret as the
AES key. From that point on, all traffic
With the Diffie-Hellman algorithm, any between those two nodes is
two nodes that know each other’s encrypted with the AES cipher.
All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
Security Features of CoCo Node 4.5
Page 3
End-to-end Encryption
Cipher:
Two nodes that don’t share a To send a packet, a node must first 256-bit AES
network segment must route determine the recipient’s network (CFB mode)
packets through intermediary address from its human-readable
nodes. End-to-end encryption name. This is similar to a DNS lookup Key Exchange:
ensures that, though an on a conventional IP network. Diffie-Hellman
intermediary forwards packets for
these two nodes, it can’t decipher With CoCo, name/address Signature:
the contents of those packets. resolution involves transmitting a DSA
signed certificate from the sender
A CoCo network integrates signed to the intended recipient. The
certificates into the name/address recipient validates the sender’s DH
resolution system. This guarantees public key using the certificate
that, when a node sends packets, chain described in the table below.
only the intended recipient can
read them.
All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
Security Features of CoCo Node 4.5
Page 4
End-to-end Encryption
(continued from previous page)
All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
Security Features of CoCo Node 4.5
Page 5
All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
Security Features of CoCo Node 4.5
Page 6
All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.
Security Features of CoCo Node 4.5
Page 7
The cryptographic functions used by The CoCo Crypto Module has passed
the CoCo Node application are evaluation by the National Institute of
encapsulated in the CoCo Crypto Standards in Technology (NIST)
Module, a standalone function library through their Cryptographic Module
that contains implementations of Validation Program (CMVP). This
cryptographic algorithms. evaluation determines that the
software meets Federal Information
The CoCo Crypto Module not only Processing Standard (FIPS) 140-2, the
provides programmatic access to U.S. Government’s standards for
cryptographic routines, but also security and reliability.
performs error-checking tasks such as
power-on self-tests and continuous NIST has issued a certificate
output validation. This allows the establishing that the CoCo Crypto
module to guarantee at all times that Module meets or exceeds the
CoCo Node is using correct, robust CMVP’s requirements. Certificate
implementations of the algorithms it #1021 for the CoCo Crypto Module is
needs for providing state-of-the-art listed on the CMVP website at http://
cryptographic security. csrc.nist.gov/groups/STM/cmvp/
documents/140-1/1401val2008.htm.
All contents are Copyright © 2008 CoCo Communications Corporation. All rights reserved.