Authentication of data sets produced by data generators is an essential IAEA security requirement for unattended and remote monitoring systems. Whilst recently developed equipment includes at the sensor level security features able to perform this function, a consistent number of older systems, especially in the NDA area, are not providing any of these functionalities. Besides, the requirement for a common approach for the different families of systems has dictated the development of an original hardware/software solution. The concept is based on the use of commercially available cryptographic tokens compliant with PKCS#11 interface format. These tokens, available from different manufacturers in the form of PCMCIA cards or USB sticks, besides performing the cryptographic functions by an internal processor, act as a secure key repository and a trusted time stamper. A simple Public Key Infrastructure with a central Certificate Authority is used for keys and certificates management. A software code has been developed to automatically process the files produced by the different collect applications and generate the digital signature through the token. The original data stream is encapsulated in a CMS envelope compliant with S/MIME specification and forwarded to the receiving node. The communication between the receiving node, usually IAEA’s HQ or Regional Offices, and the remote system is secured by means of hardware VPN devices. This paper describes the details of the solution developed as well as the results obtained so far after the first field installations.
展开▼
