|
<< Click to Display Table of Contents >> Navigation: Technical Guide > Security |
The DTS architecture allows various components of the system to function remotely. This implies that the possibility of transferring sensitive data over improperly channels cannot be ignored. Moreover, the remote operations capability opens the door for malicious actors to interfere with the various DTS subsystems in destructive ways.
To address these concerns, DTS implements its own security stack which ensures authentication of all components in the system and end-to-end encryption of all inter-module communication.
DTS uses three industry-standard technology stacks in its security implementation.
a)Authentication and authorization of components is achieved using X509 certificates. This allows the use of certificate chaining as a means of authentication, is inherently secure by virtue of the underlying encryption technology and provides easy control over validity periods and other types of authorization control.
•The certificates used by DTS implement SHA256 hashing and RSA keys (configurable between 1024 and 4096 bits)
b)General communication encryption is handled by an AES Galois Counter Mode (GCM) 256 bit mechanism. This one of the most secure variants of AES when implemented correctly while also preserving fast encryption performance for larger data volumes.
•DTS uses new random initialization vectors for each message for maximum security
c)Initial handshakes and key exchanges are secured using an RSA ECB – SHA256 mechanism.
•The RSA key pairs used here are the ones associated with the X509 certificates at point (a).
For more information on the DTS Security implementation, please see: