Canon Security Solutions Canon Security Solutions For For imageRUNNER Series imageRUNNER Series imageCHIP Devices imageCHIP Devices
Jan 15, 2016
Canon Security Solutions Canon Security Solutions ForForimageRUNNER Series imageRUNNER Series imageCHIP DevicesimageCHIP Devices
Canon Security Solutions Canon Security Solutions ForForimageRUNNER Series imageRUNNER Series imageCHIP DevicesimageCHIP Devices
Canon Security Solutions Overview • Introduction to Canon Security Technology and Goals
• Typical Customer Security Concerns
• System Architecture Security-imageRUNNER Controller Security-MEAP Architecture Security-imageRUNNER FAX Security
• Hardware Architecture Security
• Device Security Features-HDD Security-Device Access Security (Authentication)-Document Security-Device Management
Typical Customer Security Concerns
Can someone access the information I copy, print, scan or fax on a MFP?
What happens at the end of the lease for the MFP. Can someone access my documents after the device is returned?
Can we limit access to my MFP device to prevent non authorized usage?
Is the hard drive of the MFP vulnerable to hackers?
Which Canon Security features might address these customer concerns?
Device Access Security• Department ID (up to 1000 IDs)
• User Authentication (SDL/SSO)
• Function Authentication (AMS)
• Control Card / Card Reader system (optional)
• Smart Card Authentication
HDD Security• HDD Data Erase
• HDD Data Encryption
• HDD Format
• Mail Box Password Protection
• Job Log Conceal
Document Security• Encrypted Secured Print
• Watermark/Secure Watermark
• Copy Set Numbering
• Encrypted PDF
• Digital Signature PDF
• FAX Forwarding
• FAX Destination
Confirmation
Network Security• MAC Address Filtering
• IP Address Filtering
• SSL Encryption
• Network Application On/Off
• USB Block
• Destination Restriction
Device Management• DIDF (Device Information Delivery Function)
• Key Switch Unit
Internet
Mail Server Security• POP Authentication before SMTP
• SMTP Authentication
Canon has introduced a security related workflow to help improve Device Security, Data Protection & Information Integrity
Security Overview
• imageCHIP controller is the heart of every imageRUNNER device
imageRUNNER Controller
imageRUNNER Architecture Security
imageRUNNER Controller Security• imageCHIP Controller
Unix-based, Real Time Operating System• Closed and proprietary system not widely
distributed
• Not standard UNIX code
• Not a common target for viruses or hackers
• Source Code expressly designed to run Canon embedded applications
In Comparison, Linux Based MFP:• Open architecture widely distributed
• Higher potential of hacking and manipulation of embedded device and network
imageRUNNER Architecture Security
MEAP Architecture Security• SDK distribution restricted &
controlled• Virtually impossible to alter a MEAP
app or write a rogue application • Application integrity secured by
Canon Inc.• MEAP Applications “digitally” signed
with special “signature” and license• If application is modified, signature
code will not match and application will not run
• Application and license file are encrypted
imageRUNNER Architecture Security
imageRUNNER FAX Security
• Firewall physically and logically separates the fax board from network functions• Residing on the main controller board • G3 fax board implementation connects to PSTN & responds only to CCITT.T30 commands and does not support network communication protocols • iR Fax Board does not have binary transfer function • Not possible to receive data files other than fax image files
iR Fax Boards have “Firewall” Protection
imageRUNNER Architecture Security
Hard Disk Drive• Temporary/permanent data and directory are written
in random non contiguous locations on hard drive• Data is compressed in a proprietary file format;
Not functional/readable outside of iR• Mail Box Password Protection
Job Log Conceal• Hides the list of completed jobs• Aids in regulatory compliance
RAM Volatility• At Power shut-down,
information on RAM is cleared
Standard imageRUNNER Hard Disk Drive & RAM Security
Security Features
Hard Disk Drive Security Features cont.
•HDD format is standard on all imageRUNNER Devices
•This feature, once activated, will overwrite entire user partition: Contacts, documents in mailbox, all other user image data
•Overwrite using random data up to three times (Security kit not required (once with null is standard setting))
•Reduce concern for Customer to need to destroy/remove hard drive to protect company information
Securely Remove Information at End of Device lifecycle
Key Uses for HDD Format:
End of Lease
End of product lifecycle
Device relocated to new department
Supported Devices:iR105+/9070/8070/6570/5570/5070/4570/3570/2870/2270/iR7105/7095/7086iRC6870U/C5870U/C3170U/C3170i/CiRC5185/5180/4580/4080/3380/2880
Optional Available Security Features• Hard Disk Drive Data Encryption (up to 256-bit), AES• Hard Disk Drive Data Erase
Hard Disk Drive Security
Hard Disk Drive Data Erase
Deletion of Job Data Using the imageRUNNER Data Erase Function
• Overwrite each copy, print, scan and fax job• Up to three different levels of erasing documents:
•Once with null•Once with random•Random data three times for maximum
• Overwriting prevents data retrieved by disk/file recovery
• Overwriting is resistant to keystroke recovery (Hacker Tools)
Hard Disk Drive Security Features
Hard Disk Drive Data Encryption (256-bit), AES• Mathematical algorithms are used to scramble bits of data or
any image stored on the hard drive• The data is encrypted using 256-bit, AES encryption• A secret Key that is created to encrypt all images before
written to the HDD•This will protect both temporary and stored jobs/data
• Canon MFP Security Chip 1.00 is key Canon proprietary component inside every HDD Encryption Kit
• Has acquired EAL3 status under the Common Criteria Program (also knownas ISO 15408 )
Hard Disk Drive Security Features
Device Access Security (Authentication)
Implement mandatory proper identification and authentication to utilize: Print, Copy, Fax, Email
• Department ID Management• Simple Device Log-in (SDL)• Single Sign On (SSO)
Department ID Management• Allows Administrators to configure the
imageRUNNER device with valid IDs and passwords• Helps Limit Print output volumes by users/ departments• Restricts system access
• Supports up to 1,000 accounts• Up to 7 digit ID and password for each account
• Ability to track• Job histories• Volumes• Restrict individual job functions
Device Access Security (Authentication)
Screenshot from Color Device
Simple Device Log-in (SDL) Authentication• An enhanced version of Department ID
Management• Grants access only after verifying an
additional “Personal” ID and Password• Any message sent from an imageRUNNER
Device using SDL, the users will have email automatically displayed
Device Access Security (Authentication)
Single Sign On (SSO) Authentication• For environments utilizing Active Directory.
• Allows employees to access an imageRUNNER device on the network using the same ID and password as their PC.
• Utilizing SSO, administrators can track each user for each specific imageRUNNER device
Device Access Security (Authentication)
IT
COPY AVAILABLE
SEND AVAILABLE
MAIL BOX AVAILABLE
COPY AVAILABLE
SEND AVAILABLE
MAIL BOX AVAILABLE
COPY AVAILABLE
SEND BLOCKED
MAIL BOX BLOCKED
COPY AVAILABLE
SEND AVAILABLE
MAIL BOX AVAILABLE
COPY AVAILABLE
SEND BLOCKED
MAIL BOX BLOCKED
Guest
Manager
Staff Contractor
Double Sided
B/W & Double Sided
No Restrictions
B/W & Double Sided
Access Management System
A device management feature that allows access restrictions to be assigned A device management feature that allows access restrictions to be assigned to users and groups to restrict entire functions or restrict specific features to users and groups to restrict entire functions or restrict specific features within a functionwithin a function
Device Management
What can be restricted with AMS?
Copy (Allowed / Not Allowed)
•Color copying
•2 Sided Copies
•Page Layout
Send (Allowed / Not Allowed)
•Destination Type
•Specific Address Domains
•Address Book Access
•Device Signature PDFMail Box (Allowed / Not Allowed)
•Print / Color Print
•2 Sided printing
•Page Layout
Web Access (Not Set, Allowed / Not Allowed)
•Leave unspecified or allows or prohibits use of Web Access Function
Hold (Not Set, Allowed / Not Allowed)
•Leave unspecified or allows or prohibits use of the Job Hold Function
Print job (Not Set, Allowed / Not Allowed)
•Leave unspecified or allows or prohibits use of the Print Job Function
MEAP Applications (Not Set, Allowed / Not Allowed)
•Leave unspecified or allows or prohibits use of any MEAP Applications. Features for applications can be restricted separately
*Printing from the PC cannot be restricted*Scan Tab (Twain Scanning) cannot be restricted* Does not currently support SSO authentication
Device Management
Controlled Access to Ports and Services•System Administrator can disable services and ports to lessen system vulnerabilities, ex: IPP, FTP, SNTP, SNMP, RAW, LPD, etc…
•imageRUNNER device is set up to support only necessary protocols used for transferring data
imageRUNNER Network-based Access Controls
Network Security
imageRUNNER Network-based Access ControlsIP Address Filtering
• Authorized IT personnel can reject or permit incoming packets from other IP Addresses
• Restrict access to the imageRUNNER device for:
• Specific Users
• Group UsersMAC Address Filtering
• Used for smaller networks• Allows or denies access to specific addresses• Up to 100 Mac addresses can be registered from the UI• Mac Addresses have higher priority than an IP Address (they never
change)
Network Security
imageRUNNER Data Protection
Secure Socket Layer (SSL) Encryption •Ensure scanned and Universal Send documents
on the network are safely transmitted to the recipient
•SSL also supports RUI, I-FAX, Web Access, & DIDF•Encrypts information transferred from the device
over a network
Network Security
Secured Print Encrypted Secured Print Password-protected Mail Boxes
Document and Information Security
Encrypted Secured Print
NOTE: The user can not select the Secure Print when Encrypted Secure Print is in effect.
*Encryption*Password
*Entering Password,then decode and print out
Encrypted Secure Print Job
Secure Print Job
Two layers of security: 1. Encryption of Document Data
itself 2. Password Protection The encrypted data will not be
decoded until the user enters the correct password
After printed out, the data will be deleted User name and file name will not
be shown on the Status Monitor
Document and Information Security
imageRUNNER HardCopy Security
• Secure WatermarkThis embeds hidden text within the backgrounds of
documents
Company NameCertificate of Completion
is hereby granted to:
name hereto certify that they have completed to satisfaction
Course NameGranted: April 3, 2006
{name, title}
Company NameCertificate of Completion
is hereby granted to:
name hereto certify that they have completed to satisfaction
Course NameGranted: April 24, 2006
{name, title}
Original(Secure Watermark
w/ Color Background)
“COPY” appears when document is Copied/Printed
Document and Information Security
PDF Encryption Option for Universal Send (PDF Security Feature Set)
• Enables PDF’s sent over a network to have Adobe Standards of encryption.
• Performed directly at the imageRUNNER device without the need for additional software
• A password will be required for the end user to use the PDF sent through USend.
• The password can be encrypted for further security
• Optional 40 or 128-bit Encryption
Document and Information Security
Digital Device Signature PDF (Universal Send PDF Security Feature Set)
• Device Signature mode enables user to add a digital signature to PDF data, which enables the recipient to verify which device scanned it and tracks if the file has been altered.
Name and S/N of device is attached
Tracks document alteration. If PDF is altered, revisions change to 1 of 1 to 1 of3.
Benefit: Helps to send documents securely by preventing security problems such as impersonation and unauthorized alteration of documents
NOTE: Device Signature and User Signature can be combined. Device Signature mode uses the certificate and key pair inside the device. Users can register only one key pair. The name of the generated/updated key pair is set to ‘Device Signature Key’. The expiration date for the device signature is set to 5 years after its key pair was generated/updated.
When using SSO and SDL* with device signature, user’s e-mail address will appear in Document Properties as Author
*(SDL note) E-mail address will only appear based on set-up
Document and Information Security
Digital User Signature PDF• Digital User Signature mode enables user to add a digital
signature to PDF data, which enables the recipient to verify which user scanned it and whether the document has been altered.
NOTE: The User Signature mode is available only if the optional Digital User Signature PDF Kit is activated. SDL or SSO must be set and a user certificate must be installed in the machine using the RUI. The Device Signature and the User Signature can be combined, however the Device Signature will be added before the User Signature which result in the document to be handled as if it has been altered without authorization when the recipient verifies the Device Signature.
Document and Information Security
•Address Book PasswordA password is set, restrictions can be placed on the
registering, editing, and erasing of destinations•Restrict New Address
Enables you to restrict the entering of new addressesOnly the following to be specified as destinations:
•Stored in the Address Book•LDAP servers•User Inboxes•One-touch buttons•Favorites buttons•Your e-mail address (Send to Myself, if using SDL/SSO login)
When the restriction feature is on, these buttons are grayed out.
Destination RestrictionIn combination with the features below, administrator can put restriction for destinations of Universal Send feature to help prevent sending to wrong destination and information leaks.
Document and Information Security
Comprehensive Audit trail for usage of copy, print, & scan
Most complete Cost Recovery tool to analyze usage on both imageRUNNER MFP and LBP line together
Provides the Administrator the ability to view/download device workload statistic and generates reports by:
Individual
Group
Device
Department
imageWARE Accounting ManagerimageWARE Accounting Manager for meap
Typical Customer Security Concerns
Can someone access the information I copy, print, scan or fax on a MFP?
Universal Send Destination RestrictionsEncrypted secure printWatermark/Secure WatermarkCopy Set Numbering
Digital Signature PDF Encrypted PDF
What happens at the end of the lease for the MFP. Can someone access my documents after the device is returned?
HDD Data EncryptionHDD Data EraseHDD Format ( end of life procedure)
Can we limit access to my MFP device to prevent non authorized usage?Dept ID Management SDLSSOeCopyAuthorized Send
Is the hard drive of the MFP vulnerable to hackers?Canon Standard security hardened ArchitectureUnique Operating system reduces vulnerability to hackersUnnecessary protocols disabled by defaultMac & IP address filteringSecure Socket Layer
Canon Securing your imageRUNNER
Technology
Thank You