Presentation is loading. Please wait.

Presentation is loading. Please wait.

Discussion of KaY Key Exchange and Management Interface to SecY

Published byMakayla Vaughn Modified over 10 years ago

Similar presentations

Presentation on theme: "Discussion of KaY Key Exchange and Management Interface to SecY"— Presentation transcript:

1 Discussion of KaY Key Exchange and Management Interface to SecY
IEEE 802.1af Discussion of KaY Key Exchange and Management Interface to SecY Jim Burns May 20, 2004 Barcelona, Spain

2 SecY/KaY Interface Overview
MK (Master Key - pairwise) KaY Key Management (.1af) LMI SAKs .1af Key Exchange Protocol MK to SAK Key Derivation Process SecY (.1ae) SAKs

3 .1ae Terminology MK is 1 to 1 SC SA SAK SAK SAK SAK is 1 to N … SA SAK

4 Assumptions If pre-shared master key is deployed out-of-band then key management can operate without authentication protocol. Authorization shall operate following key exchange and creation of the secure channel. Master Keys have Time & Msg-count life times Key-exchange exchanges only one (1) one-way SAK, so two key exchanges must occur between two (2) peers to achieve symmetric connection. I discuss only the .ae/.af interface, I do not discuss specific key management protocol here (I assume there is some method of deriving SAKs from MK)

5 LMI Communication Communication between SecY and KaY is indirect via LMI LMI is modeled as data structures not as functions. Writing certain data may cause actions at the SecY or KaY Reading data causes no action

6 LMI: from SecY to KaY Connectivity Capabilities Supported
Cipher Suites Supported txEncodingSA - which SA to use for transmit encoding. txEncipheringSA - which SA to use for transmit enciphering (optional). State of each SC State of each SA NextPN of each SA

7 LMI: from KaY to SecY Connectivity to use Cipher Suite To Use
Indication whether All neighbors are SecYs Association Number for each SA (?) Secure Association Key for each SA MUST generate SAK (whether valid or not. An invalid SAK should be a random number…) Request to install/remove/use/don’t-use an SC Request to install/uninstall SAK for each SA

8 LMI: from ??? To KaY Limit to number of allowed RX SC
Desired/required authorization level

9 LMI Key Management Interface - SecY/KaY
Type Element R/W R Enum ConnectivityCapabilitiesSupported - multipoint or point-to-point ConnecitivityCapabilityInUse - current connectivity Int[] CipherSuitesSupported - Cipher Suites supported by SecY Int CipherSuiteInUse - Current Cipher Suite In Use Boolean NeighborsAllSecYs --- MK[sci] Pairwise Master Keys - pairwise key (1-to-1), provisioned via some mechanism (SNMPv3, EAP, Kerberos, out-of-band, etc) - with lifetimes TXSC - Secure Channel for transmitting to ALL peers in CA txEncodingSA txEncipheringSA SCI - Secure Channel Identifier (SCI=MAC+PortNumber) State - current state of this SC {Unused, NotInCA, InCA} Cmd - command to carry out on this CA {Use, AddToCA, RemoveFromCA, stopUsing} SA[0] - Secure Association AN - Association Number (SAI=SCI+AN) SAK - Security Association Key nextPN - next Packet Number State - current state of this SA {Unused, Install, Installed} Cmd - command to carry out on this SA {InstallKey, UninstallKey} SA[1]… SA[2]… SA[3]… RXSC[0] - Secure Channel for receiving from ONE peer in CA << same fields as TXSC except txEncodingSA and txEncipheringSA >> RXSC[1]… RXSC[n]…

10 Start up… New common port becomes available
SecY & KaY instantiated for common port CA created with last saved value (could be an initial out-of-band provisioned value) MK and KGK restored with lifetimes. Announcement occurs, creating peer list TX SC and RX SC created for each peer in peer list. SCs created either via key exchange (if MK available for peer) or authentication (if no MK) Each key exchange results in SAK that is stored in SA. When all peers have SC with SAK, the SAK for the TX SC is stored ins its SA.

11 Events That Cause Action
New common port available KaY instantiated LMI provisioned with last stored CA including Pairwise MKs Empty peer list Send announcement frame (rate limited to 1 per second) Peer station in peer list with no matching SC Create SC with no SA AddToCA SC with no matching peer in peer list RemoveFromCA SC with no active SA Create SA with null key values (completely random) InstallKey

12 Events That Cause Action (2)
SA with null key that we do not have peer MK for Carry out authentication with peer - peer MK created SA with null key that we do have peer MK for Carry out key exchange with peer to obtain SAK InstallKey All peers in peer list have SAs with installed keys but no SA with installed key for TX SC with a valid nextPN Create SA with TX SAK All peers in peer list do NOT have installed SAs but TX SC has installed SA UninstallKey of SA for TX SC (Symmetry broken)

13 Events That Cause Action (3)
Peer MK lifetime expired Remove peer MK stopUsing SC for peer Peer MK changed New RX SA created (as result of key exchange initiated by another system) installKey

14 Events That Cause Action (4)
New rx SA from station we already have rx SA with Create SA in unused SA InstallKey for SA UninstallKey for old SA 2 seconds after receiving a frame with new SA NextPN of installed TX SA is ‘close’ to exhaustion - Generate new SAK Carry out authentication and/or key exchange with each peer to send them new SAK Need to not make this a special case… tie into other events.

15 Events That Cause Action (5)
Authorization level not at expected/required level Need new LMI variable to allow higher layer to define level Attempt to achieve authorization level via Authorization New authentication

16 LAN-level Events Local station start Local station stop
New Common Port available Local station stop Common port not available Peer Station enters CA (KaY discovers new station) Peer in peer list with no SA Peer Station leaves CA gracefully (?) SA with no matching peer in peer list Peer Station leaves CA ungracefully (?)

17 LAN-level events (2) CA becomes non-transitive or non-symmetric
Uninstall Key of SA for TX SA MAC_Operational set to false by SecY No action(?) Choice of available cipher suites is changed by management, removing currently used cipher suite

18 Questions… Whose job to ensure symmetric and transitive attributes of CA are not violated? Which keys will have lifetimes? SAK -- PN limits lifetime, nothing else needed MK -- lifetime limits in time/frames-sent set during authorization If a receiving SA is approaching the limit of its packet number should we attempt to initiate new SA creation? Or is it always the owner of the TX SA that creates a new SA? How to detect non-SecY neighbors? Announce, and Announce again upon receipt of peer’s Announce Make changes to CA persistent with every change?

19 Next Steps Further define variables need to be LMI (beyond those for SecY) Create draft of the SecY state machine Define how we will reference variables for LMI For each event create actual state machine like conditions and actions using variables defined for LMI Ensure all events needed for SecY are represented.

Download ppt "Discussion of KaY Key Exchange and Management Interface to SecY"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
LinkSec Architecture Attempt 3

LinkSec Architecture Attempt 3
EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute.

EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] Jee-Sook Eun Electronics and Telecommunications Research Institute.
IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card.

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.
Doc.: IEEE 802.11-08/0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: 2008-07-13 Authors:

Doc.: IEEE /0836r2 Submission July 2008 Dan Harkins, Aruba NetworksSlide 1 Changes to SAE State Machine Date: Authors:
Doc.: IEEE 802.11-09/0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: 2009-03-08 Authors:

Doc.: IEEE /0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: Authors:
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.

Neighbor Discovery for IPv6 Mangesh Kaushikkar. Overview Introduction Terminology Protocol Overview Message Formats Conceptual Model of a Host.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

A. Steffen, , 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
802.1D – Selective Multicast

802.1D – Selective Multicast
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Jan 01, 2008CS573: Network Protocols and Standards1 802.1D – Selective Multicast Network Protocols and Standards Winter 2007-2008.

Jan 01, 2008CS573: Network Protocols and Standards D – Selective Multicast Network Protocols and Standards Winter
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Similar presentations

Ads by Google