Presentation is loading. Please wait.

Presentation is loading. Please wait.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation 22.4.2008 ESPOO, Finland.

Published byMatteo Froggatt Modified over 9 years ago

Similar presentations

Presentation on theme: "Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation 22.4.2008 ESPOO, Finland."— Presentation transcript:

1 Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation 22.4.2008 ESPOO, Finland Guoqing Zhang

2 Company Confidential 2 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Outline Theory: Pre-Shared Key TLS protocol Key selection in PSK-TLS Generic Bootstrapping Architecture Combination of PSK-TLS with GBA Own works: Implementation of PSK-TLS on Symbian OS Design problem in key agreement of PSK-TLS Improvement Proposal on Key agreement of PSK-TLS Conclusions

3 Company Confidential 3 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS protocol What is PSK-TLS PSK-TLS is a new transport layer protocol for establishing secure connection via pre-shared symmetric key between client and server PSK-TLS is otherwise the same as TLS but introduce its own way of generating pre-master secret. Why PSK-TLS PSK-TLS avoids public key operation which is heavy for power-limited device like mobile phone How the Pre-shared key is used The pre-shared key is used to generated pre-master secret in TLS protocol as below: Key Selection It is very likely in practice that there are difficult PSKs available for different usage. When multiple PSKs co- exists in the device, PSK-TLS provides a mechanism to help client and server agree on which PSK should be used.

4 Company Confidential 4 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Key Selection in PSK-TLS The client indicates its willingness to use PSK- TLS by including PSK cipher suites in ClientHello The server provides PSK-Identity-Hint in ServerKeyExchange to help the client agree on the PSK The client sends PSK-Identity back to the server to inform about the key it chooses Unsolved problem: The PSK-TLS only specifies how to use PSK but doesn’t give a solution on how to get the PSK in place. How to get symmetric key installed among communication entities? The security of PSK-TLS lies on the Pre-shared key. For the two entities which has never communicated before, how to make them share the same symmetric key which will use to establish secure connection later.

5 Company Confidential 5 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Generic Bootstrapping Architecture - Background GBA is a generic architecture which reuse the existing infrastructure in mobile network to install symmetric key into client (UE) and server (NAF) It is specified by 3GPP and promoted to be widely used for service protection in mobile network. GBA is a service which should be provided by Operators. Operator performs a trust authority to both mobile phone users and Service providers GBA brings more business opportunities to operators.

6 Company Confidential 6 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Generic Bootstrapping Architecture – How GBA works Model for bootstrapping GBA is run on Ub interface. BSF is located in operator domain. The aim of GBA is to install shared key in both UE and NAF. NAF can be web server for instance HTTP Digest AKA is the protocol over Ub interface

7 Company Confidential 7 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Generic Bootstrapping Architecture – How GBA works Continue… When user subscribe to operator, the SIM card with secret key is issued to the subscriber. It is shared between operator’s HLR database and SIM. The secret key is the base of GBA The NAF key is generated from Ks NAF requests the key from BSF after bootstrapping NAF_ID is composed by FQDN of NAF plus ID of algorithm on Ua interface

8 Company Confidential 8 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Combination of PSK-TLS with GBA GBA installs Ks_NAF in both UE and NAF and the key can be used as PSK in PSK-TLS to generate pre-master secret Since Ks_NAF is calculated from NAF FQDN, the PSK-TLS needs to support TLS extension specified in RFC3546 for the case where one physical server has multiple virtual hostnames. The ServerKeyExchange contains “3GPP-bootstrapping” as PSK-Identity-Hint The ClientKeyExchange contains B-TID as PSK-Identity The server provides B-TID and hostname to BSF for Ks_NAF derivation

9 Company Confidential 9 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Implementation of PSK- TLS with GBA support on Symbian OS The aim of the implementation is to make PSK-TLS available to applications using TLS stack automatically without extra changes from them. TLS stack will choose the key sharing plus-in for the key agreement based the PSK-identity- hint from the server

10 Company Confidential 10 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Design problem in key agreement of PSK-TLS When multiple key sharing methods available: In current design of key agreement in PSK-TLS, it relies on PSK-Identity-Hint in ServerKeyExchange to inform the key sharing method to use for PSK agreement It causes handshake failure if the requested key sharing method is not supported by the client To decrease the possibility of handshake failure, client could indicate the supported key sharing method already in the beginning of handshake, namely at the time when ClientHello is sent When client and server from different Operation Domains: When GBA is used as key agreement methods, the roaming situation should be take into account otherwise PSK couldn’t be agreed even though both client and server support GBA. PSK-TLS needs improvements on the key agreement methods !

11 Company Confidential 11 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Improvement Proposal on Key agreement of PSK-TLS New format of PSK related cipher suites in PSK-TLS Using TLS extension to deliver operation identity for key agreement in PSK-TLS with GBA in roaming situation enum ExtensionType { host_name(0) max_fragment_length(1) client_certificate_url(2) trusted_ca_keys(3) truncated_hmac(4) status_request(5) gba(6) } This requires changes to RFC 4279 and TS 33.220 in 3GPP. It is not accepted yet so we didn’t take it into account when implementing the PSK-TLS. Old format TLS_PSK_WITH_RC4_128_SHA New format TLS_PSKGBA_WITH_RC4_128_SHA

12 Company Confidential 12 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Conclusions PSK-TLS with GBA support provides a good solution to mobile network security. It is promoted to be widely used. Symbian OS as the world-leading mobile OS must support is for business reason It is possible to make PSK-TLS transparent to applications using TLS stack. Making the mechanism easy to use would encourage the application designer to select it as their security solutions. The improvements on PSK-TLS will decrease possibility of handshake failure dramatically. In future, we should provide API that allows applications to set PSK also. For those applications that know PSK, they can use the API to set the wanted PSK into use. For those applications that do not have the information they can rely on the TLS stack to handle it.

13 Company Confidential 13 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Questions ?

14 Company Confidential 14 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Thank you !

Download ppt "Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation 22.4.2008 ESPOO, Finland."

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
A Survey of WAP Security Architecture Neil Daswani

A Survey of WAP Security Architecture Neil Daswani
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Towards a mobile content delivery network with a P2P architecture Carlos Quiroz.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Towards a mobile content delivery network with a P2P architecture Carlos Quiroz.
Facing the Challenges of M2M Security and Privacy

Facing the Challenges of M2M Security and Privacy

Similar presentations

Ads by Google