Presentation on theme: "Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins."— Presentation transcript:
Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins
Goals Meet crypto-agility requirements Deliver key material for various purposes securely Deliver arbitrary attributes securely Meet NIST key wrapping requirements
RADIUS Key Wrap Attribute Contains –Information for the key encryption –Information about the key being encrypted –Key Supports Key Wrap Specific Algorithms –AES-Keywrap – Specified by NIST –Key wrapping algorithms (AES-Keywrap) not necessary sufficient for general bulk data encryption Should be updated to use extended attributes draft for extensibility
Encrypted Attributes Attributes –Crypto Parameters –Encrypted Data –Randomizer –MAC Attribute Does not use extended attributes –Existing RADIUS attributes need to be encrypted Currently only one encrypted attributes set per message
Issues with using Encrypted Attribute for Key-Wrap Key wrap algorithms not always appropriate for encrypting generic data Generic data encryption algorithms may not be specified for key encryption The encryption attribute would need to be special cased to handle key-wrapping More than one encrypted attribute set may be required per message
Summary Believe we meet the crypto agility requirements Keywrap can be used for various types of keys –Extended attribute would allow for arbitrary, optional data associated with key
Your consent to our cookies if you continue to use this website.