Presentation is loading. Please wait.

Presentation is loading. Please wait.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Published byJuliana Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols."— Presentation transcript:

1 Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols

2 Key management Nearly all Internet security protocols make use of cryptography for authentication, integrity, and/or confidentiality Cryptography requires key management Key Management tends to be expensive by any measure: Protocol complexity Infrastructure Processing power

3 Many ways to manage keys Internet security protocols support a vast number of environments and situations Many key management approaches: Pre-shared keys Public key cryptography Key distribution centers

4 Pre-shared keys Start with a manually installed secret value Must be installed in each peer Traffic rarely protected directly with the pre-shared key Exchange single-use values (nonces) Use key derivation function (KDF) to generate a fresh key for traffic protection A B

5 Public key cryptography (1) Avoids manual installation in peers Two ways public key cryptography can be used to establish a key for traffic protection: Key agreement – exchange public keys and compute a pairwise secret value Key transport – sender makes up the traffic key and encrypts it with the public key of the receiver; receiver decrypts with their own private key A B

6 Public key cryptography (2) Need to identify the party that holds the private key that corresponds to the received public key Two primary approaches: Leap of faith Certificates

7 Leap of faith No infrastructure Server gives client its public key Man-in-the-middle attack is possible May verify the public key out-of-band Client remembers the public key for server If public key changes, the man-in-the-middle is detected Or, did the server just changed its public key?

8 Certificates Certificates bind an identity to a public key A certificate contains: Subject’s Name Subject’s Public Key Validity Period Issuer’s Name Certificate Authority (CA) establishes and maintains an accurate binding between the public key and attributes contained in a certificate

9 Certification path Alice can verify Bob’s certificate by verifying a chain of certificates starting at one issued by a Certification Authority (CA) that she trusts

10 Key distribution center On-line trusted party to pass out keys KDC must have a relationship with all peers The initiator exchange with the KDC might be based on a pre-shared secret value (like a password) or based on public key cryptography A B KDC 2. 3. 1.

11 Enrollment Establishing the first key is the most expensive part of key management Basis for trust in the keys Pre-shared keys – manual installation Public key cryptography – public key certification Key distribution centers – manual installation, public key certification, or some for of registration

12 IETF protocol efforts (1) Many protocols that support more than one of the key management approaches: Pre-shared keys Public key cryptography Key distribution centers

13 IETF protocol efforts (2) IKEv1 and IKEv2 – Pre-shared keys and Public key cryptography TLS – Pre-shared keys and Public key cryptography Secure Shell – Public key cryptography Supports Leap of faith and Certificates EAP – Pre-shared keys, Public key cryptography, and Key distribution centers CMS – Pre-shared keys and Public key cryptography Kerberos – Key distribution centers With authentication to KDC based on Pre-shared keys or Public key cryptography

14 IETF enrollment efforts (1) KeyProv – provision shared symmetric key for one- time password device and other tokens Dynamic Symmetric Key Provisioning Protocol Single or multiple key requests Optional user authentication with out-of-band pass code Time out policy Key renewal, which may replace factory-loaded key End-to-End Protection of keying material Two key formats: Portable Symmetric Key Container (XML) Symmetric Key Package Content Type (ASN.1)

15 IETF enrollment efforts (2) Keys for TCP Authentication Option (TCP-AO) TCP-AO is initial use case, but the solution ought to work for other situations where a table of keys is needed Support unicast and multicast security protocols Manage tables of keys for the peers Table includes key identifiers, algorithm identifiers, protocol identifiers, usage period, and key derivation key (KDK) Traffic key derived from protocol information and the KDK in the table

16 IETF enrollment efforts (3) Clear need for standards that simplify the enrollment process for certificates, but the previous work on this topic was not fruitful

17 Algorithm agility Design principle to support more than one cryptographic algorithm in all IETF security protocols Negotiation increases complexity Allows transition when an algorithm gets old or broken Implementations support a set of algorithms Long cycle to specify standard, implement, test, and deploy support for new algorithm

18 Role for NIST Credibility: many mandatory to implement algorithms are from NIST specifications NIST is the source of important algorithms DES  3DES  AES MD5  SHA-1  SHA-256  ?? Important note: Internet security community sees need for transition in these cases

19 Word of warning Where there is a security flaw, the Internet security community is willing to expend the effort to transition algorithms Without such a motivation, there is significant resistance to change for alignment with specifications from any source Implementation, test, and deployment cost Interoperability issues

20 Questions? For those viewing via webcast, please submit questions for this presentation to kmwquestions@nist.gov

21 Thank you Russ Housley Phone: +1 703 435 1775 Email: housley@vigilsec.com

Download ppt "Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols."

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Authentication & Kerberos

Authentication & Kerberos
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Introduction to Cryptography

Introduction to Cryptography
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

Similar presentations

Ads by Google