Presentation is loading. Please wait.

Presentation is loading. Please wait.

Initial Keying for KeySec John Viega, Russ Housley

Published byCameron Gerald Kelley Modified over 8 years ago

Similar presentations

Presentation on theme: "Initial Keying for KeySec John Viega, Russ Housley"— Presentation transcript:

1 Initial Keying for KeySec John Viega, Russ Housley viega@securesoftware.com, housley@vigilsec.com

2 We know where we’re going on what to do once CAs have keys. Getting CA keys from pairwise keys is straightforward. Little work on initial keying for CA keys Channel for data –Meant for tunneling EAP, etc. Need simple, out of the box way to install keys Progress in AF

3 Use Case New device, need to set it up with pairwise key(s) Neighbors should be able to agree on pairwise keys with little manual intervention Would like a way to identify “my” devices and validate them.

4 Proposal (1) Assign devices unique 128-bit IDs –Loaded with MAC address –32 bits is a vendor identifier –96 bits is vendor dependent, but must be unique Random number is perfectly fine –The idea: give IDs to devices as a simple ACL

5 Proposal (2) Use RSA to validate device owns ID and exchange pairwise keys –Vendor generates and installs private key and certificate w/ public key –Certificate is signed by a vendor’s signing credentials –Vendor’s credentials are signed by a root certification authority (CA) –IETF likely willing be that CA –CA would endorse vendor’s right to first 32 bits. –Vendor would endorse the validity of the remaining bits. Net effect: unforgable credentials that facilitate enrollment

6 Simple Public Key Infrastructure

7 Analysis Why not use MAC address? –MAC address forging is important to layer 2. –Devices may have many MAC addresses. Auxiliary benefits –Solves the layer 2 part of the ARP problem –Prevents counterfeiting hardware –Provides a basis for establishing trust in firmware Drawbacks –Have to integrate with manufacturing process Not costly DOCSIS is doing something similar with cable modems –Requires hash function for signing Probably SHA1

8 Example establishment protocol SignCrypt encrypts arg1, auths both args Unique ID is encoded into certificate 1.A-> A_cert, SignCrypt(Ra, 0) -> B 2.A<- B_cert, SignCrypt(Rb,Ra) <- B 3.A-> AID, SignCrypt(0, Rb) -> B Shared secret is Ra XOR Rb All signatures and certs validated IDs checked to ACL On race, M1 from lower unique ID wins

9 Summary Unique IDs on each device Simple key management Does not eliminate other management methods –Credentials could be leveraged in centralized management Auxiliary benefits Vendor must install keypair

Download ppt "Initial Keying for KeySec John Viega, Russ Housley"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Www.opendaylight.org Secure Network Bootstrapping Infrastructure May 15, 2014.

Secure Network Bootstrapping Infrastructure May 15, 2014.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.

Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)

AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.

Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.

Similar presentations

Ads by Google