Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Management in AAA Russ Housley Incoming Security Area Director.

Published byIsaac Todd Modified over 8 years ago

Similar presentations

Presentation on theme: "Key Management in AAA Russ Housley Incoming Security Area Director."— Presentation transcript:

1 Key Management in AAA Russ Housley Incoming Security Area Director

2 Introduction Some people are concerned that a working group outside of the Security Area is designing a key management protocols. Why? –Key management protocols are subtle. –An expert can easily miss a flaw. –Peer review by multiple experts is essential.

3 Concerns with EAP Employs new key distribution architecture –Poorly understood security properties –Three party models have been well studied, but these do not align directly with AAA Select one end-to-end mechanism to protect distributed keys Needs robust key naming scheme Needs to establish fresh session keys Principle of least privilege not followed

4 Acceptable solution MUST… Be algorithm independent protocol –For interoperability, select at least one suite of algorithms that MUST be implemented Establish strong, fresh session keys –Maintain algorithm independence Include replay detection mechanism Authenticate all parties –Maintain confidentiality of authenticator –NO plaintext passwords

5 Acceptable solution MUST also … Perform client and NAS authorization Maintain confidentiality of session keys Confirm selection of “best” ciphersuite Uniquely name session keys Compromise of a single NAS cannot compromise any other part of the system, including session keys and long-term keys Bind key to appropriate context

Download ppt "Key Management in AAA Russ Housley Incoming Security Area Director."

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
The Cryptographic Token Key Initialization Protocol (CT-KIP) OTPS Workshop February 2006.

The Cryptographic Token Key Initialization Protocol (CT-KIP) OTPS Workshop February 2006.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
WIRELESS SENSOR NETWORK SECURITY USING GROUP KEY MANAGEMENT SCHEME Presented By: Mohammed Saleh CS 599a Fall06.

WIRELESS SENSOR NETWORK SECURITY USING GROUP KEY MANAGEMENT SCHEME Presented By: Mohammed Saleh CS 599a Fall06.
Lecture 6 Networked Application Security IT 202—Internet Applications Based on notes developed by Morgan Benton.

Lecture 6 Networked Application Security IT 202—Internet Applications Based on notes developed by Morgan Benton.
1 CSE 651: Introduction to Network Security Steve Lai Spring 2010.

1 CSE 651: Introduction to Network Security Steve Lai Spring 2010.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Similar presentations

Ads by Google