Presentation is loading. Please wait.

Presentation is loading. Please wait.

KeyProv PSKC Specification Philip Hoyer Mingliang Pei Salah Machani 74 nd IETF meeting, San Francisco Nov. 2008.

Published byAbel Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "KeyProv PSKC Specification Philip Hoyer Mingliang Pei Salah Machani 74 nd IETF meeting, San Francisco Nov. 2008."— Presentation transcript:

1 KeyProv PSKC Specification Philip Hoyer Mingliang Pei Salah Machani 74 nd IETF meeting, San Francisco Nov. 2008

2 Agenda  Status update  Changes since v6  Comments received from working group last call  Next steps

3 Status Update  Completely redesigned flow of document based on examples and moved use case and requirements to appendixes and renamed to draft-ietf-keyprov-pskc-..  Moved profiles for proprietary keys (e.g. RSA and ActivIdentity) to separate informational RFC  Reviewed and aligned with SKSML OASIS effort and NIST SP800-57  Called Working group last call for PSKC 6 th of March 2009

4 Changes since v6  Removed KeyProperties for simplification (size in bulk transmission is rarely an issue)  Grouped elements relating to the policy of using the key under Key.KeyPolicy element  Reviewed and aligned KeyPolicy with SKSML OASIS effort  Reviewed and aligned KeyPolicy.usage (for what the key is used) with NIST SP800-57  Removed mandatory to implement key protection algorithms and recommended KW- AES no padding, KW-AES with padding (Russ Housley’s draft) and AES-CBC + HMAC-1 for environments where KW-AES with padding is not available

5 Schema Changes  Removed KeyProperties for simplification (size in bulk transmission is rarely an issue)  Grouped elements relating to the policy of using the key under Key.KeyPolicy element

6 Comments received – MAC issue  Currently for non integrity algorithm (e.g. AES-CBC) we allow a separate MAC to be transmitted under Data.ValueMAC MAC key is the same as the key encryption key MAC is calculated over cleartext (key) instead of ciphertext Comments: bad cryptographic practice  Solution Options Create a MAC key derivation  Derive MAC key from encryption key and a random nonce, and transmit nonce in MACAlgorithm  K_MAC = Enc(K_ENC, nonce)  …  Derive MAC key from encryption key and container ID  K_MAC = Enc(K_ENC, container_ID) Create a separate random MAC key  K_MAC is randomly generated and encrypted with K_ENC. The encrypted K_MAC is transmitted in MACAlgorithm  … Specify a pre-defined MAC key (e.g. when used in DSKPP)

7 Comments received – continued  Example for AES encryption isn’t correct It doesn’t prepend IV The padding of the plain data uses PKCS#7 format rather than ISO  DeviceInfo.DeviceBinding – definition and purpose is not clear  Several editorial comments  Terminology alignment– discussion deferred to other slides

8 Next steps  Address MAC issue  Address editorial comments  Resubmit next rev  Last call

Download ppt "KeyProv PSKC Specification Philip Hoyer Mingliang Pei Salah Machani 74 nd IETF meeting, San Francisco Nov. 2008."

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Doc.: IEEE 802.11-01/147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503) 712-1849.

Doc.: IEEE /147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503)
Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10.

Overview of the SDE Protocol Presented by Ken Alonge Chair,
Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
Provision of Symmetric Keys (KEYPROV) WG Thursday, July 30, 2009 Morning Session I 0900-1130 Todays presentations available at: https://datatracker.ietf.org/meeting/75/materials.html.

Provision of Symmetric Keys (KEYPROV) WG Thursday, July 30, 2009 Morning Session I Todays presentations available at:
CT-KIP Magnus Nyström, RSA Security 23 May 2005. Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Some New RSA Mechanisms for PKCS #11 Burt Kaliski, RSA Laboratories PKCS Workshop April 14, 2003.

Some New RSA Mechanisms for PKCS #11 Burt Kaliski, RSA Laboratories PKCS Workshop April 14, 2003.
Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins.

Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins.
Doc.: IEEE 802.11-09/770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: 2009-07 Authors: Russ Housley (Vigil Security), et.

Doc.: IEEE /770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: Authors: Russ Housley (Vigil Security), et.
Internet Engineering Task Force Provisioning of Symmetric Keys Working Group www.oasis-open.org Hannes Tschofenig.

Internet Engineering Task Force Provisioning of Symmetric Keys Working Group Hannes Tschofenig.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Doc.: IEEE 802.11-12/0946r3 Submission August 2012 A proposal for next generation security in 802.11 built on changes in 802.11ac 23 August 2012 Slide.

Doc.: IEEE /0946r3 Submission August 2012 A proposal for next generation security in built on changes in ac 23 August 2012 Slide.
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.
The Dynamic Symmetric Key Provisioning Protocol (DSKPP)

The Dynamic Symmetric Key Provisioning Protocol (DSKPP)
Signaling & Routing Extension for Links with Variable Discrete Bandwidth draft-long-ccamp-rsvp-te-availability-03 draft-long-ccamp-ospf-availability-extension-02.

Signaling & Routing Extension for Links with Variable Discrete Bandwidth draft-long-ccamp-rsvp-te-availability-03 draft-long-ccamp-ospf-availability-extension-02.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.

Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.

Similar presentations

Ads by Google