Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.

Slides:



Advertisements
Similar presentations
1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
Advertisements

KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 10 September, 2010 Encoding Options for Key Wrap.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.
Novell Vibe Webinar: Basic Business Issues March 6 th and 8 th Adam Wingate, Justin Larson, Landon Stott, Craig Altom Vibe Resource Library
Kerberos Authenticating Over an Insecure Network.
IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.
CREATIONAL DESIGN PATTERN Object Pool. CREATIONAL DESIGN PATTERN creational design patterns are design patterns that deal with object creation mechanisms,
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
CLIENTS Presented by: FLORIDA. Describe a client  A client is any recipient of health care services. The client is most often ill or injured and in need.
魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Feedback #2 (under assignments) Lecture Code:
KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.
KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.
Chapter 9 Session Tracking. Session Tracking Basics Accessing the session object associated with the current request: Call request.getSession to get an.
Windows 2000 Certificate Authority By Saunders Roesser.
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wananga o te Upoko o te Ika a Maui SWEN 432 Advanced Database Design and Implementation MongoDB Architecture.
A Guide to MySQL 3. 2 Introduction  Structured Query Language (SQL): Popular and widely used language for retrieving and manipulating database data Developed.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
1 NIST Key State Models SP Part 1SP (Draft)
Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.
Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Cybersecurity Computer Science Innovations, LLC. Certificates Generate Public and Private Key Sign the Public Key with a CA Private Key Append the Cert.
IEEE SISWG P Sub-Committee Status Summary Walt Hubis 4/15/2009.
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
Get Random Proposal John Leiseboer 11 October 2012.
KMIP Notes 1.3 – Security Attribute Security 15 May 2014 Chuck White – 1.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 23 September, 2010 Encoding Options for Key Wrap.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 26 October, 2010 Encoding Options for Key Wrap of.
© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.
KMIP PKCS#12 February 2014 Tim Hudson – 1.
Server to Server Group Requirements Simplifying key management between multiple vendor implementations.
Locate By Value Anthony Berglas. Basic Idea To extend Locate so that it queries managed object’s values (KeyBlock) in the same way that it can now be.
P2P Networking: Freenet Adriane Lau November 9, 2004 MIE456F.
©Richard L. Goldman Public Key Policies for Windows 2000 ©Richard Goldman December 5, 2001.
Service Charging Platform. EMS (Entity Management System) 0 Logging Agent Provides detailed activity logs and reports all raw facts as they happen to.
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.
Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007.
Welcome POS Synchronize Concept 08 Sept 2015.
Troubleshooting Network Communications
KMIP Client Registration Ideas for Discussion
Cryptographic Usage Mask
KMIP Server-to-server: use-cases and status
Access Control in KMIPv1.1/v2
KMIP Entity Object and Client Registration
Server Side Wrap Operations
Cryptographic Usage Mask
ALEPH Version 22 Offline Circulation
Lecture 5: Functions and Parameters
Greta Mameniskyte IV course 3rd group
Versioning and Variant Authoring Requirements
COMPUTER NETWORKS PRESENTATION
*** Series PRS Version 1, ***
Process Asynchronous Requests
Peer-to-Peer Information Systems Assignment #3
Peer-to-Peer Information Systems Week 6: Assignment #3
Presented by Greta Jurgelevičiūtė
Fetch And Add – switching network
Presentation transcript:

Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015

Current Situation Steps to wrap a Key in KMIP version 1.0 to 1.3 Key to wrap exists on server Wrapping key exists on server Perform a GET operation with a Key Wrapping Specification Wrapped key returned in GET operation is not stored on server (is not a managed object)

Current Situation Steps to unwrap a key in KMIP version 1.0 to 1.3 Wrapping key stored on server Perform a REGISTER operation with the wrapped key and a Key Wrapping Data structure The server may unwrap the key on the register operation. However, the server will not inform the client either way. Perform a GET operation to get the registered key which may still be wrapped or may be unwrapped. KMIP 1.3 Query operation lets client discover if the KMIP server will unwrap a key. If key stays wrapped, then it cannot be used for on-server encryption operations.

Proposed Wrapping Approach Add two new KMIP operations: Wrap and Unwrap Use a PKCS 11-like model on what these operations mean Goal : allow unwrapped keys to be used in on-server encryption operations

Wrap Operation The wrapping key must be on the server This operation requests the server to create a new managed object by wrapping an existing key pointed to by a unique identifier. The new wrapped object’s unique identifier will be returned in the operation’s response. No object value is returned by this operation. To get the wrapped key a GET operation with the unique identifier returned form the WRAP operation must be performed. An error is returned to the client if the WRAP operation failed

Unwrap Operation The wrapping key must be on the server This operation requests the server to create a new managed object by unwrapping an existing key pointed to be the unique identifier in the request. The new unwrapped key’s unique identifier is retuned in the operation’s response. No object value is returned by this operation. To get the unwrapped key a GET operation with the unique identifier returned from the UNWRAP operation must be performed. Each server defines a policy determining whether an unwrapped key can be returned by a GET operation.

Unwrap Operation Key can now be used for on-server encryption operations An error is returned if the UNWRAP operation failed or is not allowed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.