Initial Keying for KeySec John Viega, Russ Housley

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Secure Network Bootstrapping Infrastructure May 15, 2014.
SSL Implementation Guide Onno W. Purbo
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Public Key Management and X.509 Certificates
Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.
Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Cryptography 101 Frank Hecker
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
CSCI 6962: Server-side Design and Programming
Public Key Cryptography July Topics  Symmetric and Asymmetric Cryptography  Public Key Cryptography  Digital Signatures  Digital Certificates.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Secure Socket Layer (SSL)
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Network Security – Special Topic on Skype Security.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Thoughts on KeySec John Viega
Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,
Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: Authors:
Key Management and Distribution Anand Seetharam CST 312.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
INFSO-RI Enabling Grids for E-sciencE Sofia, 17 March 2009 Security, Authentication and Authorisation Mike Mineter Training, Outreach.
SSL Certificates for Secure Websites
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Presentation transcript:

Initial Keying for KeySec John Viega, Russ Housley

We know where we’re going on what to do once CAs have keys. Getting CA keys from pairwise keys is straightforward. Little work on initial keying for CA keys Channel for data –Meant for tunneling EAP, etc. Need simple, out of the box way to install keys Progress in AF

Use Case New device, need to set it up with pairwise key(s) Neighbors should be able to agree on pairwise keys with little manual intervention Would like a way to identify “my” devices and validate them.

Proposal (1) Assign devices unique 128-bit IDs –Loaded with MAC address –32 bits is a vendor identifier –96 bits is vendor dependent, but must be unique Random number is perfectly fine –The idea: give IDs to devices as a simple ACL

Proposal (2) Use RSA to validate device owns ID and exchange pairwise keys –Vendor generates and installs private key and certificate w/ public key –Certificate is signed by a vendor’s signing credentials –Vendor’s credentials are signed by a root certification authority (CA) –IETF likely willing be that CA –CA would endorse vendor’s right to first 32 bits. –Vendor would endorse the validity of the remaining bits. Net effect: unforgable credentials that facilitate enrollment

Simple Public Key Infrastructure

Analysis Why not use MAC address? –MAC address forging is important to layer 2. –Devices may have many MAC addresses. Auxiliary benefits –Solves the layer 2 part of the ARP problem –Prevents counterfeiting hardware –Provides a basis for establishing trust in firmware Drawbacks –Have to integrate with manufacturing process Not costly DOCSIS is doing something similar with cable modems –Requires hash function for signing Probably SHA1

Example establishment protocol SignCrypt encrypts arg1, auths both args Unique ID is encoded into certificate 1.A-> A_cert, SignCrypt(Ra, 0) -> B 2.A<- B_cert, SignCrypt(Rb,Ra) <- B 3.A-> AID, SignCrypt(0, Rb) -> B Shared secret is Ra XOR Rb All signatures and certs validated IDs checked to ACL On race, M1 from lower unique ID wins

Summary Unique IDs on each device Simple key management Does not eliminate other management methods –Credentials could be leveraged in centralized management Auxiliary benefits Vendor must install keypair

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.