Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAML assisted Diffie-Hellman MIKEY

Published byOphelia Sparks Modified over 5 years ago

Similar presentations

Presentation on theme: "SAML assisted Diffie-Hellman MIKEY"— Presentation transcript:

1 SAML assisted Diffie-Hellman MIKEY
IETF 64 MSEC Nov 8, 2005 Robert Moskowitz

2 Requirements to think about
Provides mutual authentication of the parties. Both parties are actively involved in session key generation. Is able to provide full perfect forward secrecy (PFS). Supports distribution of group session keys. Provides liveliness test when the UA does not have a reliable clock. Supports limited UAs.

3 Observations Items 2 and 3 are naturally provided by a Diffie-Hellman exchange. Item 1 can be provided by a SAML attribute cert of the UAs ID and DH key signed by the UA’s SIP server. An optional second round trip extension to MIKEY, encrypted with the Diffie-Hellman derived session key can provide items 4, 5, and 6. All of these components together create a relatively easy to deploy secure VoIP environment.

4 Scenarios for MIKEY peer-to-peer simple one-to-many small-sized groups
If we design the MIKEY exchange to first create a peer-to-peer session key that can be extended to securely transmit another key, the one-to-many and small groups exchanges are simply handled as special cases of the peer-to-peer exchange.

5 Trusted UA Credentials
For any successful MIKEY exchange, the parties SHOULD have trusted credentials. These credentials SHOULD contain: UA Identity DH Public key Proof of Trust Time range for trusting credential

6 Low Latency and Computational overhead
MIKEY has to occur after call 'pickup' and before talking. Latency here would be very apparent to the users. Thus a MIKEY exchange SHOULD be completed in one round trip. Additonal round trips should be optional for additional features.

7 Low Latency and Computational overhead
A hidden latency cost is credential validation. If the UA received its SAML certificate from its domain's SIP server it is trusting the server implicitly thus it can extend that trust to relying on it to validate the other party's SAML certificate. This not only eliminates the hidden validation latency, but also its computational cost to the UA.

8 Low Latency and Computational overhead
A common practice in generating a DH session key is to use the DH key in a keyed hash over random nonces and other data: TGK is HMACx(RAND1|RAND2) where x = g(xi* xr) This construct allows for a long-lived Diffie-Hellman key pair as it is never used to encrypt any transmitted data rather to generate the actual key.

9 Low Latency and Computational overhead
Consider Diffie-Hellman key size Recommendation is 4096 bits to equal 128 bits for AES key This will be too expensive for many SIP phones Use ECC Diffie-Hellman? Use optional smaller Diffie-Hellman key size 512 bits SIP phone could have mechanism to get new key periodically from PC or PDA Remember Diffie-Hellman key is used in an HMAC to produce session key.

10 Next Generate interest Finish the Internet Draft
Used as the source for much of this presentation! Get ‘buy in’ from SIP server vendors and SIP phone vendors

11 What about Legal Intercept
If both parties are registered to the same SIP domain The SIP server can LIE and generate 2 SAML certs to place itself as the Man-in-the-Middle If the parties are in different domains The SIP servers can COLLUDE Each generating 2nd SAML certs Allowing either of both servers to be the Man-in-the-middle

12 What about security risks
See prior slide! SIP phone MIGHT get its SAML cert for a 3rd party that will not participate in a Diffie-Hellman attack

13 Questions?

Download ppt "SAML assisted Diffie-Hellman MIKEY"

Similar presentations

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
SIP-SAML assisted Diffie-Hellman MIKEY IETF 65 MSEC Mar 21, 2006 Robert Moskowitz.

SIP-SAML assisted Diffie-Hellman MIKEY IETF 65 MSEC Mar 21, 2006 Robert Moskowitz.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Cryptography and Network Security (CS435) Part Eight (Key Management)

Cryptography and Network Security (CS435) Part Eight (Key Management)
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Computer and Network Security - Message Digests, Kerberos, PKI –

Computer and Network Security - Message Digests, Kerberos, PKI –
King Mongkut’s University of Technology Network Security 8. Password Authentication Methods Prof. Reuven Aviv, Jan. 2009 Password Authentication1.

King Mongkut’s University of Technology Network Security 8. Password Authentication Methods Prof. Reuven Aviv, Jan Password Authentication1.

Similar presentations

Ads by Google