IEEE SISWG (P1619.3)‏ Messaging & Transport. AGENDA Transport Protocols & Channel Protection Messaging Layer Capability Exchange & Authentication Groups.

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Encrypting Wireless Data with VPN Techniques
Cryptography and Network Security Chapter 16
Web security: SSL and TLS
RPC Robert Grimm New York University Remote Procedure Calls.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Cryptography and Network Security Chapter 17
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Chapter 8 Web Security.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
CSCI 6962: Server-side Design and Programming
Chapter 10: Authentication Guide to Computer Network Security.
Wireless and Security CSCI 5857: Encoding and Encryption.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Secure Socket Layer (SSL)
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
70-411: Administering Windows Server 2012
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
ISCSI Extensions for RDMA (iSER) draft-ko-iwarp-iser-02 Mike Ko IBM August 2, 2004.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
IEEE P Architecture Subcommittee Conference Call January 24, IEEE P Architecture Subcommittee.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Port Based Network Access Control
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
The Secure Sockets Layer (SSL) Protocol
Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.
CredSSP in RDP Sreekanth Nadendla Windows Open Specifications.
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Cryptography and Network Security
SSL (Secure Socket Layer)
The Secure Sockets Layer (SSL) Protocol
Presentation transcript:

IEEE SISWG (P1619.3)‏ Messaging & Transport

AGENDA Transport Protocols & Channel Protection Messaging Layer Capability Exchange & Authentication Groups & Access Control Mechanisms Summary of Object structures Open items / discussion

Transport Mechanisms TCP/IP is the first network protocol that will be in scope. (T10 covers key transfer over SCSI)‏ TLSv1/SSLv3/IPSec/None will be the supported channel protection protocols. (TBD: Supported Ciphers)‏ If the channel is not encrypted, then KM must wrap keys prior to dispatching to client. The client must have pre-exchanged keys setup for wrapping, else the KM will reject the request.

Messaging Layer The two mandatory KM message exchange mechanisms are SOAP & DER encoded ASN.1. ITU-T X.694 will be used to represent both formats (WSDL + ASN.1 schema)‏ If XML-RPC is required, then ASN.1 with XER encoding would be the approach. Changes to D1 are being made. A first draft of the messaging schema will be available in about 4 weeks.

Protocol The next few slides will give an overview of the protocol between the client and the server for certain common/critical operations.

Capability Exchange KM Client establishes a transport channel with the KM server. KM Client then sends its capabilities to the Server using the Capability Object KM Server picks one of the ‘n’ that have been sent by the client (SSL-like) or terminates the connection if it encounters an unsupported capability. KM communicates its choice using the Capability Object.

Authentication Every KM client is submitted with a Credential Object which indicates the type and the actual credentials if necessary. If authentication is the channel level (X509 attribute of an SSL client certificate), then the credential field of the Credential Object is NULL. Login Session creation is optional. In case username /password is the chosen authentication mechanism, the credential field of the Credential Object would be un/pwd. When a KM client requests an explicit login action, it would get a Credential Object from the KM server with a credential type of session and the session-id as the value of the credential. The authentication protocol must be extensible so that it can be plugged into a customers SSO/CA system. The use of pattern matching CA authenticators are recommended on the KM.

Objects [Brief summary of prior presentation] Definition of Key, Client, DataSet & Policy Objects. Notion of Key, Client & Policy Static (explicit add/delete) & Dynamic Groups (pattern based). Access control and policy enforcement by the KM is enforced at a group level.

Objects [Changes/Clarification from prior presentation] Introduce the notion of a KeyManager Object to work in conjunction with Distribution /Replication Policies. Introduce the notion of Mandatory (Key, Client, etc) & Optional (Distribution Policy) objects. Introduce the notion of objects that are server only (Groups) & server/client (the rest) objects. Groups are managed via KM admin operations. Specification is in the final stages of being updated to incorporate these changes. (ETA – 2 weeks)‏

Open Items Cipher suite for Channel Encryption. 3DES AES (128, 256 bit) Key Exchange and channel dependencies Strength of wrapping key vs. encryption key (channel strength should match or exceed encryption key strength, based on Policy) Asynchronous operations between KM client and KM server – Mandatory? Optional? (allow optional tagging of commands/responses)