CS691 M2009 Semester Project PHILIP HUYNH

Slides:



Advertisements
Similar presentations
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Enterprise Key Management Infrastructures: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Enterprise Key Management Infrastructure (EKMI) Arshad Noor CTO, StrongAuth, Inc. Chair, EKMI TC – OASIS
Enterprise Key Management Infrastructure: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Using Digital Credentials On The World-Wide Web M. Winslett.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Moscow, 2007 OKB SAPR Information Security Policy that Accords Protection OKB SAPR Special Design Bureau for Computer-Aided Design
Week #7 Objectives: Secure Windows 7 Desktop
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Unit 1: Protection and Security for Grid Computing Part 2
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
EIDE Design Considerations 1 EIDE Design Considerations Brian Wright Portland General Electric.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.
Enterprise Key Management Infrastructure (EKMI) Securing data for e-Business and e-Government Arshad Noor, Co-Chair, EKMI-TC
Enterprise Key Management Infrastructure (EKMI) Arshad Noor, Chair, EKMI TC OASIS IDtrust Workshop Barcelona, Spain October.
Clouding with Microsoft Azure
The Secure Sockets Layer (SSL) Protocol
Key management issues in PGP
Web Applications Security Cryptography 1
Cryptography: an overview
Network Attached Storage Overview
Grid Security.
Hardware security: The use of a Trusted Platform Module
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.
Remote Access Lecture 2.
e-Health Platform End 2 End encryption
Outline What does the OS protect? Authentication for operating systems
Radius, LDAP, Radius used in Authenticating Users
Module 8: Securing Network Traffic by Using IPSec and Certificates
COMP3220 Web Infrastructure COMP6218 Web Architecture
Outline What does the OS protect? Authentication for operating systems
CS691 M2009 Semester Project PHILIP HUYNH
KMIP Key Management with Vormetric Data Security Manager
Enabling Encryption for Data at Rest
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
Enabling Encryption for Data at Rest
Data Security for Microsoft Azure
Goals Introduce the Windows Server 2003 family of operating systems
Chapter 2: System Structures
Server Side Wrap Operations
RKL Remote key loading.
The Secure Sockets Layer (SSL) Protocol
Cryptography: an overview
Module 8: Securing Network Traffic by Using IPSec and Certificates
SSH – the practical solution
Install AD Certificate Services
Key Distribution Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, /18/2019 Ref: Pfleeger96, Ch.4.
Designing IIS Security (IIS – Internet Information Service)
System Center Configuration Manager Cloud Services – Cloud Distribution Point Presented By: Ginu Tausif.
Preventing Privilege Escalation
SPIRAL: Security Protocols for Cerberus
Presentation transcript:

CS691 M2009 Semester Project PHILIP HUYNH KEY MANAGEMENT SYSTEM

Outline of the Talk Key Management System IEEE P1619.3 Standard Key Management Infrastructure for Cryptographic Protection of Stored Data Strongkey Symmetric Key Management System (SKMS) OASIS Key Management Interoperability Protocol (KMIP) 11/15/2018 PHILIP HUYNH / CS691

KEY MANAGEMENT SYSTEMS Motivations Functionalities Security 11/15/2018 PHILIP HUYNH / CS691

Key Management System Motivations for Key Management The keys must be kept secret. While the encryption algorithm should be public. Whoever has access to the key, can also access the information, assume someone else's identity, etc. 11/15/2018 PHILIP HUYNH / CS691

Key Management System Key Management Functionalities Generation Distribution Storage Replacement / Exchange Usage Destruction 11/15/2018 PHILIP HUYNH / CS691

Key Management System Key Management System Security Prevent intruder from obtaining a key Avoid unauthorized use of keys, deliberate modification and other forms of manipulation of keys Once the reliability of a key is impaired, its use must be terminated immediately 11/15/2018 PHILIP HUYNH / CS691

IEEE P1619.3 STANDARD Problems Solution 11/15/2018 PHILIP HUYNH / CS691

IEEE P1619.3 Standard Encrypting Storage Problems We can’t always expect a tape drive to be able to get keys from an encryption appliance’s key server, or for an encryption appliance to be able to get keys from a tape drive’s key server because there is very little interoperability between vendors’ key management systems. We can’t expect a storage device to be able to get keys from a distant key server. If we encrypt a backup tape in New York data center and send the tape to an offsite backup facility we can’t always expect that the data can be decrypted at the backup facility because the storage device there may be unable to reach the key server that provide the decryption key. 11/15/2018 PHILIP HUYNH / CS691

IEEE P1619.3 Standard The goal Eliminate all the key management problems Make interoperable key management possible. Abstracts the components of a cryptographic system into Key management server Key management client Cryptographic unit. The standard also defines operations between the key management servers. 11/15/2018 PHILIP HUYNH / CS691

IEEE P1619.3 Standard The abstraction components roles and responsibilities Key management server creates and distributes keys as well as the policies covering their use. Key management clients get keys and policies from a key management server on behalf of a cryptographic unit. Cryptographic units perform the actual encryption and decryption operations with the keys the key management clients manage. 11/15/2018 PHILIP HUYNH / CS691

STRONGKEY SYMMETRIC KEY MANAGEMENT SYSTEM Problems Solution 11/15/2018 PHILIP HUYNH / CS691

Strongkey Symmetric Key Management System (SKMS) Why is symmetric key management a problem? Many encryption application Vendors provide different KM Systems. As a result, IT Operation Staffs have to manage many different KM Systems. The complexity of KMS management raises the TCO, and causes the potential danger of a vulnerability in the security strategy. Solution Client/Server KM System for encryption applications Symmetric Key Server – implements the KM functions that are abstracted from the applications Symmetric Key Client – provides API that can make requests for symmetric key services. 11/15/2018 PHILIP HUYNH / CS691

Strongkey SKMS Architecture SKS server A server-class computer running an OS – Linux, UNIX, or Windows that has JVM available for it A relational database for storing the symmetric encryption keys. A J2EE compliant application server to response to the requests over the network A JCE-compliant cryptographic provider to perform the cryptographic operations of key generation, key protection, digital signing, verification,… An optional, Hardware security module (HSM) or Trusted Platform Module (TPM) for securely storing the cryptographic keys that protect the database’s content The SKS server software, consisting of an Enterprise Archive (EAR) and a Web archive (WAR) file for administration console SKCL Client A client computer running an OS – Linux, UNIX, Windows, and OS/400 that has JVM available for it 11/15/2018 PHILIP HUYNH / CS691

Strongkey SKMS Architecture SKCL Client (continued) An optional, Trusted Platform Module (TPM), smartcard, or other USB-based cryptographic token for securely storing the cryptographic keys that protect client’s authentication credentials. The SKCL software, consisting of an API callable by Java applications for communicating with the SKS server and performing cryptographic functions. Non-Java applications have the option of either using a JNI library to call the SKCL, or communicating with the SKS server directly using the SKSML protocol. SKSML Protocol A call from the client to request a symmetric key – new o existing – from the SKS server. A call from the client to request key-caching policy information from the SKS server. A response from the SKS server containing the symmetric key and key’s use policy. A response from the SKS server containing the key-caching policy. A fault message from the SKS server, if either of the two calls doesn’t succeed. 11/15/2018 PHILIP HUYNH / CS691

OASIS KEY MANAGEMENT INTEROPERABILITY PROTOCOL Problems Solution 11/15/2018 PHILIP HUYNH / CS691

OASIS Key Management Interoperability Protocol (KMIP) Why is key management a problem? The proliferation of key management system result in higher operational and infrastructure costs of enterprise using encryption, certificates, asymmetric key pairs, and other encryption technologies 11/15/2018 PHILIP HUYNH / CS691

OASIS Key Management Interoperability Protocol (KMIP) Why is key management a problem? The proliferation of protocols, even when supported by a single enterprise key manager, results in a higher costs for developing and supporting the key manager. 11/15/2018 PHILIP HUYNH / CS691

OASIS Key Management Interoperability Protocol (KMIP) Solution Single protocol for communication between enterprise key management server and cryptographic clients. By defining a protocol that can be used any cryptographic clients, KMIP enables enterprise key management servers to communicate via a single protocol to all cryptographic clients supporting that protocol. Through vendor support KMIP, an enterprise will be able to consolidate key management in a single enterprise key management system, reducing operation and infrastructure costs while strengthening operational controls and governance of security policy. 11/15/2018 PHILIP HUYNH / CS691

References Basic Methods of Cryptography Jan C.A. VAN DER LUBBE, Cambridge University Press, 1999. Symmetric Key Management System Arshard Noor, ISSA Journal, 01/2007. Key Management Infrastructure for Protecting Storage Data Luther Martin, Computer, 07/2008. Key Management Interoperability Protocol version 1.0, OASIS, 05/2009. 11/15/2018 PHILIP HUYNH / CS691

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.