CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

Slides:

Advertisements

Similar presentations

PKCS-11 Protocol for Enterprise Key Management

Advertisements

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

A Profile Of PKCS #11 V2.11 For Mobile Devices Magnus Nyström PKCS Workshop 2002.

AUTHENTICATION AND KEY DISTRIBUTION

The Cryptographic Token Key Initialization Protocol (CT-KIP) OTPS Workshop February 2006.

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.

OTP-ValidationService: Summary, Status, and Next Steps OTPS Workshop, February 2006.

PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Copyright © 2003 Colin Perkins SDP Specification Update Colin Perkins

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Internet Engineering Task Force Provisioning of Symmetric Keys Working Group Hannes Tschofenig.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,

1 Notification Rate Control draft-ietf-sipcore-event-rate-control th IETF,

Chapter 21 Distributed System Security Copyright © 2008.

SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

Hariharan Venkataraman

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.

DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.

RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.

OTP-ValidationService John Linn, RSA Laboratories 11 May 2005.

Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.

SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.

AuthenticationAccess Management Developer Solutions Digital Signatures The profile of PKCS #11 v2.11 for mobile devices Magnus Nyström PKCS Workshop April.

One-Time Password Specifications (OTPS): Overview, Workshop Agenda, and Process DRAFT – 18 May 2005.

RTSP to Draft Standard draft-ietf-mmusic-rfc2236bis-02.txt Authors: Henning Schulzrinne, Anup Rao, Robert Lanphier, Magnus Westerlund.

Draft-ietf-dime-ikev2-psk-diameter-0draft-ietf-dime-ikev2-psk-diameter-08 draft-ietf-dime-ikev2-psk-diameter-09 in progress Diameter IKEv2 PSK: Pre-Shared.

EAP-POTP Magnus Nyström, RSA Security 23 May 2005.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.

SIP working group IETF#70 Essential corrections Keith Drage.

IETF 57, Vienna1 SDPng Update Dirk Jörg Carsten draft-ietf-mmusic-sdpng-06.txt.

March 2006IETF 65 - Dallas1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Dave Mitton, RSA Security for Magnus Nyström IETF SAAG.

November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.

SIP PUBLISH draft-ietf-simple-publish-01 Aki Niemi

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

Lightweight Key Establishment & Management Protocol (KEMP) in Dynamic Sensor Networks Update draft-qiu-roll-kemp-01 Ying QIU, Jianying ZHOU, Feng BAO.

NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.

Portable Symmetric Key Container (PSKC) Mingliang Pei Philip Hoyer Dec. 3, th IETF, Vancouver.

August 2, 2005IETF63 EAP WG AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) Yoshihiro Ohba (Toshiba) Mayumi.

8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Draft-ietf-ccamp-lmp-02.txt Link Management Protocol (LMP) LMP draft updates…  draft-ietf-ccamp-lmp-07.txt  draft-ietf-ccamp-lmp-wdm-01.txt  draft-ietf-ccamp-lmp-test-sonet-sdh-00.txt.

Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.

XCON WG IETF-64 Meeting XCON Framework Overview & Issues

editor: Stephen Farrell,

CSE 4095 Transport Layer Security TLS

draft-ipdvb-sec-01.txt ULE Security Requirements

STIR WG IETF-99 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-00) July, 2017 Ray P. Singh, Martin Dolly, Subir Das, and An.

Presentation transcript:

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005

Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended for general use within computer and communications systems employing connected cryptographic tokens Objectives: —To provide a secure and interoperable method of initializing cryptographic tokens with secret keys —To avoid, as much as possible, any impact on existing cryptographic token manufacturing processes —To provide a solution that is easy to administer and scales well —To provide a solution which does not require private-key capabilities in tokens, nor the existence of a public-key infrastructure

Principles of Operation

Recent Modifications – CT-KIP: 4 th draft XML related —Switched to UpperCamelCase for XML names, as per discussion at the May workshop —Switched to explicit XML namespace usage, as per discussion at the May workshop —PDU (message) names changed to more descriptive names Introduced an optional element in the client's initial message —For use when token already is initialized Replaced the element in the server's initial message with a element, which in turn is a —For future use Suggested MIME type is now application/vnd.otps.ct-kip, since application/ct-kip would (normally) have required an RFC and approval by the IESG.

Recent Modifications – CT-KIP 5 th draft Clarified that the length of nonces R C and R S may depend on selected key types Expanded discussion in Section 3.3 on ways for the server to couple an initial user authentication to a CT-KIP session (and hence a particular key) Expanded text on comparison of XML string values Introduced a CT-KIP "trigger" or initialization message In the ClientHello message, clarified that the element must be present only if provided by the CT-KIP server in a trigger or if there is a key shared between the token and the CT-KIP server —Clients cannot assign a Token Identifier In the ServerHello and ServerFinished message, clarified that the parameters to the MAC are the same regardless of the MAC algorithm In the ServerFinished message, added a element allowing the server to assign an identifier also for the token and not just the generated key Added a "Security Considerations" section

Recent Modifications – CT-KIP’s PKCS #11 Interface 4 th and 5 th draft Clarified that the element from CT-KIP may be used as CKA_ID In Appendix B, modified the proposed/suggested procedure to let K TOKEN be generated after receipt of the ServerFinished message. This simplifies providing a complete template to C_DeriveKey Editorial corrections and clarifications thanks to Laszlo Elteto, Safenet Still missing here is actual assignment of mechanism identifiers

For Discussion Security Considerations section needs review Agreement and stabilization of document content —Need to verify completeness wrt OTP-PKCS #11, EAP-POTP, etc. Applies to all OTPS documents Assignment of PKCS #11 mechanism identifiers Possible future contribution of document, to (new) OASIS TC or elsewhere? Proposed schedule —Produce final draft versions within a month from this workshop —Publish Version 1.0 about two weeks after that