We leave the world of cryptography for a while.

Slides:

Advertisements

Similar presentations

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Advertisements

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

Ecosystem Scenarios for Cloud-based NFC Payments

WPKI available technology diagram and the business model

1 Trusted Systems in Networking Infrastructure Rafael Mantilla Montalvo Cisco Systems June 2013.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

A Survey of WAP Security Architecture Neil Daswani

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani September 21, 2000.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.

PKI & SSL Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.

Renesas Electronics America Inc. © 2010 Renesas Electronics America Inc. All rights reserved. Secure MCU REA FAE Training – June A Rev

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

Secure Socket Layer (SSL)

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

How can the SMART card help in new channels?

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session.

December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.

The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.

Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM.

SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No

TLS user mapping hint extension Stefan Santesson Microsoft.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Belgian EID Card 15/12/2004 Derette Willy eID program manager.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar

Secure Sockets Layer (SSL) Protocol by Steven Giovenco.

E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.

TLS authentication using ETSI TS and IEEE certificates

Mark Brown RedPhone Security

CSCE 715: Network Systems Security

COMP3220 Web Infrastructure COMP6218 Web Architecture

CSE 4095 Transport Layer Security TLS, Part II

Secure Element API An introduction.

CSCE 815 Network Security Lecture 16

SSL Protocol Figures used in the presentation

COEN 351 Authentication.

Presentation transcript:

TRUST PROVISIONING Related Hardware Embedded Secure Elements for Mobile Phone applications We leave the world of cryptography for a while. We understand that where online PKI is not possible, the secret keys must be exchanged and kept secret. A smartcard, or a secure element, are good way of securely storing a secret, like a key. The processor using the key for the computation is in the smartcard as well, as such the key never leaves it’s secure environment. But such keys have to be loaded on the smartcard once. This is how it works generally:

Smart Card Initialization & Personalization Service Provider (bank) Card 5566..0001 – Mr Bianchi Card 5566..0001 – Mr Bianchi Card 5566..0002 – Mr Gallo Card 5566..0002 – Mr Gallo Card 5566..0003 – Mr Rossi Card 5566..0003 – Mr Rossi O.S. Provider ROM Mask, EEPROM Image, Silicon Manufacturer Card Vendor Wafer Testing … Pre-perso Personalization Card 5566..0001 Mr Bianchi Card 5566..0002 Mr Gallo Card 5566..0003 Mr Rossi SMART CARD 5566 .. 002 Mr Gallo Flow of Trust Mr Gallo Flow of Hardware Press <space> once!

Trust Provisioning Initialization & Personalization service provider Service Provider(s!) (bank) Trusted Service Manager O.S. Provider ROM Mask, EEPROM Image Silicon Manufacturer Mr. Koch OTA IC Personalization Mr Koch – 040-238679 OTA Diffusion, Wafer Testing, Initialization (1Key4Die),… X Uid..001 Uid..002 Uid..00n Uid..001 Uid..002 Uid..00n 001 002 Non trusted OEM/ODM 00n 001 MNO 00n 002 001 002 Distribution / Retail 00n 001 End

How Keys and Certificates are created Start public Silicon Manufacturer Public/Private Key Pair NXP private key securely stored in NXP HSM private public private Generate IC-specific Public/Private Key Pair Key Generator Secure Key Storage Create Device Certificate Body Signing Hardware Secure Module (HSM) Calculate Hash of Certificate Body Body Signed Hash Example Signature Sign Hash with NXP Private Key Insert Device Certificate + IC-specific Private Key in Embedded SE Chip ESE Chip Ready

Offline authentication HOST (MCU) CLIENT (Authentication Device) Body … Public Key Signed HASH Root CA Certificate Body … Public Key Signed HASH Device Certificate Body … Public Key Signed HASH Device Certificate Request certificate Send certificate Client Certificate is genuine Private Key Validate certificate NOK OK Rnd# Send challenge Sign(Rnd#) Sign challenge Send response Validate response Client knows its private key NOK Continue service OK stop

Client-authenticated TLS handshake ClientHello Certificate ClientKeyExchange CertificateVerify ChangeCipherSpec Finished RNDa+caps ServerHello Certificate CertificateRequest ServerHelloDone ChangeCipherSpecs Finished RNDb+method selection Certificate verification Server certificate+CA sign Client certificate+CA sign Secret key Certificate verification Transaction signature

Hands-on: Example of a TLS link Using A70CM