JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.

Slides:

Advertisements

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

Advertisements

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Key Establishment Schemes Workshop Document October 2001.

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.

Doc.: IEEE /0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: Authors:

Lecture 5: Cryptographic Hashes

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

HASH ALGORITHMS - Chapter 12

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Lecture 23 Symmetric Encryption

CMSC 414 Computer (and Network) Security Lecture 25 Jonathan Katz.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.

March 20, 2006IETF65 PANA WG PANA Specification Updates (draft-ietf-pana-pana-11.txt) Yoshihiro Ohba

TLS 1.2 and NIST SP A Tim Polk November 10, 2006.

CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

Introduction to Secure Messaging Issues Russ Chung, American Eagle Group The Open Group Messaging Forum July 24, 2003.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

Bit Cipher 1. Example of bit Cipher 2 Practical Stream Cipher 3.

COSE Overview Jim Schaad August Cellars. Willing Changes No crypto compatibility Use of CBOR idioms Partial change of naming schemes.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

 A Web service is a method of communication between two electronic devices over World Wide Web.

NETWORK SECURITY.

Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Lecture 23 Symmetric Encryption

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

1 /10 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland draft-urien-tls-keygen-00.txt TLS Key Generation

Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.

PKCS #5: Password-Based Cryptography Standard

1 CSC 221: Introduction to Programming Fall 2011 Input & file processing  input vs. raw_input  files: input, output  opening & closing files  read(),

Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015CS526: Information Security1.

Allowed uses of Public Keys Jim Schaad Soaring Hawk Consulting.

Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.

Should NIST Develop an Additional Version of GCM? July 26, 2007 Morris Dworkin, Mathematician Security Technology Group

ECC Design Team: Initial Report Brian Minard, Tolga Acar, Tim Polk November 8, 2006.

Keyprov PSKC spec Philip Hoyer 71-st IETF, Philadelphia.

PKCS #5 v2.0: Password-Based Cryptography Standard

Part 1  Cryptography 1 Integrity Part 1  Cryptography 2 Data Integrity  Integrity  detect unauthorized writing (i.e., modification of data)  Example:

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.

The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC

Data Integrity / Data Authentication. Definition Authentication (Signature) algorithm - A Verification algorithm - V Authentication key – k Verification.

@Yuan Xue 285: Network Security CS 285 Network Security Message Authentication Code Data integrity + Source authentication.

Dan Brown, Certicom Research November 10, 2004

Block Cipher Modes CS 465 Make a chart for the mode comparisons

Updates to Draft Specification for DTN TCPCLv4

JOSE New Specs & New Features

OAuth Design Team Call 11th February 2013.

JSON Serialization Specifications: JWS JSON Serialization JWE JSON Serialization Mike Jones August 1, 2012.

Jim Schaad August Cellars

The devil is in the details

Presentation transcript:

JOSE Open Issue Discussion Chairs Jim Schaad

Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss the change – If you care and don’t understand or don’t like the statement vote here After all voting is done, a Short Discussion on each topic with a significant discuss vote followed by second poll

Non AEAD algorithm as single name Change current treatment of AES-CBC + HMAC to use a single content encryption name OLD: {“enc”:”A128CBC”,”int”:”HS256”,”kdf”:”CS256”} NEW: {“enc”:”A128CBC+HS256+CS256”} PRO – Restricts combinations – Shorter Text Con – Restricts Combinations

Add new ECB key wrap function Add a new ECB key wrap function to the algorithm specification Pro – Probably wider implemented than AES key wrap Con – Does not have internal integrity protection – Security People will object

Add key wrap functionality for EC Do we need to require the ability for doing Key Agree followed by Key Wrap to get the CMK? Pro – Required for a multiple recipient case Con – Unnecessary for single recipient case (spec bloat)

Remove no key wrap for KA algs Should we remove the ability to go directly from a Key Agreement algorithm to the CMK without a key wrap step Pro – Saves space for single recipient case Con – Two code paths – single vs multiple recipient cases

Add other than pre-shared MAC key Should we add the ability to have a randomly generated MAC key protected by a different key. The other key could be either a pre- shared symmetric key or a public key. Pro – Security issue based on number of key uses Con – Not supported by current structure

Add Key Usage “both” Do we need to add the string “both” as a key usage Pro – Makes usage explicit Con – Implicit by omission

Support multiple types for algorithms Should support be mandated to allow an algorithm to be both a string and an object Example: “alg”:{“name”:”RSA-OAEP”, “hash”:”S256”} Pro – Puts parameters into non-global space Con – Can be expressed in the text name

RSA-OAEP/RSA-PSS default parameters Should SHA1 be the default parameters for these algorithms? Pro – What is current deployed Con – It is the only use of SHA-1 in the specification

NIST KDF elements Do we need to add NIST recommended elements to the KDF algorithm defined. Elements would be Algorithm Identifier, Output Length and optional Party Info. SETTLED – Will be done

Nonce/timestamp Parameter Do we need to define a nonce/timestamp parameter in the base specification? Pro – Likely to be commonly used Con – Spec bloat

JSON Parsing Issues Do we need to require additional JSON parsing restrictions beyond what exists today? – Excess characters before and after object – Possible problems with duplicate fields Pro – Opens new attack surface Con – Requires additional code by implementer

Criticality of understanding header fields Different set of questions YES – all header fields are critical NO – all header fields are non-critical MAYBE – header fields are marked as (non)- critical DISCUSS – we need more discussion

Is KID sufficiently defined? Is the current text for KID sufficiently defined and understood?