Draft-popov-token-binding-00 Andrei Popov, Microsoft Corp.

Slides:



Advertisements
Similar presentations
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Advertisements

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Chapter 5 Network Security Protocols in Practice Part I
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Online Security Tuesday April 8, 2003 Maxence Crossley.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Ariel Eizenberg PPP Security Features Ariel Eizenberg
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter 8 Web Security.
Computer Science Public Key Management Lecture 5.
Application Layer Protocol Negotiation
Cryptography 101 Frank Hecker
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Wireless and Security CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
Computer Networks with Internet Technology William Stallings Network Security.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session.
1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt
Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Prohibiting RC4 Cipher Suites in TLS By: Andrei Popov
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
TLS user mapping hint extension Stefan Santesson Microsoft.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
1 Example security systems n Kerberos n Secure shell.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Dr. Michael B. Jones Identity Standards Architect at Microsoft
CSE 4095 Transport Layer Security TLS, Part II
Cryptography and Network Security
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
One Time Signature.
Cryptography and Network Security
draft-ietf-dtn-bpsec-06
Presentation transcript:

draft-popov-token-binding-00 Andrei Popov, Microsoft Corp.

The Token Binding Protocol The client generates an asymmetric Token Binding key per target server. The client proves possession of the Token Binding key on every TLS connection, by signing the tls_unique value [RFC5929] with the private key.RFC5929 The Token Binding is identified by the corresponding public key. Token Bindings are long-lived, i.e. they encompass multiple TLS connections and TLS sessions between a given client and server. Token Binding private key MUST be strongly protected (e.g. using a secure hardware module).

Preventing Token Theft When issuing a security token to a client that supports Token Binding, a server includes the client's Token Binding ID in the token. Later on, when a client presents a security token containing a Token Binding ID, the server makes sure the ID in the token matches the ID of the Token Binding established with the client. In the case of a mismatch, the server discards the token. In order to successfully export and replay a bound security token, the attacker needs to also be able to export the client's private key, which is hard to do in the case of a strongly-protected key (e.g. generated in a secure hardware module).

Privacy Different Token Binding keys SHOULD be used by the client for connections to different servers, according to the token scoping rules of the application protocol (e.g. eTLD for HTTP). Token Binding identifiers are never transmitted in clear text. Token Binding keys can be deleted by the user at any time, e.g. when clearing browser cookies.

Open Issue: Negotiating Token Binding Key Parameters The current draft uses ALPN protocol IDs [RFC7301] to negotiate the use of the Token Binding key parameters (signature algorithm, length): Pros: No TLS protocol changes; No additional round-trips. Cons: Cartesian explosion of ALPN IDs; TLS ClientHello grows large, triggers interop issues with certain middle boxes; Protocols other than HTTP will need to register a separate set of ALPN IDs. Should we consider a new TLS extension to negotiate Token Binding key parameters? ALPN IDProtocol h2_tb_p256HTTP/2 with Token Binding using ECDSA key and NIST P256 curve h2_tb_rsa2048HTTP/2 with Token Binding using 2048-bit RSA key http/1.1_tb_p256HTTP/1.1 with Token Binding using ECDSA key and NIST P256 curve http/1.1_tb_rsa2048HTTP/1.1 with Token Binding using 2048-bit RSA key

Links And Contact Information The Token Binding Protocol Version 1.0: Token Binding over HTTP: https-token-binding-00http://tools.ietf.org/html/draft-balfanz- https-token-binding-00 On GitHub: Dirk Balfanz Vinod Anupam Andrei Popov

The Token Binding Protocol Message Format struct { ExtensionType extension_type; opaque extension_data ; } Extension; struct { TokenBindingID tokenbindingid; opaque signature ;// Signature over hashed ("token binding", tls_unique) Extension extensions ; } TokenBinding; struct { TokenBinding tokenbindings ; } TokenBindingMessage;

Token Binding ID Format enum { provided_token_binding(0), referred_token_binding(1), (255) } TokenBindingType; struct { TokenBindingType tokenbinding_type; SignatureAndHashAlgorithm algorithm; select (algorithm.signature) { case rsa: RSAPublicKey rsapubkey; case ecdsa: ECDSAParams ecdsaparams; } } TokenBindingID; Provided_token_binding is used to establish a Token Binding when connecting to a server. Referred_token_binding is used when requesting tokens to be presented to a different server.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.