Key Management Workshop November 1-2, 2001. 3. Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.

Slides:



Advertisements
Similar presentations
Key Establishment Schemes Workshop Document October 2001.
Advertisements

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Electronic mail security -- Pretty Good Privacy.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Lecture 3: Cryptographic Tools
Network Security Sorina Persa Group 3250 Group 3250.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
CN8816: Network Security1 Confidentiality, Integrity & Authentication Confidentiality - Symmetric Key Encryption Data Integrity – MD-5, SHA and HMAC Public/Private.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Bob can sign a message using a digital signature generation algorithm
Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
Electronic Mail Security
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Digital Signatures: Mathematics Zdeněk Říha. Data authentication Data integrity + data origin Digital signature Asymmetric cryptography public and private.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 2 “Cryptographic Tools”.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Network Security David Lazăr.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
NETWORK SECURITY.
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
Public-Key encryption structure First publicly proposed by Diffie and Hellman in 1976First publicly proposed by Diffie and Hellman in 1976 Based on mathematical.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Symmetric Cryptography
e-Health Platform End 2 End encryption
Cryptography Basics and Symmetric Cryptography
Cryptography in .Net CS 795.
The Secure Sockets Layer (SSL) Protocol
Public Key Infrastructure
Presentation transcript:

Key Management Workshop November 1-2, 2001

3. Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security services  Keys and other keying material

3.1 Classes of Cryptographic Algorithms  Hash algorithms (functions) –Un-keyed as one-way collision “free” function –Keyed for authentication and integrity (See Symmetric)  Symmetric (secret) key algorithms –Data confidentiality –Part of key establishment –Pseudorandom (deterministic) number generators –Keyed Hashes for authentication and integrity?  Asymmetric (public-private) key algorithms –Digital Signatures –Key establishment

3.2 Cryptographic Algorithm Functionality  Many security services are provided using cryptographic algorithms  The same algorithm may provide multiple services

3.2.1 Hash Functions  For digital signatures (FIPS 186-2)  As part of PSRNG (FIPS 186-2)  Keyed MAC (HMAC)  Approved hash functions in FIPS  SHA-1, SHA-256, SHA-384, and SHA-512

3.2.2 Algorithms for Encryption and Decryption (symmetric key)  AES –128, 192, and 256 bit keys  Triple DES (TDES) –Defined in ANSI X9.52 –Seven TDES Modes in ANSI X9.52 –Three distinct keys recommended  Modes of Operation –NIST Recommendation for four modes plus counter mode

3.2.3 Message Authentication Codes (MACs)  MACs using block cipher algorithms –NIST recommendation for block cipher MACs (e.g., CBC(AES)-MAC)  MACs using hash functions –Keyed-hash MAC (HMAC)

3.2.4 Digital Signature Algorithms  DSA (FIPS 186-3) –Key sizes between 1024 and 15,360 –Works with SHA-256, SHA-384, SHA-512  RSA Signatures –As specified in X9.31 or PKCS #1 v1.5 or higher –Key sizes from 1024 in increments of 256 (X9.31) –X9.31 and PKCS #1 signature block formats differ  ECDSA –As specified in X9.62 –Key size of at least 160 bits –Recommended Curves (FIPS 186-2)

3.2.5 Key Establishment Algorithms  Key transport and key agreement schemes to be provide in FIPS XXX  Transport may use either symmetric (wrapping) or asymmetric key encrypting keys  Agreement uses static and/or ephemeral key pairs to establish a shared secret that is then used to derive the session key(s)  FIPS XXX will select schemes from ANSI X9.42, X9.44, and X9.63.

Random Number Generation  Needed for generation of keys and IVs  Deterministic and non-deterministic  Approved deterministic generators from –ANSI X9.31 –ANSI X9.62 –FIPS  Deterministic often use approved encryption or hash functions and require seed(s)

3.3 Cryptographic Keys and Other Keying Material  There are several different classes of keys  Many keys are associated with other keying material  Each class requires various degrees of protection

Classes of Keys and Protection Requirements 1. Signing keys  Private, confidentiality, integrity, assoc with application, assoc with DP and key 2 2. Signature verification keys  Public, integrity, long term, assoc with application, assoc with entity, assoc with DP and private signing key, validation for association with private key 3. Secret authentication keys  Secret, confidentiality, integrity, long term, assoc with application, assoc with entity, assoc with authenticated data 4. Private authentication keys  Private, confidentiality,integrity, assoc with application, assoc with pub authentication key

Classes of Keys and Protection Requirements 5. Public authentication keys  Public, integrity, long term, assoc with application, assoc with entity, assoc with private authentication key, validation for assoc with private key 6. Long term data encryption keys  Secret, confidentiality, integrity, long term, assoc with application, assoc with entity, assoc with encrypted data 7. Short term data encryption keys  Secret, confidentiality, integrity 8. RNG keys  Secret, confidentiality, integrity, assoc with application

Classes of Keys and Protection Requirements 9. Key encrypting key used for wrapping  Secret, confidentiality, integrity, long term, assoc with application, assoc with entity, assoc with encrypted keys 10. Master key used for key derivation  Secret, confidentiality, integrity, long term, associated with application, assoc with entity, assoc with derived keys 11. Keys derived from a Master Key  Secret, confidentiality, integrity, long term, assoc with application, assoc with entity, assoc with Master Key and protected data 12. Key transport private keys  Private, confid, integrity, assoc with appl, assoc with encrypted keys and key transport public key

Classes of Keys and Protection Requirements 13. Key transport public keys  Public, integrity,long term, assoc with entity, assoc with key transport private key, validation 14. Static key agreement private keys  Private, confidentiality, integrity, long term, assoc with application, assoc with entity, validation of DP and static key agreement public key 15. Static key agreement public keys  Public, integrity, long term, assoc with application, assoc with entity, assoc with DP and static key agreement private key, validation 16. Ephemeral key agreement private keys  Private, confidentiality, integrity

Classes of Keys and Protection Requirements 17. Ephemeral key agreement public keys  Public, integrity, validation 18. Secret authorization key  Secret, confidentiality, integrity, assoc with application, association with entity 19. Private authorization key  Private, confidentiality, integrity, assoc with application, assoc with public authorization key 20. Public authorization key  Public, integrity, assoc with application, associated with entity, associated with private authorization key

Other Keying Material 1. Domain Parameters  Public, integrity, long term, assoc with application, assoc with key pair, validation 2. Initialization Vectors  Confidentiality, integrity, long term, associated with protected data 3. Shared Secrets  Confidentiality, integrity, long term, associated with application, associated with group, associated with other information 4. Seeds  Usually require confidentiality 5. Intermediate Results  Confidentiality, assoc with application

Classes of Keys Secret Authentication Keys KEK for Wrapping Secret Key Agreement Keys Secret Authorization Keys Private Authentication Keys Public Authentication Keys Key Transport Private Key Key Transport Public Key Static Key Agreement Private Keys Static Key Agreement Public Keys Ephemeral Kay Agreement Private Keys Ephemeral Key Agreement Public Keys Private Authorization Keys Public Authorization Keys SymmetricAsymmetric

Classes of Keys Long Term Data Encryption Keys Short Term Data Encryption Keys ANSI X9.17 Notarized Symmetric Keys Master Keys for Key Derivation Keys Derived form Master Key Random Number Generation Keys Signing Keys Signature Verification Keys Symmetric Asymmetric

4.4.1 Generation and Distribution of Public/Private Key Pairs  Should be generated in Accordance with Approved Standards  Generated in FIPS Approved module recommended  Alternatively generated in access controlled facility  Private signing, authentication and authorization keys should not be distributed to other entities

Distribution of Static Public Keys  Distribution process should insure that –The true owner of the key is known –The purpose/usage of the key is known –Associated parameters are known –The key has been properly generated (e.g., the key validates and/or the owner has the private key)  Keys is this category are: signature verification key, public authentication key, key transport public key, static key agreement public key, and public authorization key

Distribution of Ephemeral Public Keys  Ephemeral key pairs are –Short-lived –Statistically unique to each message –Should be generated in accordance with an Approved key establishment scheme (FIPS XXX)  Ephemeral public keys should be –Distributed using a key establishment process that meets assurances of previous slide –Recipient should perform public key validation as specified in FIPS XXX  Distribution of Centrally Generated Keys –TBD

4.4.2 Generation and Distribution of Symmetric Keys  Symmetric keys may be –Distributed using either a public key or a secret key based key transport system –Determined using a key agreement scheme  Symmetric keys used for encryption/decryption – Must be determined by and approved method –Should be randomly generated –Should be protected consistent with Section 3.3.1

Symmetric Key Generation  Symmetric keys should be generated by an Approved key generation algorithm in a FIPS module or a controlled access facility  Symmetric keys used to protect stored information should be stored in a manner that associates the keys with the information  Symmetric keys may be transported to other entities

Manual Key Distribution  Manually distributed symmetric keys should be either encrypted or use split knowledge  The distribution mechanism should assure –The authorized distribution of keys –That the entity distributing the keys is trusted by both the transmitter and recipient –The keys are protected in accordance with Section –The keys are received by the authorized recipient –The confidentiality and integrity of the keys during transport

Electronic Key Distribution/Transport of Symmetric Keys  Requires other secret or public keys to have been previously distributed  Should use FIPS XXX Approved schemes  Mechanism should insure that –The distributed key is not disclosed or modified –The key is protected in accordance with Section –The recipient has received the correct key  Keys in this category are the secret authentication key, long and short term data encryption keys, key encrypting key for wrapping, master key for key derivation, and secret authorization key.

Key Agreement  Approved schemes are provided in FIPS XXX  Requires public private key pairs  Mechanism should assure that –Each entity knows the correct identity of the other entity(ies) –The keys in the scheme are correctly associated with the entities –The public keys have been validated –The derived keys are correct (if key conformation is used)

4.4.3 Generation and Distribution of Other Keying Material  Domain Parameters –Generated infrequently and shared –May be distributed with public keys –Should be validated prior to use (FIPS XXX)  Initialization Vectors –Used with many symmetric modes of operation –Protection defined in Section –May be distributed with keys or data

4.4.3 Generation and Distribution of Other Keying Material  Shared Secrets –Computed during key agreement process –Used to derive keying material –Generated as in FIPS XXX  Seeds –Initialize deterministic RNG –Kept confidential when used to generate keys –May be used to generate domain parameters  Intermediate Results –Occur during computation using cryptographic algorithms –Should never be distributed

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.