1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006.

Slides:

Advertisements

Similar presentations

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Pairwise Key Agreement in Broadcasting Networks Ik Rae Jeong.

Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.

1 CCSDS Security Architecture Key Management 13 th April 2005 Athens.

1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Authentication & Kerberos

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

Chapter 5 Network Security Protocols in Practice Part I

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Secure Socket Layer (SSL)

MASY: Management of Secret keYs in Mobile Federated Wireless Sensor Networks Jef Maerien IBBT DistriNet Research Group Department of Computer Science Katholieke.

Lukas Ruf, TIK April 6th WP3 Presentation, ETH WP 3 -- Security Technology And Multimedia Delivery Computer Engineering and Networks Laboratory,

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.

Security in Wireless Sensor Networks using Cryptographic Techniques By, Delson T R, Assistant Professor, DEC, RSET 123rd August 2014Department seminar.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

James Higdon, Sameer Sherwani

Cryptography Chapter 14. Learning Objectives Understand the basics of algorithms and how they are used in modern cryptography Identify the differences.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Cryptography and Network Security (CS435) Part Eight (Key Management)

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

1 15 November 2004 CCSDS Security Architecture 15 th November 2004 Toulouse.

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

1 CCSDS Security Working Group Spring Meeting Colorado Springs Security Architecture January 19 th 2007.

Kerberos Guilin Wang School of Computer Science 03 Dec

1 SecWG New Business Discussions CCSDS CNES, Toulouse FR Howard Weiss NASA/JPL/SPARTA November 2004.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Computer and Network Security - Message Digests, Kerberos, PKI –

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.

1 Number Theory and Advanced Cryptography 9. Authentication Protocols Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

Securing Access to Data Using IPsec Josh Jones Cosc352.

@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.

Presented by Edith Ngai MPhil Term 3 Presentation

Presentation transcript:

1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006

2 Agenda Key Management Requirements Constraints & Bonuses Types of Key Management Issues – Emergency Commanding Q&A

3 Requirement To securely distribute key material to every communications node in a space system. To do so efficiently. –Use minimal bandwidth overhead –Use minimal processing & storage overhead. –Use minimal handshaking

4 Constraints Transmission delay Available bandwidth Processing and memory resources of remote platforms. Communications are non-continuous. Communication windows are variable –(and short in case of LEO) Mission lifetimes can last for years. 3 rd Parties are a long way away!

5 Bonuses Number of times session keys need to be changed is minimal Data rates are low Man-in-the-middle attacks are hard/impossible to do.

6 Types of Key Distribution Symmetric Asymmetric (Public Key) Quantum Key Distribution IKE Identity Based Encryption Distributed Key Management (PGP) Threshold Scheme (many non-trusted parties) Fortified Key Negotiation (Variation on DH) Pre-load

7 Symmetric Key Distribution Wide mouth frog Needham-schroeder Kerberos Otway Rees Yahalom Neuman-Stubblebine Pairwise Shaired Keys Blom’s Scheme Need access to a central server Variation of Pre-Load

8 Asymmetric Diffie-Hellman Key Exchange El Gamal Key Agreement (variation of DH) MTI/A0 (variation of DH) Shamir’s Three-pass protocol (uses RSA algorithm) COMSET – COMunications SETup Encrypted Key Exchange (EKE)(Uses pairwise keys) Interlock Protocol (Uses half-messages) Denning Sacco Public Key Exchange (Uses TTP) Woo Lam Protocol (uses TTP)

9 Quantum Key Exchange Based on the physical properties of photons. Very secure Currently limited range. Not compatible with RF communications.

10 IKE Developed by the IETF as the Key Management system for IPSec. Based on combination of symmetric and asymmetric techniques. IKE v1 was extremely complex to implement. IKE v2 is now been agreed. IKE v2 much simpler than v1 however still has a lot of handshaking. IKE was designed for Network Key Management, may not be suitable for other forms of encryption.

11 Identity Based Encryption Relatively new scheme Similar to PKI, however any arbitrary string can be used as public key. No need for certificate management. Does need access to a trusted 3 rd Party Cannot be used for authentication. Patented

12 Issues No current scheme (apart from pre-load) was developed with the unique needs of a space environment in mind. Can one key management technique be used for all 3 encryption schemes proposed in the Security Architecture? If not, can similar supporting infrastructure be used – thus reducing resource footprint. Due to the hostile nature of the space environment would it be sensible to recommend the use of a primary key agreement mechanism and a backup scheme? Should we only concentrate on a Key Management system for space use as whatever the “latest” method is, can be used for ground systems as these are relatively easily changed.

13 Questions