1 NIST Key State Models SP800-57 Part 1SP800-130 (Draft)

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Overview of the SDE Protocol Presented by Ken Alonge Chair,
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
Dynamic Symmetric Key Provisioning Protocol (DSKPP)
Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.
CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Secure Socket Layer.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
TLS 1.2 and NIST SP A Tim Polk November 10, 2006.
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
IEEE i WPA2. IEEE i (WPA2) IEEE i, is an amendment to the standard specifying security mechanisms for wireless networks. The.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
Web Security Network Systems Security
KMIP 1.3 Deprecation February 20, Deprecation 5.1 KMIP Deprecation Rule Items in the normative KMIP Specification [KMIP-Spec] document can be marked.
Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.
Csci5233 computer security & integrity 1 Cryptography: an overview.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
OASIS Mngt Protocol Use Cases. Actors and Their Roles “Manageable” Object Management Application Service Access Point “Managed” Objects Management Discovery.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
KMIP Notes 1.3 – Security Attribute Security 15 May 2014 Chuck White – 1.
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
KeyProv PSKC Specification Philip Hoyer Mingliang Pei Salah Machani 74 nd IETF meeting, San Francisco Nov
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.
RADIUS Attributes for the Delivery of Keying Material Joe Salowey Jesse Walker Tiebing Zhang Glen Zorn.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Proposal to Update KMIP State Model Addition of Suspended, Revoked and Shredded key states.
Cryptography: an overview
Phil Hunt, Hannes Tschofenig
A Wireless LAN Security Protocol
Visit for more Learning Resources
Cryptography: an overview
Electronic Payment Security Technologies
Presentation transcript:

1 NIST Key State Models SP Part 1SP (Draft)

2 KMIP Key Role Types Key Role Type 1.1 Key Role Type KMIP NameDescriptionValue BDKBase Derivation Key CVKCard Verification Key DEKData Encryption Key MKACApplication Cryptograms MKSMCSecure Messaging for Confidentiality MKSMISecure Messaging for Integrity MKDACData Authentication Code MKDNDynamic Numbers MKCPCard Personalization MKOTHOther A KEKKey Encryption or Wrapping Key B 16609ISO MAC Algorithm C 97971ISO MAC Algorithm D 97972ISO MAC Algorithm E 97973ISO MAC Algorithm F 97974ISO MAC Algorithm ISO MAC Algorithm ZPKPIN Block Encryption Key PVKIBMPIN Verification Key, IBM PVKPVVPIN Verification Key, Visa PVV PVKOTHPIN Verification Key, Other ExtensionsFuture or Vendor Specific Use8XXXXXXX Proposal for 1.2 Key Role Type KMIP NameDescriptionValue BDKBase Derivation Key CVKCard Verification Key DEKData Encryption MKACApplication cryptograms MKSMCSecure Messaging for Confidentiality MKSMISecure Messaging for Integrity MKDACData Authentication Code MKDNDynamic Numbers MKCPCard Personalization MKOTHOther A KEKKey Encryption or wrapping B 16609ISO MAC algorithm C 97971ISO MAC Algorithm D 97972ISO MAC Algorithm E 97973ISO MAC Algorithm F 97974ISO MAC Algorithm ISO MAC Algorithm ZPKPIN Encryption PVKIBMPIN verification, IBM PVKPVVPIN Verification, VISA PVV PVKOTHPIN verification, KPV, other algorithm DUKPTDUKPT Initial Key (also known as IPEK) IVInitialization Vector (IV) KBPKTR-31 Key Block Protection Key ExtensionsFuture or Vendor Specific Use8XXXXXXX

3 KMIP Profiles  Purpose is to define what any implementation of the specification must adhere to in order to claim conformance  Define the use of KMIP objects, attributes, operations, message elements and authentication methods within specific contexts of KMIP server and client interaction  Define a set of normative constraints for employing KMIP within a particular environment or context of use  Optionally, require the use of specific KMIP functionality or in other respects define the processing rules to be followed by profile actors (e.g. Server & Client)  Defined OASIS Profiles  Profiles are further qualified by authentication suite  TLS V1.0 / V1.1 / V1.2 or similar  External Profile in development – (Not OASIS developed)  INCITS T10 profile – Fibre Channel Security Protocol v2.0 (FCSP2)

4 Defining Profiles  Server requirements (required)  Includes all objects, operations and attributes that a client can access  Defined down to all required components of those objects, operations and attributes Even if optional in KMIP specification, it can be required in a profile  Definition of any extensions and how they are to be used  Client requirements (optional)  What are the bare minimum requirements for a Client to claim conformance e.g. Must support get of a symmetric key using unique identifier  Can be a single statement Basically states that support of any operation, object and attributes that are supported by the server and you can be conformant  Protocol requirements (recommended)  Wire protocol KMIP messaging uses (e.g. SSL 3.0, TLS v1.2, FCSP, etc…)  Authentication requirements (recommended)  Certificates, user ID/password, mutual authentication, DH-CHAP, etc…  Interoperability Requirements (recommended)  How to prove conformance either as part of the profile or as a separate Test Case guide  Use Cases (recommended)  How objects, operations and attributes are to be used with message examples

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.