March 2006IETF 65 - Dallas1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Dave Mitton, RSA Security for Magnus Nyström IETF SAAG.

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
The Cryptographic Token Key Initialization Protocol (CT-KIP) OTPS Workshop February 2006.
CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Some New Applications of One-Time Passwords Burt Kaliski, RSA Laboratories October 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Internet Engineering Task Force Provisioning of Symmetric Keys Working Group Hannes Tschofenig.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
Protected Extensible Authentication Protocol
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Network Security Essentials Chapter 5
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Technical Working Group December 2000 Mark Davis Andrew Nash.
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
Hariharan Venkataraman
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
XML Encryption, XML Signature, and Derived Keys: Suggestion For a Minor Addition Magnus Nyström RSA.
A Conference Gateway Supporting Interoperability Between SIP and H.323 Jiann-Min Ho (Presenter) Jia-Cheng Hu Information Networking Institute Peter Steenkiste.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
One-Time Password Specifications (OTPS): Overview, Workshop Agenda, and Process DRAFT – 18 May 2005.
EAP-POTP Magnus Nyström, RSA Security 23 May 2005.
Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
SCEP Simple Certificate Enrollment Protocol.
Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.
IETF Provisioning of Symmetric Keys (keyprov) WG Update
iSCSI X-key for enhanced supportability
Presentation transcript:

March 2006IETF 65 - Dallas1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Dave Mitton, RSA Security for Magnus Nyström IETF SAAG

March 2006IETF 65 - Dallas2 CT-KIP Primer A client-server protocol for initialization (and configuration) of cryptographic tokens with shared keys Intended for general use within computer and communications systems employing connected cryptographic tokens

March 2006IETF 65 - Dallas3 Objectives To provide a secure and interoperable method of initializing cryptographic tokens with secret keys To provide a solution that is easy to administer and scales well To provide a solution which does not require private-key capabilities in tokens, nor the existence of a public-key infrastructure

March 2006IETF 65 - Dallas4 Message flow CT-KIP server CT-KIP client Client Hello Server HelloClient NonceServer Finished(Server Trigger)

March 2006IETF 65 - Dallas5 Principle of Operation

March 2006IETF 65 - Dallas6 Current status Version 1.0 finalized in December 2005 Describes a 4-pass protocol for the initialization of cryptographic tokens with secret keys Includes a public-key variant as well as a shared-key variant Public-key variant assumes completely “blank” token (i.e. totally un-initialized)

March 2006IETF 65 - Dallas7 The One-Time Password Specifications (OTPS) CT-KIP was developed as one of several OTPS documents The OTPS effort was launched one year ago, to simplify the use and integration of OTP technology Analogous to the PKCS process, documents developed through an open process (no membership required)

March 2006IETF 65 - Dallas8 Provisioning Retrieval Validation Transport OTPS Documents Authentication Server (EAP-POTP, OTP-TLS) (OTP-WSS-Token, (OTP-Validation Service) (CT-KIP, CT-KIP-PKCS#11) (OTP-PKCS#11, OTP-CAPI)

March 2006IETF 65 - Dallas9 Future work A 1- and 2-pass version of CT-KIP is available in draft form from the OTPS pages Internet draft: draft-nystrom-ct-kip-00 Going forward, intent is to submit, and develop, this in IETF I-D form in parallel with the OTPS process

March 2006IETF 65 - Dallas10 More information Internet draft: ct-kip-00.txtwww.ietf.org/internet-drafts/draft-nystrom- ct-kip-00.txt OTPS documents: Mailing list (ordinary majordomo): Editors:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.