1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
The Cryptographic Token Key Initialization Protocol (CT-KIP) OTPS Workshop February 2006.
CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Internet Engineering Task Force Provisioning of Symmetric Keys Working Group Hannes Tschofenig.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Cryptography and Network Security Chapter 17
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,
Chapter 8 Web Security.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
The Dynamic Symmetric Key Provisioning Protocol (DSKPP)
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Module 9: Fundamentals of Securing Network Communication.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Hariharan Venkataraman
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
WEP Protocol Weaknesses and Vulnerabilities
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
IETF KeyProv work group: Provisioning of Symmetric Keys.
March 2006IETF 65 - Dallas1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Dave Mitton, RSA Security for Magnus Nyström IETF SAAG.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
Kemal Baykal Rasim Ismayilov
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
Fall 2006CS 395: Computer Security1 Key Management.
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.
- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.
1 Authentication Celia Li Computer Science and Engineering York University.
IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.
IETF Provisioning of Symmetric Keys (keyprov) WG Update
Install AD Certificate Services
Presentation transcript:

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty

2 CT-KIP Primer A client-server protocol for initialization and configuration of cryptographic tokens with shared keys Intended for general use within computer and communications systems employing connected cryptographic tokens Objectives are to provide a: –Secure and interoperable method of initializing cryptographic tokens with secret keys –Solution that is easy to administer and scales well –Solution which does not require private-key capabilities in tokens, nor the existence of a public-key infrastructure

3 Current Status RFC 4758 approved by IESG November 2006 –Describes a 4-pass protocol for the initialization of cryptographic tokens with secret keys. Includes a public-key variant as well as a shared-key variant. 3rd draft of CT-KIP Extensions for 1-, 2-pass variant published as KEYPROV IETF I-D: –draft-nyström-keyprov-ct-kip-two-pass-00.txt –Relatively stable; broad review solicited CT-KIP SOAP binding recently resubmitted as KEYPROV IETF I-D: –draft-doherty-keyprov-ct-kip-ws-00.txt

4 CT-KIP 1, 2, 4-pass Comparison CT-KIP server CT-KIP client Client Hello (2, 4-pass) Server Finished (1, 2, 4-pass) Smart Device Client Nonce (4-pass) Server Hello (4-pass)

5 CT-KIP 1- and 2-pass New variants introduced to meet the needs of deployment scenarios with constraints, e.g., –No direct communication possible between cryptographic token and CT-KIP server –Network latency –Design limited to existing seeds from legacy systems 1-, 2-pass CT-KIP are essentially a transport of key material from CT-KIP server to CT-KIP client These variants maintain the property that no other entity than the token and the server will have access to generated / distributed keys

6 CT-KIP 1- and 2-pass Profiles ProfileKey transport and derivationUsage Key Transport Using a public key, K_CLIENT, whose private key part resides in the token Ideal for PKI- capable devices Key WrapUsing a symmetric key- wrapping key, K_SHARED, known in advance by both the token and the CT-KIP server Ideal for pre-keyed devices, e.g., SIM cards Passphrase- based Key Wrap Using a passphrase-derived key-wrapping key, K_DERIVED, known in advance by both the token user and the CT-KIP server Ideal for constrained devices with key- pads, e.g., mobile phones

7 Cryptographic properties (2- and 1-pass) Key confirmation –In both variants via MAC on exchanged data (and counter in 1-pass) Replay protection –In 2-pass through inclusion of client-provided data in MAC –Suggested method for 1-pass based on counter Server authentication –In both variants through MAC in ServerFinished message when replacing existing key Protection against MITM –In both variants through use of shared keys, client certificates, or server public key usage User authentication –Enabled in both variants through trigger message –Alternative methods rely on draft-doherty-keyprov-ct-kip-ws-00 Device authentication –In both variants if based on shared secret key –In 2-pass if device sends a client certificate –Alternative methods rely on draft-doherty-keyprov-ct-kip-ws-00

8 Bindings (2- and 1-pass) SOAP Binding –Present in both variants –WS interface defined in draft-doherty-keyprov-ct-kip-ws-00 HTTP Binding –Present in both variants –Examples provided Security Binding –Transport level encryption (e.g., TLS) is not required for seed protection in both variants –TLS/SSL is required if other parameters/attributes must be protected in transit

9 Next steps Broader review of IETF Internet Drafts Discuss CT-KIP/DSKPP convergence plan wherein CT-KIP constitutes the basis for a KEYPROV spec –Rationale: Implementation experience and maturity

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.