SACRED REQUIREMENTS DOCUMENT Stephen Farrell, Baltimore Alfred Arsenault, Diversinet.

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Homework #5 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Key Management in Cryptography
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Wireless and Security CSCI 5857: Encoding and Encryption.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography, Authentication and Digital Signatures
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Secure Credential Manager Claes Nilsson - Sony Ericsson
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
1 Integrating digital signatures with relational database: Issues and organizational implications By Randal Reid, Gurpreet Dhillon. Journal of Database.
Csci5233 computer security & integrity 1 Cryptography: an overview.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
CSCE 201 Security Fall CSCE Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.
Communications & Networks National 4 & 5 Computing Science.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Web Applications Security Cryptography 1
Grid Security.
Radius, LDAP, Radius used in Authenticating Users
S/MIME T ANANDHAN.
Homework #5 Solutions Brian A. LaMacchia
Cryptography: an overview
Presentation transcript:

SACRED REQUIREMENTS DOCUMENT Stephen Farrell, Baltimore Alfred Arsenault, Diversinet

GOALS OF THE SACRED WORKING GROUP Develop one or more solutions that allow for the secure transfer of credentials from one device to another. –Credentials can include: Private keys Trusted root keys etc.

GOALS (cont.) All solutions must fit a defined protocol framework All solutions and the framework must meet a common set of requirements agreed to by the WG SO AT THIS POINT WE NEED MORE PEOPLE TO REVIEW THE DOCUMENTS AND HELP PRODUCE AGREEMENT!

WHY ARE WE DOING THIS? “Making credentials securely available (in an interoperable fashion) will provide substantial value to network owners, administrators, and end users.” We expect SACRED solutions to be deployed to support the needs of these users, and of other working groups.

SACRED REQUIREMENTS TREE TBS by Al A.

SACRED DOCUMENT TREE REQUIREMENTS FRAMEWORK Potential solution 1 Potential solution n...

SACRED REQUIREMENTS DOCUMENT Available as draft-ietf-sacred-reqs-00.txt from the usual places Intended to specify the overall requirements for any/all SACRED solutions Two classes of possible solutions: –Use credentials server –Direct transfer

CREDENTIALS SERVER SOLUTIONS Credentials server: –sits in front of a repository where credentials can be securely stored for later retrieval –actively participates in transfer protocol Transfer is a two-step approach: –Device A to credentials server; followed by –Credentials server to Device B

ADVANTAGES & DISADVANTAGES OF CREDENTIALS SERVER APPROACH Advantages: –Conceptually simple solution –Provides secure storage for credentials –Can enforce uniform security policy Disadvantages: –Server might be expensive to maintain –Introduces a new point of vulnerability into system Credentials server must be trusted

DIRECT TRANSFER SOLUTIONS Credentials are transferred from one device to another without any intermediate device processing credentials –To intermediate devices, it’s “a blob of bits” to be transferred

ADVANTAGES & DISADVANTAGES OF DIRECT TRANSFER APPROACH Advantage: –Doesn’t require credentials server Disadvantages –Possibly more complex due to wide variety of devices & capabilities –Possibly more complex because devices may have to act like both clients and servers

THE CURRENT PROPOSED REQUIREMENTS Now we’ll go over the proposed requirements currently listed in the draft Note: you, the audience, are supposed to give feedback on these Proposed wording posted to the mailing list is the best kind of feedback But we’ll take any reasonable feedback we can get!

PROPOSED REQUIREMENTS ON THE FRAMEWORK F1. The framework MUST support both "credential server" and "direct" solutions. F2. The "credential server" and "direct" solutions SHOULD use the same technology as far as possible. F3. The framework MUST allow for protocols which support different user authentication schemes

PROPOSED FRAMEWORK REQUIREMENTS (cont.) F4. The details of the actual credential type or format MUST be opaque, that is, the protocol MUST NOT depend on the internal structure of any credential type or format F5. The framework MUST allow use of different transports.

PROPOSED REQUIREMENTS ON PROTOCOLS Vulnerabilities list –List of some of the vulnerabilities that a secure credential-transfer system should protect against –Should it stay in the draft? Should more be added General protocol requirements Credential-server protocol requirements Direct-transfer requirements

GENERAL PROTOCOL REQUIREMENTS G1. Credential transfer both to and from a device MUST be supported. G2. Credentials MUST never be present in cleartext at any device other than the end user's. G3. All transferred credentials SHOULD be authenticated in some way (e.g., digitally signed or MAC-ed). G4. All transferred credentials MUST be integrity protected in some way (e.g., digitally signed or MAC-ed).

GENERAL REQUIREMENTS (cont.) G5. The protocol MUST support a range of cryptographic algorithms, including: – symmetric and asymmetric algorithms – hash algorithms – MAC algorithms. G6. The protocol MUST support the use of various credential types and formats (e.g., X.509, PGP, PKCS12,...).

GENERAL REQUIREMENTS (cont.) G7. One mandatory to support credential format MUST be defined. G8. One mandatory to support user authentication scheme MUST be defined. G9. Credentials MAY be labelled with a text handle to allow the end user to select amongst a set of credentials or to name a particular credential. G10. Full I18N support is REQUIRED (via UTF8 support).

GENERAL REQUIREMENTS (cont.) G11. The protocol MUST be able to support privacy, that is, anonymity for the client. G12. Transferred credentials MAY incorporate timing information, for example a "time to live" value determining the maximum time for which the credential is to be usable following transfer/download.

CREDENTIAL-SERVER PROTOCOL REQUIREMENTS S1. Credential downloads (to an end user) and upload (to the credential server) MUST be supported. S2. Credentials MUST only be downloadable following user authentication. S3. It MUST be possible to ensure the authenticity of a credential during upload.

C-S REQUIREMENTS (cont.) S4. Different end user devices MAY be used to download/upload/manage the same set of credentials. S5. The credential server MUST NOT have easy access to the cleartext credentials. S6. Credential servers MUST be authenticated to the user for all operations except (possibly) download.

C-S REQUIREMENTS (cont.) S7. It MUST be possible to authenticate the credential server to the user prior to download (if the user is able to verify the authentication). S8. The user SHOULD only have to enter a single secret value in order to download and use a credential. S9. Sharing of secrets across multiple servers MUST be possible, so that penetration of some servers does not expose the private parts of a credential ("m-from-n" operation).

C-S REQUIREMENTS (cont.) S10. The protocol MUST support "away-from- home" operation, where the user enters both a name and a domain (e.g. baltimore.ie) and the domain can be used in order to locate the user's credential server. S11. Users MUST be able to manage their credentials stored on the credential server. S12. The user MUST be able to retrieve a list of their credentials stored on a server; add credentials to the server; delete credentials from the server.

C-S REQUIREMENTS (cont.) S13. Client-initiated authentication information (e.g. password) change MUST be supported. S14. The user SHOULD be able to retrieve a list of accesses/changes to their credentials. S15. The credential server protocol MUST support user self-enrollment. –E.g., where a previously unknown user uploads his credential without requiring manual operator intervention. S16. The credential server protocol MUST NOT prevent bulk initializing of a credential server's repository.

DIRECT-TRANSFER PROTOCOL REQUIREMENTS D1. It SHOULD be possible for the receiving device to authenticate that the credential package indeed came from the purported sending device. D2. In order for a sender to know that a credential has been received by a recipient, it SHOULD be possible for the receiving device to send an acknowledgment of credential receipt back to the sending device, and for the sending device to authenticate this acknowledgment.

OPEN ISSUES Vulnerabilities Robustness Performance Bootstrapping Separation or not of : –user authentication –credential protection –specific credential formats

FUTURE PLANS Another draft (real soon now) based on feedback from the WG!