An additional mode of key distribution in MIKEY draft-ignjatic-msec-mikey-rsa-r-00 D. Ignjatic, L. Dondeti, F. Audet.

Slides:

Advertisements

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Advertisements

MIKEY Capability Discovery Seokung Yoon (Korea Information Security Agency) draft-seokung-msec-mikey-capability-discovery-00.txt.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

Chapter 10 Real world security protocols

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

Secure Socket Layer.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

IKEv2 extension: MOBIKE Faisal Memon Erik Weathers CS 259.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

IKE message flow IKE message flow always consists of a request followed by a response. It is the responsibility of the requester to ensure reliability.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

SIP-SAML assisted Diffie-Hellman MIKEY IETF 65 MSEC Mar 21, 2006 Robert Moskowitz.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Cryptography 101 Frank Hecker

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Wireless and Security CSCI 5857: Encoding and Encryption.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

WEP Protocol Weaknesses and Vulnerabilities

Cullen Jennings Certificate Directory for SIP.

VoN September ‘98 1 9/17/98 VoN Standards Update Jonathan Rosenberg Bell Laboratories September 17, 1998.

ZRTP: Media Path Key Agreement for Unicast Secure RTP April 2011, RFC 6189 Author(s): P. Zimmermann, A. Johnston, J. Callas Speaker :Ted 1.

Digital Signatures, Message Digest and Authentication Week-9.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

1 Secure VoIP: call establishment and media protection Johan Bilien, Erik Eliasson, Joachim Orrblad, Jon-Olov Vatn Telecommunication Systems Laboratory.

1 SIP Requirements for SRTP Keying Dan Wing IETF 66 v4.

Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

A Lightweight Scheme for Securely and Reliably Locating SIP Users Lei Kong Vijay A. Balasubramaniyan Mustaque Ahamad.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

MIKEY, Revisited Lakshminath Dondeti Thanks to: Dragan Ignjatic, Ran Canetti and others.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.

SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.

Fall 2006CS 395: Computer Security1 Key Management.

1 E-cash Model Ecash Bank Client Wallet Merchant Software stores coins makes payments accepts payments Goods, Receipt Pay coins sells items accepts payments.

Cryptography CSS 329 Lecture 13:SSL.

Update on Security Analysis for Location Phil Hawkes

1 Example security systems n Kerberos n Secure shell.

A Framework for Internet Program Guides Yuji Nomura ( Fujitsu Laboratories Ltd. Henning Schulzrinne ( ) Columbia.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

XTR algorithm for MIKEY

SIP Identity issues John Elwell, Jonathan Rosenberg et alia

APPLE TWO STEP VERIFICATION CHANGE PHONE NUMBER Please read the following presentation on any help on Apple two step verification change phone number.

Presentation transcript:

An additional mode of key distribution in MIKEY draft-ignjatic-msec-mikey-rsa-r-00 D. Ignjatic, L. Dondeti, F. Audet

Public key in MIKEY (RFC 3830) MIKEY Public key mode requires initiator to have responder’s Public key (PKr) before sending the I_MESSAGE Initiator Responder I_MESSAGE = HDR, T, RAND, [IDi|CERTi], [IDr], {SP}, KEMAC, [CHASH], PKE, SIGNi ---> R_MESSAGE = [<---] HDR, T, [IDr], V PKE = E(PKr, env_key)KEMAC = E(encr_key, IDi || {TGK}) || MAC

Problem description Very often, one does not have the PKr in advance, especially for peer-to-peer communication such as SIP –Certificate of responder may not be known in advance –Can not use MIKEY Public Key mode Responder may have different identity than one originally called –Calls may be made to “group aliases”, phone numbers for hunt groups, etc. –“Forking” or “retargeting” (SIP for “forwarding”) –Can not predict who will answer –Will result in multiple round-trips You may still want to do media encryption (sRTP) in those cases

Proposed solution New MIKEY Mode Responder generates TGKs and PKE Initiator Responder I_MESSAGE = HDR, T, CERTi, [IDr], [SP], SIGNi --> R_MESSAGE = HDR, T, RAND, IDr|CERTr, {SP}, KEMAC, PKE, SIGNr PKE = E(PKi, env_key)KEMAC = E(encr_key, IDr || {TGK}) || MAC

I_MESSAGE Presents public key/cert of initiator to responder Includes Timestamp (T) for replay protection Responder’s Identity (IDr) optional –Indicating who initiator is interested in talking to I_MESSAGE signed (SIGNi) to protect against DOS –Entire MIKEY message

R_MESSAGE Full roundtrip to download TGKs PKE encrypted with Initiator public KEY (PKi) KEMAC includes encrypted Identity of responder (IDr) & TGKs, plus a Message Authentication Code (MAC) Also includes responder CERTr or IDr if there is reason to believe that CERTr is already provided using other means

Other Initiator may decide to proceed or not by based on identity/certificate of responder New mode especially useful when expecting retargeting, forking, etc. –When you still want media encryption (sRTP) Traditional mode useful when NOT willing to accept retargeting (i.e., when only wishing to reach a specific known user)

Use of MIKEY-R with multicast Announce session (T,CSB ID) sent as multicast or out of band MCServerClient KMGT Done RSA_R I_MSG unicast RSA_R R_MSG unicast Multicast session (group TEK)

Conclusion Open issues –Describe multicast conferencing –Describe 3-way calling with identical media steams Proposal: –Accept new MIKEY mode as working group document