Doc.: 15-10-0877-00-0hip-Turorial-KeyManagementProtocols November 2010 Slide 1 Key Management Protocols Opening Pandora's Box Value, Cost, and Future Proofing.

Slides:



Advertisements
Similar presentations
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Advertisements

Chapter 17: WEB COMPONENTS
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Chapter 12 Network Security.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chapter 10: Authentication Guide to Computer Network Security.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Doc.: IEEE /492r0-I Submission Robert Moskowitz, Trusecure/ICSALabsSlide 1 March 2002 An Authentication layering model Robert Moskowitz Trusecure.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
TLS 1.2 and NIST SP A Tim Polk November 10, 2006.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Doc.: IEEE 802 ec-12/0006r0 Submission Liaison presentation to SC6 regarding Internet Security Date: 2012-February-13 Authors: IEEE 802 LiaisonSlide 1.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.
Network Security Jiuqin Wang June, 2000 Security & Operating system To protect the system, we must take security measures at two levels: Physical level:
RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.
Building Security into Your System Bill Major Gregory Ponto.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Doc.: IEEE Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P Working Group for Wireless Personal.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
CS223: Software Engineering Lecture 13: Software Architecture.
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
Cryptography CSS 329 Lecture 13:SSL.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Version B.00 H7076S Module 3 Slides
Secure Sockets Layer (SSL)
Link Setup Flow July 2011 Date: Authors: Name Company
Presentation transcript:

doc.: hip-Turorial-KeyManagementProtocols November 2010 Slide 1 Key Management Protocols Opening Pandora's Box Value, Cost, and Future Proofing Robert Moskowitz ICSAlabs an Independent Division Of Verizon Business Dallas, TX November 8, 2010

doc.: hip-Turorial-KeyManagementProtocols Slide 2 November 2010 Agenda Why are we here? The Problem What is a Key Management System Why is it important The role of the Key Management Protocol Delving into choices When to do what With whom What next?

doc.: hip-Turorial-KeyManagementProtocols Slide 3 November 2010 Why are we here? Why Pandora's box? We will cover the ills that security has visited upon our precious networks. And how the cure can be as bad as the disease. Security is as hard to make sense of by a non- security designer as RF is to make of by a non- RF designer! And not all security designers agree on how to construct a security system.

doc.: hip-Turorial-KeyManagementProtocols Slide 4 November 2010 Why are we here? As we move into the “Internet Of Things” (or your choice of buzz-term) the problems get harder. Time to set a tone for security that works across many problems and limit complexity Complexity for the sake of technology reuse is bad Not to present a solution, but to focus efforts I may raise more questions than answers I have MY answers but they are NOT the only answers

doc.: hip-Turorial-KeyManagementProtocols Slide 5 The Problem November 2010

doc.: hip-Turorial-KeyManagementProtocols Slide 6 November 2010 What is a Key Management System? It controls the keys used in a security system A security system is only as good as the weakest part, frequently, the KMS. Good Keys and Key Management is essential to good security. A Key Management System is a: Set of technologies and human procedures that insure that the keys needed for a security system are available and trustworthy up to the risk claims for a system.

doc.: hip-Turorial-KeyManagementProtocols Slide 7 November 2010 Components of a Key Management System? A Key Management System consists of: Key Management Protocol Key Derivation Function Key Storage

doc.: hip-Turorial-KeyManagementProtocols Slide 8 November 2010 Components of a Key Management System? A Key Management System parties are: Key users (at least two!) Trust Provider

doc.: hip-Turorial-KeyManagementProtocols Slide 9 November 2010 Why so many Key Management Systems? One for each layer Network, Internetwork, and Transport Leave data aside for now. Based on the assumption that it is the only one available or needed And each has a different reach Each layer has a unique risk and liability What works for one many not for another

doc.: hip-Turorial-KeyManagementProtocols Slide 10 November 2010 Why so many Key Management Systems? One for each technology “Mine is a unique technology with a unique problem.” Not necessarily a false concern Evolutionary development Later efforts build on earlier experiences

doc.: hip-Turorial-KeyManagementProtocols Slide 11 November 2010 Some basic thoughts on Key Management Systems Claim: Key establishment is a outcome of authentication But authentication must be secured There is always a boot-strap process E.G. Root certificate list is a manually installed ACL Or Claim: Authentication a step within key establishment to qualify the value of the keys established

doc.: hip-Turorial-KeyManagementProtocols Slide 12 November 2010 Some basic thoughts on Key Management Systems Authentication costs in Human setup And/or computation resources In cryptographic elements And/or number of datagrams exchanged This equates to time to authenticate Choose some sub-optimization This is controlled via the Key Management Protocol, working in tandem with the trust system.

doc.: hip-Turorial-KeyManagementProtocols Slide 13 November 2010 Key Management Protocol Perhaps the most visible component of a KMS A set of Data packets Here is where the cryptography lurks State machine(s) Assumed to be complete Human procedures E.G. “If you really care, only initiate this in a Faraday cage!”

doc.: hip-Turorial-KeyManagementProtocols Slide 14 November 2010 Key Derivation Function Often not viewed as a separate component from the KMP But can impact the complexity and usability of the KMS The key protocol places a “Master Key” and the KDF creates all the many use keys actually needed by the other security systems. If done this protects the MK and limits attack opportunity

doc.: hip-Turorial-KeyManagementProtocols Slide 15 November 2010 Key Storage Where do you keep your car keys at night? Can someone clone your driver's license? Or your Paypass chip? Key Storage attacks make for 'good' press Should keys survive a power cycle? Is power cycling even meaningful for a device? Thus features of the Key Storage impact the KMP. Respect Key Storage boundaries

doc.: hip-Turorial-KeyManagementProtocols Slide 16 Delving into Choices November 2010

doc.: hip-Turorial-KeyManagementProtocols Slide 17 November 2010 Choices There are always choices Focus on 802 technologies But cognizant of higher layers The cost of establishing trust (i.e. authentication) (e.g. timings, computational resources) Which is primary, Key Establishment or Authentication? What comes first, networking or security? Juggling risks against resources

doc.: hip-Turorial-KeyManagementProtocols Slide 18 November 2010 Choices There are always choices Cryptographic components Crypto-agility versus simplicity Future-proofing Against what future? And optimizing code size or computation cost

doc.: hip-Turorial-KeyManagementProtocols Slide 19 November 2010 Network and Security Setup At Odds At what point in network establishment (between networking parties) are security systems activated? Starting with key establishment via a KMP. Prior to any physical network setup via ACL deployment (e.g. password files) As the first step in network resource allocation After networking services functioning, as the first allowed data traffic

doc.: hip-Turorial-KeyManagementProtocols Slide 20 November 2010 Network and Security Setup At Odds Claim: Earliest is best. The fewer resources committed prior to security actuation, the fewer the opportunities for attacks. Accepting delaying the KMS may impede new applications

doc.: hip-Turorial-KeyManagementProtocols Slide 21 November 2010 Network and Security Setup At Odds Corollary: Leaving KMS to a higher layer data path Dictates a higher layer model Exposes networking services

doc.: hip-Turorial-KeyManagementProtocols Slide 22 November 2010 Anonymity and Trust At Odds Two anonymous parties CANNOT secure their communications One anonymous party CAN converse securely with a known party The basic SSL model Assumption on the known parties part that the anonymous party performed some identity validation The HTTPS click-through syndrome

doc.: hip-Turorial-KeyManagementProtocols Slide 23 November 2010 Anonymity Demanding “mutual authentication” in a KMS excludes anonymity Mitigated with ephemeral identities “I don't know who you really are, but I can work with this ephemeral identity and trust you have no cause to share it.”

doc.: hip-Turorial-KeyManagementProtocols Slide 24 November 2010 Establishing Trust With today's technologies it is impossible to establish a secure environment without a trust process. Access Control Lists (ACLs) Digital Certificates (X.509) Public Key Infrastructure (PKI) Authentication Server (RADIUS)

doc.: hip-Turorial-KeyManagementProtocols Slide 25 November 2010 Trust in ACLs ACLs are as old as password files And as relevant as trusted Digital Certificate lists in web browsers. Frequented by self-signed and expired certificates ACLs are appropriate for networks large and small where a human directed trust initiation exists.

doc.: hip-Turorial-KeyManagementProtocols Slide 26 November 2010 When do Digital Certificates Help and when hinder Digital Certificates and a Public Key Infrastructure (PKI) provides strong identities At what cost? Good for identifying a network Inadequate to establish membership in a network ACL or other authentication still needed! Some human process for registration Does a 'client' certificate really improve security?

doc.: hip-Turorial-KeyManagementProtocols Slide 27 November 2010 Authentication Servers Other than using their own authentication protocol, are they anything more than a complex ACL mechanism? So what? Does leverage prior efforts. Provides choices for authentication methods Is the AS protocol run over a secure channel or provides its own internal security? Can an AS 'know' there IS a secure channel in place?

doc.: hip-Turorial-KeyManagementProtocols Slide 28 November 2010 Building trust in the KMS There are many choices, few are clear good choices Unfortunately, beyond simple ACLs, trust systems are outside of 802. We can't fix them here

doc.: hip-Turorial-KeyManagementProtocols Slide 29 November 2010 Where do Key Derivation Functions fit in? Long history of deriving actual use keys from negotiate keys Often more than one key needed E.G. Encrypt and Authenticate Extend key lifetime Save on KMP costs Recent developments to formalize KDFs Simplify KMS design efforts Inventing your own requires extensive peer review

doc.: hip-Turorial-KeyManagementProtocols Slide 30 November 2010 Cryptography in the KMS We have learned the need for agility, but We have no choice for basic symmetric cryptography Some push Camellia Many 'modes of operation' to choose from RSA is dying, can we use ECC RSA key size recommendations are exceeding cost value over ECC. IPR issues

doc.: hip-Turorial-KeyManagementProtocols Slide 31 November 2010 Cryptography in the KMS Cryptographic hash choices unclear Digital Certificates MANDATE cryptographic hashes KDF can use cryptographic MAC in place of hash NIST competition DUE complete in 2012 What until then? Some efforts to create a KMP without a cryptographic hash

doc.: hip-Turorial-KeyManagementProtocols Slide 32 Where to go from here? November 2010

doc.: hip-Turorial-KeyManagementProtocols Slide 33 November 2010 Key early and infrequently The Key Management Protocol should be one, if not the first first step in network establishment. Leverage the Key Derivation Function to minimize the use of the KMP May need a lightweight 'nonce refresh' mechanism Design the Key Storage to prolong key life Keys that survive system reboot Keys for multiple networks

doc.: hip-Turorial-KeyManagementProtocols Slide 34 November 2010 Authentication is subservient to the KMP Minimize the cost of authentication within the KMP Where possible follow the SSL model to start a secure channel for an authentication exchange of a 'client'. Certificate or ACL based Place risk in the appropriate part of the network E.G. In a hub-spoke network the hub is at risk if the spoke is not properly authenticated.

doc.: hip-Turorial-KeyManagementProtocols Slide 35 November 2010 Define a minimum Cryptographic subset Not all devices can support all practical cryptographic suite. Or even a 'typical' single suite. The Internet Of Things (IoT) has both large and small Things. This may require some innovative designs. Future-proofing for quantum computing is still a research project.

doc.: hip-Turorial-KeyManagementProtocols Slide 36 November 2010 Evaluating state of 802 Should each 802 technology's security features be reviewed? By whom and to what criteria?

doc.: hip-Turorial-KeyManagementProtocols Slide 37 Thank You ! Any Questions ? November 2010

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.