Presentation is loading. Please wait.

Presentation is loading. Please wait.

IEEE P1619.3 Architecture Subcommittee Conference Call January 24, 2008 1IEEE P1619.3 Architecture Subcommittee.

Similar presentations


Presentation on theme: "IEEE P1619.3 Architecture Subcommittee Conference Call January 24, 2008 1IEEE P1619.3 Architecture Subcommittee."— Presentation transcript:

1 IEEE P1619.3 Architecture Subcommittee Conference Call January 24, 2008 1IEEE P1619.3 Architecture Subcommittee

2 Agenda Review Previous Actions Discuss how to divvy up work on “General Concepts and Models” Proposal Levels of protection in architectural model Sequence model discussion Next Steps 2IEEE P1619.3 Architecture Subcommittee

3 Review Past Action Items Publish next draft of model proposal Mike will publish next draft before face-to-face (Friday) This has been published. Commented at the face to face in Santa Ana. Create new policy model to replace figure 1 in D1 Landon (due by face-to-face, Friday) Still Open. Check with Landon. Refine sequence models and send to Landon/Bob Mike (due by next meeting ) Still Open? Check with Mike. Send P1619.3/D1 source to Mike Bob L. (by this week) This has been completed. Matt and Bob have this and it is on the website but password protected. Create new model that depicts passing key blobs between KMS to CU through KMC; also show policy passing between KMS/KMC Matt (by this Friday) Next call will be Thursday, February 7 @ 10AM PST (1PM EST) 3IEEE P1619.3 Architecture Subcommittee

4 Update l Mike will be temporarily unavailable as chair of the ARCH subcommittee for the time being. l Walt has agreed to act as acting chair.

5 P1619.3/D2 Outline Discussion The following is what was agreed to during the call: 1.Overview 2.Normative References 3.Definitions, Acronyms, Abbreviations 4.General Concepts and Models A.Overview B.Architecture Model C.Conceptual Model D.Key Lifecycle Model E.Key Management Sequence Models F.Key Management Objects 5.Key Name Space 6.Key Management Operations A.Key Management API Definition 7.Key Management Messaging 8.Key Management Transport 9.Requirements for KM Servers (shalls) 10.Requirements for KM Clients (shalls) 11.Requirements for KM SW Lib (shalls) 12.Annex A: Bibliography 13.Annex B: Example Use Cases 14.Annex C: XML and TLV Schema Definitions 15.Annex D: Comparison of Key Lifecycle Models 16.Annex E: Reference KM API Implementation 17.Annex F: Glossary 5IEEE P1619.3 Architecture Subcommittee

6 P1619.3/D2 Outline Discussion Normative References (Mike) Definitions, Acronyms, Abbreviations (Mike) General Concepts and Models: 4.1Overview – need material from D1, Bob/Subhash will supply (Mike/Bob?) 4.2Architecture Model – In progress (Mike/Walt?/Subhash) 4.3Conceptual Model – In progress (Mike/Walt?) 4.4Key Lifecycle Model – In progress (Jon/Mike) 4.5Key Management Sequence Models – (Mike will base on OO proposal) 4.6 Key Management Objects – (Landon/Ravi) (Mike will use existing D1 material for now) 6IEEE P1619.3 Architecture Subcommittee

7 Architecture Model Requirement Levels of Protection for keys and policies Protection for keys and policies may be different Potentially two authentication/certification/integrity-check mechanisms One between KMC and KMS KMCs manage policies, but may not manage encryption function itself (especially if KMC is distinct entity from CU) Used to protect policies and authenticate clients to servers KMC’s may not have visibility into key blobs (protected by the second protection mechanism); in this case the KMC is a pass-thru in relation to the key material One between CU and KMS Can the protected (wrapped) via symmetric or asymmetric key wrapping mechanisms Required when CUs must be FIP 140 compliant 7IEEE P1619.3 Architecture Subcommittee

8 Sequence Model Discussion Requirements Keep to high level operations Accommodate synchronous and asynchronous ops Single threaded KMCs Multithreaded KMCs Requests with multiple object lists Questions about how to deal with partial responses 8IEEE P1619.3 Architecture Subcommittee

9 Action Items Publish next draft of model proposal Mike will publish next draft before face-to-face (Friday) Create new policy model to replace figure 1 in D1 Landon (due by face-to-face, Friday) Refine sequence models and send to Landon/Bob Mike (due by next meeting) Send P1619.3/D1 source to Mike Bob L. (by this week) Create new model that depicts passing key blobs between KMS to CU through KMC; also show policy passing between KMS/KMC Matt (by this Friday) Next call will be Monday, Jan. 7 th @ 10AM PST (1PM EST) 9IEEE P1619.3 Architecture Subcommittee

10 Models In Progress 10IEEE P1619.3 Architecture Subcommittee

11 KM Sequence Models Purpose: High level model for API and KM Ops 11IEEE P1619.3 Architecture Subcommittee

12 Completed Draft Models 12IEEE P1619.3 Architecture Subcommittee

13 Architectural Key Mgmt Model 13IEEE P1619.3 Architecture Subcommittee KM Server Storage Medium Data Transfer (outside of KMS) KMCS Ops KMSS Ops Key Backup/Archive KM Server Key Backup/Archive Encryption Entity Storage Medium Encryption Entity KM File Import/Export KMCS Ops Out of Scope Legend File transfer KM User In Scope

14 Conceptual Key Mgmt Model KM Server Encryption Entity Cryptographic Unit KM Client Encryption Users KM SW Lib (optional) KM API Storage Media Data Plane KMCS Ops Control Plane 14IEEE P1619.3 Architecture Subcommittee Plaintext Data Encrypted Data Out of Scope Legend In Scope

15 Key Lifecycle Model 15IEEE P1619.3 Architecture Subcommittee


Download ppt "IEEE P1619.3 Architecture Subcommittee Conference Call January 24, 2008 1IEEE P1619.3 Architecture Subcommittee."

Similar presentations


Ads by Google