Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jim Schaad Soaring Hawk Security

Published byBaldric Wade Modified over 6 years ago

Similar presentations

Presentation on theme: "Jim Schaad Soaring Hawk Security"— Presentation transcript:

1 Jim Schaad Soaring Hawk Security
RFC 2511 BIS (CRMF) Jim Schaad Soaring Hawk Security

2 Proof of Possession (POP)
Provide evidence that the following two conditions are met I have use of the private key My identity is <your name here> Owner of key can always produce a false POP for somebody else

3 POP - Methods Document defines 6 different methods for POP
Signature Based Surrender of private key Direct (Challenge Response) Indirect (Decrypt Certificate) Key Agreement HMAC RA Asserts POP is completed

4 POP - Sign Sign Satisfies the POP requirement Public Key
Identity Statement Satisfies the POP requirement

5 POP – Surrender Private Key
Encrypt private key for the CA/RA Proves key possession only. Allows for theft of POP proof. Sufficient to do? ECA(private key, identity statement) Encrypted structure currently not specified. CMS? Other? Content?

6 POP – Direct/Indirect Receive EEE(value) Decrypt and return value
Shows use of key Does not show identity Does it need to be fixed – if so how?

7 POP – DH-HMAC Produce a shared secret with CA/RA
HMAC the request with derived key Send result with enrollment message Proves use of private key Proves identity sometimes Need to ensure identity is in the hashed value at all times

8 Blocking Issues POP issues as previously noted
DH-MAC needs to be extended for other key – provide algorithm and value Protocol Encryption Key Control Specifies key, but not any algorithms

9 Blocking Issues Reg Token and Authenticator control
Can’t do binary in UTF8 string Type has changed but not OID since RFC 2511 Reg Token algorithm undefined if computed Need better distinguishing text

10 Blocking Issues Archival Key Gen parameter structure not defined
Key Gen parameter structure not encrypted Encryption key not specified CA? RA? User’s? Discovery of encryption algorithms to use

11 Blocking Issues RegInfo Control overloads the use of ‘%’
Name?Value%[Name?Value%]* %xx if % and ? Not be used as delimiters

12 Questions

Download ppt "Jim Schaad Soaring Hawk Security"

Similar presentations

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Certificate Enrollment Process

Certificate Enrollment Process
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.

W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Cryptography 101 Frank Hecker

Cryptography 101 Frank Hecker
X.509 Certificate management in.Net By, Vishnu Kamisetty

X.509 Certificate management in.Net By, Vishnu Kamisetty
Chapter 31 Network Security

Chapter 31 Network Security
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/1.1 200 OK.

How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
AQA Computing A2 © Nelson Thornes 2009 Section 6.4 1 Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Identity Based Encryption Debdeep Mukhopadhyay Associate Professor Dept of Computer Sc and Engg, IIT Kharagpur.

Identity Based Encryption Debdeep Mukhopadhyay Associate Professor Dept of Computer Sc and Engg, IIT Kharagpur.
CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.

CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

Similar presentations

Ads by Google