Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins.

Published byKatelin Larkey Modified over 9 years ago

Similar presentations

Presentation on theme: "Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins."— Presentation transcript:

1 Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins

2 Goals Meet crypto-agility requirements Deliver key material for various purposes securely Deliver arbitrary attributes securely Meet NIST key wrapping requirements

3 RADIUS Key Wrap Attribute Contains –Information for the key encryption –Information about the key being encrypted –Key Supports Key Wrap Specific Algorithms –AES-Keywrap – Specified by NIST –Key wrapping algorithms (AES-Keywrap) not necessary sufficient for general bulk data encryption Should be updated to use extended attributes draft for extensibility

4 Encrypted Attributes Attributes –Crypto Parameters –Encrypted Data –Randomizer –MAC Attribute Does not use extended attributes –Existing RADIUS attributes need to be encrypted Currently only one encrypted attributes set per message

5 Issues with using Encrypted Attribute for Key-Wrap Key wrap algorithms not always appropriate for encrypting generic data Generic data encryption algorithms may not be specified for key encryption The encryption attribute would need to be special cased to handle key-wrapping More than one encrypted attribute set may be required per message

6 Summary Believe we meet the crypto agility requirements Keywrap can be used for various types of keys –Extended attribute would allow for arbitrary, optional data associated with key

Download ppt "Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins."

Similar presentations

PKCS-11 Protocol for Enterprise Key Management

PKCS-11 Protocol for Enterprise Key Management
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
RADEXT WG IETF-71 Agenda Friday, March 14, 2008 9:00 – 11:30 AM.

RADEXT WG IETF-71 Agenda Friday, March 14, :00 – 11:30 AM.
CT-KIP Magnus Nyström, RSA Security 23 May 2005. Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
Doc.: IEEE 802.11-09/0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: 2009-03-08 Authors:

Doc.: IEEE /0283r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 Suggested Changes to the Abbreviated Handshake Date: Authors:
Web security: SSL and TLS

Web security: SSL and TLS
XML Encryption Prabath Siriwardena Director, Security Architecture.

XML Encryption Prabath Siriwardena Director, Security Architecture.
NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013.

NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.

JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Doc.: IEEE 802.11-12/0946r3 Submission August 2012 A proposal for next generation security in 802.11 built on changes in 802.11ac 23 August 2012 Slide.

Doc.: IEEE /0946r3 Submission August 2012 A proposal for next generation security in built on changes in ac 23 August 2012 Slide.
S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.

S/MIME and CMS Presentation for CSE712 By Yi Wen Instructor: Dr. Aidong Zhang.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
TLS 1.2 and NIST SP 800-56A Tim Polk November 10, 2006.

TLS 1.2 and NIST SP A Tim Polk November 10, 2006.
Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.

Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Similar presentations

Ads by Google