Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sepucha_Date_01 Group Key Management Architecture Howie Weiss NASA/JPL/SPARTA

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Sepucha_Date_01 Group Key Management Architecture Howie Weiss NASA/JPL/SPARTA"— Presentation transcript:

1 Sepucha_Date_01 Group Key Management Architecture Howie Weiss NASA/JPL/SPARTA hsw@sparta.com

2 Sepucha_Date_02 Types of Key Management Manual key generation & distribution – Hardcopy, paper tape, key cards, floppy disks, magnetic tape – Hand carried and manually loaded Electronic key generation & distribution – EKMS (electronic key management system) » LMD/KP (local KPs, dial-up to download keys) » KDC (e.g., STU-III Central Facility, STU-II Bellfield) Public Key – Key agreements between key pairs » Public/private key negotiation to establish symmetric key Group Key – Generate, distribute, manage keys and policies for a group of systems

3 Sepucha_Date_03 We Gotta Get Away From This… Bank of KW-26s in service from ‘60s – ‘80s.

4 Sepucha_Date_04 A Bit Better …. Key order processing Electronic generation & dist FIREFLY generation Seed Key conversion CRL OTAR Central Office of Record Phys key dist Elect key dist Key generation Key ordering KOK-22 Key Processor Local key generation Digital signature KYK-13 KOI-18 CYZ-10 New fill devices

5 Sepucha_Date_05 IPsec Requirements IPsec “lives” between the network (IP) layer and transport (TCP or UDP) layer Requires a “security policy database” to determine what services are applied to what connections – E.g., connection A-B requires encryption+auth – E.g., connection C-D requires encryption – E.g., all other connections require no security services Crypto keys – Manually loaded, or – IKEv2 negotiated Policy: – Manually loaded in each individual device, or » RFC 4807 (IPsec Security Policy Database Configuration MIB) » IPsec Security Policy IPsec Action MIB (ID) » IPsec Security Policy IKE Action MIB (ID)

6 Sepucha_Date_06 Application Layer Security A la SSL/TLS (but TBD) Requires keys – SSL/TLS would use Diffie-Helman key negotiation which may not be possible for Cx flight systems. – Pre-shared symmetric keys a la RFC 4279. » e.g., TLS_PSK_WITH_AES_128_CBC_SHA Requires policy – SSL/TLS really has no policy database – “https” == encrypt connection – Mutual authentication (dual cert) vs. server-side authentication (single cert) Messaging security – Pub/Sub messaging security mechanims

7 Sepucha_Date_07 Conundrums Keys are required by heterogeneous systems Policy is required by heterogeneous systems Ground/Mission systems have good, broadband connectivity Space systems may have intermittent, lossy, and limited bandwidth connectivity

8 Sepucha_Date_08 So….. Public Key technology and Electronic Key Distribution are the ‘modern’ ways to generate and distribute keys, but……. – Not a problem for ground-based systems with good connectivity – Can be a problem for space-based systems with not so good connectivity

9 Sepucha_Date_09 Therefore….. How do we combine ‘modern’ electronic key distribution with varying types of connectivity across the entire program? – 1) go with PKI and hope for the best (a la cellular phone systems)? – 2) use only PKI in control centers and do something else for space? – 3) use symmetric keys everywhere and deliver them manually (e.g., floppy, flash drive, paper tape)? – 4) LMD/KP local site generation and manual loading? – 5) Central key distribution center (KDC) that all systems must contact to obtain keys? – 6) ‘Group keying’ techniques doing what’s best and available for the given part of the system?

10 Sepucha_Date_010 Group Key Overview From RFC 2094: – “GKMP combines techniques developed for creation of pair-wise keys with techniques used to distribute keys from a KDC (i.e., symmetric encryption of keys) to distribute symmetric key to a group of hosts.” Defined in RFC 4535 - GSAKMP: Group Secure Association Key Management Protocol – Parameters for a given GSAKMP group are provided in the Group Security Policy Token, whose structure is defined in RFC 4534

11 Sepucha_Date_011 Group Security Use of cryptography to protect data shared between multiple endpoints – Encryption of data » Network layer » Application layer – Key management for groups » Definition of mutual suspicious key exchanges for groups » Security policy and policy dissemination » Key creation and dissemination – Security management for groups » Scalability of security infrastructure » Coalitions and diverse mechanisms » Low latency group establishment » Management of group membership

12 Sepucha_Date_012 GSAKMP Entities Group Owner – responsible for creating the security policy rules for a group and expressing these in the policy token Group Controller/Key Server – responsible for creating/obtaining keys, maintaining the keys, and enforcing the group policy by granting access to potential Group Members (GMs) in accordance with the policy token – In a distributed mode, there can be multiple subordinate GC/KSs Group Member – responsible for verifying key and policy disseminations and for protecting group data according to group policy

13 Sepucha_Date_013 GSAKMP Architecture Group Owner Group Controller/Key Server Sub GC/KS MMMMMMM M Key Infrastructure Policy [Keys] Policy & Keys

14 Sepucha_Date_014 Group Trust Group policy vs. Peer Policies AliceBob A and B have 1 st hand knowledge A and B are sharing their own data A and B participate in key creation Alice Bob Sue ? A and B have 1 st hand knowledge A and S have 1 st hand knowledge B and S have never communicated Who owns the data? How can S trust B? B trust S? Was the A to B key exchange as strong As the A to S exchange? Will A and B protect the data equally? Is A authorized to distribute key? Is A controlling the group?

15 Sepucha_Date_015 GSAKMP / Group Policy Must support mutual suspicion – All actors must prove they are authorized » Policy creation authorities » Key dissemination » Key possession » Group management Must provide flexible group definitions – Rule based access control » Limited only by infrastructures available – Mechanism flexibility » Algorithms » Infrastructures » Protocols – Operational flexibility » Group management » DoS controls » Protocol latency controls

16 Sepucha_Date_016 GSAKMP - Group Joins Group Controller Member Group Controller – Defines group policy – Creates initial keys Members join the group – Can become subordinate GCs – Can be key consumers Member can get keys from GC or S-GC Group membership is managed using group cryptography – One message can reconfigure membership of receivers Member

17 Sepucha_Date_017 Binary Key Trees 1 2 3 4 5 6 7 8 A B C D E F 1,C,A2,C,A3,DA4,DA5,E,B6,E,B7,F,B8,F,B

18 Sepucha_Date_018 Bottom Line GSAKMP can provide key and policy management for scalable groups (large or small). Group members can perform a full, negotiated group join or can just receive keys from a group or sub-group controller Combines the best of public key, symmetric key, and policy management. Can provide keys (with work on the host side) to applications, IPsec (using multicast SAs), and even bulk encryptors if they can be controlled by the system.

19 Sepucha_Date_019 By The Way….. Cisco is using an alternative group key (GDOI – RFC 3547) to more easily establish VPN groups.

Download ppt "Sepucha_Date_01 Group Key Management Architecture Howie Weiss NASA/JPL/SPARTA"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Virtual Private Networks

Virtual Private Networks
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Cryptography and Network Security

Cryptography and Network Security
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Group Secure Association Key Management Protocol (GSAKMP) Presented by Hugh Harney

Group Secure Association Key Management Protocol (GSAKMP) Presented by Hugh Harney
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Similar presentations

Ads by Google