Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 2006IETF 65 - Dallas1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Dave Mitton, RSA Security for Magnus Nyström IETF SAAG.

Published byAnna Osborne Modified over 8 years ago

Similar presentations

Presentation on theme: "March 2006IETF 65 - Dallas1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Dave Mitton, RSA Security for Magnus Nyström IETF SAAG."— Presentation transcript:

1 March 2006IETF 65 - Dallas1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Dave Mitton, RSA Security for Magnus Nyström IETF SAAG

2 March 2006IETF 65 - Dallas2 CT-KIP Primer A client-server protocol for initialization (and configuration) of cryptographic tokens with shared keys Intended for general use within computer and communications systems employing connected cryptographic tokens

3 March 2006IETF 65 - Dallas3 Objectives To provide a secure and interoperable method of initializing cryptographic tokens with secret keys To provide a solution that is easy to administer and scales well To provide a solution which does not require private-key capabilities in tokens, nor the existence of a public-key infrastructure

4 March 2006IETF 65 - Dallas4 Message flow CT-KIP server CT-KIP client Client Hello Server HelloClient NonceServer Finished(Server Trigger)

5 March 2006IETF 65 - Dallas5 Principle of Operation

6 March 2006IETF 65 - Dallas6 Current status Version 1.0 finalized in December 2005 Describes a 4-pass protocol for the initialization of cryptographic tokens with secret keys Includes a public-key variant as well as a shared-key variant Public-key variant assumes completely “blank” token (i.e. totally un-initialized)

7 March 2006IETF 65 - Dallas7 The One-Time Password Specifications (OTPS) CT-KIP was developed as one of several OTPS documents The OTPS effort was launched one year ago, to simplify the use and integration of OTP technology Analogous to the PKCS process, documents developed through an open process (no membership required)

8 March 2006IETF 65 - Dallas8 Provisioning Retrieval Validation Transport OTPS Documents Authentication Server (EAP-POTP, OTP-TLS) (OTP-WSS-Token, (OTP-Validation Service) (CT-KIP, CT-KIP-PKCS#11) (OTP-PKCS#11, OTP-CAPI)

9 March 2006IETF 65 - Dallas9 Future work A 1- and 2-pass version of CT-KIP is available in draft form from the OTPS pages Internet draft: draft-nystrom-ct-kip-00 Going forward, intent is to submit, and develop, this in IETF I-D form in parallel with the OTPS process

10 March 2006IETF 65 - Dallas10 More information Internet draft: http://www.ietf.org/internet-drafts/draft-nystrom- ct-kip-00.txtwww.ietf.org/internet-drafts/draft-nystrom- ct-kip-00.txt OTPS documents: http://www.rsasecurity.com/rsalabs/otps Mailing list (ordinary majordomo): mailto:majordomo@majordomo.rsasecurity.com Editors: mailto:otps-editor@rsasecurity.com

Download ppt "March 2006IETF 65 - Dallas1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Dave Mitton, RSA Security for Magnus Nyström IETF SAAG."

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
The Cryptographic Token Key Initialization Protocol (CT-KIP) OTPS Workshop February 2006.

The Cryptographic Token Key Initialization Protocol (CT-KIP) OTPS Workshop February 2006.
CT-KIP Magnus Nyström, RSA Security 23 May 2005. Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.

PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Some New Applications of One-Time Passwords Burt Kaliski, RSA Laboratories October 2006.

Some New Applications of One-Time Passwords Burt Kaliski, RSA Laboratories October 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Internet Engineering Task Force Provisioning of Symmetric Keys Working Group www.oasis-open.org Hannes Tschofenig.

Internet Engineering Task Force Provisioning of Symmetric Keys Working Group Hannes Tschofenig.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Similar presentations

Ads by Google