The Cryptographic Token Key Initialization Protocol CTKIP - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

The Cryptographic Token Key Initialization Protocol CTKIP

Description:

No direct communication possible between cryptographic token and CT-KIP server. Network latency ... New extension signals support for two-pass, and supported ... – PowerPoint PPT presentation

Number of Views:238
Avg rating:3.0/5.0
Slides: 12
Provided by: Magnus74
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: The Cryptographic Token Key Initialization Protocol CTKIP


1
The Cryptographic Token Key Initialization
Protocol (CT-KIP)
  • KEYPROV BOF
  • IETF-67 San Diego
  • November 2006
  • Andrea Doherty

2
CT-KIP Primer
  • A client-server protocol for initialization and
    configuration of cryptographic tokens with shared
    keys
  • Intended for general use within computer and
    communications systems employing connected
    cryptographic tokens
  • Objectives are to provide a
  • Secure and interoperable method of initializing
    cryptographic tokens with secret keys
  • Solution that is easy to administer and scales
    well
  • Solution which does not require private-key
    capabilities in tokens, nor the existence of a
    public-key infrastructure

3
Current Status
  • IESG approved Version 1.0 for publication as RFC
  • Describes a 4-pass protocol for the
    initialization of cryptographic tokens with
    secret keys. Includes a public-key variant as
    well as a shared-key variant.
  • In December 2005 it was published as OTPS doc,
    then re-published as IETF I-D, which is now
    draft-nystrom-ct-kip-02
  • Implementations exist and in production
  • 3rd draft of 1-, 2-pass variant also published as
    IETF I-D
  • draft-nyström-ct-kip-two-pass-01.txt
  • Relatively stable and broad review solicited
  • CT-KIP SOAP binding recently published as IETF
    I-D
  • draft-doherty-ct-kip-ws-00.txt
  • First draft revision is coming
  • Implementations exist and in production

4
CT-KIP 1, 2, 4-pass Comparison
CT-KIP server
CT-KIP client
Smart Device
5
CT-KIP 1- and 2-pass
  • New variants introduced to meet the needs of
    deployment scenarios with constraints, e.g.,
  • No direct communication possible between
    cryptographic token and CT-KIP server
  • Network latency
  • Design limited to existing seeds from legacy
    systems
  • 1-, 2-pass CT-KIP are essentially a transport of
    key material from CT-KIP server to CT-KIP client
  • These variants maintain the property that no
    other entity than the token and the server will
    have access to generated / distributed keys

6
CT-KIP ClientHello Extension
7
CT-KIP ServerFinished Extension
  • New extension in ServerFinished is used by CT-KIP
    server to transfer key to CT-KIP client
  • Key material is wrapped in tokens public key or
    symmetric key
  • Tokens public key may have been included in
    payload of ClientHello
  • Symmetric key may be a shared secret
  • Symmetric key may be derived from a passphrase
  • Extension is applicable to both 1-pass and 2-pass
    variants of CT-KIP
  • Extension could easily be added to support PSKC
    defined in draft-vassilev-portable-symmetric-key-c
    ontainer-01.txt

8
CT-KIP 1- and 2-pass Profiles
9
Cryptographic properties (all variants)
  • Key confirmation
  • In all variants via MAC on exchanged data (and
    counter in 1-pass)
  • Replay protection
  • In 2- and 4-pass through inclusion of
    client-provided data in MAC
  • Suggested method for 1-pass based on counter
  • Server authentication
  • In all variants through MAC in ServerFinished
    message when replacing existing key
  • Protection against MITM
  • In all variants through use of shared keys,
    client certificates, or server public key usage
  • User authentication
  • Enabled in all variants through trigger message
  • Alternative methods rely on draft-doherty-ct-kip-w
    s-00
  • Device authentication
  • In all variants if based on shared secret key
  • In 2-pass if device sends a certificate
  • Alternative methods rely on draft-doherty-ct-kip-w
    s-00

10
Bindings (all variants)
  • SOAP Binding
  • Present in all variants
  • Web service interface is defined in
    draft-doherty-ct-kip-ws-00
  • HTTP Binding
  • Present in all variants
  • Examples provided
  • Security Binding
  • Transport level encryption (e.g., TLS) is not
    required for seed protection in all variants
  • TLS/SSL is required if other parameters/attributes
    must be protected in transit

11
Next steps
  • Broader review of IETF Internet Drafts
  • Suggest use of CT-KIP as the basis for a KEYPROV
    spec
  • Rationale Implementation experience and maturity
Write a Comment
User Comments (0)
About PowerShow.com