Key Management in AAA - PowerPoint PPT Presentation

About This Presentation
Title:

Key Management in AAA

Description:

Some people are concerned that a working group outside of the Security Area is ... An expert can easily miss a flaw. Peer review by multiple experts is essential. ... – PowerPoint PPT presentation

Number of Views:12
Avg rating:3.0/5.0
Slides: 6
Provided by: RussHo4
Learn more at: https://www.ietf.org
Category:
Tags: aaa | key | management | missa

less

Transcript and Presenter's Notes

Title: Key Management in AAA


1
Key Management in AAA
  • Russ Housley
  • Incoming Security Area Director

2
Introduction
  • Some people are concerned that a working group
    outside of the Security Area is designing a key
    management protocols.
  • Why?
  • Key management protocols are subtle.
  • An expert can easily miss a flaw.
  • Peer review by multiple experts is essential.

3
Concerns with EAP
  • Employs new key distribution architecture
  • Poorly understood security properties
  • Three party models have been well studied, but
    these do not align directly with AAA
  • Select one end-to-end mechanism to protect
    distributed keys
  • Needs robust key naming scheme
  • Needs to establish fresh session keys
  • Principle of least privilege not followed

4
Acceptable solution MUST
  • Be algorithm independent protocol
  • For interoperability, select at least one suite
    of algorithms that MUST be implemented
  • Establish strong, fresh session keys
  • Maintain algorithm independence
  • Include replay detection mechanism
  • Authenticate all parties
  • Maintain confidentiality of authenticator
  • NO plaintext passwords

5
Acceptable solution MUST also
  • Perform client and NAS authorization
  • Maintain confidentiality of session keys
  • Confirm selection of best ciphersuite
  • Uniquely name session keys
  • Compromise of a single NAS cannot compromise any
    other part of the system, including session keys
    and long-term keys
  • Bind key to appropriate context
Write a Comment
User Comments (0)
About PowerShow.com