1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007...
-
Upload
cory-underwood -
Category
Documents
-
view
212 -
download
0
Transcript of 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007...
![Page 1: 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.](https://reader036.fdocuments.us/reader036/viewer/2022083010/5697c01f1a28abf838cd165c/html5/thumbnails/1.jpg)
1
The Cryptographic Token Key Initialization Protocol (CT-KIP)
KEYPROV WGIETF-68 Prague
March 2007Andrea Doherty
![Page 2: 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.](https://reader036.fdocuments.us/reader036/viewer/2022083010/5697c01f1a28abf838cd165c/html5/thumbnails/2.jpg)
2
CT-KIP Primer• A client-server protocol for initialization and
configuration of cryptographic tokens with shared keys
• Intended for general use within computer and communications systems employing connected cryptographic tokens
• Objectives are to provide a:
– Secure and interoperable method of initializing cryptographic tokens with secret keys
– Solution that is easy to administer and scales well
– Solution which does not require private-key capabilities in tokens, nor the existence of a public-key infrastructure
![Page 3: 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.](https://reader036.fdocuments.us/reader036/viewer/2022083010/5697c01f1a28abf838cd165c/html5/thumbnails/3.jpg)
3
Current Status• RFC 4758 approved by IESG November 2006
– Describes a 4-pass protocol for the initialization of cryptographic tokens with secret keys. Includes a public-key variant as well as a shared-key variant.
• 3rd draft of CT-KIP Extensions for 1-, 2-pass variant published as KEYPROV IETF I-D:– draft-nyström-keyprov-ct-kip-two-pass-00.txt
– Relatively stable; broad review solicited
• CT-KIP SOAP binding recently resubmitted as KEYPROV IETF I-D:– draft-doherty-keyprov-ct-kip-ws-00.txt
![Page 4: 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.](https://reader036.fdocuments.us/reader036/viewer/2022083010/5697c01f1a28abf838cd165c/html5/thumbnails/4.jpg)
4
CT-KIP 1, 2, 4-pass Comparison
CT-KIP serverCT-KIP client
Client Hello (2, 4-pass)
Server Finished (1, 2, 4-pass)
Smart Device
Client Nonce (4-pass)
Server Hello (4-pass)
![Page 5: 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.](https://reader036.fdocuments.us/reader036/viewer/2022083010/5697c01f1a28abf838cd165c/html5/thumbnails/5.jpg)
5
CT-KIP 1- and 2-pass
• New variants introduced to meet the needs of deployment scenarios with constraints, e.g., – No direct communication possible between cryptographic token
and CT-KIP server– Network latency– Design limited to existing seeds from legacy systems
• 1-, 2-pass CT-KIP are essentially a transport of key material from CT-KIP server to CT-KIP client
• These variants maintain the property that no other entity than the token and the server will have access to generated / distributed keys
![Page 6: 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.](https://reader036.fdocuments.us/reader036/viewer/2022083010/5697c01f1a28abf838cd165c/html5/thumbnails/6.jpg)
6
CT-KIP 1- and 2-pass Profiles
Profile Key transport and derivation Usage
Key Transport
Using a public key, K_CLIENT, whose private key part resides in the token
Ideal for PKI-capable devices
Key Wrap Using a symmetric key-wrapping key, K_SHARED, known in advance by both the token and the CT-KIP server
Ideal for pre-keyed devices, e.g., SIM cards
Passphrase-based Key Wrap
Using a passphrase-derived key-wrapping key, K_DERIVED, known in advance by both the token user and the CT-KIP server
Ideal for constrained devices with key-pads, e.g., mobile phones
![Page 7: 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.](https://reader036.fdocuments.us/reader036/viewer/2022083010/5697c01f1a28abf838cd165c/html5/thumbnails/7.jpg)
7
Cryptographic properties (2- and 1-pass)• Key confirmation
– In both variants via MAC on exchanged data (and counter in 1-pass)
• Replay protection– In 2-pass through inclusion of client-provided data in MAC– Suggested method for 1-pass based on counter
• Server authentication– In both variants through MAC in ServerFinished message when
replacing existing key
• Protection against MITM– In both variants through use of shared keys, client certificates, or
server public key usage
• User authentication– Enabled in both variants through trigger message– Alternative methods rely on draft-doherty-keyprov-ct-kip-ws-00
• Device authentication– In both variants if based on shared secret key– In 2-pass if device sends a client certificate– Alternative methods rely on draft-doherty-keyprov-ct-kip-ws-00
![Page 8: 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.](https://reader036.fdocuments.us/reader036/viewer/2022083010/5697c01f1a28abf838cd165c/html5/thumbnails/8.jpg)
8
Bindings (2- and 1-pass)• SOAP Binding
– Present in both variants– WS interface defined in draft-doherty-keyprov-ct-kip-ws-00
• HTTP Binding– Present in both variants– Examples provided
• Security Binding– Transport level encryption (e.g., TLS) is not required for seed
protection in both variants– TLS/SSL is required if other parameters/attributes must be
protected in transit
![Page 9: 1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.](https://reader036.fdocuments.us/reader036/viewer/2022083010/5697c01f1a28abf838cd165c/html5/thumbnails/9.jpg)
9
Next steps
• Broader review of IETF Internet Drafts• Discuss CT-KIP/DSKPP convergence plan wherein
CT-KIP constitutes the basis for a KEYPROV spec– Rationale: Implementation experience and maturity