National Security Agency Perspective on Key Management



Similar documents
An Introduction to Cryptography as Applied to the Smart Grid

Suite B Implementer s Guide to NIST SP A July 28, 2009

I N F O R M A T I O N S E C U R I T Y

I N F O R M A T I O N S E C U R I T Y

SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1

Computer Security: Principles and Practice

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

Table of Contents. Bibliografische Informationen digitalisiert durch

2014 IBM Corporation

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Chapter 7 Transport-Level Security

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

EXAM questions for the course TTM Information Security May Part 1

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Recommendation for Key Management

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

C O M P U T E R S E C U R I T Y

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

RSA BSAFE. Crypto-C Micro Edition for MFP SW Platform (psos) Security Policy. Version , October 22, 2012

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Federal S/MIME V3 Client Profile

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Recommended Wireless Local Area Network Architecture

CRYPTOGRAPHY AS A SERVICE

, ) I Transport Layer Security

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

CRYPTOGRAPHY AND NETWORK SECURITY

Guideline for Implementing Cryptography In the Federal Government

THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION

Cisco VPN Internal Service Module for Cisco ISR G2

IT Networks & Security CERT Luncheon Series: Cryptography

SE 4472a / ECE 9064a: Information Security

How To Encrypt Data With Encryption

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Authentication requirement Authentication function MAC Hash function Security of

NIST Test Personal Identity Verification (PIV) Cards

Lukasz Pater CMMS Administrator and Developer

AD CS.

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

An Overview of Communication Manager Transport and Storage Encryption Algorithms

NISTIR 7956 Cryptographic Key Management Issues & Challenges in Cloud Services

Meeting Today s Data Security Requirements with Cisco Next-Generation Encryption

A Survey of the Elliptic Curve Integrated Encryption Scheme

Recommendation for Cryptographic Key Generation

Wireless Mobile Internet Security. 2nd Edition

CSE/EE 461 Lecture 23

Digital Signatures. Meka N.L.Sneha. Indiana State University. October 2015

Public-Key Infrastructure

FORWARD: Standards-and-Guidelines-Process.pdf. 1

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

Network Security Part II: Standards

Security Protocols/Standards

Internet Engineering Task Force (IETF) Request for Comments: Category: Standards Track ISSN: A. Langley Google June 2015

TLS Specification for Storage Systems

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Savitribai Phule Pune University

Using BroadSAFE TM Technology 07/18/05

Protection Profile for Network Devices

Digital Signature Standard (DSS)

ARCHIVED PUBLICATION

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Lecture 9: Application of Cryptography

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Strengths and Weaknesses of Cybersecurity Standards

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

WebSphere DataPower Release FIPS and NIST SP a support.

Introduction. An Overview of the DX Industrial Router Product Line. IP router and firewall. Integrated WAN, Serial and LAN interfaces

Public Key Cryptography Overview

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

A Draft Framework for Designing Cryptographic Key Management Systems

DRAFT Standard Statement Encryption

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security Requirements for Network Devices

Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)

TCG Algorithm Registry. Family 2.0" Level 00 Revision April 17, Published. Contact:

How To Protect Your Network From Attack

Is Your SSL Website and Mobile App Really Secure?

SP A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor

Secured Communications using Linphone & Flexisip

RSA BSAFE. Security tools for C/C++ developers. Solution Brief

SBClient SSL. Ehab AbuShmais

1. Security Requirements for Human Users and Software Applications Which Interact with Automation Systems

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

Suite B: Classified Network Security Goes Commercial

Transcription:

National Security Agency Perspective on Key Management IEEE Key Management Summit 5 May 2010 Petrina Gillman Information Assurance (IA) Infrastructure Development & Operations Technical Director National Security Agency (301) 688-8133 1 plgillm@nsa.gov

Agenda NSA Information Assurance (IA) Mission Secure Information Sharing Needs NSA Initiatives 2

NSA IA Mission Focused on Protecting US National Security Information and Information Systems National Security Systems are defined in Title 44 U.S. Code Section 3542, Federal Information Security Management Act of 2003. Includes systems that: Involve intelligence activities Cryptologic activities related to national security Equipment that is an integral part of a weapon or weapons system Critical to the direct fulfillment of military or intellitgence mission Classified information 3

Secure Information Sharing Secure Information Sharing requirements motivates the need for widespread cryptographic interoperability. Operational cryptographic interoperability needs include: Enable the US Government to securely share intelligence information with state and local First Responders Enable War fighters to securely share information on the battlefield with nontraditional coalition partners. 4

NSA Initiatives Commercial Solutions Partnership Program Cryptographic Interoperability Strategy (CIS) 5

Commercial Solutions Partnership Program Enable the use of a combination of COTS Information Assurance products composed to form a solution to protect information up to the Secret level Products used in CSPP solutions must be successfully evaluated under National Information Assurance Partnership Program and the NIST Cryptographic Module Validation Program National Information Assurance Partnership (NIAP) process will utilize new Standard Protection Profiles. More info at: http://www.niap-ccevs.org NIST Cryptographic Module Validation Program for FIPS 140-3 requirements Cryptographic Interoperability Strategy (CIS) / Suite B 6

CIS/Suite B Cryptographic Algorithms Algorithm Bit Size Function Standard ECDSA 256 / 384 Signature FIPS 186-3 AES 128 / 256 Symmetric Encryption FIPS 197 ECDH 256 / 384 Key Exchange SP 800-56A SHA 256 / 384 Hashing FIPS 180-3 Lower key sizes are acceptable for protecting up to SECRET information. Protecting Top Secret information requires the use of 256 bit AES keys, 384-bit prime modulus elliptic curve and SHA 384 as well as other controls on manufacture, handling and keying. http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml 7

Suite B Cryptography for Internet Protocols IPsec: IETF RFC 4869 Suite B Cryptography for IPsec TLS: IETF RFC 5430 Suite B Cipher Suites for TLS; TLS Elliptic Curver Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) S/MIME: Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME) SSH: IETF RFC 5647 AES Galois Counter Mode for the Secure Shell Transport Layer Protocol 8

Suite B Implementation Guides Suite B Implementer s Guide to FIPS 186-3 Specifies the Elliptic Curve Digital Signature Algorithm from FIPS 186-3, Digital Signature Standard, to be used in future and existing cryptographic protocols for Suite B products Includes the Suite B elliptic curve domain parameters Provides example data for the ECDSA signature algorithm and auxiliary functions necessary for ECDSA implementations to comply with FIPS 186-3 and Suite B 9

Suite B Implementation Guides (cont.) Suite B Implementer s Guide to NIST SP 800-56A Details the specific Elliptic Curve Diffie Hellman (ECDH) keyagreement schemes from NIST SP 800-56A: Recommendation for Pair-Wise Key Establishment Schemes using Discrete Logarithm Cryptography to be used in future and existing cryptographic protocols for Suite B products http://www.nsa.gov/ia/_files/suiteb_implementer_g-113808.pdf Includes the Suite B elliptic curves and domain parameters, key generation methods & key derivation functions Companion Document: Mathematical Routines for NIST Prime Elliptic Curves. http://www.nsa.gov/ia/_files/nist-routines.pdf 10

Public Key Certificates & Certificate Processing Base Suite B Certificate and CRL profile -IETF RFC 5759 Suite B Certificate and Certificate Revocation List Profile -Profile of IETF RFC 5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile Implementations need to meet both Certificate and CRL formats and certificate and CRL processing requirements Some US national security communities have additional requirements that build upon the base profile. NSA can provide this additional guidance upon request. 11

Trust Anchors & Trust Anchor Management Trust Anchors Draft-ietf-pkix-ta-format-04 Trust Anchor Management Draft-ietf-pkix-tamp-07 Both standards are in the IETF RFC editors queue. Should be assigned RFC numbers shortly. 12

Certificate Management Supports requesting certificate signing services & receiving response Suite B Profile of Certificate Management over Cryptographic Message Syntax (CMS) Draft-turner-SuiteB-CMC-00.txt Profile and refinement of: RFC 5272 Certificate Management Over CMS, June 2008 RFC 5273 Certificate Management Over CMS (CMC): Transport Protocols, June 2008 RFC 5274 Certificate Management Messages over CMS (CMC): Compliance Requirements, June 2008 13

Suite B Key Delivery Protocol Protocol to provision devices with cryptographic keys and other security objects from a provisioning infrastructure Cryptographic keys and other security objects are cryptographically protected all the way from the provisioning infrastructure into the devices Devices can retrieve cryptographic keys and other security objects directly from the infrastructure or via an intermediary Keys are encrypted, by the infrastructure, for specific devices Device unwraps key package within security boundary

Suite B Key Delivery Protocol Algorithms Security Service Message Digest Signature Content Encryption Key Encryption Key Agreement Message Authentication Code Key Packaging Algorithm Suite Algorithm(s) SHA-384 ECDSA-384 AES key Wrap (256) with Message Length Indicator AES key Wrap (256) with Message Length Indicator Ephemeral-Static ECDH-384 HMAC-SHA-384

Suite B Key Delivery Protocol Design Protocol utilizes and profiles commercial standards including: RFC 5652 Cryptographic Message Syntax\ Sign, encrypt and authenticate message content Draft-ietf-pkix-ta-format-04 & Draft-ietf-pkix-tamp-07 RFC 5430 Suite B Profile for Transport Layer Security HTTP protocols (RFC 2616, 2617, 2618) Soliciting Industry comments Please contact me for a copy of the specification

Contact Information Petrina Gillman (301) 688-8133 plgillm@nsa.gov Commercial Solutions Partnership Program NSA Commercial Solutions Center (240)373-4163 Attn: Industry Support Team 9800 Savage Road Suite 6944 Ft. Meade MD. 20755-6844 17

Questions 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information