Crypto%20Agility%20and%20Key%20Wrap%20Attributes%20for%20RADIUS - PowerPoint PPT Presentation

About This Presentation
Title:

Crypto%20Agility%20and%20Key%20Wrap%20Attributes%20for%20RADIUS

Description:

Encrypted Attributes. Attributes. Crypto Parameters. Encrypted Data. Randomizer. MAC Attribute. Does not use extended attributes. Existing RADIUS attributes need ... – PowerPoint PPT presentation

Number of Views:83
Avg rating:3.0/5.0
Slides: 7
Provided by: CiscoSys8
Learn more at: http://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Crypto%20Agility%20and%20Key%20Wrap%20Attributes%20for%20RADIUS


1
Crypto Agility and Key Wrap Attributes for RADIUS
  • Glen Zorn
  • Joe Salowey
  • Hao Zhou
  • Dan Harkins

2
Goals
  • Meet crypto-agility requirements
  • Deliver key material for various purposes
    securely
  • Deliver arbitrary attributes securely
  • Meet NIST key wrapping requirements

3
RADIUS Key Wrap Attribute
  • Contains
  • Information for the key encryption
  • Information about the key being encrypted
  • Key
  • Supports Key Wrap Specific Algorithms
  • AES-Keywrap Specified by NIST
  • Key wrapping algorithms (AES-Keywrap) not
    necessary sufficient for general bulk data
    encryption
  • Should be updated to use extended attributes
    draft for extensibility

4
Encrypted Attributes
  • Attributes
  • Crypto Parameters
  • Encrypted Data
  • Randomizer
  • MAC Attribute
  • Does not use extended attributes
  • Existing RADIUS attributes need to be encrypted
  • Currently only one encrypted attributes set per
    message

5
Issues with using Encrypted Attribute for Key-Wrap
  • Key wrap algorithms not always appropriate for
    encrypting generic data
  • Generic data encryption algorithms may not be
    specified for key encryption
  • The encryption attribute would need to be
    special cased to handle key-wrapping
  • More than one encrypted attribute set may be
    required per message

6
Summary
  • Believe we meet the crypto agility requirements
  • Keywrap can be used for various types of keys
  • Extended attribute would allow for arbitrary,
    optional data associated with key
Write a Comment
User Comments (0)
About PowerShow.com