A. Aziz, "Simple Key Management for Internet Protocols (SKIP)", Internet Draft (work in progress), draft-ietf-ipsec-skip-04.txt, November 1995. 11  Home/Search   Document Not in Database   Summary   Related Articles   Check

....Key management is also considered a complementary mechanism for TLS, routing protocols such as RIP and OSPF (see section VI) and application protocols. Even though the Internet Architecture Board (IAB) has not yet agreed on a key management architecture among several existing alternatives [18][19][20] Client Server ClientHello(ciphersuite,compression alg. N c ) ServerHello(ciphersuite,compression alg. N s ) Certificate (client s certificate) Application Data Fig. 13. Message flow for a typical TLS Handshake Exchange Certificate (server s certificate) ServerKeyExchange (Signed ....

A. Aziz, T. Markson, H. Prafullchandra, "Simple Key-Management for Internet Protocols (SKIP)", Internet Draft: draft-ietf-ipsec-skip-07.txt, work in progress, August 1996.

....these protocols and a brief analysis on them. The potential threats to these protocols and considerable weak points in implementation will be described. 2 2 Protocol Survey Several key management protocols are suggested and are updated continuously. These are ISAKMP [23] Oakley [24] SKIP [6], Photuris [17] and SKEME [18] All of them are using the Authentication Header (AH) 4] and the Encapsulating Secure Payload (ESP) 5] which are required in the RFC 1825 Security Architecture for the Internet Protocol [3] In this section, the survey of these protocols will be described. These ....

....[16] The system running Oakley must provide a random number generator for nonce generation. 2.3 SKIP SKIP is a key management scheme for session less datagram oriented protocols such as IPv4 and IPv6. SKIP is suggested by A Aziz, T Markson, and H Prafullchandra in Sun Microsystems, Incorporated [6]. It stands for Simple Keymanagement for Internet Protocols. SKIP is based on in line keying. Each packet is encrypted in a key which is provided in the packet itself, encrypted in a key that is setup between communication peers. SKIP uses authenticated Diffie Hellman public values and each ....

[Article contains additional citation context not shown here]

A Aziz, T Markson, and H Prafullchandra, "Simple Key-Management For Internet Protocols (SKIP)", Internet-Draft, IPSEC WG (14 August 1996) File: draft-ietf-ipsec-skip-07.txt

....does not, by itself, ensure good security. The establishment and maintenance of cryptographic keys and related security information, also known as key management, is also crucial to effective security. Key management for the Internet Protocol is a subject of much experimentation and debate [MS95] [AMP96a] [AMP96b] Orm96] Furthermore, key management strategies have a history of subtle flaws that are not discovered until after they are published or Work on this paper was done while the authors were at the U. S. Naval Research Laboratory. Daniel L. McDonald is now at Sun Microsystems, and ....

....by privileged users, but apart from that, the construction of such a program should only be a problem of converting user input into PF KEY messages. Figure 3 illustrates a more complex setup, where an automated key management application is in place. Under automated key management systems [MS95] [AMP96a] [AMP96b] network communication needs to take place. This network communication cannot have a network security policy enforced on it, because it would lead to a bootstrapping problem. All other communications have the same policy enforced on them, and may cause the key engine to send KEY ACQUIRE ....

Aziz, A., Markson, T., and Prafullchandra, H., "Simple KeyManagement for Internet Protocols (SKIP)," work in progress.

.... Management Protocol (MKMP) uses long term master keys to derive short term session keys that provide perfect forward secrecy [24] ffl The Simple Key Management for Internet Protocols (SKIP) uses implicitely shared long term Diffie Hellman keys to derive keys on a per session or perdatagram basis [25]. ffl The Photuris 2 Key Management Protocol combines a Diffie Hellman key exchange with a subsequent exchange of RSA signatures. 2 Photuris is the latin name for the firefly, and Firefly is in turn the name for a classified key exchange protocol designed by the NSA for the STU III secure ....

A. Aziz, M. Patterson, and G Baehr, "Simple Key-Management for Internet Protocols (SKIP)", in Proceedings of the Internet Society International Networking Conference, June 1995.

....SKEME is designed to selectively provide with PFS. It provides PFS as part of the basic SKEME protocol based on public key, and for cases where the parties perform key exchange based on long term shared keys (like a manually installed master key, a SKIP key derived from long lived public keys [3], and more) Furthermore, SKEME can provide PFS for the case of parties that share a common key via a key distribution center (KDC) In this case, SKEME would derive a session key for the parties via a Diffie Hellman exchange, while the KDC provided key would be used for authentication only. ....

.... between A and B as the result of this protocol, is computed by the parties as SK = H(g xy mod p) 6 Notice that this computation (which involves an expensive on line Diffie 5 An alternative to this public key based SHARE phase is to use long term Diffie Hellman public keys as described in [10, 3]. In this case, the public key of a party is of the form g s mod p, and s is the secret key. The key K 0 used by two parties A and B is computed as g s A s B mod p, where s A ; s B are the private keys of A and B, respectively. The main drawback of such a key K 0 is that it remains unchanged ....

[Article contains additional citation context not shown here]

A. Aziz, "Simple Key-Management for Internet Protocols (SKIP)," Internet Draft draft-ietfipsec -aziz-skip-02.txt, September 1995, work in progress.

No context found.

A. Aziz, "Simple Key Management for Internet Protocols (SKIP)", Internet Draft (work in progress), draft-ietf-ipsec-skip-04.txt, November 1995. 11

No context found.

A. Aziz, T. Markson, H. Prafullchandra, "Simple KeyManagement for Internet Protocols (SKIP)," Internet-Draft, work in progress, August 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC