ansi x9 44 and ietf tls
play

ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA - PowerPoint PPT Presentation

Oct 12, 2023 •443 likes •571 views

ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002 Introduction ANSI X9.44 specifies key establishment schemes based on the RSA algorithm currently in draft form Schemes selected to reflect and

  1. ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002

  2. Introduction • ANSI X9.44 specifies key establishment schemes based on the RSA algorithm – currently in draft form • Schemes selected to reflect and guide industry practice • NIST key management FIPS intended to adopt X9.44 and other X9 standards

  3. Reflecting and Guiding • X9.44 reflects industry practice where appropriate for banking/FIPS: – S/MIME key transport with PKCS #1 v1.5 – TLS handshake with PKCS #1 v1.5, SHA-1, MD5 • Also guides toward new techniques: – S/MIME key transport with RSA-KEM – TLS handshake with RSA-KEM, SHA-256 and above • Focus on key establishment, not session encryption

  4. TLS Handshake: Crypto Recap • Ciphertext = Encrypt (Server Public, Premaster) • Master = KDF (Premaster, Nonces) • Session = KDF (Master, Nonces) • Tag = MAC (Master, Handshake Messages)

  5. TLS Handshake Crypto Today • Encrypt = PKCS #1 v1.5 Block Type 02 • KDF = TLS PRF – PRF (secret, label, seed) = HMAC-MD5 (S1, label + seed) ⊕ HMAC-SHA-1 (S2, label + seed) – S1 is first half of secret; S2 is second half • MAC = TLS PRF

  6. Security Analysis • PKCS #1 v1.5 encryption has vulnerabilities, but TLS handshake has countermeasures • Jonsson-Kaliski result (Crypto 2002): – TLS handshake security (loosely) related to gap-partial-RSA assumption – relies only on SHA-1 security, not MD5 • Analysis has helped support X9F1 acceptance of TLS, despite PKCS #1 v1.5 vulnerabilities – SSLv3 currently out; security relies on SHA-1 & MD5

  7. X9.44-Recommended Enhancements • Encrypt = Raw RSA – Premaster as long as RSA modulus • KDF = IEEE P1363a KDF2 • MAC = HMAC – both based on SHA-1 or higher Note: No architectural changes required

  8. Rationale for Enhancements • Raw RSA + KDF2 ≈ Shoup’s RSA-KEM – Security related to ordinary RSA assumption – Intuition: Attacker must know full input to RSA in order to compute master secret • KDF2, HMAC more standard, support larger hash sizes

  9. Client Authentication • Sign (Client Private, Handshake Messages) • Today: PKCS #1 v1.5 variant • Enhancement: RSA-PSS (or other X9-approved signature scheme)

  10. Next Steps • TLS WG: – Consider X9.44 direction • X9F1: – Incorporate TLS WG feedback • Joint: – Draft TLS cipher suites for new algorithms, e.g., SHA-256, reflecting guidance

  11. More Information • Russ Housley – rhousley@rsasecurity.com – +1 703 435 1775 • Burt Kaliski (editor, ANSI X9.44) – bkaliski@rsasecurity.com – +1 781 515 7073 • Next ANSI X9F1 meeting: January 29-30, 2003 by teleconference

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Argentum/ANSI Discussion 1 ANSI Background American National Standards institute they

Argentum/ANSI Discussion 1 ANSI Background American National Standards institute they

6/17/2019 Argentum/ANSI Discussion 1 ANSI Background American National Standards institute they accredit various organizations ANSI notes that some of their approved standards have been utilized or referenced in federal regulation.

418 views • 13 slides
EMU IETF 74 Note Well Any submission to the IETF intended by the Contributor for publication as

EMU IETF 74 Note Well Any submission to the IETF intended by the Contributor for publication as

EMU IETF 74 Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF

940 views • 7 slides
SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given property

957 views • 33 slides
IETF Status at IETF 85 Russ Housley IETF Chair 1 IETF 85 Participants l 1098 people l 195

IETF Status at IETF 85 Russ Housley IETF Chair 1 IETF 85 Participants l 1098 people l 195

IETF Status at IETF 85 Russ Housley IETF Chair 1 IETF 85 Participants l 1098 people l 195 newcomers l IETF 82 was 948 people l 55 countries l IETF 82 was 48 countries IETF 82 was held in US JP CN FR UK Taipei, Taiwan DE

327 views • 8 slides
Course Presentation Distributed Database Systems A Critique of ANSI SQL Isolation Levels

Course Presentation Distributed Database Systems A Critique of ANSI SQL Isolation Levels

Course Presentation Distributed Database Systems A Critique of ANSI SQL Isolation Levels Microsoft Research June 1995 Nikhil Wadhwa 1 Overview ANSI Specifications Phenomenon and Anomalies Broad v/s Strict Notations

452 views • 16 slides
Welcome to the IETF! Would you like instructions? Mike StJohns IETF 97 Seoul, South Korea 1

Welcome to the IETF! Would you like instructions? Mike StJohns IETF 97 Seoul, South Korea 1

Welcome to the IETF! Would you like instructions? Mike StJohns IETF 97 Seoul, South Korea 1 IETF Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any

637 views • 29 slides
Welcome to the IETF! You are standing at the end of the road before a small brick building

Welcome to the IETF! You are standing at the end of the road before a small brick building

Welcome to the IETF! You are standing at the end of the road before a small brick building Mike StJohns IETF 99 Prague, CZ IETF Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF

582 views • 29 slides
Non-Congestion Robustness (NCR) for TCP draft-ietf-tcpm-draft-ietf-tcpm-tcp-dcr-03.txt IETF 62 -

Non-Congestion Robustness (NCR) for TCP draft-ietf-tcpm-draft-ietf-tcpm-tcp-dcr-03.txt IETF 62 -

Non-Congestion Robustness (NCR) for TCP draft-ietf-tcpm-draft-ietf-tcpm-tcp-dcr-03.txt IETF 62 - March 2005 Sumitha Bhandarkar, A. L. Narasimha Reddy, Mark Allman, Ethan Blanton "Hit our satellite with feeling, Give the people what they

363 views • 8 slides
Transaction Processing in ANSI SQL Dr Janusz R. Getta School of Computing and Information

Transaction Processing in ANSI SQL Dr Janusz R. Getta School of Computing and Information

Transaction Processing in ANSI SQL file:///Users/jrg/235-2020-SPRING/SLIDES/WEEK06/13transactionsinsql/13transactionsinsql.html#1 CSCI235 Database Systems Transaction Processing in ANSI SQL Dr Janusz R. Getta School of Computing and

545 views • 19 slides
BFD IETF 68 David Ward Note Well Any submission to the IETF intended by the Contributor

BFD IETF 68 David Ward Note Well Any submission to the IETF intended by the Contributor

BFD IETF 68 David Ward Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an

399 views • 22 slides
IETF LLC Report Presented By: Jason Livingood Chair, IETF LLC Board IETF-106, Singapore

IETF LLC Report Presented By: Jason Livingood Chair, IETF LLC Board IETF-106, Singapore

IETF LLC Report Presented By: Jason Livingood Chair, IETF LLC Board IETF-106, Singapore November 2019 Making the Internet work better IETF Administration LLC Who serves on the Board? Peter Maja Jason Sean Alissa Van Roste Livingood,

391 views • 10 slides
ANSI/SI BSR SI-0001 American National Standard for Safe Use of Cleaning Chemicals Caryn Stets

ANSI/SI BSR SI-0001 American National Standard for Safe Use of Cleaning Chemicals Caryn Stets

ANSI/SI BSR SI-0001 American National Standard for Safe Use of Cleaning Chemicals Caryn Stets Chief Strategy Officer PortionPac Chemical Corporation Who is ANSI? Mission To enhance both global competitiveness of U.S. business and the U.S.

412 views • 15 slides
IP Telephony (iptel) IETF 56 Note Well All statements related to the activities of the IETF

IP Telephony (iptel) IETF 56 Note Well All statements related to the activities of the IETF

IP Telephony (iptel) IETF 56 Note Well All statements related to the activities of the IETF and addressed to the IETF are subject to all provisions of Section 10 of RFC 2026, which grants to the IETF and its participants certain licenses

198 views • 9 slides
ACC ANSI Work Group Open Meeting October 15, 2008 Arlington, VA Agenda Introductions Dave

ACC ANSI Work Group Open Meeting October 15, 2008 Arlington, VA Agenda Introductions Dave

ACC ANSI Work Group Open Meeting October 15, 2008 Arlington, VA Agenda Introductions Dave Peters The ANSI process Susan Blanco The standards Anne Stieffenhofer Why combine them Ed Bisinger Proposed structure Catherine Croke

523 views • 29 slides
WIDEX Working Group IETF 64 Note Well Any submission to the IETF intended by the Contributor

WIDEX Working Group IETF 64 Note Well Any submission to the IETF intended by the Contributor

WIDEX Working Group IETF 64 Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an

450 views • 8 slides
Long-Term IETF Support May 2016 How Is the IETF Currently Funded? IE IETF Funding Sources

Long-Term IETF Support May 2016 How Is the IETF Currently Funded? IE IETF Funding Sources

Jari Arkko Sean Turner Greg Kapfer ISOC Board Chair, IETF ISOC CFO Treasurer Expert, Ericsson Long-Term IETF Support May 2016 How Is the IETF Currently Funded? IE IETF Funding Sources 2008-2016 ( 2016 (US$ 000s S$ 000s) $7, $7,000 000

135 views • 11 slides
REPORT OF BREAKOUT SESSION 2(b) Management System Standards June 25, 2009 2:00 pm to 3:30 pm

REPORT OF BREAKOUT SESSION 2(b) Management System Standards June 25, 2009 2:00 pm to 3:30 pm

REPORT OF BREAKOUT SESSION 2(b) Management System Standards June 25, 2009 2:00 pm to 3:30 pm ANSI Workshop: Generating U.S. Input on the ISO Strategic Plan 20112015 June 2526, 2009 1 Management Systems Standards Key

1.02k views • 4 slides
PARTICIPATION IN NATIONAL MIRROR COMMITTEES AND ISO STANDARDS DEVELOPMENT COMMITTEES Presented by

PARTICIPATION IN NATIONAL MIRROR COMMITTEES AND ISO STANDARDS DEVELOPMENT COMMITTEES Presented by

PARTICIPATION IN NATIONAL MIRROR COMMITTEES AND ISO STANDARDS DEVELOPMENT COMMITTEES Presented by STEVEN P. CORNISH ANSI SENIOR DIRECTOR INTERNATIONAL POLICY BEIJING, PEOPLES REPUBLIC OF CHINA SEPTEMBER 22, 2015 MODULES OF THIS SESSION

772 views • 36 slides
Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer

Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer

Taming Pointers A Symbolic Approach Jianwen Zhu jzhu@eecg.toronto.edu Electrical and Computer Engineering University of Toronto 04 p.1/33 J. Zhu c Outline An Old Problem A New Strategy Taming Context Sensitivity Result and

1.43k views • 100 slides
Natural Language Understanding using Knowledge Bases and Random Walks Eneko Agirre

Natural Language Understanding using Knowledge Bases and Random Walks Eneko Agirre

Natural Language Understanding using Knowledge Bases and Random Walks Eneko Agirre ixa2.si.ehu.eus/eneko IXA NLP Group University of the Basque Country Darmstadt, 2015 Agirre (UBC) NLU using KBs and Random Walks Feb. 2015 1 / 43

894 views • 66 slides
CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall

CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall

CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall 2014 CMPSC 311 - Introduction to Systems Programming UNIX Signals A signal is a special message sent through the OS to tell a process (or

389 views • 14 slides
CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats

CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats

CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats Framework 6 March 2009 Catherine Tilton W3C Workshop on SIV What is a CBEFF? CBEFF describes a structure and set of metadata elements necessary to

173 views • 13 slides
COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas Cordeiro and Arilo Dias Netto

COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas Cordeiro and Arilo Dias Netto

FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas

992 views • 53 slides
How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You

How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You

How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You understand and hereby agree that the audio, video, and text of this presentation are provided as is, without warranty of any kind, whether expressed

961 views • 68 slides

More recommend