SlideShare a Scribd company logo

IBM Secret Key management protoco

Download as PPTX, PDF
G
gori4

1. The document describes an IBM secret key management protocol that provides secure communication between servers and terminals. 2. It uses a tamper-resistant cryptographic facility to securely store the most important keys used to generate encryption keys. 3. The protocol establishes a master key that is used to generate session keys for encryption in a similar manner to the scheme described in a 1978 paper.

Related slideshows

Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
 
1 of 16
IBM SECRET-KEY MANGEMENT PROTOCOL PRESENTED BY (CRYPTAQUIRE) GAURI PATIL - 69 JIGAR CHAHUHAN - 17 JAYPRAKRASH CHAURASIA - 20 ROHIT CHAURASIA - 21 DIVYANG KHATRI - 47
HISTORY • In late 1970,by IBM developed complete key management system for Communication and security purpose.(using symmetric key cryptography). • This protocol provides three things: secure communications between a server and several terminals, secure file storage at the server, and secure communication among servers.
INTERNAL WORKING OF KEYS • The heart of the protocol is a tamper-resistant module, called a cryptographic facility. • The most important keys, those used to generate the actual encryption keys, are stored in this module. These keys can never be read once they are stored. And they are tagged by use: A key dedicated for one purpose cannot accidentally be used for another.
KM0 (master key) KM1 KM2
A VARIATION • This scheme of master and session keys can be found in [1478]. • It’s built around network nodes with key notarization facilities that serve local terminals • Why it’s designed? Secure two way communication at any terminal. Secure communication using encrypted mail Personal file protection, digital signature capability.
1.Scheme uses keys generated in the key notarization facility and sent to the users encrypted under a master key 2.This key notarization feature is central to the system 3.A key could have only come from a particular source and could only be read at a particular destination
BENEFITS OF KEY MANAGEMENT OF IBM 1.Centralized, transparent key management through provide secure storage of key material and the serving of keys at the time of use. 2. Simple, secure integration between data-at-rest storage systems and IBM Security Key Lifecycle Manager with the industry-standard KMIP protocol. 3.Reduces key management costs by automating the assignment and rotation of keys.
FEATURES OF IBM SECURITY KEY LIFECYCLE MANAGER Enables multi-master clustering for flexibility, ease of use Provides more efficient and simplified key management Delivers simple secure integration with IBM storage systems Speeds implementation and enables interoperability Provides certified communications
• IBM security key lifecycle manager supports multi-master clustering. • Give more flexibility, synchronized and delivered in real time. • More than 20 master may be synchronized at a time, allowing for hyper-redundancy and localized • Availability. • So keys are ready and available when and where they are needed. 1. ENABLES MUTI-MASTER CLUSTERING FOR FLEXIBILITY, EASE OF USE https://www.ibm.com/in-en/marketplace/ibm-security-key-lifecycle-manager
2.PROVIDES MORE EFFICIENT AND SIMPLIFIED KEY MANAGEMENT • This will allow manage the lifecycle of keys by automating the creation, import, distribution and back-up of keys. • generation and distribution from a centralized location and groups devices into separate domains for simpler key management. • supports role-based access control of administrative accounts.
3.PROVIDES CERTIFIED COMMUNICATIONS • Communications will be certified with the Storage Networking Industry Association Secure Storage Industry Forum (SNIA-SSIF) as compliant with version 1.2 of the OASIS KMIP standard. • What is OASIS KMIP standard ?
4. DELIVERS SIMPLE SECURE INTEGRATION WITH IBM STORAGE SYSTEMS • end-to-end security for key serving. • supports Federal Information Processing Standard(US gov. computer security). • There certain levels which enhance key security. for e.g : FIPS 140-2 Level 3 validated hardware
5. SPEEDS IMPLEMENTATION AND ENABLES INTEROPERABILITY • reduces operating costs, speeds implementation and enables interoperability with wizard-based assistance. • It allows administrators to quickly configure integration with multiple KMIP- and IPP- compatible devices and provides an administration welcome page that delivers critical notices. • solution offers a web-based GUI that helps ease key configuration and management tasks, including automating key provisioning, rotating keys and destroying keys.
KEY MANAGEMENT • A dynamic VPN provides additional security for your communications by using the Internet Key Exchange (IKE) protocol for key management. • A security association (SA) contains information that is necessary to use the IPSec protocols. For example, an SA identifies algorithm types, key lengths and lifetimes, participating parties, and encapsulation modes. • There are two phase. • Phase 1: • master secret from which subsequent cryptographic keys are derived in order to protect user data traffic. • VPN uses either RSA signature mode or preshared keys to authenticate phase 1 negotiations, as well as to establish the keys that protect the IKE messages that flow during the subsequent phase 2 negotiations.
• Negotiates the security associations and keys that protect the actual application data exchanges, no application data has actually been sent. Phase 1 protects the phase 2 IKE messages. • Once phase 2 negotiations are complete, your VPN establishes a secure, dynamic connection over the network and between the endpoints that you defined for your connection. All data that flows across the VPN is delivered with the degree of security and efficiency that was agreed on by the key servers during the phase 1 and phase 2 negotiation processes. PHASE 2:
Thank You

More Related Content

IBM Secret Key management protoco

  • 1. IBM SECRET-KEY MANGEMENT PROTOCOL PRESENTED BY (CRYPTAQUIRE) GAURI PATIL - 69 JIGAR CHAHUHAN - 17 JAYPRAKRASH CHAURASIA - 20 ROHIT CHAURASIA - 21 DIVYANG KHATRI - 47
  • 2. HISTORY • In late 1970,by IBM developed complete key management system for Communication and security purpose.(using symmetric key cryptography). • This protocol provides three things: secure communications between a server and several terminals, secure file storage at the server, and secure communication among servers.
  • 3. INTERNAL WORKING OF KEYS • The heart of the protocol is a tamper-resistant module, called a cryptographic facility. • The most important keys, those used to generate the actual encryption keys, are stored in this module. These keys can never be read once they are stored. And they are tagged by use: A key dedicated for one purpose cannot accidentally be used for another.
  • 5. A VARIATION • This scheme of master and session keys can be found in [1478]. • It’s built around network nodes with key notarization facilities that serve local terminals • Why it’s designed? Secure two way communication at any terminal. Secure communication using encrypted mail Personal file protection, digital signature capability.
  • 6. 1.Scheme uses keys generated in the key notarization facility and sent to the users encrypted under a master key 2.This key notarization feature is central to the system 3.A key could have only come from a particular source and could only be read at a particular destination
  • 7. BENEFITS OF KEY MANAGEMENT OF IBM 1.Centralized, transparent key management through provide secure storage of key material and the serving of keys at the time of use. 2. Simple, secure integration between data-at-rest storage systems and IBM Security Key Lifecycle Manager with the industry-standard KMIP protocol. 3.Reduces key management costs by automating the assignment and rotation of keys.
  • 8. FEATURES OF IBM SECURITY KEY LIFECYCLE MANAGER Enables multi-master clustering for flexibility, ease of use Provides more efficient and simplified key management Delivers simple secure integration with IBM storage systems Speeds implementation and enables interoperability Provides certified communications
  • 9. • IBM security key lifecycle manager supports multi-master clustering. • Give more flexibility, synchronized and delivered in real time. • More than 20 master may be synchronized at a time, allowing for hyper-redundancy and localized • Availability. • So keys are ready and available when and where they are needed. 1. ENABLES MUTI-MASTER CLUSTERING FOR FLEXIBILITY, EASE OF USE https://www.ibm.com/in-en/marketplace/ibm-security-key-lifecycle-manager
  • 10. 2.PROVIDES MORE EFFICIENT AND SIMPLIFIED KEY MANAGEMENT • This will allow manage the lifecycle of keys by automating the creation, import, distribution and back-up of keys. • generation and distribution from a centralized location and groups devices into separate domains for simpler key management. • supports role-based access control of administrative accounts.
  • 11. 3.PROVIDES CERTIFIED COMMUNICATIONS • Communications will be certified with the Storage Networking Industry Association Secure Storage Industry Forum (SNIA-SSIF) as compliant with version 1.2 of the OASIS KMIP standard. • What is OASIS KMIP standard ?
  • 12. 4. DELIVERS SIMPLE SECURE INTEGRATION WITH IBM STORAGE SYSTEMS • end-to-end security for key serving. • supports Federal Information Processing Standard(US gov. computer security). • There certain levels which enhance key security. for e.g : FIPS 140-2 Level 3 validated hardware
  • 13. 5. SPEEDS IMPLEMENTATION AND ENABLES INTEROPERABILITY • reduces operating costs, speeds implementation and enables interoperability with wizard-based assistance. • It allows administrators to quickly configure integration with multiple KMIP- and IPP- compatible devices and provides an administration welcome page that delivers critical notices. • solution offers a web-based GUI that helps ease key configuration and management tasks, including automating key provisioning, rotating keys and destroying keys.
  • 14. KEY MANAGEMENT • A dynamic VPN provides additional security for your communications by using the Internet Key Exchange (IKE) protocol for key management. • A security association (SA) contains information that is necessary to use the IPSec protocols. For example, an SA identifies algorithm types, key lengths and lifetimes, participating parties, and encapsulation modes. • There are two phase. • Phase 1: • master secret from which subsequent cryptographic keys are derived in order to protect user data traffic. • VPN uses either RSA signature mode or preshared keys to authenticate phase 1 negotiations, as well as to establish the keys that protect the IKE messages that flow during the subsequent phase 2 negotiations.
  • 15. • Negotiates the security associations and keys that protect the actual application data exchanges, no application data has actually been sent. Phase 1 protects the phase 2 IKE messages. • Once phase 2 negotiations are complete, your VPN establishes a secure, dynamic connection over the network and between the endpoints that you defined for your connection. All data that flows across the VPN is delivered with the degree of security and efficiency that was agreed on by the key servers during the phase 1 and phase 2 negotiation processes. PHASE 2:

Editor's Notes

  1. Just read all content
  2. Explain 2-3 lines on OASIS KMIP
  3. FIPS is us government security….there are certain level to enhance its security…
  4. IBM implement’s this features….