Embed Size (px)
DESCRIPTION
333 What is exchanged out-of-band? The ‘entity label’ for the service consumer Generalized: some configuration information A piece of keying information to be used Raw symmetric key Raw public key Fingerprints of public key A set of permissions for operations for the service consumer Authorization for the impending enrollment (from the charter)
Citation preview
222
Introduction
• Enrollment protocols already exist
CMC, CMP, others
• All of these depend on undefined Out-of-Band steps
“problem”
• Trusted Transitive Introduction (TTI) is a proposed model for this Out-of-Band exchange
333
What is exchanged out-of-band?
• The ‘entity label’ for the service consumer Generalized: some configuration information
• A piece of keying information to be usedRaw symmetric keyRaw public keyFingerprints of public key
• A set of permissions for operations for the service consumer
Authorization for the impending enrollment
(from the charter)
444
Out-of-Band Introduction
Petitioner
The device joining a secure domain. “client”
Registrar
The authentication & authorization infrastructure of the secure domain. “server”
Post Introduction
Secure Communication
The introduction via a phone call, email, floppy disk, in house provisioning system, smartcard, etcExisting
authentication and authorization infrastructure between user/ administrator and Petitioner device
Existing authentication
and authorization infrastructure between user/ administrator and Registrar
device
555
Transitive Trusted Introduction (TTI)
Introducer
Performs the introduction. “user”
Post Introduction
Secure Communication
Introduction is not a negotiation, order does not matter!
Existing authentication and authorization infrastructure between user/ administrator and Petitioner device
Existing authentication
and authorization infrastructure between user/ administrator and Registrar
devicePetitioner
The device joining a secure domain. “client”
Registrar
The authentication & authorization infrastructure of the secure domain. “server”
666
EXAMPLE: Joining device to a service
Petitioner Registrar
Post Introduction
Secure Communication
1. Device is purchased.
2. Configuration of device by owner.
3. Device is introduced to a network server.User
service provider
Introduction Data exchanged:Service Provider Key material collectedConfiguration information (e.g. enrollment URL) collectedPetitioner Introduction Data sent
Introduction Data exchanged:Petitioner Key material collectedConfiguration information collected (e.g. capabilities)Registrar Introduction Data sent
Introducer
777
Imprinting
• New devices IMPRINT on the first infrastructure they meet
From a pure model perspective this is entirely true. There is no alternative.
• Any out-of-band mechanism depends on the admin/user using this imprint for initial configuration anyway
888
Summary—Introduction, Introduction, Introduction
• Introduction is the hard part of enrollment• Introduction can happen in different orders
Before any enrollment protocol there is an introduction exchange that takes place. This has been characterized as an "out-of-band" exchange of data and has normally been identified as out-of-scope. It is my argument that it is in scope and can be best solved using the Trusted Transitive Introduction model.
• This WG should work on an introduction protocol
999
EXTRA SLIDES TO FOLLOW
• Below is an example of using TTI to introduce a VPN network device to a corporate VPN network.
• These slides show a Cisco SOHO device instantiation of the TTI model.
101010
Browser based TTI of a VPN device
• WelcomeThe HTML form(s) displayed by the Petitioner
• IntroductionThe HTML form(s) displayed by the Authority
• CompletionThe final HTML form(s) displayed by the Petitioner
User Interface ‘wizard’ just to show how easy this can be for a user
111111
Welcome phase
121212
Introduction phase
Mfgr CertSerial Number
Enter serial number from the back of the device:
131313
Completion phase
