I-D Action: draft-olivereau-sake-mikey-ticket-00.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : Server-Assisted Key Exchange (SAKE): A new mode for MIKEY-TICKET
	Author(s)       : Alexis Olivereau
                          Aymen Boudguiga
                          Nouha Oualha
	Filename        : draft-olivereau-sake-mikey-ticket-00.txt
	Pages           : 11
	Date            : 2013-10-21

Abstract:
   A key establishment protocol intended to run between constrained
   devices has to be both lightweight and secure.  Among the existing
   key establishment families (key agreement, key transport, server-
   assisted key transport or key distribution), the latter is the best
   candidate for constrained devices, since it can keep cryptographic
   operations simple at nodes sides.  Nevertheless, most key
   distribution protocols exhibit an asymmetric design, since they are
   supposed to run between devices playing well-defined client and
   server roles, implying different security assumptions between the
   devices involved in the exchange.

   MIKEY-Ticket is a key distribution protocol that specifies new modes
   for the Multimedia Internet KEYing (MIKEY) protocol.  It answers
   situations where the network contains a trusted third party (one or
   multiple trusted key management servers).  The general MIKEY-Ticket
   mode is a key distribution scheme relying on six messages exchanged
   between the node initiating the protocol (Initiator), the Key
   Management Server (KMS) and the responding node (Responder).  This
   general mode assumes that the two parties establishing a key with
   each other play similar roles, with the only exception that one is
   the Initiator and the other one the Responder.

   However, this mode suffers from a risk of a Denial of Service (DoS)
   inherited from the protocol design.  In addition, the protocol syntax
   involves very large messages that would have to be fragmented, and
   would therefore not be convenient to communications between
   constrained nodes.  In this document, we propose a new MIKEY-Ticket
   mode that solves the risk of DoS during the key establishment between
   the Initiator and the Responder, relies on a 5-message exchange
   instead of a 6-message one and bases on a simplified syntax, leading
   to lighter messages.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-olivereau-sake-mikey-ticket

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-olivereau-sake-mikey-ticket-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt




[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux