cross-domain security interactions: scenarios and … › csrc › media › events ›...
TRANSCRIPT
![Page 1: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/1.jpg)
Insert presenter logo here
NIST Key Management Workshop
Session ID:
NIST Key Management Workshop
Bob Griffin, RSA John Leiseboer, Quintessence Labs Saikat Saha, SafeNet
Cross-Domain Security Interactions: Scenarios and Solutions
Advanced
AC 1003
![Page 2: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/2.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop Agenda
Cross-domain use cases and issues Cloud key management Hardware Security Modules Quantum Key Distribution
Discussion
![Page 3: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/3.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Common Security Issues in Cross-Domain Key Interactions
Trust establishment (contractual and on-line) Ownership of keys Protection of keys at rest Protection of keys in transit Propagating key policy Negotiating key policy Managing access to keys Managing key life-cycle Visibility of key-related services and infrastructure Proof of possession
![Page 4: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/4.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Defining Cloud Key Management Models
Enterprise • Keys created, used, stored and managed by
enterprise Hybrid
• Keys created, stored and managed by enterprise, but used by CSP
CSP • Keys created, used, stored and managed by
CSP
![Page 5: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/5.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Cloud Service Provider
App Data
Enterprise IT
Key Server
HSM
Hybrid Key Management Application
Users CSP Administrators
Enterprise Administrators
Enterprise App
Key DB vSphere
![Page 6: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/6.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Cross-Domain Security Issues in Cloud Key Interactions
Trust establishment (contractual and on-line) Ownership of keys Protection of keys at rest Protection of keys in transit Propagating key policy Negotiating key policy Managing access to keys Managing key life-cycle Visibility of key-related services/infrastructure Proof of possession
![Page 7: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/7.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop Agenda
Cross-domain use cases and issues Cloud key management Hardware Security Modules QKD
Discussion
![Page 8: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/8.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop A Hardware Security Module is…
…a dedicated crypto processor…
…designed for protection of the crypto key lifecycle… …validated for security by third parties… …a Trust Anchor…
![Page 9: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/9.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop Virtualized Hardware Security Modules
Designed for Multi-tenancy
![Page 10: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/10.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Divisional Applications
Enterprise IT
Key Server
HSM
HSM/KM in Separate Domain from Apps Application
Users Application
Administrators
HSM Administrators
Key DB
App Data Divisional App
vSphere
HSM isolated from cross-domain issues
![Page 11: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/11.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Divisional Applications
Enterprise IT
HSM
HSM in Separate Domain from KM Application
Users Application
Administrators
HSM Administrators
App Data Divisional App
vSphere
Key Server
Key DB
![Page 12: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/12.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Cross-Domain Security Issues in HSM Interactions
Trust establishment (contractual and on-line) Ownership of keys Protection of keys at rest Protection of keys in transit Propagating key policy Negotiating key policy Managing access to keys Managing key life-cycle Visibility of key-related services and infrastructure Proof of possession
![Page 13: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/13.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop Agenda
Cross-domain use cases and issues Cloud key management Hardware Security Modules QKD
Discussion
![Page 14: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/14.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop Quantum Key Distribution
14
Raw key: True random Final key: Secure, secret, replicated, synchronised true random
QKD
![Page 15: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/15.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop Key Streams and Periodic Keys
15
Server: Replicated, synchronised keys across domain boundaries Client: KMIP operations with key server in same domain
![Page 16: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/16.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop Individual Keys
16
Server: Replicated, synchronised keys across domain boundaries Client: KMIP operations with key servers in different domains
![Page 17: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/17.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Cross-Domain Security Issues in QKD Interactions
Trust establishment (contractual and on-line) Ownership of keys Protection of keys at rest Protection of keys in transit Propagating key policy Negotiating key policy Managing access to keys Managing key life-cycle Visibility of key-related services and infrastructure Proof of possession
![Page 18: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/18.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Open Discussion of Cross-Domain Security Issues Trust establishment (contractual and on-line) Ownership of keys Protection of keys at rest Protection of keys in transit Propagating key policy Negotiating key policy Managing access to keys Managing key life-cycle Visibility of key-related services / infrastructure Proof of possession
![Page 19: Cross-Domain Security Interactions: Scenarios and … › csrc › media › events › cryptographic...Cross-Domain Security Interactions: Scenarios and Solutions Advanced AC 1003](https://reader033.vdocument.in/reader033/viewer/2022060315/5f0bbc0f7e708231d431f4c9/html5/thumbnails/19.jpg)
Insert presenter logo here
NIST Key Management Workshop
NIST Key Management Workshop
Thank you!