NIST conducted a two-day Key Management Workshop on September 10-11. The subject of the workshop was the technical and administrative aspects of Cryptographic Key Management Systems (CKMSs) that existed at the time and what would be required for U.S. Federal use in the future. On the first day, DRAFT NIST Special Publication 800-130 ("A Framework for Designing CKMS") and DRAFT NIST Special Publication 800-152 ("A Profile for U.S. Federal CKMS") were reviewed and comments were solicited from the workshop participants on the DRAFT documents. The second day focused on CKMS capabilities in future security products and services in new U.S. Federal Information Systems. Input from Workshop participants was solicited regarding the utility and feasibility of these capabilities as well as suggestions for other technical capabilities required in future CKMSs.
*NEW!* Summary of the Workshop on Cryptographic Key Management Systems
Webcast
The event was webcast live September 10 and 11. The link to the webcast is no longer available.
Related: Cryptographic Key Management Project
Reference Documentation: Copies of NIST SP 800-130 and NIST SP 800-152 will not be available at the workshop. If you'd like to reference either document while at the workshop, please print a copy to bring along.
Monday, September 10, 2012 | |
9:00am - 9:15am | Welcome and administrative information – Elaine Barker, NIST |
9:15am - 10:00am | Key Management in Historical Perspective – Whitfield Diffie |
10:00am - 11:15am | Review NIST SP 800-130 goals, audience, anticipated benefits and potential impacts; summarize CKMS design requirements and how they can be satisfied – Miles Smid, NIST Guest Researcher |
11:15am - 11:35am | Break |
11:35am - 12:00pm | Discussion of NIST SP 800-130, participant recommendations for improving the document, CKMS and domain security policies, CKMS market forces – Miles Smid, NIST Guest Researcher |
12:00pm - 12:30pm | NIST SP 800-130 to Evaluate Existing Systems – Tony Stieber |
12:30pm - 1:30pm | Lunch |
1:30pm - 2:00pm | Review the NIST SP 800-152 goals, its intended audience and scope, the differences between the Framework and the Profile, and their anticipated uses– Elaine Barker, NIST |
2:00pm - 3:00pm | Discuss the draft requirements for NIST SP 800-152 – Elaine Barker, Miles Smid, Dennis Branstad |
3:00pm - 3:30pm | Break |
3:30pm - 5:00pm | Discussion of NIST SP 800-152 requirements (continued) – Elaine Barker, Miles Smid, Dennis Branstad |
Tuesday, September 11, 2012 | |
Moderator: Bill Newhouse, NIST | |
9:00am - 9:30am | Welcome and Leap-ahead Inspirational Talk – Tim Polk, NIST |
9:30am - 10:00am | Security Policies as a Foundation for Cryptographic Key Management – Dennis Branstad, NIST Guest Researcher |
10:00am - 10:30am | How to Balance Privacy and Key Management in User Authentication – Anna Lysyanskaya, Brown University |
10:30am - 11:00am | Break |
11:00am - 11:30am | Key Centric Identity and Privilege Management – Paul Lambert, Marvell |
11:30am - 12:00pm | Wireless/Mobile Applications – Lily Chen, NIST |
12:00pm - 12:30pm | Securely Managing Cryptographic Keys used within a Cloud Environment – Sarbari Gupta, Electrosoft |
12:30pm - 1:30pm | Lunch |
1:30pm - 2:00pm | Random Bit Generation Using SP 800-90 – Elaine Barker, NIST |
2:00pm - 2:30pm | Secure Key Storage and True Random Number Generation – An Overview - Rene Struik, Struik Security Consultancy |
2:30pm - 3:00pm | Designing Key Management with Usability in Mind – Mary Theofanos, NIST |
3:00pm - 3:30pm | Break |
3:30pm - 4:15pm | Panel: Cross-Domain Interactions: Scenarios and Solutions – Bob Griffin, RSA; John Leiseboer, Quintessence Labs; and Saikat Saha, SafeNet |
4:15pm - 4:45pm | Key Management Challenges of Derived Credentials and Techniques for Addressing Them – Francisco Corella, Pomcor |
4:45pm - 5:00pm | Workshop Wrap-Up - Tim Polk, NIST |
Call for Presentations
During the development of SP 800-130 (the Key Management Framework) and SP 800-152 (the Profile document), NIST identified a number of properties as particularly hard problems associated with secure Cryptographic Key Management Systems (CKMS). These problems include:
- Cryptographic
- Agility
- Scalability
- Anonymity
- Unlinkability
- Unobservability
- Usability
- Compromise recovery
- Multi-level security domains
- Negotiating and enforcing domain security policies, including a Policy Language for enabling negotiation and enforcement
- Interaction between domains, each with its own security policies
The second day of the workshop will focus on these and other hard problems. NIST requests the submission of abstracts for presentation about these and other problems associated with key management systems. These submissions should be no longer than two paragraphs in length and should be submitted to kmwquestions [at] nist.gov by August 6th.