Key Management Service on Ericsson Labs

key management service A labs.ericsson.com API https://labs.ericsson.com/apis/key-management-service/

Key management service› Secure P2P service› This service allows two clients to establish a shared secret key via an easy-to-use API› The key can be used to secure all types of peer-to-peer communication e.g. voice calls, conferencing, video, chat, immediate messaging, file transfer, etc.› Since MWSB (GBA) is used for bootstrapping, nothing new needs to be managed or distributed© Ericsson AB 2010 | Page 2

WHY key management service?› Existing security enablers (MWSB and Oauth2) are client- server – not peer-to-peer› Currently key management for P2P is complicated and therefore not used› The Secure P2P enabler gives app developers an easy-to- use API› Extensibility – can be used to secure any type of P2P communication› Standard – recently standardized in 3GPP and IETF© Ericsson AB 2010 | Page 3

Overview© Ericsson AB 2010 | Page 4

C API Usage› An easy-to-use C library is available on the Ericsson Labs portal› The library handles message creation/parsing and the communication with the KMS› As a developer, all you need to do is: – Setup the Initiator and Responder – Deliver the Initiator’s initmsg (output by the library) to the Responder – Deliver the Responder’s respmsg (also output by the library) to the Initiator› Once the above is done, the shared key can be retrieved by calling the function getKey()© Ericsson AB 2010 | Page 5

C API usage – Initiatorclient_t *initiator;char *initmsg, *respmsg;unsigned char key[KEY_LEN];// Setup the Initiator KMS clientinitiator = client_init(IMPI_I, IMPU_I, KEY_I, APIKEY, HTTP-PROXY);initmsg = create_transfer_init(initiator);< application specific: initmsg is sent and respmsg is received >parse_transfer_resp(initiator, respmsg);get_key(initiator, key);< Use key to secure Initiator-Responder communication > Note: The Initiator IMPI, IMPU, and key are obtained via the MWSB API at Ericsson Labs© Ericsson AB 2010 | Page 6

C API usage – Responderclient_t *responder;char *respmsg, *initmsg;unsigned char key[KEY_LEN];// Setup the Responder KMS clientresponder = client_init(IMPI_R, IMPU_R, KEY_R, APIKEY, HTTP-PROXY);< application specific: initmsg is received from Initiator >respmsg = parse_transfer_init(responder, initmsg)< application specific: respmsg is sent to Initiator >get_key(responder, key);< Use key to secure Initiator-Responder communication > Note: The Responder IMPI, IMPU, and key are obtained via the MWSB API at Ericsson Labs© Ericsson AB 2010 | Page 7

Example applications Secure messaging Secure video Secure voice Secure chat Secure conferencing Secure file transfer Any application requiring confidentiality, authentication, or integrity© Ericsson AB 2010 | Page 8

http://paper.li	88
http://us-w1.rockmelt.com	11
http://twitter.com	7
http://www.linkedin.com	4

Key Management Service on Ericsson Labs

by Ericsson Labs

Accessibility

Categories

Upload Details

Usage Rights

4 Embeds 110

Statistics

Key Management Service on Ericsson Labs Presentation Transcript