Key Management Service on Ericsson Labs

2,846 views
2,750 views

Published on

https://labs.ericsson.com/apis/key-management-service/

With the Key Management Service, two parties can establish a shared secret key via an easy-to-use API. The service provides strong, mutual authentication and the shared key can be used to secure any type of communication including voice calls, conferencing, video, chat, immediate messaging, file transfer, and so forth.

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total views
2,846
On SlideShare
0
From Embeds
0
Number of Embeds
125
Actions
Shares
0
Downloads
20
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Key Management Service on Ericsson Labs

  1. 1. key management service A labs.ericsson.com API https://labs.ericsson.com/apis/key-management-service/
  2. 2. Key management service› Secure P2P service› This service allows two clients to establish a shared secret key via an easy-to-use API› The key can be used to secure all types of peer-to-peer communication e.g. voice calls, conferencing, video, chat, immediate messaging, file transfer, etc.› Since MWSB (GBA) is used for bootstrapping, nothing new needs to be managed or distributed© Ericsson AB 2010 | Page 2
  3. 3. WHY key management service?› Existing security enablers (MWSB and Oauth2) are client- server – not peer-to-peer› Currently key management for P2P is complicated and therefore not used› The Secure P2P enabler gives app developers an easy-to- use API› Extensibility – can be used to secure any type of P2P communication› Standard – recently standardized in 3GPP and IETF© Ericsson AB 2010 | Page 3
  4. 4. Overview© Ericsson AB 2010 | Page 4
  5. 5. C API Usage› An easy-to-use C library is available on the Ericsson Labs portal› The library handles message creation/parsing and the communication with the KMS› As a developer, all you need to do is: – Setup the Initiator and Responder – Deliver the Initiator’s initmsg (output by the library) to the Responder – Deliver the Responder’s respmsg (also output by the library) to the Initiator› Once the above is done, the shared key can be retrieved by calling the function getKey()© Ericsson AB 2010 | Page 5
  6. 6. C API usage – Initiatorclient_t *initiator;char *initmsg, *respmsg;unsigned char key[KEY_LEN];// Setup the Initiator KMS clientinitiator = client_init(IMPI_I, IMPU_I, KEY_I, APIKEY, HTTP-PROXY);initmsg = create_transfer_init(initiator);< application specific: initmsg is sent and respmsg is received >parse_transfer_resp(initiator, respmsg);get_key(initiator, key);< Use key to secure Initiator-Responder communication > Note: The Initiator IMPI, IMPU, and key are obtained via the MWSB API at Ericsson Labs© Ericsson AB 2010 | Page 6
  7. 7. C API usage – Responderclient_t *responder;char *respmsg, *initmsg;unsigned char key[KEY_LEN];// Setup the Responder KMS clientresponder = client_init(IMPI_R, IMPU_R, KEY_R, APIKEY, HTTP-PROXY);< application specific: initmsg is received from Initiator >respmsg = parse_transfer_init(responder, initmsg)< application specific: respmsg is sent to Initiator >get_key(responder, key);< Use key to secure Initiator-Responder communication > Note: The Responder IMPI, IMPU, and key are obtained via the MWSB API at Ericsson Labs© Ericsson AB 2010 | Page 7
  8. 8. Example applications Secure messaging Secure video Secure voice Secure chat Secure conferencing Secure file transfer Any application requiring confidentiality, authentication, or integrity© Ericsson AB 2010 | Page 8
  9. 9. © Ericsson AB 2010 | Page 9

×