1. The document describes an IBM secret key management protocol that provides secure communication between servers and terminals. 2. It uses a tamper-resistant cryptographic facility to securely store the most important keys used to generate encryption keys. 3. The protocol establishes a master key that is used to generate session keys for encryption in a similar manner to the scheme described in a 1978 paper.

1. IBM SECRET-KEY
MANGEMENT PROTOCOL
PRESENTED BY (CRYPTAQUIRE)
GAURI PATIL - 69
JIGAR CHAHUHAN - 17
JAYPRAKRASH CHAURASIA - 20
ROHIT CHAURASIA - 21
DIVYANG KHATRI - 47

2. HISTORY
• In late 1970,by IBM developed complete key management system for
Communication and security purpose.(using symmetric key cryptography).
• This protocol provides three things: secure communications between a server and
several terminals, secure file storage at the server, and secure communication
among servers.

3. INTERNAL WORKING OF KEYS
• The heart of the protocol is a tamper-resistant module, called a cryptographic facility.
• The most important keys, those used to generate the actual encryption keys, are
stored in this module. These keys can never be read once they are stored. And they
are tagged by use: A key dedicated for one purpose cannot accidentally be used for
another.

4. KM0
(master key)
KM1 KM2

5. A VARIATION
• This scheme of master and session keys can be found in [1478].
• It’s built around network nodes with key notarization facilities that serve local
terminals
• Why it’s designed?
Secure two way communication at any terminal.
Secure communication using encrypted mail
Personal file protection, digital signature capability.

6. 1.Scheme uses keys
generated in the key notarization facility
and sent to the users encrypted under
a master key
2.This key
notarization feature is
central to the system
3.A key could have only come
from a particular source and
could
only be read at a particular
destination

7. BENEFITS OF KEY MANAGEMENT OF IBM
1.Centralized, transparent key management through provide secure storage of key
material and the serving of keys at the time of use.
2. Simple, secure integration between data-at-rest storage systems and IBM Security
Key Lifecycle Manager with the industry-standard KMIP protocol.
3.Reduces key management costs by automating the assignment and rotation of keys.

8. FEATURES OF IBM SECURITY KEY LIFECYCLE
MANAGER
Enables multi-master clustering for flexibility, ease of use
Provides more efficient and simplified key management
Delivers simple secure integration with IBM storage systems
Speeds implementation and enables interoperability
Provides certified communications

9. • IBM security key lifecycle manager supports multi-master clustering.
• Give more flexibility, synchronized and delivered in real time.
• More than 20 master may be synchronized at a time, allowing for hyper-redundancy
and localized
• Availability.
• So keys are ready and available when and where they are needed.
1. ENABLES MUTI-MASTER CLUSTERING
FOR FLEXIBILITY, EASE OF USE
https://www.ibm.com/in-en/marketplace/ibm-security-key-lifecycle-manager

10. 2.PROVIDES MORE EFFICIENT AND SIMPLIFIED
KEY MANAGEMENT
• This will allow manage the lifecycle of keys by automating the creation, import,
distribution and back-up of keys.
• generation and distribution from a centralized location and groups devices into
separate domains for simpler key management.
• supports role-based access control of administrative accounts.

11. 3.PROVIDES CERTIFIED COMMUNICATIONS
• Communications will be certified with the Storage Networking Industry Association
Secure Storage Industry Forum (SNIA-SSIF) as compliant with version 1.2 of the
OASIS KMIP standard.
• What is OASIS KMIP standard ?

12. 4. DELIVERS SIMPLE SECURE INTEGRATION
WITH IBM STORAGE SYSTEMS
• end-to-end security for key serving.
• supports Federal Information Processing Standard(US gov. computer security).
• There certain levels which enhance key security.
for e.g : FIPS 140-2 Level 3 validated hardware

13. 5. SPEEDS IMPLEMENTATION AND ENABLES
INTEROPERABILITY
• reduces operating costs, speeds implementation and enables interoperability with
wizard-based assistance.
• It allows administrators to quickly configure integration with multiple KMIP- and IPP-
compatible devices and provides an administration welcome page that delivers
critical notices.
• solution offers a web-based GUI that helps ease key configuration and management
tasks, including automating key provisioning, rotating keys and destroying keys.

14. KEY MANAGEMENT
• A dynamic VPN provides additional security for your communications by using the Internet Key Exchange
(IKE) protocol for key management.
• A security association (SA) contains information that is necessary to use the IPSec protocols. For
example, an SA identifies algorithm types, key lengths and lifetimes, participating parties, and
encapsulation modes.
• There are two phase.
• Phase 1:
• master secret from which subsequent cryptographic keys are derived in order to protect user data
traffic.
• VPN uses either RSA signature mode or preshared keys to authenticate phase 1 negotiations, as
well as to establish the keys that protect the IKE messages that flow during the subsequent phase 2
negotiations.

15. • Negotiates the security associations and keys that protect the actual application data
exchanges, no application data has actually been sent. Phase 1 protects the phase
2 IKE messages.
• Once phase 2 negotiations are complete, your VPN establishes a secure,
dynamic connection over the network and between the endpoints that you
defined for your connection. All data that flows across the VPN is delivered
with the degree of security and efficiency that was agreed on by the key
servers during the phase 1 and phase 2 negotiation processes.
PHASE 2:

16. Thank You