Weitere ähnliche Inhalte Mehr von Ericsson Labs (20) Kürzlich hochgeladen (20) Key Management Service on Ericsson Labs1. key management
service
A labs.ericsson.com API
https://labs.ericsson.com/apis/key-management-service/
2. Key management service
› Secure P2P service
› This service allows two clients to establish a shared
secret key via an easy-to-use API
› The key can be used to secure all types of peer-to-peer
communication e.g. voice calls, conferencing, video, chat,
immediate messaging, file transfer, etc.
› Since MWSB (GBA) is used for bootstrapping, nothing
new needs to be managed or distributed
© Ericsson AB 2010 | Page 2
3. WHY key management service?
› Existing security enablers (MWSB and Oauth2) are client-
server – not peer-to-peer
› Currently key management for P2P is complicated and
therefore not used
› The Secure P2P enabler gives app developers an easy-to-
use API
› Extensibility – can be used to secure any type of P2P
communication
› Standard – recently standardized in 3GPP and IETF
© Ericsson AB 2010 | Page 3
5. C API Usage
› An easy-to-use C library is available on the Ericsson Labs
portal
› The library handles message creation/parsing and the
communication with the KMS
› As a developer, all you need to do is:
– Setup the Initiator and Responder
– Deliver the Initiator’s initmsg (output by the library) to the Responder
– Deliver the Responder’s respmsg (also output by the library) to the
Initiator
› Once the above is done, the shared key can be retrieved
by calling the function getKey()
© Ericsson AB 2010 | Page 5
6. C API usage – Initiator
client_t *initiator;
char *initmsg, *respmsg;
unsigned char key[KEY_LEN];
// Setup the Initiator KMS client
initiator = client_init(IMPI_I, IMPU_I, KEY_I, APIKEY, HTTP-PROXY);
initmsg = create_transfer_init(initiator);
< application specific: initmsg is sent and respmsg is received >
parse_transfer_resp(initiator, respmsg);
get_key(initiator, key);
< Use key to secure Initiator-Responder communication >
Note: The Initiator IMPI, IMPU, and key are obtained via the MWSB API at Ericsson Labs
© Ericsson AB 2010 | Page 6
7. C API usage – Responder
client_t *responder;
char *respmsg, *initmsg;
unsigned char key[KEY_LEN];
// Setup the Responder KMS client
responder = client_init(IMPI_R, IMPU_R, KEY_R, APIKEY, HTTP-PROXY);
< application specific: initmsg is received from Initiator >
respmsg = parse_transfer_init(responder, initmsg)
< application specific: respmsg is sent to Initiator >
get_key(responder, key);
< Use key to secure Initiator-Responder communication >
Note: The Responder IMPI, IMPU, and key are obtained via the MWSB API at Ericsson Labs
© Ericsson AB 2010 | Page 7
8. Example applications
Secure messaging
Secure video Secure voice
Secure chat
Secure conferencing
Secure file transfer
Any application requiring confidentiality, authentication, or integrity
© Ericsson AB 2010 | Page 8