• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Network Security

Labs Key Management Toolkit

TIS Labs has been developing a toolkit for "Key Management and Distribution" over the last several years. The development of the architecture considers a number of areas as they relate to the set of protocols used in the Internet. The Internet Engineering Task Force (IETF) is the principal activity that establishes and publishes standards for Internet protocols. Over the past several years, the IETF has defined security capabilities for several common Internet protocols. In many cases, the defined security capabilities provided essentially no useful management and distribution for cryptographic keys even when the protocols depended on cryptographic functions. When security capabilities included some form of key management and distribution, it was only used by a single protocol. Additionally, available reference implementations do not provide useful human interfaces for essential key management functions, e.g., loading keys into a system. These limitations are impeding the fielding and use of protocols with security capabilities in the Internet. The Key Management and Distribution Toolkit( KMT )is intended to fill these gaps which should stimulate the effective fielding and use of new Internet security capabilities. The focus for the development of the KMT is on Internet requirements for key management and distribution.

KMT Graphical User Interface
The KMT Graphical User Interface (GUI) implements the user interface for key management and distribution. Included below is a screen shot of the main KMT GUI application. The KMT GUI application was written in Java with the intent of portability across operating systems.

NAI TIS Labs has specified a Key Management and Distribution Architecture that supports a broad range of network security services, promotes interoperability and minimizes the need for duplication of key management and distribution functions in various protocols. The need for keys and certificates to represent individuals, sessions, hosts, infrastructure and other components as well as the need for multiple representations and authorizations are being addressed. Due to their anticipated wide spread use and importance for increasing Internet security, NAI TIS Labs focused its activities on the Domain Name System Security Extensions (DNSSEC) protocol, the Internet Protocol Security Extensions (IPSEC), and the Internet Security Association and Key Management Protocol (ISAKMP). The target audience for this toolkit includes researchers and developers wishing to incorporate key management in their projects.

The KMT (Key Management and Distribution Toolkit) consists of two primary components:

1. Source code library of comprehensive functions to create, maintain, retrieve and use cryptographic keys.
2. KMT application for users to maintain their own key databases, including a graphical user interface.

The guiding principle in the design of the KMT library (libkmt) is to provide an interface that is simple and easy to use. At the same time, libkmt is intended to be a comprehensive library that acts as middle-ware for a number of crypto packages and key distribution mechanisms as well as providing key publication functions. To allow users to store an arbitrarily large number of keys in their private database, libkmt uses the Berkeley db package as the database engine. The user tools, especially the GUI, are designed to provide the ability to use the capabilities of KMT outside of a particular application, and to demonstrate the use of KMT.