August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen.

Slides:



Advertisements
Similar presentations
Protocol carrying Authentication for Network Access (PANA) Subir Das/Basavaraj Patil Telcordia Technologies Inc./Nokia 12/14/2001.
Advertisements

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
EAP-Only Authentication in IKEv2 draft-eronen-ipsec-ikev2-eap-auth
Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.
August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
1 Role of Authorization in Wireless Network Security Pasi Eronen Jari Arkko November 3, 2004 This document has been produced partially in the context of.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das
Security Association Establishment for Handover Protocols Jari Arkko Ericsson Research NomadicLab.
Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.
November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Problem Statement for Authentication Signaling Optimization Date.
IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt
November 10, 2003EAP WG, IETF 581 EAP State Machines (draft-ietf-eap-statemachine-01) John Vollbrecht, Pasi Eronen, Nick Petroni, Yoshihiro Ohba.
Slide 1/4 03/29/ rd IETF Paris, France, March 25-30, 2012 “EAP support in smartcards” draft-urien-eap-smartcard-22.txt.
1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.
EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
July 16, 2003AAA WG, IETF 571 EAP Keying Framework Draft-aboba-pppext-key-problem-07.txt EAP WG IETF 57 Vienna,
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
EAP Extensions for EAP Early Authentication Protocol (EEP) Hao Wang, Yang Shi, Tina Tsou.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
1 Background and Introduction. 2 Outline History Scope Administrative.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
1 Network Selection Problem Definition Draft-ietf-eap-netsel-problem-01.txt Jari Arkko Bernard Aboba.
IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.
Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.
DHCPv4/v6 Proxy IETF 67 DHC WG -- San Diego, USA 5-10 Nov draft-sarikaya-dhc-proxyagent-00.txt.
DHCP options for PAA Status report of draft-ietf-dhc-paa-option-01.txt Lionel Morand IETF-65, Dallas.
San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.
IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)
Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.
Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.
August 2, 2005IETF63 EAP WG AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) Yoshihiro Ohba (Toshiba) Mayumi.
1 Extensible Authentication Protocol (EAP) Working Group IETF-57.
IETF66 PANA WG Problem Statement for a time-basis accounting in an "always-on“ Broadband scenario R. Maglione - Telecom Italia
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Liaison Report Date Submitted: September 20, 2007 Presented.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-05.txt Bernard Aboba Microsoft IETF 62, Minneapolis, MN.
Thoughts on Bootstrapping Mobility Securely Chairs, with help from James Kempf, Jari Arkko MIP6 WG/BOF 57 th IETF Vienna Wed. July 16, 2003.
CAPWAP Threat Analysis
Informing AAA about what lower layer protocol is carrying EAP
Open issues with PANA Protocol
RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt
Carrying Location Objects in RADIUS
Jari Arkko, Henry Haverinen, Joseph Salowey (presented by Pasi Eronen)
for IP Mobility Protocols
Jari Arkko Bernard Aboba
Discussions on FILS Authentication
Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008
EAP/SIM and EAP/AKA draft-haverinen-pppext-eap-sim-12: based on GSM authentication draft-arkko-pppext-eap-aka-11: based on UMTS authentication No open.
MAC Address Hijacking Problem
Fujio Watanabe, Moo Ryong Jeong, Toshiro Kawahara
IETF Network Discovery and Selection Overview
802.11i Bootstrapping Using PANA
Presentation transcript:

August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen

August 4, 2004EAP WG, IETF 602 Background EAP does not have a concept of service (NAS) identity (identifier) –Since there’s no identitifier, it’s not authenticated to the client This leads to a ”2.5 party protocol” –Client is talking to some NAS trusted by the AAA server –Trivial consequence: compromised NAS can impersonate any other NAS

August 4, 2004EAP WG, IETF 603 Solution Part 1: Channel bindings –Send integrity-protected identifier inside EAP method Part 2: AAA server verifies that this identifier “belongs” to the node it’s sending MSK to

August 4, 2004EAP WG, IETF 604 Questions What identifier? –SSID –BSSID –AP IP address –AP DNS name –Human-readable “network name” Which direction?

August 4, 2004EAP WG, IETF 605 This draft Method-independent, extensible container for service identifiers Identifiers for some EAP lower layers –802.11, PPP, PANA, IKEv2 AVPs to send this container in some EAP methods –EAP-TLS, PEAPv2, EAP-SIM, EAP-AKA

August 4, 2004EAP WG, IETF 606 Example: Identifiers for Service_Type = IEEE i Service_Provider = “Joe’s Coffee Shop, Heathrow airport, London, UK” 802_11_SSID = joecoffee 802_11_BSSID = 11:22:33:44:55:66 802_11_Protection_Mechanism = i

August 4, 2004EAP WG, IETF 607 Example: EAP-TLS Add extension to ClientHello & ServerHello messages

August 4, 2004EAP WG, IETF 608 What next? Comment welcome!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.