Informing AAA about what lower layer protocol is carrying EAP

Slides:

Advertisements

Similar presentations

Protocol carrying Authentication for Network Access (PANA) Subir Das/Basavaraj Patil Telcordia Technologies Inc./Nokia 12/14/2001.

Advertisements

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.

AAA-Mobile IPv6 Frameworks Alper Yegin IETF Objective Identify various frameworks where AAA is used for the Mobile IPv6 service Agree on one (or.

ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

November 10, 2003EAP WG, IETF 581 EAP State Machines (draft-ietf-eap-statemachine-01) John Vollbrecht, Pasi Eronen, Nick Petroni, Yoshihiro Ohba.

1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.

EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.

July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...

EAP Authentication for SIP & HTTP V. Torvinen (Ericsson), J. Arkko (Ericsson), A. Niemi (Nokia),

EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao

EAP Extensions for EAP Early Authentication Protocol (EEP) Hao Wang, Yang Shi, Tina Tsou.

Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.

1 Background and Introduction. 2 Outline History Scope Administrative.

PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.

AAA Services Authentication -Who ? -Management of the user’s identity Authorization -What can the user do? -Management of the granted services Accounting.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

CSE 8343 State Machines for Extensible Authentication Protocol Peer and Authenticator.

2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba Alper Yegin

Basic User Registration Protocol BoF Basavaraj Patil/Nokia Subir Das/Telcordia Technologies IETF-50 March 20, 2001.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

1 Network Selection Problem Definition Draft-ietf-eap-netsel-problem-01.txt Jari Arkko Bernard Aboba.

Diameter Mobile IPv6: HA-to-AAAH support draft-ietf-dime-mip6-split-01.txt Julien Bournelle (Ed.) Gerardo Giaretta Hannes Tschofenig Madjid Nakhjiri.

1 GDOI Changes to Update Draft draft-ietf-msec-gdoi-update-01 Sheela Rowles Brian Weis.

August 2, 2005IETF63 EAP WG AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) Yoshihiro Ohba (Toshiba) Mayumi.

1 Extensible Authentication Protocol (EAP) Working Group IETF-57.

MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.

San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.

August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen.

EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.

CAPWAP Threat Analysis

Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00

Module 9: Configuring Network Access

Virtual Private Networks

<draft-ohba-pana-framework-00.txt>

Virtual Private Networks

Virtual Private Network (VPN)

Virtual Private Network

Open issues with PANA Protocol

RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt

Microsoft Windows NT 4.0 Authentication Protocols

EAP State Machines (draft-vollbrecht-eap-state-04.txt,ps)

Diameter NASreq (RFC 4005) and RADIUS Compatibility

AAA and AAAS URI Miguel A. Garcia draft-garcia-dime-aaa-uri-00.txt

Carrying Location Objects in RADIUS

Bert Greevenbosch, ACE comparison Bert Greevenbosch, draft-greevenbosch-ace-comparison.

for IP Mobility Protocols

Jari Arkko Bernard Aboba

ERP extension for EAP Early-authentication Protocol (EEP)

AAA Support for ERP draft-gaonkar-radext-erp-attrs

Radius Attribute for MAP draft-jiang-softwire-map-radius-03

Network Selection Issues

Authentication Authorization Accounting(AAA) Protocol

Securing Access to Mobile Operator Core Networks using IKEv2

Virtual Private Network (VPN)

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

SECURING WIRELESS LANS WITH CERTIFICATE SERVICES

IETF Network Discovery and Selection Overview

TGr Authentication Framework

Mobile IP Regional Registration

Security Activities in IETF in support of Mobile IP

TGr Authentication Framework

Diameter ABFAB Application

Presentation transcript:

Informing AAA about what lower layer protocol is carrying EAP Nov 2004 at IETF-61 Jari.Arkko@ericsson.com

The Problem The AAA (EAP) server receives two authentication requests with no knowledge of which service originated it Home Network Access Network AAA server Client VPN gateway AAA protocol is Diameter or RADIUS VPN gateway uses IKEv2 in EAP mode

The Solution Lower layer: 802.1X Lower layer: IKEv2 The EAP lower layer attribute indicates the EAP server the service that originated the authentication Lower layer: 802.1X Home Network Access Network AAA server Client VPN gateway Lower layer: IKEv2 The EAP server can take proper decision according to the EAP lla (authorize, reject, etc.)

The Alternatives New values for NAS-Port-Type or Service-Type A standalone attribute (draft-mariblanca) A combination of NAS-Port-Type and something else NAS-Port-Type = 802.11/PANA/Virtual If Virtual, then we describe the specific protocol using either (a) RFC 2868 Tunnel-Type and Tunnel-Medium-Type (b) A new attribute NAS-Virtual-Port-Type Values: IKEv2, … Does the mandatory tunneling and incoming virtual protocol usage conflict?