EAP-GEE Lakshminath Dondeti Vidya Narayanan

Slides:

Advertisements

Similar presentations

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

Advertisements

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Chapter 17 TACACS+.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

ICN Hop-By-Hop Fragmentation Marc Mosko Palo Alto Research Center Christian Tschudin University of Basel

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Proposal for IEEE Study Group on Security Signaling Optimization.

November 10, 2003EAP WG, IETF 581 EAP State Machines (draft-ietf-eap-statemachine-01) John Vollbrecht, Pasi Eronen, Nick Petroni, Yoshihiro Ohba.

Universal, Ubiquitous, Unfettered Internet © ui.com Pte Ltd Mobile Internet Protocol under IPv6 Amlan Saha 3UI.COM Global IPv6 Summit,

Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

4: Network Layer4b-1 IPv6 r Initial motivation: 32-bit address space completely allocated by r Additional motivation: m header format helps speed.

GTP (Generic Tunneling Protocol) Alessio Casati/Lucent Technologies Charles E. Perkins/Nokia Research IETF 47 draft-casati-gtp-00.txt.

1 NetLMM Vidya Narayanan Jonne Soininen

ERP/AAK support for Inter-AAA realm handover discussion Hao Wang, Tina Tsou, Richard.

CSE 8343 State Machines for Extensible Authentication Protocol Peer and Authenticator.

Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61

Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.

Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.

Policy Signaling for Multi-Access Mobility draft-koodli-policy-multiaccess-mobility Rajeev Koodli Cisco Systems.

EAP over HRPD Comments Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

Minneapolis, March 2005 IETF 62 nd – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena Demaria.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Pre-authentication Activity Date Submitted: February 26, 2006.

August 2, 2005IETF63 EAP WG AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) Yoshihiro Ohba (Toshiba) Mayumi.

Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,

San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.

EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.

Ken Grewal Gabriel Montenegro Manav Bhatia

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

IEEE MEDIA INDEPENDENT HANDOVER DCN:

Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00

EAP State Machines (draft-vollbrecht-eap-state-04.txt,ps)

Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

PANA Issues and Resolutions

Handover Keys using AAA (draft-vidya-mipshop-fast-handover-aaa-01.txt)

Compression Format for IPv6 Datagrams in 6LoWPAN Networks

Pre-authentication Overview

for IP Mobility Protocols

IEEE MEDIA INDEPENDENT HANDOVER DCN:

ERP extension for EAP Early-authentication Protocol (EEP)

IPv6 / IP Next Generation

Standards Basics.

IETF-70 EAP Method Update (EMU)

The 66th IETF meeting in Montreal, Canada

CARD Designteam A. Singh, D. Funato, H. Chaskar, M. Liebsch

ERP/AAK support for Inter-AAA realm handover discussion

Point to Point Data Link Control

IEEE MEDIA INDEPENDENT HANDOVER

Guide to TCP/IP Fourth Edition

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

Charles E. Perkins RFC 2002bis Charles E. Perkins

Lu Huang, China Mobile Shujun Hu, China Mobile Michael Wang, Huawei

IEEE MEDIA INDEPENDENT HANDOVER DCN:

NSIS Operation Over IP Tunnels draft-shen-nsis-tunnel-01.txt

Robert Moskowitz, Verizon

Robert Moskowitz, Verizon

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

IEEE MEDIA INDEPENDENT HANDOVER

Transport Layer 9/22/2019.

IPv6 Current version of the Internet Protocol is Version 4 (v4)

Presentation transcript:

EAP-GEE Lakshminath Dondeti Vidya Narayanan ldondeti@qualcomm.com Vidya Narayanan vidyan@qualcomm.com EAP WG meeting, IETF-65, Dallas, Mar 2006

Requirements Access and service authentication may both use EAP via the same authenticator Need to differentiate EAP-based access and service authentication L2 and L3 service providers may be different (e.g., MVNOs) Allow parallel execution of the two EAP exchanges No current means to distinguish the two EAP exchanges between a peer and authenticator without additional signaling An MSP may want to require Mobile IP-based service authentication instead of EAP-based service authentication

Network Model with Separate ANP and SNP Service network provider (SNP) Access network provider (ANP) Authenticator MN AAA-ANP AAA-SNP

Proposing Generic EAP Encapsulation The GEE protocol runs between the peer and the authenticator We introduce a GEE layer between the EAP layer and the EAP lower layer The GEE header (16 bits) indicates to the peer and the authenticator whether the authentication is for access (L2) or service (L3) Whether the service is Mobile IP or not

GEE header format EAP lower Layer hdr GEE Hdr EAP Packet Reserved (6bits) Version (8bits) A M We introduce a 16-bit GEE header between the EAP header and the lower-layer header. It contains An 8-bit version header; Version = 0 for this version 1-bit A flag: If A==1, the EAP exchange is for access authentication If A==0, the EAP exchange is for service authentication 1-bit M flag: Valid only on an EAP Failure packet Ignored when A==1 If A == 0, M == 1 indicates peer MUST use MIP for service authentication A 6-bit Reserved field (unused, MBZ)

GEE multiplexing model Method1 Method2 Method1 Method2 Peer Layer Authenticator Layer EAP Layer EAP Layer GEE Layer GEE Layer Lower Layer Lower Layer EAP Peer EAP Authenticator

GEE pass-through multiplexing model Method1 Method2 Method1 Method2 Peer Layer Peer Authenticator Authenticator Layer EAP Layer EAP Layer EAP Layer GEE Layer GEE Layer Lower Layer Lower Layer AAA/IP AAA/IP Authentication Server EAP Peer Authenticator

Next steps This work is NOT within the EAP WG scope Plan is to seek input from the EAP WG Submit as an individual I-D to the IESG for review