Jari Arkko, Henry Haverinen, Joseph Salowey (presented by Pasi Eronen)

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.
August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Slide 1/8 07/17/03 EAP 57th IETF WIEN, Austria, July 13-18, 2003 “EAP support in smartcards” Pascal Urien & All ENST Draft-urien-EAP-smartcard-02.txt.
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
11/26 Integration of wireless LAN and 3G wireless - Interworking architecture between 3GPP and WLAN systems Ahmavaara, K.; Haverinen, H.; Pichna, R.; Communications.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
Wireless Network Security and Interworking
1 Using GSM/UMTS for Single Sign-On 28 th October 2003 SympoTIC 2003 Andreas Pashalidis and Chris J. Mitchell.
EAP Authentication for SIP & HTTP V. Torvinen (Ericsson), J. Arkko (Ericsson), A. Niemi (Nokia),
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (
CSE 8343 State Machines for Extensible Authentication Protocol Peer and Authenticator.
1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)
IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.
Presentation at ISMS WG Meeting1 ISMS – March 2005 IETF David T. Perkins.
RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.
1 Extensible Authentication Protocol (EAP) Working Group IETF-57.
1 EAP WG Methods Discussion IETF-62 Jari Arkko Bernard Aboba.
7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.
August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen.
1 Rogue Mobile Shell Problem Verizon Wireless October 26, 2000 Christopher Carroll.
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.
CAPWAP Threat Analysis
Wireless Network PMIT- By-
SQL Replication for RCSQL 4.5
Author:YongBin Zhou, ZhenFeng Zhang, and DengGuo Feng Presenter:戴士桀
EAP State Machines (draft-vollbrecht-eap-state-04.txt,ps)
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
Cryptography and Network Security
Katrin Hoeper Channel Bindings Katrin Hoeper
Secure Sockets Layer (SSL)
Diameter NASReq Application Status
COMP3220 Web Infrastructure COMP6218 Web Architecture
3G Security Principles Build on GSM security
IKEv2 Mobility and Multihoming Protocol (MOBIKE)
Network Selection Issues
The Tunneled Extensible Authentication Method (TEAM)
SECMECH BOF EAP Methods
Secure Authentication System for Public WLAN Roaming
TCP for DNS security considerations
EAP/SIM and EAP/AKA draft-haverinen-pppext-eap-sim-12: based on GSM authentication draft-arkko-pppext-eap-aka-11: based on UMTS authentication No open.
SECURING WIRELESS LANS WITH CERTIFICATE SERVICES
Migration-Issues-xx Where it’s been and might be going
draft-ipdvb-sec-01.txt ULE Security Requirements
My name is Pascal Urien, ENST
3GPP2-WLAN Interworking update
Transport Layer Security (TLS)
Security Activities in IETF in support of Mobile IP
draft-ietf-dtn-bpsec-06
3GPP2-WLAN Interworking update
LM 7. Cellular Network Security
Working Group Draft for TCPCLv4
Presentation transcript:

Jari Arkko, Henry Haverinen, Joseph Salowey (presented by Pasi Eronen) EAP SIM and AKA Jari Arkko, Henry Haverinen, Joseph Salowey (presented by Pasi Eronen) July 14, 2003 EAP WG, IETF 57

Introduction Authentication based on GSM SIM and UMTS USIM smart cards Neither the user’s terminal nor EAP server has direct access to the shared secret key We rely on GSM/UMTS key agreement protocols July 14, 2003 EAP WG, IETF 57

EAP SIM status Quite stable Some updates based on Sarvar Patel’s analysis: When multiple RANDs used, client checks that they are different Clarified security considerations section Aligned key derivation with 2284bis AT_CHECKCODE July 14, 2003 EAP WG, IETF 57

EAP AKA status Stable Aligned key derivation with 2284bis AT_CHECKCODE July 14, 2003 EAP WG, IETF 57

”N bits of security” 2284bis: “If the effective key strength is N bits, the best currently known methods to recover the key (with non-negligible probability) require an effort comparable to 2N operations of a typical block cipher.” Must not mix the probability of 2–64 and the work of 264 operations! Attacks with 264 work are interesting; attacks with success probability of 2–64 are not very interesting July 14, 2003 EAP WG, IETF 57

”N bits of security” EAP SIM key strength is ~64 bits with one triplet, and ~128 bits with 2 or 3 New text strongly recommends that both client and server require at least 2 triplets If the same SIM is used in GSM/GPRS, attacker can use their vulnerabilities No need to use SRES to increase key strength July 14, 2003 EAP WG, IETF 57

RAND re-use within one exchange Obviously, if multiple triplets are used, the server chooses different triplets The latest version also requires the client to check this July 14, 2003 EAP WG, IETF 57

RAND re-use in different exchanges EAP SIM requires that the server always uses fresh RANDs Client can’t check if RANDs are fresh (Keeping a list of all previously seen RANDs is not probably feasible) Well-known limitation of GSM; changed in UMTS (AKA) Discussed extensively in security considerations section July 14, 2003 EAP WG, IETF 57

Alternative protocols Main goals in current protocol Use existing SIM cards without changes >800,000,000 deployed When they are redeployed, will support EAP AKA Keys that allow impersonating as the user (for longer than the current session) are never handled outside SIM and AuC This would undermine integrity of charging Keys that allow impersonation as the network are handled in user terminal and EAP server July 14, 2003 EAP WG, IETF 57

Next steps Wait until 2284bis is finished Get reviews and publish as informational RFCs July 14, 2003 EAP WG, IETF 57

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.