editor: Stephen Farrell,

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
RFC2222bis. Summary Rfc2222bis-13 to be submitted tomorrow Addresses substantive issues Addresses editorial/nits Recommend WGLC upon announcement.
1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Securing Squid (Proxy) Using Digest Authentication.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
Diameter SIP application IETF 64 Vancouver, 6-11 November, 2005
IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.
RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.
WG Document Status 192nd IETF TEAS Working Group.
GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-ietf-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne.
SIP working group IETF#70 Essential corrections Keith Drage.
March 2006 CAPWAP Protocol Specification Update March 2006
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
May 9th 2011 IETF SIPREC INTERIM - draft-ietf-siprec-architecture 1 An Architecture for Media Recording using the Session Initiation Protocol draft-ietf-siprec-architecture.
SACRED REQUIREMENTS DOCUMENT Stephen Farrell, Baltimore Alfred Arsenault, Diversinet.
Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.
MSRP Again! draft-ietf-simple-message- session-09.
TLS Renegotiation Vulnerability IETF-76 Joe Salowey Eric Rescorla
NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.
December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.
Web Server Design Week 12 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/31/10.
TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt Yoav Nir Yaron Sheffer (presenter) Hannes Tschofenig Peter Gutmann IETF-70, Vancouver, Dec.
1 Extensible Authentication Protocol (EAP) Working Group IETF-57.
GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-03.txt Hannes Tschofenig, Henning.
SPPP Transport Session Peering Provisioning Protocol draft-ietf-drinks-sppp-over-soap-04.
Easy 802.1X Onboarding with EAPConfig files and Supplicant Configuration Automatic Discovery (SCAD) Gareth Ayres (Speaker) Stefan.
ITU Liaison on T-MPLS Stewart Bryant
EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.
November 18, 2002 IETF #55, ATLANTA1 Problem with Compound Authentication Methods Jesse Walker Intel Corporation (
SASL GSS-API Bridge: GS2
Stephen Banghart Dave Waltermire
CAPWAP Threat Analysis
MQTT-255 Support alternate authenticaion mechanisms
Open issues with PANA Protocol
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
draft-ietf-simple-message-sessions-00 Ben Campbell
draft-lemonade-imap-submit-01.txt “Forward without Download”
draft-ietf-simple-message-session-09
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
ERP extension for EAP Early-authentication Protocol (EEP)
The need for better security considerations guidance
Nancy Cam-Winget June 2015 SACM Requirements Nancy Cam-Winget June 2015.
IKEv2 Mobility and Multihoming Protocol (MOBIKE)
IETF-70 EAP Method Update (EMU)
draft-ietf-geopriv-lbyr-requirements-02 status update
Glen Zorn Cisco Systems
SECMECH BOF EAP Methods
– Chapter 5 (B) – Using IEEE 802.1x
Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008
Strong Password Protocols
draft-ipdvb-sec-01.txt ULE Security Requirements
Web Server Design Week 13 Old Dominion University
Web Server Design Week 13 Old Dominion University
Web Server Design Week 13 Old Dominion University
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
TG1 Draft Topics Date: Authors: September 2012 Month Year
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
(draft-josefsson-pppext-eap-tls-eap-06.txt)
Virtual Private Networks (VPN)
Neighbor Management Policy for 6LoWPAN Signaling and Policy guidelines
NFD Tunnel Authentication
Update for “Multicast Considerations over IEEE 802 Wireless Media”
Presentation transcript:

editor: Stephen Farrell, Draft-ietf-sacred-protocol-bss-04.txt editor: Stephen Farrell, stephen.farrell@baltimore.ie 55th IETF, November 2002

Changes from –03 Replaced SASL-MD5 with DIGEST-MD5 everywhere Updated appendix B and other BEEP issues according to Marshall Rose's Oct 6th recommendations Applied all but three "editorial corrections" raised on list Added a recommendation to download prior to modify Fixed AuthXXXType extensibility as suggested by Gareth Richards

Issues still open “Rejected” issues from list: Adding upload response message Use of CDATA needed? (BEEP question) “More editorial” stuff from Magnus: “ok,ok,ok” Some clarifications (Manning) “tuning” & clarity wrt BEEP & auth New security issue: binding of separate authentications

Compound Authentication Issue draft-puthenkulam-eap-binding-00.txt describes how the lack of a strong binding between compound authentications (esp. server then tunnelled client) leaves open the possibility of “MITM” attacks, which, if the same client authenticator (e.g. password) is badly used in one context, can be real attacks. Raised wrt EAP, but applies here too unfortunately.

Problem DIGEST-MD5 password used for sacred and (non TLS) web access with web server (WS) Attacker masquerades as WS to client. Client connects to WS. Attacker WS connects to credential server (CS) CS issues challenge to Attacker Attacker passes back challenge to Client Client sends response to attacker Game over

Danger!!! Too late. Client Web Server Credential Server Client Digest-MD5 (clear) Server-auth TLS, then Digest-MD5 (same pwd) Too late. Client Attacker Credential Server Server-auth TLS, DIGEST-MD5 challenge Digest-MD5 (clear) Finish Digest-MD5 Run away with private key

Fix? As a generic attack it arguably ought to be fixed generically (e.g. show a way to securely use SASL within TLS) Specific fix: Modify use of DIGEST-MD5, e.g. make password include “sacred:” or hash(uname) or something? (bar-BoF anyone?) Guidance: If the client authenticator is only used for sacred then the attack doesn’t arise => recommend that the DIGEST-MD5 password only be used for sacred and point at (or describe: “dependency--”) the attack scenario in the security considerations section? EKE, SRP etc. Been there, done that. :-(

Plan -05 to be done this week Only real work is new security considerations text (if that’s how we fix the compound authentication issue) Proposed text to list this week

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.