The Tunneled Extensible Authentication Method (TEAM)

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Protected Extensible Authentication Protocol
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Eugene Chang EMU WG, IETF 70
EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Doc.: IEEE /0394r0 Submission March 2008 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
UMD D EPARTMENT OF C OMPUTER S CIENCE D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES EAP-PAX draft-clacy-eap-pax-05 T. Charles Clancy
Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
Key Management in AAA Russ Housley Incoming Security Area Director.
N. Asokan, Kaisa Nyberg, Valtteri Niemi Nokia Research Center
RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.
1 SECMECH BOF EAP Methods IETF-63 Jari Arkko. 2 Outline Existing EAP methods Technical requirements EAP WG process for new methods Need for new EAP methods.
Cryptography CSS 329 Lecture 13:SSL.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
Richard EAP-WAI Authentication Protocol Stockholm, IETF 75th draft-richard-emu-wai-00.
Emerging Solutions in Network Time Synchronization Security
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
Authentication and handoff protocols for wireless mesh networks
Cryptography: an overview
Extensible Authentication Protocol
Microsoft Windows NT 4.0 Authentication Protocols
draft-harkins-emu-eap-pwd-01
SBSM BOF Session-Based Security Model for SNMPv3
Phil Hunt, Hannes Tschofenig
Katrin Hoeper Channel Bindings Katrin Hoeper
ERP extension for EAP Early-authentication Protocol (EEP)
EAP Password Authenticated eXchange (PAX)
IETF-70 EAP Method Update (EMU)
Glen Zorn Cisco Systems
SECMECH BOF EAP Methods
HTTP Enabled Location Delivery (HELD)
CSE 4095 Transport Layer Security TLS
SECURING WIRELESS LANS WITH CERTIFICATE SERVICES
Virtual Private Networks
My name is Pascal Urien, ENST
IEEE IETF Liaison Report
Authentication and handoff protocols for wireless mesh networks
IEEE IETF Liaison Report
PW security measures PWE3 – 65th IETF 21 March 2005 Yaakov (J) Stein.
(draft-josefsson-pppext-eap-tls-eap-06.txt)
Virtual Private Networks (VPN)
An EAP Authentication Method Based on Identity-Based Authenticated Key Exchange draft-cakulev-emu-eap-ibake-00 Violeta Cakulev
IEEE IETF Liaison Report
Presentation transcript:

The Tunneled Extensible Authentication Method (TEAM) Glen Zorn Network Zen

TEAM Overview Derived from Protected Extensible Authentication Protocol (PEAP) Typical TLS-tunneled EAP protocol with a few twists TLVs including vendor-specific TLV support “Built-in” facilities Certificate installation Plain-text password authentication & change

TEAM Features Identity protection Ciphersuite negotiation Mutual authentication Replay protection Integrity protection Confidentiality Secure key derivation Dictionary attack protection

TEAM Features (2) Fast reauthentication Cryptographic channel binding Acknowledged success & failure indications Session independence Fragmentation State synchronization Secure initial provisioning

TEAM Advantages The TEAM is unconditionally compliant with the requirements for WLAN authentication mechanisms, as specified in RFC 4017 As of today, TEAM fulfills 100% of the requirements specified in draft-ietf-emu-eaptunnel-req-08

TEAM Advantages (2) No issues with backward-compatibility Zero installed base No existing implementations But based upon a widely available code base Complete IETF change control No external pressures Known & understood technology Secure and robust Highly flexible

Choose TEAM!