Jesse Walker, Intel Corporation Russ Housley, Vigil Security

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
Submission doc.: IEEE /0789r3 NameAffiliationsAddressPhone George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,
CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
Jesse Walker, keying requirements1 Suggested Keying Requirements Jesse Walker Intel Corporation
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE /0476r2 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE /1062r0 Submission September 2004 F. Bersani, France Telecom R&DSlide 1 Dominos, bonds and watches: discussion of some security requirements.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.
ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
Authentication and handoff protocols for wireless mesh networks
RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt
WEP2 Enhancements Russ Housley, RSA Labs Doug Whiting, HiFn
Wireless Protocols WEP, WPA & WPA2.
Phil Hunt, Hannes Tschofenig
Pre-Shared Key EAP methods & EAP-PSK
Keying for Fast Roaming
Challenge-Response New Authentication Scheme
SECMECH BOF EAP Methods
CSE 4095 Transport Layer Security TLS
Motions to Address Some Letter Ballot 52 Comments
Mesh Security Proposal
Discussion of Some Letter Ballot 52 Comments
Wireless Network Security
PEKM (Post-EAP Key Management Protocol)
Nancy Cam Winget, Atheros
Stefan Rommer, Mats Näslund, András Méhes (Ericsson)
TAP & JIT Key Hierarchy Notes
Traffic Class Control in MBSS
Proposed PRF Text Changes
Fast Authentication in TGai : Updates to EAP-RP
Jesse Walker and Emily Qi Intel Corporation
Security for Measurement Requests and Information
PMF, take one A simple i extension
Pre-Association Negotiation of Management Frame Protection (PANMFP)
11i PSK use in 11s: Consider Dangerous
Tim Moore, Microsoft Corporation Clint Chaplin, Symbol Technologies
Fast Roaming Compromise Proposal
Florent Bersani, France Telecom R&D
Options for Protecting Management Frames
Roaming timings and PMK lifetime
Mesh Security Proposal
Security Activities in IETF in support of Mobile IP
Fast Roaming Compromise Proposal
Fast Roaming Compromise Proposal
Roaming timings and PMK lifetime
Keying for Fast Roaming
Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc
Overview of Improvements to Key Holder Protocols
Fast Roaming Observations
Overview of Improvements to Key Holder Protocols
DNS SD Privacy Christian Huitema, Daniel Kaiser
Roaming timings and PMK lifetime
11ay Fast Association Authentication
11ay Fast Association Authentication
Presentation transcript:

Jesse Walker, Intel Corporation Russ Housley, Vigil Security March 2003 EAP Archie Jesse Walker, Intel Corporation Russ Housley, Vigil Security Walker & Housley

Background Fact: IETF EAP WG has asked IEEE 802.11 TGi for guidance March 2003 Background Fact: IETF EAP WG has asked IEEE 802.11 TGi for guidance Observation: The mandatory-to-implement EAP authentication method (MD5 Challenge) is unsuitable for 802.11  This increases market confusion around security! Question: Is there a suitable replacement algorithm? Answer: Not really Walker & Housley

Goals Design a candidate for a better EAP default: March 2003 Goals Design a candidate for a better EAP default: Based on a long-lived pre-shared secret Light weight; no public key operations Mutual authentication Prevent man-in-the-middle attacks Protect against dictionary attacks if key is not weak Guarantee a fresh session key Walker & Housley

EAP Archie Key Hierarchy March 2003 EAP Archie Key Hierarchy PSK = Long-lived Pre-Shared Key = KCK | KEK | KDK SK = Session Key = Archie-PRF(PSK, “Archie session key” | ASNonce | PeerNonce)  TLS Master Key Pairwise Key = Archie-PRF(SK, “Archie pairwise key” | BSSID | STA MAC Addr)  PMK Walker & Housley

Archie PRF Algorithm Archie-PRF Input: Key K, Label L, Nonce N, Output Length OL Output: OL-octet string Out Out = “” for i = 1 to (OL+15)/16 do Out = Out | AES-CBC-MAC(K, L | N | i | OL) return first OL octets out of Out Walker & Housley

The Archie Exchange STA AS March 2003 PSK PSK Request: AS-ID, ARandom Response: Hash1, STA-ID, SNonce, Binding, MIC1 Confirm: Hash2, Counter2, ANonce, Binding, MIC2 Finish: Hash3, MIC3 Walker & Housley

Archie Features Hash1 = SHA1(Request) Hash2 = SHA1(Response) March 2003 Archie Features Hash1 = SHA1(Request) Hash2 = SHA1(Response) Hash3 = SHA1(Confirm) Defeats replay and reflection attacks Each hash is a simple transaction id Each hash ties msg to all prior msgs of this session Explicit binding protects STA from man-in-the-middle attacks in the infrastructure Derived SK is always fresh Walker & Housley

March 2003 Status Draft-jwalker-eap-archie-00.txt to be posted after San Fransisco IETF. Attempt to stimulate discussion on what TGi needs from EAP WG. Walker & Housley

March 2003 Feedback? Walker & Housley

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.