EAP-TTLS Status draft-funk-eap-ttls-v0-00.txt draft-funk-eap-ttls-v1-00.txt draft-funk-tls-inner-application-extension-01.txt Paul Funk Funk Software.

Slides:

Advertisements

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

Advertisements

Web security: SSL and TLS

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

Lecture 6: Web security: SSL

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Secure Socket Layer.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.

Ariel Eizenberg PPP Security Features Ariel Eizenberg

Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

IEEE Wireless Local Area Networks (WLAN’s).

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Secure Socket Layer (SSL)

Eugene Chang EMU WG, IETF 70

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

SSL and IPSec CS461/ECE422 Spring Reading Chapter 22 of text Look at relevant IETF standards.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

Cryptography and Network Security (SSL)

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CMSC 414 Computer and Network Security Lecture 27 Jonathan Katz.

CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.

8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.

Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH

The Secure Sockets Layer (SSL) Protocol

CSCE 715: Network Systems Security

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

CSE 4095 Transport Layer Security TLS

SSL (Secure Socket Layer)

Presentation transcript:

EAP-TTLS Status draft-funk-eap-ttls-v0-00.txt draft-funk-eap-ttls-v1-00.txt draft-funk-tls-inner-application-extension-01.txt Paul Funk Funk Software

Overview of Draft Set Names have changed –Previous name: draft-ietf-pppext-eap-ttls-nn. –Changed to individual submission, since pppext doesn’t do EAP any more. –Draft version reverted to 00. Relationship between drafts –TTLS v0 is original protocol –TTLS v1 is new version TTLS v1 is defined over TLS extension called TLS/IA –TLS/IA defined in separate draft: draft-funk-tls-inner-application-extension-01.txt

EAP-TTLS v1 Overview A version field is now defined in the Flag bits. EAP-TTLS v1 is defined over TLS/IA. –It’s a much shorter draft. –But the new TLS/IA draft more than makes up for this. –The same AVP encapsulation defined in EAP- TTLS v0 is now defined in TLS/IA. –TLS/IA includes enhanced security features.

TLS “InnerApplication” Extension (TLS/IA) TLS/IA defines a mechanism for embedding EAP authentication and other negotiations in TLS itself. –Allows any TLS-based protocol to use inner EAP authentication. Uses standard RFC 3546 extension mechanism –Inner Application extension appended to ClientHello, confirmed in ServerHello Defines new “Inner Application” record type. –Inner Application records follow immediately after TLS handshake, but prior to upper-layer data exchange. –New record type carries one or more “phases”. –Each phase consists of: exchange of AVPs permutation of Inner Secret exchange of PhaseFinished messages for confirmation. –TLS handshake plus Inner Application records can be thought of as an “extended handshake”.

Comparison of TLS Encapsulation Handshake msgsCCS/FinishedAVPs Handshake msgs CCS/FinishedAVPsPhaseFinishedThis space available In EAP-TTLS version 0 (as well as EAP-PEAP/FAST) In TLS/IA TLS handshakedata TLS handshake data Inner application Handshake msgs CCS/FinishedAVPsPhaseFinished In EAP-TTLS version 1 TLS handshake Inner application

TLS/IA Security Optional multi-phase negotiation. –Allows subsequent exchange to be predicated on success of prior exchange –Phases are optional in resumed sessions Additional “Inner Secret” is computed. –Mixes TLS master secret and all session keys from inner authentications. Prevents MitM attack. –Inner Secret is mutually confirmed at the end each phase. Result of inner authentication is securely exchanged. Prevents truncation attack. No change to TLS handshake itself or cipher usage within TLS.

Session Key Binding Inner Secret is initialized to master secret at conclusion of TLS handshake. Inner Secret is permuted in each phase –All inner session keys developed during phase are concatenated into a vector in order of value –PRF is applied to label, randoms, and session key vector, using current Inner Secret as key –48-octet result is new Inner Secret Inner Secret is confirmed by PhaseFinished message. Final Inner Secret from last phase is exported. –EAP-TTLS v1 derives MSK (i.e. MPPE keys) from Inner Secret.

Uses of TLS/IA Beyond TTLS TLS/IA can provide inner AVP capabilities to other protocols besides EAP-TTLS. Inner AVPs can be use for various purposes: –authentication –key exchange –endpoint integrity attestation –etc. Possible other applications for TLS/IA: –HTTP with EAP authentication –Alternative to IKE for IPsec key establishment –Setting up SSL VPN