1 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder Key Descriptor Robert G. Moskowitz ICSAlabs IEEE 802 Plenary Meeting Kauai, Nov 12, 2002.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE /410 Submission November 2000 Duncan Kitchin, IntelSlide 1 A Network Enrollment Protocol Duncan Kitchin, Intel.
Doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group.
Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
EAP STATE Machine Proposal
EAP Scenarios and 802.1af Joseph Salowey 1/12/2006.
EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] Jee-Sook Eun Electronics and Telecommunications Research Institute.
Doc.: IEEE /516r0-I Submission September 2002 Robert Moskowitz, ICSALabsSlide 1 RADIUS Client Kickstart Robert Moskowitz, ICSALabs John Vollbrecht,
Submission doc.: IEEE /1326r1 August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Early Key Generation by ECDH and PKC Date:
Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Doc.: IEEE /1281r1 Submission NameAffiliationsAddressPhone Robert Sun;Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 10 Real world security protocols
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Malgherini Tommaso Attacking and fixing the Microsoft Windows Kerberos login service.
Submission doc.: IEEE /0789r3 NameAffiliationsAddressPhone George Cherian Santosh Abraham Jouni Malinen Qualcomm 5775 Morehouse Dr, San Diego,
Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE /1160 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA
Doc.: IEEE /1160r1 Submission NameAffiliationsAddressPhone George CherianQualcomm 5775 Morehouse Dr, San Diego, CA, USA +1
Doc.: IEEE /684R2 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks.
Doc.: IEEE /0059r3 Submission January 2010 Hiroki Nakano, Trans New Technology, Inc.Slide 1 An Example Protocol for FastAKM Date: Authors:
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Doc.: IEEE /253 Submission May 2001 Bernard Aboba, MicrosoftSlide 1 WEP2 Security Analysis Bernard Aboba Microsoft.
Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
Doc.: IEEE /365r0 Submission May 2003 Robert Moskowitz, ICSAlabsSlide 1 Radius/Diameter Cleanup Robert Moskowitz ICSAlabs.
Doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date:
Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Network Access and 802.1X Klaas Wierenga SURFnet
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Doc.: IEEE /0034r0 Submission NameAffiliationsAddressPhone Hitoshi MORIOKAAllied Telesis R&D Center Tenjin, Chuo-ku, Fukuoka
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
Doc.: IEEE /492r0-I Submission Robert Moskowitz, Trusecure/ICSALabsSlide 1 March 2002 An Authentication layering model Robert Moskowitz Trusecure.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
12-July-2006IETF 66, Montreal1 Implementation Experience with a New Wireless EAP Method David Mitton RSA Security, Inc.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE /0707r0 Submission July 2003 N. Cam-Winget, et alSlide 1 Establishing PTK liveness during re-association Nancy Cam-Winget, Cisco Systems.
1 Radius Vulnerabilities in Wireless Overview Randy Chou - Merv Andrade - Joshua Wright -
Doc.: IEEE /230r0 Submission Robert Moskowitz, Trusecure/ICSALabsSlide 1 March 2002 Proxied Preauthorized Roaming Robert Moskowitz Trusecure Corporation.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
Eap STate machinE dEsign teaM (ESTEEM) Draft Team members Bernard Aboba, Jari Arkko, Paul.
Port Based Network Access Control
CSCE 715: Network Systems Security
802.1x/EAP state machine status Work in Progress
CSCE 715: Network Systems Security
– Chapter 5 (B) – Using IEEE 802.1x
RADIUS Client Kickstart
Nancy Cam-Winget, Cisco Systems Inc
Wireless Access Points
Tim Moore, Microsoft Corporation Clint Chaplin, Symbol Technologies
Link Setup Flow July 2011 Date: Authors: Name Company
Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc
Use of EAPOL-Key messages
Link Setup Flow July 2011 Date: Authors: Name Company
Pre-Authentication with 802.1X
11ay Fast Association Authentication
11ay Fast Association Authentication
Proposal for Diagnostics and Troubleshooting
Presentation transcript:

1 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder Key Descriptor Robert G. Moskowitz ICSAlabs IEEE 802 Plenary Meeting Kauai, Nov 12, 2002

2 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder Method AS Auth Supp Credential Request Encrypted Credential Authed Credential Authed ACK

3 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder in an EAP method Model is the reverse of many EAP methods – The Supplicant drives the authentication – Initial Request might be just a filler record – Needham-Schroeder Request goes into an EAP Response EAP finishes with the Supplicant having the credential for the Authenticator – But Needham-Schroeder exchange is not complete Supplicant needs a methodology to deliver the credential to the Authenticator

4 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder in an EAP method Authenticator needs a methodology to reply to the supplicant – After which, the authentication is Successful, i.e. the EAP method is Successful This can best be performed in an EAPOL-Key Exchange

5 Needham-Schroeder Key Descriptor 11/12/ x/EAP Exchange The 802.1x/EAP flow for Kerberos might be – AUTH: EAP Ident REQ – SUPP: EAP Ident REP – AS: EAP REQ -- Kerberos – SUPP: EAP REP -- KRB_AS_REQ – AS: EAP REQ -- KRB_AS_REP – SUPP: EAPOL-Key -- KRB_AP_REQ – AUTH: EAPOL-Key -- KRB_AP_REP – SUPP: EAP REP -- Finished – AS: RADIUS Accept – AUTH: EAP Success

6 Needham-Schroeder Key Descriptor 11/12/ x/EAP Reconnect Exchange The 802.1x/EAP flow for Kerberos might be – AUTH: EAP Ident REQ – SUPP: EAP Ident REP – AS: EAP REQ -- Kerberos – SUPP: EAPOL-Key -- KRB_AP_REQ – AUTH: EAPOL-Key -- KRB_AP_REP – SUPP: EAP REP -- Finished – AS: RADIUS Accept – AUTH: EAP Success

7 Needham-Schroeder Key Descriptor 11/12/2002 EAPOL-Key Format Descriptor Type (7.6.1) Octet Number N EAP Type Length Needham-Schroeder Body

8 Needham-Schroeder Key Descriptor 11/12/2002 Samples of Needham-Schroeder Body KRB_AP_REQ (RFC 1510) KRB_AP_REP (RFC 1510)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.