EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.

802.1x EAP Authentication Protocols

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Georgy Melamed Eran Stiller

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,

Wireless Authentication via EAP-FAST Party of Five Brandon Hoffman Kelly Koenig Azam Masood Phil Nwafor MSIT 458: Security (Professor Chen)

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

WIRELESS LAN SECURITY Using

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Wireless and Security CSCI 5857: Encoding and Encryption.

Eugene Chang EMU WG, IETF 70

Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

Submission November 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report November 2003 Dorothy Stanley – Agere Systems IEEE Liaison To/From.

1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.

EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba

November 2005 Dorothy Stanley (Aruba Networks) IEEE & EAP Method Types November 2005 Dorothy Stanley – Aruba Networks IEEE Liaison – IETF.

Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.

Doc.: IEEE /0862r0 Submission July 2013 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:

July 16, 2003AAA WG, IETF 571 EAP Keying Framework Draft-aboba-pppext-key-problem-07.txt EAP WG IETF 57 Vienna,

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

Doc.: IEEE /524r0 Submission November 2001 Bernard Aboba, MicrosoftSlide 1 Secure Remote Password (SRP) Bernard Aboba Dan Simon Tim Moore Microsoft.

Doc.: IEEE /0638r0 Submission May 2004 Bernard Aboba, MicrosoftSlide 1 Network Selection Bernard Aboba Microsoft

EMU BOF EAP-TLS Experiment Report RFC 2716 Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.

November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.

1 Background and Introduction. 2 Outline History Scope Administrative.

EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

N. Asokan, Kaisa Nyberg, Valtteri Niemi Nokia Research Center

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Doc.: IEEE /403r0 Submission July 2001 Albert Young, 3Com, et alSlide 1 Supplementary Functional Requirements for Tgi ESS Networks Submitted to.

1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.

1 EAP WG Methods Discussion IETF-62 Jari Arkko Bernard Aboba.

1 SECMECH BOF EAP Methods IETF-63 Jari Arkko. 2 Outline Existing EAP methods Technical requirements EAP WG process for new methods Need for new EAP methods.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”

RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt

Jee sook, Eun May 2004 Presented in IEEE 802.1af - key management

IETF-70 EAP Method Update (EMU)

The Tunneled Extensible Authentication Method (TEAM)

SECMECH BOF EAP Methods

– Chapter 5 (B) – Using IEEE 802.1x

IETF-IEEE Relationship RFC 4441 Summary

IEEE IETF Liaison Report

IEEE IETF Liaison Report

IEEE IETF Liaison Report

IEEE IETF Liaison Report

IEEE IETF Liaison Report

IEEE IETF Liaison Report

IEEE IETF Liaison Report

Presentation transcript:

EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA

EAP Method Requirements Input received Liaison requests received from 3GPP, IEEE GPP dependencies on EAP SIM, AKA EAP SIM, AKA now in RFC Editor Queue IEEE liaison request written up as RFC 4017 Work in progress Discussion of potential use of EAP in peer-to-peer scenarios (IEEE 802.1af, IEEE s) Not clear that EAP will be used in these scenarios or that new requests/requirements will come out of them

EAP Method Requirements for WLANs (RFC 4017) Credential types (Section 2.1) “Wireless LAN deployments are expected to use different credential types, including digital certificates, user-names and passwords, existing secure tokens, and mobile network credentials (GSM and UMTS secrets). Other credential types that may be used include public/private key (without necessarily requiring certificates) and asymmetric credential support (such as password on one side, public/private key on the other).”

RFC 4017 (cont’d) Mandatory Requirements Key generation Key strength Mutual authentication Shared state equivalence Dictionary attack resistance Man-in-the-middle attack protection Protected ciphersuite negotiation Recommended Requirements Fragmentation support Identity hiding Optional Features Channel Binding Fast reconnect

RFC 4017 Progress Report Core mechanisms Certificates EAP-TLS (RFC 2716) deployed Usernames & Passwords – no widely deployed methods Secure Tokens Several incompatible methods deployed (GTC, RSA, POTP) Mobile Network Credentials EAP SIM, AKA in RFC Editor Queue Other mechanisms Public/Private key (no certificates) – no widely deployed methods Asymmetric credentials (password/public key) Several incompatible proposals (PEAPv0, PEAPv1, EAP-TTLSv0, EAP- TTLSv1, etc.) Not mentioned Usernames & Pre-shared keys Multiple proposals, none widely deployed

Some Thoughts Basic usage scenarios still unsolved Secure, small footprint mechanisms needed Likely to be deployed in consumer, small office scenarios Single NAS deployments with no AAA server AAA servers targeted to small business EAP peer on embedded devices EMU must resist draining the swamp Standardization of mechanisms in areas with many existing proposals and IPR disclosures is seductive, but dangerous Likely to result in endless bickering, slow progress Yet anOther Method Absent MotivAtion (YOMAMA) Doing one thing well better than trying everything, but failing

Feedback?