RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.

Slides:

Advertisements

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

Advertisements

Akshat Sharma Samarth Shah

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

RADEXT WG draft-ietf-radext-ieee802ext-03 Bernard Aboba November 6, 2012 IETF 85 Please join the Jabber room:

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Wired Equivalent Privacy (WEP)

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Georgy Melamed Eran Stiller

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.

Chapter 17 TACACS+.

A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

Internet Research Task Force Crypto Forum Research Group IETF 89 March 3, 2014 London List: Chairs:

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Eugene Chang EMU WG, IETF 70

Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.

Prepared by They Yu Shu Lee Ern Yu.  Motivation  Previous Work  Remaining Issues  Improvement.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...

Karlstad University IP security Ge Zhang

March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

NFD Tunnel Authentication Junxiao Shi,

Cody Brookshear Andy Borman

Guidelines for Cryptographic Algorithm Agility Russ Housley IETF 89 - SAAG Session.

Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein.

November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.

AAA Services Authentication -Who ? -Management of the user’s identity Authorization -What can the user do? -Management of the granted services Accounting.

Support of fragmentation of RADIUS packets in authorization exchanges draft-perez-radext-radius-fragmentation IETF87 – RADEXT Diego R. Lopez - Telefónica.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

SSHSM Issues David Harrington IETF64 ISMS WG Vancouver, BC.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

11 Softwire Security Analysis and Guidance for Mesh Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota draft-ietf-softwire-security-requirements-XX.txt.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

1 Radius Vulnerabilities in Wireless Overview Randy Chou - Merv Andrade - Joshua Wright -

March 20th, 2001 SIP WG meeting 50th IETF SIP WG meeting Overlap signalling handling

RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.

ECC Design Team: Initial Report Brian Minard, Tolga Acar, Tim Polk November 8, 2006.

DIME WG IETF 84 Diameter Design Guidelines draft-ietf-dime-app-design-guide-15 Tuesday, July 31, 2012 Lionel Morand.

7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-05.txt Bernard Aboba Microsoft IETF 62, Minneapolis, MN.

SDP Security Descriptions for Media Streams draft-ietf-mmusic-sdescriptions-02.txt November 14, 2003 Flemming Andreasen Mark Baugher.

NFD Tunnel Authentication

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

Wireless Protocols WEP, WPA & WPA2.

RPSEC WG Issues with Routing Protocols security mechanisms

Secure Sockets Layer (SSL)

draft-ietf-geopriv-lbyr-requirements-02 status update

Pre-association Security Negotiation for 11az SFD Follow up

Pre-association Security Negotiation for 11az SFD Follow up

Migration-Issues-xx Where it’s been and might be going

PW security measures PWE3 – 65th IETF 21 March 2005 Yaakov (J) Stein.

Georgios Karagiannis, Tom Taylor, Kwok Chan, Michael Menth

Presentation transcript:

RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis

Draft Status Current daft is draft-ietf-radext-crypto-agility- requirements-00.txt (recently expired) WGLC on this draft completed on August 10, Two technical issues were raised: Automated Key Management (RFC 4107) Support for cipher-suite negotiation A small number of editorial issues were raised. -01 will be submitted this week.

Automated Key Management Here is text for section 4.6: "[RFC 4107] provides guidelines for when automated key management is necessary. At the IETF-70 meeting, and leading up to that meeting, the RADEXT WG debated whether or not RFC 4107 would require a RADIUS Crypto-Agility solution to feature Automated Key Management (AKM). The working group determined that AKM was not inherently required for RADIUS based on the following points: o RFC 4107 requires AKM for protocols that involve O(n^2) keys. This does not apply to RADIUS deployments, which require O(n) keys o RADIUS does not require the encryption of large amounts of data in a short time o Organizations already have operational practices to manage existing RADIUS shared secrets to address key changes required through personnel changes o The crypto agility solution can avoid use cryptographic modes of operation such as a counter mode cipher that require frequent key changes Automated key management is required for RADIUS crypto agility solutions that use cryptographic modes of operation that require frequent key changes."

Negotiation RADIUS does not have a capability or feature negotiation method. The best we have is “hint and accept” or “hint and reject”. There are some concerns with this approach: How to “negotiate” without disclosing credentials? How to avoid “bidding down” attacks? How does the Client / Supplicant know why it has been rejected? And the User, too…

Cipher-Suite Selection The NAS could "discover" the existence a cipher-suite and keys shared in common with a server, without exposing any sensitive information, using a device such as the Call- Check mechanism, to complete an Access- Request / Access-Accept (or Access-Reject) sequence without disclosing any end user credentials. Does this require additional Error Reason Codes or other forms of messaging?

Bidding Down Attacks What happens if the MD5 hash is cracked? In such a circumstance, MD5 couldn't be the only mechanism used to protect the packet containing the cipher-suite “hint” or "offer". Otherwise, an attacker recovering the MD5 key could then spoof an alternative offer, perhaps removing all offers other than MD5. Proposals will need to discuss this issue, as well as some of the transition assumptions and requirements.

And the requirement is… Crypto-agility solutions cannot depend on the introduction of full negotiation capabilities into RADIUS. The issues described in the previous slides must be addressed in any proposals. Full disclosure of any limitations of the proposal / design in the Security Considerations section.