UMD D EPARTMENT OF C OMPUTER S CIENCE D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES EAP-PAX draft-clacy-eap-pax-05 T. Charles Clancy

Slides:



Advertisements
Similar presentations
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
Advertisements

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Chapter 5 Network Security Protocols in Practice Part I
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
IEEE Wireless Local Area Networks (WLAN’s).
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
Internet Security CSCE 813 IPsec. CSCE Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,
Authentication System
Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.
1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.
SIP-SAML assisted Diffie-Hellman MIKEY IETF 65 MSEC Mar 21, 2006 Robert Moskowitz.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Computer Science Public Key Management Lecture 5.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.
Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.
Eugene Chang EMU WG, IETF 70
1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.
Key Agreement Guilin Wang School of Computer Science 12 Nov
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
An ID-Based Mutual Authentication and Key Exchange Protocol for Low- Power Mobile Devices Authors: Tsu-Yang Wu and Yuh-Min Tseng Source: The Computer Journal.
Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Doc.: IEEE /524r0 Submission November 2001 Bernard Aboba, MicrosoftSlide 1 Secure Remote Password (SRP) Bernard Aboba Dan Simon Tim Moore Microsoft.
Lecture 6.1: Protocols - Authentication and Key Exchange I CS 436/636/736 Spring 2012 Nitesh Saxena.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.
SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.
1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
Fall 2006CS 395: Computer Security1 Key Management.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.
多媒體網路安全實驗室 An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security Date:2012/02/16.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
draft-harkins-emu-eap-pwd-01
EAP Password Authenticated eXchange (PAX)
IETF-70 EAP Method Update (EMU)
The Tunneled Extensible Authentication Method (TEAM)
SAML assisted Diffie-Hellman MIKEY
An EAP Authentication Method Based on Identity-Based Authenticated Key Exchange draft-cakulev-emu-eap-ibake-00 Violeta Cakulev
Presentation transcript:

UMD D EPARTMENT OF C OMPUTER S CIENCE D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES EAP-PAX draft-clacy-eap-pax-05 T. Charles Clancy Department of Computer Science University of Maryland, College Park Laboratory for Telecommunication Sciences US Department of Defense IETF 64, EMU BoF, November 10, 2005

{} UMD D EPARTMENT OF C OMPUTER S CIENCE Slide 2 D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES Overview Basic shared-key mutual authentication method Includes support for: –Ciphersuite extensibility –Provisioning with a weak key or password –Key management (deriving new authentication keys) with perfect forward secrecy (using Diffie-Hellman) –Identity protection / user anonymity –Authenticated data exchange (supports channel binding) Provably secure

{} UMD D EPARTMENT OF C OMPUTER S CIENCE Slide 3 D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES Subprotocols: PAX_STD A B, CID, MAC CK (A, B, CID) MAC CK (B, CID) ACK CLIENTSERVER

{} UMD D EPARTMENT OF C OMPUTER S CIENCE Slide 4 D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES Changes since -04 Completed full proof of security, publication pending, will be available online: Added support for the authenticated exchange of data, targeted at channel binding

{} UMD D EPARTMENT OF C OMPUTER S CIENCE Slide 5 D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES Subprotocols: PAX_SEC M, PK or CertPK ENC PK (M, N, CID) A, MAC N (M, CID) B, MAC CK (A, B, CID) CLIENTSERVER MAC CK (B, CID) ACK

{} UMD D EPARTMENT OF C OMPUTER S CIENCE Slide 6 D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES Certificate Requirements Use of certificate with PAX_SEC is RECOMMENDED Certificate ModeProvisioningIdentity Protection No CertificateMitM offline dictionary attack ID reveal attack Self-Signed Certificate MitM offline dictionary attack ID reveal attack Key CachingMitM offline dictionary attack ID reveal attack during first auth CA-Signed Certificate secure mutual authentication

{} UMD D EPARTMENT OF C OMPUTER S CIENCE Slide 7 D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES Security Properties Extensible Ciphersuite –MAC Primatives: HMAC-SHA1 AES-CBC-MAC –Public-Key Primatives: RSA-OAEP-2048 DH-3072, 256-bit exponents Attack Resistance (dictionary, replay, negotiation) Confidentiality (in ID protect mode)

{} UMD D EPARTMENT OF C OMPUTER S CIENCE Slide 8 D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES Provable Security Random Oracle Model [Bellare 93] Supported primitives all act like Random Oracles [Bellare 94, Bellare 96, Bellare 00] Assume probabilistic, polynomial-time attacker EAP-PAX is secure against: –passive attacks if: PAX_STD without DH: Key O(2 k ) PAX_STD with DH: Key O(1) PAX_SEC without DH: Key O(2 k ) PAX_SEC with DH: Key O(1) –active attacks if: PAX_STD: Key O(2 k ), auth limit O(k n ) PAX_SEC with cert: Key O(k n ), auth limit O(1) PAX_SEC without cert: Key O(2 k ), auth limit O(k n )

{} UMD D EPARTMENT OF C OMPUTER S CIENCE Slide 9 D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES Channel Binding Validate lower-layer EAP parameters during authentication Need secure mechanism for exchanging parameters What is needed? Confidentiality? Authenticity? PAX provides authenticity, but not confidentiality (would require additional symmetric-key ciphersuite) Attach “Authenticated Data Exchange” frames during authentication once keys have been derived

{} UMD D EPARTMENT OF C OMPUTER S CIENCE Slide 10 D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES Channel Binding A B, CID, MAC, ADE(type 1, value 1 ) MAC, ADE(type 2, value 2 ) ACK, ADE(type 3, value 3 ) CLIENTSERVER ACK, ADE(type N, value N ) ACK, ADE(type N+1, value N+1 ) EAP-Success / EAP-Failure … …

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.