Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.

Slides:



Advertisements
Similar presentations
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Advertisements

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
Password-based Credentials Download Protocols Radia Perlman
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Protected Extensible Authentication Protocol
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
IEEE Wireless Local Area Networks (WLAN’s).
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Authentication System
Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Strong Password Protocols
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
IPsec: IKE, Internet Key Exchange IPsec does not use Public Key Infrastructure and exchanging keys before an IPsec connection is established is a problem.
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Wireless and Security CSCI 5857: Encoding and Encryption.
Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.
Eugene Chang EMU WG, IETF 70
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
ProjectIEEE Working Group on Mobile Broadband Wireless Access TitleIEEE MBWA Security Architecture.
Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :
EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.
Wireless Network Security and Interworking
UMD D EPARTMENT OF C OMPUTER S CIENCE D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES EAP-PAX draft-clacy-eap-pax-05 T. Charles Clancy
The PAK proposal for sacred WG Alec Brusilovsky
Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.
Doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix and Alternative Authentication Protocols David Jablon Phoenix Technologies.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
57 th IETF CAPWAP Security Issues David Molnar Security Architect July 18, 2003.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
Wireless Unification Theory William Arbaugh University of Maryland College Park.
Wireless Network Security CSIS 5857: Encoding and Encryption.
1 (Re)Introducing Strong Password Protocols Radia Perlman
1 Radius Vulnerabilities in Wireless Overview Randy Chou - Merv Andrade - Joshua Wright -
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.
EAP Password Authenticated eXchange (PAX)
Challenge-Response New Authentication Scheme
IETF-70 EAP Method Update (EMU)
The Tunneled Extensible Authentication Method (TEAM)
SECURING WIRELESS LANS WITH CERTIFICATE SERVICES
Security Activities in IETF in support of Mobile IP
Presentation transcript:

Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh Department of Computer Science University of Maryland, College Park IETF 60, EAP WG August 4, 2004 I-D.clancy-eap-pax-00

{} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX Design Goals Handheld devices in a wireless environment Minimal complexity in terms of computation, packet count, and infrastructure Bootstrap secure key derivation using a simple preshared secret (e.g. 4-digit PIN) Server-controlled key management Support for identity protection Provably secure

{} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX Overview PAX-Auth: 1 RT HMAC-based client authentication –Optional server-side certificate provides identity protection –Secure under the Standard model PAX-Update: 2 RT mutually authenticated Diffie-Hellman protocol –Only used when key update is required –Optional server-side certificate provides identity protection and security against dictionary attacks –Secure under the RO model and DDH problem

{} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX-Auth X, [K, Cert K ] [Enc K ] ( Y, ID C, HMAC P ( X, Y, ID C ) ) ServerClient key K, certificate Cert K, and public-key encryption Enc K optional

{} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX-Update g X, [K, Cert K ] [Enc K ] ( g Y, ID C, HMAC P’ ( g X, ID C ) ) ServerClient NULL HMAC P’ ( g X, g Y, ID C )

{} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Key Derivation Entropy e = (g XY ) OR (X || Y) P’= TLS-PRF( P, "Authentication Key", e ) MK= TLS-PRF( P', "Master Key”, e ) MSK= TLS-PRF( MK, "Master Session Key", e ) Secure under the RO model

{} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Cryptographic Primitives Extensible Currently supported: –HMAC:HMAC_SHA1_128 –DH:3072-bit MODP Group [RFC3526] –PubKey:RSA-OAEP-2048

{} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Related Work EKE, SPEKE, SRP: authentication schemes secure against dictionary attacks; IPR issues TLS: slow; requires full PKI PSK: no support for passwords; no key management

{} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Conclusion PAX goals: –Bootstrap secure key derivation using weak PIN –Identity protection, key management Looking for: –Community feedback –Method publication Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.