EMU BOF EAP-TLS Experiment Report RFC 2716 Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.

Slides:

Advertisements

Similar presentations

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Advertisements

Encrypting Wireless Data with VPN Techniques

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Cryptography and Network Security

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

802.1x EAP Authentication Protocols

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.

Ariel Eizenberg PPP Security Features Ariel Eizenberg

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Chapter 8 Web Security.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Windows 2003 and 802.1x Secure Wireless Deployments.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.

Wireless and Security CSCI 5857: Encoding and Encryption.

Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.

CAPWAP related draft-shao-opsawg-capwap-hybridmac-00 draft-chen-opsawg-capwap-extension-00 draft-zhang-opsawg-capwap-eap-00.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Eugene Chang EMU WG, IETF 70

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.

EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

July 16, 2003AAA WG, IETF 571 EAP Keying Framework Draft-aboba-pppext-key-problem-07.txt EAP WG IETF 57 Vienna,

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

TLS user mapping hint extension Stefan Santesson Microsoft.

November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.

EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)

WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.

Secure Sockets Layer (SSL) Protocol by Steven Giovenco.

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

DIME WG IETF 84 Diameter Design Guidelines draft-ietf-dime-app-design-guide-15 Tuesday, July 31, 2012 Lionel Morand.

1 Extensible Authentication Protocol (EAP) Working Group IETF-57.

1 SECMECH BOF EAP Methods IETF-63 Jari Arkko. 2 Outline Existing EAP methods Technical requirements EAP WG process for new methods Need for new EAP methods.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-05.txt Bernard Aboba Microsoft IETF 62, Minneapolis, MN.

Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Proposal for Extensible Security

Virtual Private Networks (VPN)

Presentation transcript:

EMU BOF EAP-TLS Experiment Report RFC 2716 Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA

History of RFC 2716 Goal: support for certificate-based mutual authentication within EAP over PPP -00 draft submitted to PPPEXT WG in October Experimental RFC published in October 1999 Why Experimental? No previous EAP method had supported mutual authentication or key derivation Few existing certificate or smartcard deployments

Basics of EAP-TLS EAP Type Code 13 Server certificate REQUIRED (Section 3.1) “If the EAP server is not resuming a previously established session, then it MUST include a TLS server_certificate handshake message, and a server_hello_done handshake message MUST be the last handshake message encapsulated in this EAP-Request packet.” Client certificate RECOMMENDED (Section 3.1) “The certificate_request message is included when the server desires the client to authenticate itself via public key. While the EAP server SHOULD require client authentication, this is not a requirement, since it may be possible that the server will require that the peer authenticate via some other means... If the EAP server sent a certificate_request message in the preceding EAP- Request packet, then the peer MUST send, in addition, certificate and certificate_verify handshake messages.” Client authentication can be postponed until later to enable privacy support

Subsequent Events EAP evolution Expanded lower layer support (RFC 3748) IEEE 802: IEEE 802.1X, IEEE i, IEEE e VPNs: PPTP, L2TP, IKEv2 Improvements in certificate/smartcard support Regulatory mandates FIPS HIPAA

Evaluating the EAP-TLS Experiment Security analyses Implementations Certification programs Deployments

Security Analyses Arbaugh & Mishra (2002) Found issues in EAP state machine that could lead to bypass of EAP-TLS server authentication Issues fixed in RFC 3748 & 4137 He, Sundararajan, Datta, Derek & Mitchell “A Modular Correctness Proof of IEEE i and TLS” Proof of security of EAP-TLS stand-alone and when used with IEEE i

EAP-TLS Implementations Peer Windows 2000, XP, CE XSupplicant Meetinghouse AEGIS Funk Odyssey Cisco ACU Devicescape Wire1X Server Windows 2000, Windows 2003 Server pppd FreeRADIUS OpenRADIUS RADIATOR Cisco ACS Funk Odyssey, Steel-Belted RADIUS Meetinghouse AEGIS Interlink Toolkits Matrix SSL Certicom Decode/debug Ethereal Netmon Test Suites Qacafe

Certification Programs WFA EAP Certification program EAP-TLS interoperability testing included within WPA certification program, April 2003 Expanded EAP certification program launched in April FIPS compliance FIPS compliant EAP-TLS implementations now shipping Restriction on allowable ciphersuites, key strength, etc. Vendor certification programs Thousands of engineers trained in installing, debugging, maintaining EAP-TLS

Deployments Surveys indicate that ~10% of all EAP deployments are using EAP-TLS Among customers who have deployed certificates, EAP-TLS usage is much higher Popular in security conscious environments Government/military Financial institutions Medical Engineering Regulatory mandates play an important role FIPS HIPAA Customers frequently deploy smartcards along with EAP-TLS

Summary EAP-TLS has been widely implemented and deployed. EAP-TLS interoperability has been demonstrated in multiple distinct implementations. EAP-TLS certification and testing programs are in place. Recommendation: The experiment has been a success.

Possible Next Steps Document the existing protocol in a Draft Standard “Improve” the protocol in a Proposed Standard

Draft Standard Approach Leverage WFA certification testing Identify interoperability problems and clarify specification Remove features that have not been shown to interoperate in two distinct implementations No feature additions beyond what is in RFC 2716 Issue RFC2716bis as Proposed Standard Move document to Draft Standard ASAP with minimal changes

Proposed Standard Approach Add features that would be “nice to have” Required work Redo the “proof of security” Revise test suites Upgrade certification programs Rewrite documentation, deployment guides Revise implementations Collect interoperability data on revised implementations Problems Unlikely the above work will actually get done Possible introduction of security vulnerabilities and interoperability issues Potential for IPR disclosures encumbering the revised protocol Existing implementations unlikely to upgrade Possible disruption of pending deployments “Nice to have” features may not supported within certification programs

Recommendation Draft Standard approach preferred EAP-TLS is a mature, stable protocol 6 years since publication of RFC 2716 Many distinct, interoperable implementations Proof of security available Stability more important than new features at this point Major deployments in progress Costs of protocol revision outweigh the benefits New features, if needed, can be introduced in a new EAP method

Feedback?