Doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix 802.11 and Alternative Authentication Protocols David Jablon Phoenix Technologies.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

Password-based Credentials Download Protocols Radia Perlman

SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.

Lecture 23 Internet Authentication Applications

Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

802.1x EAP Authentication Protocols

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,

Authentication System

IEEE P1363: Standard Specifications for Public-Key Cryptography

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Strong Password Protocols

Windows 2003 and 802.1x Secure Wireless Deployments.

Internet Research Task Force Crypto Forum Research Group IETF 89 March 3, 2014 London List: Chairs:

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

WIRELESS LAN SECURITY Using

Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

ProjectIEEE Working Group on Mobile Broadband Wireless Access TitleIEEE MBWA Security Architecture.

Doc.: IEEE /034r1 Submission March 2000 Dan Simon, Bernard Aboba, Tim Moore, Microsoft IEEE Security and 802.1X Dan Simon

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

Virtual Private Network Benefits Classification Tunneling technique, PPTP, L2TP, IPSec Encryption Technology Key Management Technology Authentication Settings.

Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.

CIST/ETRI/ISIT/KDDI/Kyusyu Univ./NICT Joint Research Workshop on Ubiquitous Network Security 2005 Verifier-Based Password-Authenticated Key Exchange Jeong.

Doc.: IEEE /524r0 Submission November 2001 Bernard Aboba, MicrosoftSlide 1 Secure Remote Password (SRP) Bernard Aboba Dan Simon Tim Moore Microsoft.

Kerberos Guilin Wang School of Computer Science 03 Dec

Some use cases and requirements for handover Information Services Greg Daley MIPSHOP Session IETF 64.

November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.

Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security

1 Background and Introduction. 2 Outline History Scope Administrative.

Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (

57 th IETF CAPWAP Security Issues David Molnar Security Architect July 18, 2003.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

IEEE P1363.2: Standard Specifications for Password-based Public-Key Cryptography David Jablon CTO Phoenix Technologies Treasurer, IEEE P1363 NIST Key Management.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

DSLF Subscriber Auth Requirements and IETF PANA Protocol PANA WG Chairs IETF 70 Dec 7, 2007 – Vancouver, Canada.

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: Authors:

Doc.: IEEE /403r0 Submission July 2001 Albert Young, 3Com, et alSlide 1 Supplementary Functional Requirements for Tgi ESS Networks Submitted to.

IEEE P AMP March 25, History 1/3 May 2000 [Kw00] –First proposal to IEEE P1363 February 2001 [Kw01] –Presented at NDSS ’01, San Diego, CA.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

SIP Authentication using EC- SRP5 Protocol Fuwen Liu, Minpeng Qi, Min Zuo, 1.

CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López

Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.

Presentation transcript:

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix and Alternative Authentication Protocols David Jablon Phoenix Technologies

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Introduction In a Jan 20 Letter to IETF, TGi identified a range of requirements for authenticated key agreement methods. TGi has tasked an emerging IETF EAP WG with the job of furthering EAP standards to support needs. This presentation describes some needy areas and relevant work-in-progress.

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Outline Some classes of Alternative Authentication Methods for –Password-authenticated key exchange protocols –Key retrieval protocols –Pairing protocols Relevant other standards –IEEE 1363, and IETF work Need for these alternatives in environments –Easier and safer ESS, BSS, and IBSS authentication Fit with current framework Open issues & next steps

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Some classes of Alternative Authentication Methods for Password-authenticated key exchange protocols –a.k.a. “strong password protocols” –e.g. EKE, SPEKE, SRP Key retrieval protocols –e.g. Ford & Kaliski Pairing protocols

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Password authenticated key exchange protocols Proves password without revealing it –zero knowledge password proof –prevents unconstrained network brute-force attack Strong cryptography with no PKI, no certs, no keys –just a password Mutual authentication Key negotiation Requirements –Asymmetric cryptography (e.g. variants of DH) –At least two messages, one in each direction Same minimum of 3 message explicit mutual authentication –Client & server support

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix How a PAKE works PAKE server Enter password Password database App. server Encrypt session Session key App. client PAKE protocol PAKE client

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Key Retrieval Protocols Password-based retrieval of remotely stored credentials Kick-start for PKI / key / cert methods

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Pairing Protocols Other neat tricks to “authenticate strangers” –(Don’t ask. It’s not my primary focus today.)

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Password authenticated key exchange Relevant Standards IEEE P –A new standard for password-based cryptography –Focus on Password-based public-key techniques –Product of IEEE 1363 WG –Defines versions of AMP, PAK, SPEKE, SRP IETF –RFC 2945: SRP

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix P Focus Password-based public-key techniques –Balanced key agreement schemes –Augmented key agreement schemes –Key retrieval schemes Discrete log and elliptic curve settings

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix P Rationale People are useful entities Passwords are ubiquitous authenticators People have trouble with high-grade keys –Storage(memorizing) –Input(attention to detail) –Output(typing) Need for optimal password techniques –Avoid tradeoffs of security for convenience

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix P1363 Contact Information IEEE P1363 Web site – –Publicly accessible research contributions and document submissions Two mailing lists –General announcements list –Technical discussion list –Open tradition – easy to participate web site contains subscription information

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Some of the PAKE Internet Drafts draft-ietf-tls-srp-01.txt Summary –Using SRP for TLS Authentication draft-ietf-sacred-protocol-bss-02.txt –Securely Available Credentials Protocol draft-black-ips-iscsi-security-01.txt –iSCSI Security Requirements and SRP-based ESP Keys draft-ietf-pppext-eap-srp-03.txt –PPP EAP SRP-SHA1 Authentication Protocol draft-jablon-speke-00.txt –The SPEKE Password-Based Key Agreement Methods

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Differences of SRP-4 vs. SRP-3 Discussed in draft-jablon-speke-00.txt Addresses IETF IPStorage WG open IP questions –{?, ?}  {No, Yes} Extensible to alternate groups –EC settings No two-for-one guessing –D. Bleichenbacher, M. Scott: SRP-3 limitation

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Need for these alternatives in environments Enterprise deployment Standalone AP deployment Station-to-station deployment

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Enterprise deployment PAKE provides end-to-end protection –Client  Authentication server Password security with fewer requirements –Less dependent on key & certificate deployment –Less dependent on proper user action & attention Scales to eliminate all password crackable data –No clear or hashed passwords on intermediate nodes. –No client-stored password-crackable keys Business opportunity: RADIUS upgrades, etc.

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Standalone AP deployment Asymmetric crypto is essential for security –Needed for secure password-based protocols –e.g. Halevi & Krawczyk ‘99 – one model & proof Often deployed for same purpose as Enterprise deployment –Standalone deployment occurs within Enterprise networks –Difference in deployment & management model between point solution & workgroup settings is orthogonal to motivations for use. Scalable security –Rapid deployment, flexibility –Safe environmental succession to Enterprise management

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Station-to-station deployment Asymmetric crypto seems essential for security & convenience Different cases favor different methods –Strong password protocols pre-arranged secret –Ad-hoc connection protocols no pre-arranged secret

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Fit with EAP framework EAP-TLS + TLS-SRP, … EAP-SRP, EAP-SPEKE, … Potentially simpler alternatives? Good discussion topic for EAP WG.

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix SPEKE, SRP Fit with EAP Framework EAPLayer MethodLayer EAPEAP TLSTLS MediaLayer NDISAPIs EAPAPIs PPP SPEKE, SRP (Adapted from r0-I-Shared-Use-APs.ppt, Barkley, Moore & Aboba)

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Value of 802.1X approach Less work for Tgi, of course No “special status” for specific 802.1X methods –Lets the market decide –Encourages evolution as needed Process should work fine, IF: –IETF is not overtly hostile to technical goals of specific EAP scenarios, when patents appear to be needed to achieve such goals

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Open questions & next steps How to insure that EAP methods achieve appropriate objectives? How to coordinate , TGi needs and IETF efforts on an ongoing basis?

doc.: IEEE /213r0 Submission March 2002 D Jablon/Phoenix Contacts David Jablon IETF P1363 Working Group