Emu wg, IETF 70 Steve Hanna, shanna@juniper.net EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
EAP-TTLS Status draft-funk-eap-ttls-v0-00.txt draft-funk-eap-ttls-v1-00.txt draft-funk-tls-inner-application-extension-01.txt Paul Funk Funk Software.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
IEEE Wireless Local Area Networks (WLAN’s).
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Chapter 8 Web Security.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
EAP Mutual Cryptographic Binding draft-ietf-karp-ops-model-03 draft-ietf-karp-ops-model-03 S. Hartman M. Wasserman D. Zhang.
Mobile and Wireless Communication Security By Jason Gratto.
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Eugene Chang EMU WG, IETF 70
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Cryptography and Network Security (SSL)
RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.
EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
UMD D EPARTMENT OF C OMPUTER S CIENCE D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES EAP-PAX draft-clacy-eap-pax-05 T. Charles Clancy
Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.
July 16, 2003AAA WG, IETF 571 EAP Keying Framework Draft-aboba-pppext-key-problem-07.txt EAP WG IETF 57 Vienna,
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
Mar 22, 2010IETF NEA Meeting1 NEA Working Group (oauth is in Redondo!) IETF 77 Mar 22, Co-chairs:
EAP-POTP Magnus Nyström, RSA Security 23 May 2005.
Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (
1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)
IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.
RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
Doc.: IEEE /403r0 Submission July 2001 Albert Young, 3Com, et alSlide 1 Supplementary Functional Requirements for Tgi ESS Networks Submitted to.
1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.
August 2, 2005IETF63 EAP WG AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) Yoshihiro Ohba (Toshiba) Mayumi.
1 SECMECH BOF EAP Methods IETF-63 Jari Arkko. 2 Outline Existing EAP methods Technical requirements EAP WG process for new methods Need for new EAP methods.
IETF-84 EMU TEAP Updates Nancy Joseph Salowey Hao Zhou
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.
RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
IETF-70 EAP Method Update (EMU)
The Tunneled Extensible Authentication Method (TEAM)
Presentation transcript:

emu wg, IETF 70 Steve Hanna, shanna@juniper.net EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna, shanna@juniper.net

EAP-TTLS for IETF EMU WG TLS-based tunneled EAP method Phase 1: like EAP-TLS Phase 2: AVP exchange Supports Tunneled authentication via many methods Multiple forms of authentication Endpoint integrity checks Other extensions Documented in Internet-Drafts since 2001 Widely implemented and deployed (eduroam, etc.) Cited by SDOs like WiMAX & 3GPP Heading for RFC status December 4, 2007 EAP-TTLS for IETF EMU WG

EAP-TTLS for IETF EMU WG EAP-TTLS AVPs Diameter AVP format 32-bit type, 24-bit length M bit for Mandatory to support V bit and Vendor-ID for vendor-specific AVPs RADIUS and Diameter attributes carry over Easy to integrate with RADIUS servers Can translate AVPs into RADIUS packets Easy to tunnel existing EAP methods Easy to tunnel non-EAP authentication Easy to add new capabilities December 4, 2007 EAP-TTLS for IETF EMU WG

Changes in eap-ttls-v0-02 Added IANA Considerations Updated references Minor clarifications in response to reviews December 4, 2007 EAP-TTLS for IETF EMU WG

EAP-TTLS for IETF EMU WG eap-ttls-agility-00 Optional AVPs for use with EAP-TTLS Provide Cryptographic algorithm agility Cryptographic binding of inner and outer auth Intermediate key confirmation Protected results December 4, 2007 EAP-TTLS for IETF EMU WG

Cryptographic Algorithm Agility EAP-TTLSv0 already fairly agile Uses TLS ciphersuite negotiation But MSK and EMSK computation algorithm always uses TLS 1.1 PRF (based on SHA-1 and MD5) Solution New MSK-Computation AVP to negotiate alternative MSK and EMSK computation algorithms New MSK and EMSK computation algorithm (“Mixed”) Uses TLS PRF (negotiable in TLS 1.2) Based on new Composite Key, which mixes in MSKs exported by inner authentications December 4, 2007 EAP-TTLS for IETF EMU WG

Cryptographic Binding of Inner and Outer Authentications Protect against MITM attacks like [Asokan] Mixed MSK computation gives some protection But only after EAP authentication completed, so... Key-Confirmation-Option AVP Negotiates use of Key-Confirmation AVP Key-Confirmation AVP Server MAY send any time, MUST send at end Server sends POP for Composite Key Client responds with similar POP December 4, 2007 EAP-TTLS for IETF EMU WG

EAP-TTLS for IETF EMU WG Secure Completion Ensure secure completion of handshake Detect truncation attacks Detect forged EAP-Success or EAP-Failure Secure-Completion-Option AVP Negotiates use of Secure Completion TTLS-Success and TTLS-Failure AVPs Final exchange WITHIN tunnel December 4, 2007 EAP-TTLS for IETF EMU WG

Evaluation Against Requirements Transport of encrypted password for support of legacy password databases: YES 2. Mutual authentication (specifically authentication of the server): YES 3. Resistance to offline dictionary attacks, man-in-the-middle attacks: YES 4. Compliance with RFC 3748, RFC 4017 and EAP keying (including EMSK and MSK generation): YES 5. Peer identity confidentiality: YES December 4, 2007 EAP-TTLS for IETF EMU WG

Evaluation Against Requirements 6. Crypto agility and ciphersuite negotiation: YES w TLS 1.2 7. Session resumption: YES 8. Fragmentation and reassembly: YES 9. Cryptographic binding: YES 10. Password/PIN change: YES when authentication method supports December 4, 2007 EAP-TTLS for IETF EMU WG

Evaluation Against Requirements 11. Transport Channel binding data: Can support with new AVPs 12. Protected result indication: YES 13. Support for certificate validation protocols: YES w TLS CertStatus extn 14. Extension mechanism: YES December 4, 2007 EAP-TTLS for IETF EMU WG

EAP-TTLS for IETF EMU WG Summary EAP-TTLS Well-established EAP method Specified in Internet-Drafts since 2001 Widely implemented Used by other standards bodies No known substantial IPR problems Meets all stated requirements Easy to integrate with RADIUS servers Offers many other features Tunneled authentication via many methods Multiple forms of authentication Endpoint integrity checks (for NEA) December 4, 2007 EAP-TTLS for IETF EMU WG

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.