Presentation is loading. Please wait.

Presentation is loading. Please wait.

August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen.

Published byAudra Pope Modified over 8 years ago

Similar presentations

Presentation on theme: "August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen."— Presentation transcript:

1 August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen

2 August 4, 2004EAP WG, IETF 602 Background EAP does not have a concept of service (NAS) identity (identifier) –Since there’s no identitifier, it’s not authenticated to the client This leads to a ”2.5 party protocol” –Client is talking to some NAS trusted by the AAA server –Trivial consequence: compromised NAS can impersonate any other NAS

3 August 4, 2004EAP WG, IETF 603 Solution Part 1: Channel bindings –Send integrity-protected identifier inside EAP method Part 2: AAA server verifies that this identifier “belongs” to the node it’s sending MSK to

4 August 4, 2004EAP WG, IETF 604 Questions What identifier? –SSID –BSSID –AP IP address –AP DNS name –Human-readable “network name” Which direction?

5 August 4, 2004EAP WG, IETF 605 This draft Method-independent, extensible container for service identifiers Identifiers for some EAP lower layers –802.11, PPP, PANA, IKEv2 AVPs to send this container in some EAP methods –EAP-TLS, PEAPv2, EAP-SIM, EAP-AKA

6 August 4, 2004EAP WG, IETF 606 Example: Identifiers for 802.11 Service_Type = IEEE 802.11i Service_Provider = “Joe’s Coffee Shop, Heathrow airport, London, UK” 802_11_SSID = joecoffee 802_11_BSSID = 11:22:33:44:55:66 802_11_Protection_Mechanism = 802.11i

7 August 4, 2004EAP WG, IETF 607 Example: EAP-TLS Add extension to ClientHello & ServerHello messages

8 August 4, 2004EAP WG, IETF 608 What next? Comment welcome!

Download ppt "August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen."

Similar presentations

Protocol carrying Authentication for Network Access (PANA) Subir Das/Basavaraj Patil Telcordia Technologies Inc./Nokia 12/14/2001.

Protocol carrying Authentication for Network Access (PANA) Subir Das/Basavaraj Patil Telcordia Technologies Inc./Nokia 12/14/2001.
Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
EAP-Only Authentication in IKEv2 draft-eronen-ipsec-ikev2-eap-auth

EAP-Only Authentication in IKEv2 draft-eronen-ipsec-ikev2-eap-auth
Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.

Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.

Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.
August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen.

August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.

TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
1 Role of Authorization in Wireless Network Security Pasi Eronen Jari Arkko November 3, 2004 This document has been produced partially in the context of.

1 Role of Authorization in Wireless Network Security Pasi Eronen Jari Arkko November 3, 2004 This document has been produced partially in the context of.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das

July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das
Security Association Establishment for Handover Protocols Jari Arkko Ericsson Research NomadicLab.

Security Association Establishment for Handover Protocols Jari Arkko Ericsson Research NomadicLab.
Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.

Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011 Wireless Network Authentication Regnauld / Büttrich, Edit: Sept 2011.
November 200461st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)

EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and 802.11i IKEv2 EAP authentication.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
21-07-0387-00-00011 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-07-0387-00-0001 Title: Problem Statement for Authentication Signaling Optimization Date.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Problem Statement for Authentication Signaling Optimization Date.
IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.

IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.

Similar presentations

Ads by Google