Presentation is loading. Please wait.

Presentation is loading. Please wait.

EAP-GEE Lakshminath Dondeti Vidya Narayanan

Published byCalvin Fox Modified over 6 years ago

Similar presentations

Presentation on theme: "EAP-GEE Lakshminath Dondeti Vidya Narayanan"— Presentation transcript:

1 EAP-GEE Lakshminath Dondeti Vidya Narayanan
Vidya Narayanan EAP WG meeting, IETF-65, Dallas, Mar 2006

2 Requirements Access and service authentication may both use EAP via the same authenticator Need to differentiate EAP-based access and service authentication L2 and L3 service providers may be different (e.g., MVNOs) Allow parallel execution of the two EAP exchanges No current means to distinguish the two EAP exchanges between a peer and authenticator without additional signaling An MSP may want to require Mobile IP-based service authentication instead of EAP-based service authentication

3 Network Model with Separate ANP and SNP
Service network provider (SNP) Access network provider (ANP) Authenticator MN AAA-ANP AAA-SNP

4 Proposing Generic EAP Encapsulation
The GEE protocol runs between the peer and the authenticator We introduce a GEE layer between the EAP layer and the EAP lower layer The GEE header (16 bits) indicates to the peer and the authenticator whether the authentication is for access (L2) or service (L3) Whether the service is Mobile IP or not

5 GEE header format EAP lower Layer hdr GEE Hdr EAP Packet Reserved
(6bits) Version (8bits) A M We introduce a 16-bit GEE header between the EAP header and the lower-layer header. It contains An 8-bit version header; Version = 0 for this version 1-bit A flag: If A==1, the EAP exchange is for access authentication If A==0, the EAP exchange is for service authentication 1-bit M flag: Valid only on an EAP Failure packet Ignored when A==1 If A == 0, M == 1 indicates peer MUST use MIP for service authentication A 6-bit Reserved field (unused, MBZ)

6 GEE multiplexing model
Method1 Method2 Method1 Method2 Peer Layer Authenticator Layer EAP Layer EAP Layer GEE Layer GEE Layer Lower Layer Lower Layer EAP Peer EAP Authenticator

7 GEE pass-through multiplexing model
Method1 Method2 Method1 Method2 Peer Layer Peer Authenticator Authenticator Layer EAP Layer EAP Layer EAP Layer GEE Layer GEE Layer Lower Layer Lower Layer AAA/IP AAA/IP Authentication Server EAP Peer Authenticator

8 Next steps This work is NOT within the EAP WG scope
Plan is to seek input from the EAP WG Submit as an individual I-D to the IESG for review

Download ppt "EAP-GEE Lakshminath Dondeti Vidya Narayanan"

Similar presentations

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.
Chapter 17 TACACS+.

Chapter 17 TACACS+.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das

July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das
November 200461st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,

November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and 802.11i IKEv2 EAP authentication.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
ICN Hop-By-Hop Fragmentation Marc Mosko Palo Alto Research Center Christian Tschudin University of Basel

ICN Hop-By-Hop Fragmentation Marc Mosko Palo Alto Research Center Christian Tschudin University of Basel
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
21-06-0727-01-0000 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN:21-06-0727-01-0000 Title: Proposal for IEEE 802.21 Study Group on Security Signaling Optimization.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Proposal for IEEE Study Group on Security Signaling Optimization.
November 10, 2003EAP WG, IETF 581 EAP State Machines (draft-ietf-eap-statemachine-01) John Vollbrecht, Pasi Eronen, Nick Petroni, Yoshihiro Ohba.

November 10, 2003EAP WG, IETF 581 EAP State Machines (draft-ietf-eap-statemachine-01) John Vollbrecht, Pasi Eronen, Nick Petroni, Yoshihiro Ohba.
Universal, Ubiquitous, Unfettered Internet © 2000 3ui.com Pte Ltd Mobile Internet Protocol under IPv6 Amlan Saha 3UI.COM Global IPv6 Summit,

Universal, Ubiquitous, Unfettered Internet © ui.com Pte Ltd Mobile Internet Protocol under IPv6 Amlan Saha 3UI.COM Global IPv6 Summit,
Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.
Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.
4: Network Layer4b-1 IPv6 r Initial motivation: 32-bit address space completely allocated by 2008. r Additional motivation: m header format helps speed.

4: Network Layer4b-1 IPv6 r Initial motivation: 32-bit address space completely allocated by r Additional motivation: m header format helps speed.
GTP (Generic Tunneling Protocol) Alessio Casati/Lucent Technologies Charles E. Perkins/Nokia Research IETF 47 draft-casati-gtp-00.txt.

GTP (Generic Tunneling Protocol) Alessio Casati/Lucent Technologies Charles E. Perkins/Nokia Research IETF 47 draft-casati-gtp-00.txt.
1 NetLMM Vidya Narayanan Jonne Soininen

1 NetLMM Vidya Narayanan Jonne Soininen

Similar presentations

Ads by Google