Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAA Support for ERP draft-gaonkar-radext-erp-attrs

Published byGordon Jennings Modified over 6 years ago

Similar presentations

Presentation on theme: "AAA Support for ERP draft-gaonkar-radext-erp-attrs"— Presentation transcript:

1 AAA Support for ERP draft-gaonkar-radext-erp-attrs
(draft-dondeti-dime-erp-diameter) IETF-71, Philadelphia, PA

2 Things to do ERP message transport via RADIUS/Diameter
DSRK Request and Delivery rMSK delivery How to carry the request and the keys How to protect the delivery? Inband vs. out of band

3 Carrying ERP Messages over AAA
This part is easy ERP messages are carried just as EAP messages There are some straightforward details NAS copies keyName-NAI TLV from EAP-Initiate/Re-auth into User-Name attribute/AVP Specification of which ERP messages are carried in which AAA messages Where unspecified, 3579 rules apply.

4 Key Request and Transport
rMSK is transported using a RADIUS-attr TBD Specify EAP rMSK as 2 (although it may be ok to reuse EAP MSK assignment for it) For DSRK request and delivery using a RADIUS-attr TBD Request and response piggybacked on AAA messages carrying EAP/ERP messages

5 How to Encode the Req/Resp
Encode in a RADIUS attribute with self-contained protection Out of band protection What do we need to consider? NIST-approved algorithms AES-KW Algorithm agility AES-KW or whatever else The whatever else implies more signaling – combined modes are easier to signal Multiple types of secure transport protocols DTLS, IPsec etc.

6 DSRK Request using Keywrap
Type Length Reserved Enc Type Enc Type = 0 implies the use of AES-KW; The request does not need to be encrypted! App ID = EAP DSRK (number TBD) KEK ID = <NULL> KM ID = Lifetime = <NULL> IV = <NULL> Data = <NULL>

7 DSRK Keywrap Type Length Reserved Enc Type
App ID = EAP DSRK (number TBD) KEK ID = KEK_ID KM ID = Lifetime = Lifetime IV = IV Data = DSRK

8 Questions?

Download ppt "AAA Support for ERP draft-gaonkar-radext-erp-attrs"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
RADEXT WG IETF-71 Agenda Friday, March 14, 2008 9:00 – 11:30 AM.

RADEXT WG IETF-71 Agenda Friday, March 14, :00 – 11:30 AM.
Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins.

Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.

AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate

SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.

ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.

1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.
EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)

EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)
7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.

1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.

Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Emu wg, IETF 70 Steve Hanna, shanna@juniper.net EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
IP Multicast Receiver Access Control draft-atwood-mboned-mrac-req draft-atwood-mboned-mrac-arch.

IP Multicast Receiver Access Control draft-atwood-mboned-mrac-req draft-atwood-mboned-mrac-arch.

Similar presentations

Ads by Google