Presentation is loading. Please wait.

Presentation is loading. Please wait.

An EAP Authentication Method Based on Identity-Based Authenticated Key Exchange draft-cakulev-emu-eap-ibake-00 Violeta Cakulev Violeta.Cakulev@alcatel-lucent.com.

Published byÉΘεοκλής Βουγιουκλάκης Modified over 5 years ago

Similar presentations

Presentation on theme: "An EAP Authentication Method Based on Identity-Based Authenticated Key Exchange draft-cakulev-emu-eap-ibake-00 Violeta Cakulev Violeta.Cakulev@alcatel-lucent.com."— Presentation transcript:

1 An EAP Authentication Method Based on Identity-Based Authenticated Key Exchange draft-cakulev-emu-eap-ibake-00 Violeta Cakulev Ioannis Broustis ITEF 80 – Prague

2 EAP-IBAKE EAP method that leverages IBAKE
IBAKE – Identity Based Authenticated Key Exchange Mutual authentication through the use of identity-based encryption Derivation of exportable keying material Perfect forward and backward secrecy Escrow-free key agreement Security formally proven

3 IBAKE Framework Based on an Identity Based asymmetric cryptographic framework Every participant has a public and a private key Public key is identity based Private key corresponding to Public key is issued by a trusted Key Generation Function (KGF) Participants obtain private keys from KGF offline Security association between KGF and participant is pre-provisioned Encryption and Decryption of messages during EAP exchange based on Identity Based Encryption (IBE) Reference: Boneh et al., RFC 5091, RFC 5408, RFC 5409

4 EAP-IBAKE Exchange EAP-Request/IBAKE-ID EAP-Response/IBAKE-Challenge
Peer (p) EAP-Request/IBAKE-ID EAP Server (s) EAP-Response/IBAKE-Challenge EAP-Request/IBAKE-Challenge EAP-Response/IBAKE-Challenge EAP-Request/IBAKE-Confirm EAP-Response/IBAKE-Confirm EAP-Success

5 EAP-IBAKE Messages SERVER PEER IDs, Crypto Proposals 
 Encr(K_PUBs,IDp), Encr(K_PUBs, Crypto Selection) Encr(K_PUBp, IDs, IDp, [Rs]P)   Encr(K_PUBp, IDs, IDp, [Rs]P, [Rp]P) Encr(K_PUBp, IDs, IDp, [Rp]P), Auth_S   Auth_P K_PUBp and K_PUBs - peer's and server's public keys Rp and Rs - random integers, chosen by Peer and Server Auth_S, Auth_P - signature fields to protect the integrity of the negotiated parameters P is a point on an elliptic curve Negotiated during IBAKE-ID exchange

6 EAP-IBAKE Features Identity Protection Ciphersuite negotiation
Mutual authentication Reply protection Integrity protection Confidentiality Secure Key generation Session independence Fragmentation

7 Targeted Application European Telecommunications Standards Institute (ETSI) ETSI adopted IBAKE as a bootstrapping protocol (ETSI TS ) ETSI is currently discussing what protocol to use to carry IBAKE messages EAP is one of the proposals

8 Next Step Does this fit current working group charter?

Download ppt "An EAP Authentication Method Based on Identity-Based Authenticated Key Exchange draft-cakulev-emu-eap-ibake-00 Violeta Cakulev Violeta.Cakulev@alcatel-lucent.com."

Similar presentations

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Internet Security CSCE 813 IPsec. CSCE 813 - Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,

Internet Security CSCE 813 IPsec. CSCE Farkas2 Reading Today: – Oppliger: IPSec: Chapter 14 – Stalllings: Network Security Essentials, 3 rd edition,
Chapter 8 Web Security.

Chapter 8 Web Security.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.

Web Security : Secure Socket Layer Secure Electronic Transaction.
2003-2004 - Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
UMD D EPARTMENT OF C OMPUTER S CIENCE D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES EAP-PAX draft-clacy-eap-pax-05 T. Charles Clancy

UMD D EPARTMENT OF C OMPUTER S CIENCE D O D L ABORATORY FOR T ELECOMMUNICATION S CIENCES EAP-PAX draft-clacy-eap-pax-05 T. Charles Clancy
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG 2012.07.30.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.

EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Similar presentations

Ads by Google