Presentation is loading. Please wait.

Presentation is loading. Please wait.

Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.

Published byMadlyn Hicks Modified over 9 years ago

Similar presentations

Presentation on theme: "Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh."— Presentation transcript:

1 Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh {clancy,waa}@cs.umd.edu Department of Computer Science University of Maryland, College Park IETF 61, EAP WG November 10, 2004 draft-clancy-eap-pax-01

2 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX Introduction 2 round-trip MAC-based mutual authentication Supports provisioning with a weak pre-shared key Optional server-side certificate provides secure provisioning Supports key management with forward secrecy using Diffie-Hellman Optional support for identity protection (requires server-side certificate) Extensible ciphersuite

3 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Major Changes from -00 to -01 Address Crypto Concerns –mutual authentication –multiple uses of certain keys with different primitives Protocol Implementation Issues –identity protection paradox –new identity protection subprotocol Paranoia with MD5 and TLS-PRF –extensible key derivation function –support for HMAC-SHA1 and AES-CBC-MAC

4 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX_STD (no identity protection) A, SID, [PK, Cert PK ] [Enc PK ] (B, CID, MAC CK (A, B, CID, SID)) ServerClient ACK MAC CK (B, CID, SID) X, Y = rand(2 256 ) If keyUpdate thenA = g X, B = g Y, E = g XY elseA = X, B = Y, E = (X || Y) {AK’, CK, SessionKeys} = KDF(AK || E || KeyName)

5 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX_IDP (identity protection) M, SID, PK, Cert PK Enc PK (M, N, CID) ServerClient B, MAC CK (A, B, CID, SID) A, MAC N (A, CID, SID) M, N, X, Y = rand(2 256 ) If keyUpdate thenA = g X, B = g Y, E = g XY elseA = X, B = Y, E = (X || Y) {AK’, CK, SessionKeys} = KDF(AK || E || KeyName)

6 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Cryptographic Primitives Extensible Key Derivation Function –KDF16 X (Y) = MAC X (Y || 1) –KDF64 X (Y) = MAC X (Y || 1) || MAC X (Y || 2) || MAC X (Y || 3) || MAC X (Y || 4) Currently supported: –MAC:HMAC-SHA1-128 AES-CBC-MAC-128 –DH:3072-bit MODP Group [RFC3526] –PubKey:RSA-OAEP-2048

7 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX Implementation Currently Supports: –FreeRADIUS 1.0.1 –XSupplicant 1.0.1 –Authentication, Key Update Plan to Support: –Microsoft IAS –Windows XP Supplicant –Provisioning, Identity Protection Timings Experiment: –Cisco 1200 AP –Pentium 3 1.2GHz, Linux 2.4.26

8 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX Implementation Timings ProtocolPK CryptoRTTime (ms) PAX, no update PAX, key update PAX, provision - DH-3072 DH-3072/RSA-2048 223223 9.6 127.3 N/A EAP-TLS DH-512/RSA-512 DH-3072/RSA-2048 5757 89.8 1076.7 PEAP-MSCHAPv2 DH-512/RSA-512 DH-3072/RSA-2048 8 10 90.4 1027.3 TLS/PEAP used OpenSSL DSA-DH parameters, PAX used 3072- bit prime and 256-bit exponent as recommended in [RFC3766]

Download ppt "Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh."

Similar presentations

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02

Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.

Doc.: IEEE /0041r1 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.
Doc.: IEEE 802.11-11/1429r0 Submission November 2011 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2011-11-01 Authors:

Doc.: IEEE /1429r0 Submission November 2011 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Small(er) Footprint for TLS Implementations Hannes Tschofenig Smart Object Security workshop, March 2012, Paris.

Small(er) Footprint for TLS Implementations Hannes Tschofenig Smart Object Security workshop, March 2012, Paris.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
PlutoPlus: Policy and PKI Plans for FY00 Sheila Frankel Systems and Network Security Group Computer Security Division NIST

PlutoPlus: Policy and PKI Plans for FY00 Sheila Frankel Systems and Network Security Group Computer Security Division NIST
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Similar presentations

Ads by Google