Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder Key Descriptor Robert G. Moskowitz ICSAlabs IEEE 802 Plenary Meeting Kauai, Nov 12, 2002.

Published byNicole Henry Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder Key Descriptor Robert G. Moskowitz ICSAlabs IEEE 802 Plenary Meeting Kauai, Nov 12, 2002."— Presentation transcript:

1 1 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder Key Descriptor Robert G. Moskowitz ICSAlabs IEEE 802 Plenary Meeting Kauai, Nov 12, 2002

2 2 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder Method AS Auth Supp Credential Request Encrypted Credential Authed Credential Authed ACK

3 3 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder in an EAP method Model is the reverse of many EAP methods – The Supplicant drives the authentication – Initial Request might be just a filler record – Needham-Schroeder Request goes into an EAP Response EAP finishes with the Supplicant having the credential for the Authenticator – But Needham-Schroeder exchange is not complete Supplicant needs a methodology to deliver the credential to the Authenticator

4 4 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder in an EAP method Authenticator needs a methodology to reply to the supplicant – After which, the authentication is Successful, i.e. the EAP method is Successful This can best be performed in an EAPOL-Key Exchange

5 5 Needham-Schroeder Key Descriptor 11/12/2002 802.1x/EAP Exchange The 802.1x/EAP flow for Kerberos might be – AUTH: EAP Ident REQ – SUPP: EAP Ident REP – AS: EAP REQ -- Kerberos – SUPP: EAP REP -- KRB_AS_REQ – AS: EAP REQ -- KRB_AS_REP – SUPP: EAPOL-Key -- KRB_AP_REQ – AUTH: EAPOL-Key -- KRB_AP_REP – SUPP: EAP REP -- Finished – AS: RADIUS Accept – AUTH: EAP Success

6 6 Needham-Schroeder Key Descriptor 11/12/2002 802.1x/EAP Reconnect Exchange The 802.1x/EAP flow for Kerberos might be – AUTH: EAP Ident REQ – SUPP: EAP Ident REP – AS: EAP REQ -- Kerberos – SUPP: EAPOL-Key -- KRB_AP_REQ – AUTH: EAPOL-Key -- KRB_AP_REP – SUPP: EAP REP -- Finished – AS: RADIUS Accept – AUTH: EAP Success

7 7 Needham-Schroeder Key Descriptor 11/12/2002 EAPOL-Key Format Descriptor Type (7.6.1) Octet Number 1 2-3 4-N EAP Type Length Needham-Schroeder Body

8 8 Needham-Schroeder Key Descriptor 11/12/2002 Samples of Needham-Schroeder Body KRB_AP_REQ (RFC 1510) KRB_AP_REP (RFC 1510)

Download ppt "1 Needham-Schroeder Key Descriptor 11/12/2002 Needham-Schroeder Key Descriptor Robert G. Moskowitz ICSAlabs IEEE 802 Plenary Meeting Kauai, Nov 12, 2002."

Similar presentations

Authentication.

Authentication.
Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.

Kerberos Authentication. Kerberos Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed.
Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE 802.11-00/410 Submission November 2000 Duncan Kitchin, IntelSlide 1 A Network Enrollment Protocol Duncan Kitchin, Intel.

Doc.: IEEE /410 Submission November 2000 Duncan Kitchin, IntelSlide 1 A Network Enrollment Protocol Duncan Kitchin, Intel.
Doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group.

Doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group.
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-00xx-00-sec Title: IEEE 802.11r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: IEEE r Fast BSS Transition – A Study Date Submitted: September 21, 2009 Present.
IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
EAP STATE Machine Proposal

EAP STATE Machine Proposal
EAP Scenarios and 802.1af Joseph Salowey 1/12/2006.

EAP Scenarios and 802.1af Joseph Salowey 1/12/2006.
EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] 2004. 5. 12 Jee-Sook Eun Electronics and Telecommunications Research Institute.

EPON Technology Team 2/9/2014 Key Management [802.1af - Issues] Jee-Sook Eun Electronics and Telecommunications Research Institute.
Doc.: IEEE 802.11-02/516r0-I Submission September 2002 Robert Moskowitz, ICSALabsSlide 1 RADIUS Client Kickstart Robert Moskowitz, ICSALabs John Vollbrecht,

Doc.: IEEE /516r0-I Submission September 2002 Robert Moskowitz, ICSALabsSlide 1 RADIUS Client Kickstart Robert Moskowitz, ICSALabs John Vollbrecht,
Submission doc.: IEEE 802.11-11/1326r1 August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Early Key Generation by ECDH and PKC Date: 2011-09-22.

Submission doc.: IEEE /1326r1 August 2011 Hiroki Nakano, Trans New Technology, Inc.Slide 1 Early Key Generation by ECDH and PKC Date:
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Doc.: IEEE 802.11-12/1281r1 Submission NameAffiliationsAddressPhoneemail Robert Sun;Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,

Doc.: IEEE /1281r1 Submission NameAffiliationsAddressPhone Robert Sun;Huawei Technologies Co., Ltd. Suite 400, 303 Terry Fox Drive, Kanata,
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Similar presentations

Ads by Google