Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.

Published byMagnus Miles Modified over 9 years ago

Similar presentations

Presentation on theme: "EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA."— Presentation transcript:

1 EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA

2 EAP Method Requirements Input received Liaison requests received from 3GPP, IEEE 802.11 3GPP dependencies on EAP SIM, AKA EAP SIM, AKA now in RFC Editor Queue IEEE 802.11 liaison request written up as RFC 4017 Work in progress Discussion of potential use of EAP in peer-to-peer scenarios (IEEE 802.1af, IEEE 802.11s) Not clear that EAP will be used in these scenarios or that new requests/requirements will come out of them

3 EAP Method Requirements for WLANs (RFC 4017) Credential types (Section 2.1) “Wireless LAN deployments are expected to use different credential types, including digital certificates, user-names and passwords, existing secure tokens, and mobile network credentials (GSM and UMTS secrets). Other credential types that may be used include public/private key (without necessarily requiring certificates) and asymmetric credential support (such as password on one side, public/private key on the other).”

4 RFC 4017 (cont’d) Mandatory Requirements Key generation Key strength Mutual authentication Shared state equivalence Dictionary attack resistance Man-in-the-middle attack protection Protected ciphersuite negotiation Recommended Requirements Fragmentation support Identity hiding Optional Features Channel Binding Fast reconnect

5 RFC 4017 Progress Report Core mechanisms Certificates EAP-TLS (RFC 2716) deployed Usernames & Passwords – no widely deployed methods Secure Tokens Several incompatible methods deployed (GTC, RSA, POTP) Mobile Network Credentials EAP SIM, AKA in RFC Editor Queue Other mechanisms Public/Private key (no certificates) – no widely deployed methods Asymmetric credentials (password/public key) Several incompatible proposals (PEAPv0, PEAPv1, EAP-TTLSv0, EAP- TTLSv1, etc.) Not mentioned Usernames & Pre-shared keys Multiple proposals, none widely deployed

6 Some Thoughts Basic usage scenarios still unsolved Secure, small footprint mechanisms needed Likely to be deployed in consumer, small office scenarios Single NAS deployments with no AAA server AAA servers targeted to small business EAP peer on embedded devices EMU must resist draining the swamp Standardization of mechanisms in areas with many existing proposals and IPR disclosures is seductive, but dangerous Likely to result in endless bickering, slow progress Yet anOther Method Absent MotivAtion (YOMAMA) Doing one thing well better than trying everything, but failing

7 Feedback?

Download ppt "EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA."

Similar presentations

Authentication.

Authentication.
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.

Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Georgy Melamed Eran Stiller

Georgy Melamed Eran Stiller
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
Wireless Authentication via EAP-FAST Party of Five Brandon Hoffman Kelly Koenig Azam Masood Phil Nwafor MSIT 458: Security (Professor Chen)

Wireless Authentication via EAP-FAST Party of Five Brandon Hoffman Kelly Koenig Azam Masood Phil Nwafor MSIT 458: Security (Professor Chen)
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Michal Rapco 05, 2005 Security issues in Wireless LANs.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Similar presentations

Ads by Google