Presentation is loading. Please wait.

Presentation is loading. Please wait.

Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.

Similar presentations


Presentation on theme: "Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh."— Presentation transcript:

1 Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh {clancy,waa}@cs.umd.edu Department of Computer Science University of Maryland, College Park IETF 60, EAP WG August 4, 2004 I-D.clancy-eap-pax-00

2 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX Design Goals Handheld devices in a wireless environment Minimal complexity in terms of computation, packet count, and infrastructure Bootstrap secure key derivation using a simple preshared secret (e.g. 4-digit PIN) Server-controlled key management Support for identity protection Provably secure

3 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX Overview PAX-Auth: 1 RT HMAC-based client authentication –Optional server-side certificate provides identity protection –Secure under the Standard model PAX-Update: 2 RT mutually authenticated Diffie-Hellman protocol –Only used when key update is required –Optional server-side certificate provides identity protection and security against dictionary attacks –Secure under the RO model and DDH problem

4 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX-Auth X, [K, Cert K ] [Enc K ] ( Y, ID C, HMAC P ( X, Y, ID C ) ) ServerClient key K, certificate Cert K, and public-key encryption Enc K optional

5 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE PAX-Update g X, [K, Cert K ] [Enc K ] ( g Y, ID C, HMAC P’ ( g X, ID C ) ) ServerClient NULL HMAC P’ ( g X, g Y, ID C )

6 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Key Derivation Entropy e = (g XY ) OR (X || Y) P’= TLS-PRF( P, "Authentication Key", e ) MK= TLS-PRF( P', "Master Key”, e ) MSK= TLS-PRF( MK, "Master Session Key", e ) Secure under the RO model

7 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Cryptographic Primitives Extensible Currently supported: –HMAC:HMAC_SHA1_128 –DH:3072-bit MODP Group [RFC3526] –PubKey:RSA-OAEP-2048

8 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Related Work EKE, SPEKE, SRP: authentication schemes secure against dictionary attacks; IPR issues TLS: slow; requires full PKI PSK: no support for passwords; no key management

9 {} Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE Conclusion PAX goals: –Bootstrap secure key derivation using weak PIN –Identity protection, key management Looking for: –Community feedback –Method publication Questions?


Download ppt "Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh."

Similar presentations


Ads by Google