Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix 802.11 and Alternative Authentication Protocols David Jablon Phoenix Technologies.

Published byGladys Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix 802.11 and Alternative Authentication Protocols David Jablon Phoenix Technologies."— Presentation transcript:

1 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix 802.11 and Alternative Authentication Protocols David Jablon Phoenix Technologies

2 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Introduction In a Jan 20 Letter to IETF, TGi identified a range of requirements for authenticated key agreement methods. TGi has tasked an emerging IETF EAP WG with the job of furthering EAP standards to support 802.11 needs. This presentation describes some needy areas and relevant work-in-progress.

3 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Outline Some classes of Alternative Authentication Methods for 802.11 –Password-authenticated key exchange protocols –Key retrieval protocols –Pairing protocols Relevant other standards –IEEE 1363, and IETF work Need for these alternatives in 802.11 environments –Easier and safer ESS, BSS, and IBSS authentication Fit with current framework Open issues & next steps

4 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Some classes of Alternative Authentication Methods for 802.11 Password-authenticated key exchange protocols –a.k.a. “strong password protocols” –e.g. EKE, SPEKE, SRP Key retrieval protocols –e.g. Ford & Kaliski Pairing protocols

5 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Password authenticated key exchange protocols Proves password without revealing it –zero knowledge password proof –prevents unconstrained network brute-force attack Strong cryptography with no PKI, no certs, no keys –just a password Mutual authentication Key negotiation Requirements –Asymmetric cryptography (e.g. variants of DH) –At least two messages, one in each direction Same minimum of 3 message explicit mutual authentication –Client & server support

6 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix How a PAKE works PAKE server Enter password Password database App. server Encrypt session Session key App. client PAKE protocol PAKE client

7 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Key Retrieval Protocols Password-based retrieval of remotely stored credentials Kick-start for PKI / key / cert methods

8 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Pairing Protocols Other neat tricks to “authenticate strangers” –(Don’t ask. It’s not my primary focus today.)

9 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Password authenticated key exchange Relevant Standards IEEE P1363.2 –A new standard for password-based cryptography –Focus on Password-based public-key techniques –Product of IEEE 1363 WG –Defines versions of AMP, PAK, SPEKE, SRP IETF –RFC 2945: SRP

10 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix P1363.2 Focus Password-based public-key techniques –Balanced key agreement schemes –Augmented key agreement schemes –Key retrieval schemes Discrete log and elliptic curve settings

11 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix P1363.2 Rationale People are useful entities Passwords are ubiquitous authenticators People have trouble with high-grade keys –Storage(memorizing) –Input(attention to detail) –Output(typing) Need for optimal password techniques –Avoid tradeoffs of security for convenience

12 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix P1363 Contact Information IEEE P1363 Web site –http://grouper.ieee.org/groups/1363 –Publicly accessible research contributions and document submissions Two mailing lists –General announcements list –Technical discussion list –Open tradition – easy to participate web site contains subscription information

13 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Some of the PAKE Internet Drafts draft-ietf-tls-srp-01.txt Summary –Using SRP for TLS Authentication draft-ietf-sacred-protocol-bss-02.txt –Securely Available Credentials Protocol draft-black-ips-iscsi-security-01.txt –iSCSI Security Requirements and SRP-based ESP Keys draft-ietf-pppext-eap-srp-03.txt –PPP EAP SRP-SHA1 Authentication Protocol draft-jablon-speke-00.txt –The SPEKE Password-Based Key Agreement Methods

14 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Differences of SRP-4 vs. SRP-3 Discussed in draft-jablon-speke-00.txt Addresses IETF IPStorage WG open IP questions –{?, ?}  {No, Yes} Extensible to alternate groups –EC settings No two-for-one guessing –D. Bleichenbacher, M. Scott: SRP-3 limitation

15 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Need for these alternatives in 802.11 environments Enterprise deployment Standalone AP deployment Station-to-station deployment

16 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Enterprise deployment PAKE provides end-to-end protection –Client  Authentication server Password security with fewer requirements –Less dependent on key & certificate deployment –Less dependent on proper user action & attention Scales to eliminate all password crackable data –No clear or hashed passwords on intermediate nodes. –No client-stored password-crackable keys Business opportunity: RADIUS upgrades, etc.

17 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Standalone AP deployment Asymmetric crypto is essential for security –Needed for secure password-based protocols –e.g. Halevi & Krawczyk ‘99 – one model & proof Often deployed for same purpose as Enterprise deployment –Standalone deployment occurs within Enterprise networks –Difference in deployment & management model between point solution & workgroup settings is orthogonal to motivations for use. Scalable security –Rapid deployment, flexibility –Safe environmental succession to Enterprise management

18 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Station-to-station deployment Asymmetric crypto seems essential for security & convenience Different cases favor different methods –Strong password protocols pre-arranged secret –Ad-hoc connection protocols no pre-arranged secret

19 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Fit with EAP framework EAP-TLS + TLS-SRP, … EAP-SRP, EAP-SPEKE, … Potentially simpler alternatives? Good discussion topic for EAP WG.

20 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix SPEKE, SRP Fit with EAP Framework EAPLayer MethodLayer EAPEAP TLSTLS MediaLayer NDISAPIs EAPAPIs PPP802.3802.5802.11 SPEKE, SRP (Adapted from 11-01-658r0-I-Shared-Use-APs.ppt, Barkley, Moore & Aboba)

21 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Value of 802.1X approach Less work for Tgi, of course No “special status” for specific 802.1X methods –Lets the market decide –Encourages evolution as needed Process should work fine, IF: –IETF is not overtly hostile to technical goals of specific EAP scenarios, when patents appear to be needed to achieve such goals

22 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Open questions & next steps How to insure that EAP methods achieve appropriate objectives? How to coordinate 802.11, TGi needs and IETF efforts on an ongoing basis?

23 doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix Contacts David Jablon david_jablon@phoenix.com +1 508 898 9024 IETF www.ietf.org P1363 Working Group http://grouper.ieee.org/groups/1363

Download ppt "Doc.: IEEE 802.11-02/213r0 Submission March 2002 D Jablon/Phoenix 802.11 and Alternative Authentication Protocols David Jablon Phoenix Technologies."

Similar presentations

Authentication.

Authentication.
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Password-based Credentials Download Protocols Radia Perlman

Password-based Credentials Download Protocols Radia Perlman
SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.

SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Similar presentations

Ads by Google