We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCesar Whitt
Modified over 2 years ago
EAP Channel Bindings TF-MNM Lyon, February 16, 2011 Alan DeKok FreeRADIUS
TF-MNM Lyon 2 AAA The problem AAA
TF-MNM Lyon 3 Its all lies NAS can lie to end user $0.02 per minute (really $0.10) Visited provider can lie to home server They used 10 hours (really 10 min)
TF-MNM Lyon 4 Solution Tell everyone what everyone else said In a secure fashion
TF-MNM Lyon 5 AAA The Solution AAA The NAS told me X I told the user X
TF-MNM Lyon 6 How it works Define a TLV in EAP to transport data Likely RADIUS RADIUS inside of EAP inside of TTLS inside of EAP inside of RADIUS Its a bit of a miracle that it works at all
TF-MNM Lyon 7 Security Exchange information after user has been authenticated Using keys derived from the EAP session Ensures authenticity and integrity of the data
TF-MNM Lyon 8 Benefits Increases the usefulness of roaming I dont know who the NAS is, but hes asking to charge the user $0.02/min, and the user has agreed.
TF-MNM Lyon 9 Questions?
Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.
Chapter 16 AAA. AAA Components AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Paraphrasing (summarising). Why? Group question: What is paraphrasing? In pairs, discuss: Why and when is it useful to paraphrase?
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.
1 Role of Authorization in Wireless Network Security Pasi Eronen Jari Arkko November 3, 2004 This document has been produced partially in the context of.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Michal Procházka, Jan Oppolzer CESNET.
19 May 2003 © The JNT Association Terena Technical Advisory Council Terena Mobility Task Force
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
1 sip-aaa-req.PPT/ 16 Jul 2002 / John Loughney SIP-AAA Requirements John Loughney Gonzalo Camarillo IETF 54.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
What is gossip? When people spread rumors about another person it is called gossip. Gossip is talking about something that is not your problem.
WIRELESS LAN SECURITY Using EAP - TTLS. Security - In the Broad Sense Focuses on network security, system security, information security, and physical.
CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López
EAP Scenarios and 802.1af Joseph Salowey 1/12/2006.
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.
WIRELESS SECURITY 802.1x EAP Authentication Protocols.
Washinton D.C., November 2004 IETF 61 st – mip6 WG Goals for AAA-HA interface (draft-giaretta-mip6-aaa-ha-goals-00) Gerardo Giaretta Ivano Guardini Elena.
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
Authentication Protocols Natalie DeKoker, Lindsay Haley, Jordan Lunda, Matty Ott.
Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
Wireless LAN Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless LAN Setup Host Based AP ( hostap ) in Linux & freeBSD Securing.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
Courage To Listen And To Implement Patient Feedback Pamela Taylor Ward Manager Ward AM3.
Terena Mobility Taskforce update Klaas Wierenga SURFnet.
Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
EAP Extensions for EAP Early Authentication Protocol (EEP) Hao Wang, Yang Shi, Tina Tsou.
Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.
Cryptography Readings Encryption, Decryption, & Digital Certificates.
RADEXT WG IETF-71 Agenda Friday, March 14, :00 – 11:30 AM.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Key Management in AAA Russ Housley Incoming Security Area Director.
RADIUS By: Nicole Cappella. Overview Central Authentication Services Definition of RADIUS “AAA Transaction” Roaming Security Issues and How.
Common NAI/Password Fraud Issue 7/27/2005 Bryan Cook
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.
© 2016 SlidePlayer.com Inc. All rights reserved.