Presentation is loading. Please wait.

Presentation is loading. Please wait.

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

Similar presentations

Presentation on theme: "Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software."— Presentation transcript:

1 Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software

2 New Version of EAP-TTLS A version field is now defined in the Flag bits Previous version is 0, new version is 1. Version 1 features: –Session keys mixed with TLS master secret –Secure exchange of result of inner authentication –Exchange of inner AVPs moved from TLS data phase into TLS handshake New InnerApplication extension to TLS (TLS/IA) defined to carry inner AVPs within handshake TLS data phase is free for other uses EAP-TTLS v1 is one binding to TLS/IA Other protocols, such as HTTP, may also be bound to TLS/IA

3 TLS “InnerApplication” Extension (TLS/IA) Uses standard RFC 3546 extension mechanism –InnerApplication extension appended to ClientHello, confirmed in ServerHello TLS/IA handshake is multi-phase: –Initial phase: Normal TLS handshake Instantiate cipher suite to create tunnel –Application phase(s) (normally one, may be more): Exchange AVPs for authentication and other applications Permute TLS master secret based on session keys Instantiate cipher suite with new master secret Phase Transitions –PhaseFinished terminates each handshake phase prior to final –Finished terminates final handshake phase

4 Comparison of TLS Encapsulation Handshake msgsCCS/FinishedAVPs Handshake msgs CCS/PhaseFinishedAVPsCCS/FinishedThis space available In EAP-TTLS version 0 (as well as EAP-PEAP/FAST) In EAP-TTLS version 1 TLS handshakedata TLS/IA handshake data

5 Session Key Binding Inner session keys are mixed into master key and: –confirmed by Finished message –mixed into outer session keys (e.g. MPPE keys) TLS master secret permutation –Initial master key is derived as usual during initial handshake phase –Master key is permuted at the end of each application phase: PRF is applied to create 48-octet vector Any inner session keys developed during this phase are arithmetically added to vector Result is new master key –Master key at end of final phase is actual master key for session

6 Success/Failure Confirmation Handshake message confirmation: –Each PhaseFinished or Finished message confirms handshake messages in current and all previous handshake phases Inner authentication confirmation: –Success is signalled by exchange of Finished messages –Failure is signalled by TLS failure alert Exchange of Finished messages prevents truncation attack

7 Other Uses of TLS/IA As with previous version, inner AVPs can be use for various purposes: –authentication –key exchange –client integrity attestation –etc. TLS/IA can provide inner AVP capabilities to other protocols besides EAP-TTLS Possible other uses for TLS/IA: –HTTP with EAP authentication –Alternative to IKE for IPsec authenticated key establishment –Setting up SSL VPN

8 IETF Plans Split into 3 drafts: –EAP-TTLS v0, which is deployed and has several interoperable implementations –TLS/IA, the InnerApplication extension to TLS –EAP-TTLS v1, specified as an encapsulation of TLS/IA Submit each draft for RFC proposed standard status (weather permitting)

Download ppt "Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software."

Similar presentations

Ads by Google