RADIUS Attributes for the Delivery of Keying Material Joe Salowey Jesse Walker Tiebing Zhang Glen Zorn.

Slides:



Advertisements
Similar presentations
Session ID Georg Carle, John Vollbrecht, Sebastian Zander, Tanja Zseby San Diego, December 2000.
Advertisements

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
EAP Scenarios and 802.1af Joseph Salowey 1/12/2006.
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Benoit Lourdelet Wojciech Dec Behcet Sarikaya Glen Zorn July 2009 IPv6 RADIUS attributes for IPv6 access networks IETF-75
RADEXT WG IETF-71 Agenda Friday, March 14, :00 – 11:30 AM.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Crypto Agility and Key Wrap Attributes for RADIUS Glen Zorn Joe Salowey Hao Zhou Dan Harkins.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
802.1x EAP Authentication Protocols
Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Doc.: IEEE /0946r3 Submission August 2012 A proposal for next generation security in built on changes in ac 23 August 2012 Slide.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
IPv6 RADIUS attributes for IPv6 access networks draft-lourdelet-radext-ipv6-access-01 Glen Zorn, Benoit Lourdelet Wojciech Dec, Behcet Sarikaya Radext/dhc.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
WIRELESS LAN SECURITY Using
By: Surapheal Belay ITEC ABSTRACT According to NIST SP : “ Mail servers are often the most targeted and attacked servers on an organization’s.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Wireless Router Basic Wireless Concepts & Configuration Chapter.
Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
Doc.: IEEE /0394r0 Submission March 2008 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
WEP Protocol Weaknesses and Vulnerabilities
OTP-ValidationService John Linn, RSA Laboratories 11 May 2005.
EAP Authentication for SIP & HTTP V. Torvinen (Ericsson), J. Arkko (Ericsson), A. Niemi (Nokia),
Doc.: IEEE /0691r0 Submission May 2011 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
1 RADIUS Attribute Harmonization and Informational guidelines for PWLAN Farid Adrangi Intel Corporation ( )
1 NIST Key State Models SP Part 1SP (Draft)
RADEXT WG IETF 91 Rechartering. Why? Current charter doesn’t allow us to take on new work that is waiting in the queue Has an anachronistic Diameter entanglement.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba Alper Yegin
IP Multicast Receiver Access Control draft-atwood-mboned-mrac-req draft-atwood-mboned-mrac-arch.
ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002.
Dean Cheng 81 st IETF Quebec City RADIUS Extensions for CGN Configurations draft-cheng-behave-cgn-cfg-radius-ext
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
Doc.: IEEE /0946r1 Submission July 2012 A proposal for next generation security in built on changes in ac 16 July 2012 Slide 1 Authors:
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,
SCEP Simple Certificate Enrollment Protocol.
KeyProv PSKC Specification Mingliang Pei Authors: P. Hoyer, M. Pei and S. Machani 73 nd IETF meeting, Minneapolis, Nov
IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.
1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.
Authentication and handoff protocols for wireless mesh networks
RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt
IETF Provisioning of Symmetric Keys (keyprov) WG Update
OAuth WG Conference Call, 11th Jan. 2013
AAA Support for ERP draft-gaonkar-radext-erp-attrs
Keying for Fast Roaming
PEKM (Post-EAP Key Management Protocol)
July 2010 doc.: IEEE /0903r0 A proposal for next generation security in built on changes in ac 23 August 2012 Authors: Name Company.
PAA-2-EP protocol PANA wg - IETF 58 Minneapolis
Keying for Fast Roaming
Presentation transcript:

RADIUS Attributes for the Delivery of Keying Material Joe Salowey Jesse Walker Tiebing Zhang Glen Zorn

Goals Securely transfer crypto keying material between RADIUS servers & client –Crypto-agility –NIST validation RADIUS as part of IEEE 802.1X & i systems Provide strong authentication for any RADIUS message –Crypto-agility –Accounting –Dynamic Authorization

Attributes Keying-Material –8-bit encryption type –16-bit application ID & key lifetime –128-bit KEK & Key IDs –Variable-length IV & keying material MAC-Randomizer –256-bit pseudo-random number –Substitute for Authenticator in CoA, etc. Message-Authentication-Code –Crypto-agile MAC

Rationale Extends existing RADIUS framework Attributes re-usable in various situations –Different keying methods IEEE i IEEE 802.1af WiMAX HOKEY (?) –Dynamic messages (e.g. CoA) –Accounting

Features No key management scheme specified –KEK, MAC Key “magically” provisioned –No reliance on particular derivation or provisioning methods –KEK-ID facilitates external key management schemes Application ID identifies key usage Crypto-agility supported –Encryption & MAC algorithms replaceable

Summary Provides crypto-agility for message authentication –Useful for CoA, accounting Provides crypto-agility for common key encryption attribute –Useful to carry MSK & other EAP-derived keys Efficient –Only necessary attributes encrypted

Next Steps Adopt as WG item –Draft in rev 12 Extensively reviewed Approach vetted by NIST –Multiple interoperable implementations Cisco 3eTI

Discussion?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.