EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

Slides:



Advertisements
Similar presentations
xxx-00-0sec IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx-00-0sec-3gpp-security-non802handover Title: A Study on Security Solutions in.
Advertisements

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
GSM and UMTS Security.
Peter Howard Vodafone Group R&D
LTE Security. Agenda Intro … Intro … The LTE System Radio Side (LTE – Long Term Evolution/Evolved UTRAN - EUTRAN) – Improvements in spectral efficiency,
P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
ETSI Security activities Charles Brookson Chairman OCG Security Source: ETSI GTSC-1 Agenda item For: Information GSC
Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
SIPPING IETF51 3GPP Security and Authentication Peter Howard 3GPP SA3 (Security) delegate
1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
IEEE Wireless Local Area Networks (WLAN’s).
Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Summary of 3GPP TR GPP2 TSG-S WG4 S Source: Qualcomm Incorporated Contact(s): Anand Palanigounder,
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Interworking Architecture Between 3GPP and WLAN Systems 張憲忠, 何建民, 黃瑞銘, 紀嘉雄, 李有傑.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
“IMS in a Bottle”: Initial Experiences from an OpenSER-based Prototype Implementation of the 3GPP IP Multimedia Subsystem Author:Joachim Fabini, Peter.
EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.
11/26 Integration of wireless LAN and 3G wireless - Interworking architecture between 3GPP and WLAN systems Ahmavaara, K.; Haverinen, H.; Pichna, R.; Communications.
2003/12/291 Security Aspects of 3G-WLAN Interworking 組別: 2 組員: 陳俊文 , 李奇勇 , 黃弘光 , 林柏均
Chapter 4 Application Level Security in Cellular Networks.
Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced.
WEP Protocol Weaknesses and Vulnerabilities
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba
Wireless Network Security and Interworking
後卓越計畫 進度報告 楊舜仁老師實驗室 GPP-WLAN Interworking (collaboration with ICL/ITRI)
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Security activities in ETSI Presenter: Mike Sharpe, ETSI VP ESP (ETSI Standardization Projects) Document.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
EAP-PSK v8 IETF 63 – Paris, France August EAP-PSK: an independent submission to IESG Requested EAP method type number allocation Reviewed June 2005.
Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (
Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Update on ETSI Security work Charles Brookson OCG Security Chairman DOCUMENT #:GSC13-PLEN-57 FOR:Information SOURCE:Charles Brookson AGENDA ITEM:6.3
N. Asokan, Kaisa Nyberg, Valtteri Niemi Nokia Research Center
November 2001 Lars Falk, TeliaSlide 1 doc.: IEEE /617r1 Submission Status of 3G Interworking Lars Falk, Telia.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.
1 SECMECH BOF EAP Methods IETF-63 Jari Arkko. 2 Outline Existing EAP methods Technical requirements EAP WG process for new methods Need for new EAP methods.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
1 Rogue Mobile Shell Problem Verizon Wireless October 26, 2000 Christopher Carroll.
History and Implementation of the IEEE 802 Security Architecture
Jari Arkko, Henry Haverinen, Joseph Salowey (presented by Pasi Eronen)
58th IETF Minneapolis, MN, November 9-14, “EAP support in smartcards”
IETF-70 EAP Method Update (EMU)
The Tunneled Extensible Authentication Method (TEAM)
Glen Zorn Cisco Systems
SECMECH BOF EAP Methods
EAP/SIM and EAP/AKA draft-haverinen-pppext-eap-sim-12: based on GSM authentication draft-arkko-pppext-eap-aka-11: based on UMTS authentication No open.
IEEE MEDIA INDEPENDENT HANDOVER
My name is Pascal Urien, ENST
3GPP2-WLAN Interworking update
Security Working Group
Security Activities in IETF in support of Mobile IP
3GPP2-WLAN Interworking update
LM 7. Cellular Network Security
Presentation transcript:

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia

EAP AKA Basic Information draft-arkko-pppext-eap-aka-06.txt The USIM authentication solution for 3GPP WLAN interworking in the current 3GPP WLAN Interworking draft TS (TS ) –Deadline June 2003 Intended media: and other WLAN standards Requested track: Informational (?)

EAP AKA UMTS Mode Security Claims Mechanism: symmetric secret keys distributed on UICC cards with USIM application, UMTS f1…f5 algorithms Mutual authentication Key derivation supported –128-bit keys –Key hierarchy described in the draft Not vulnerable to dictionary attacks Identity privacy with pseudonyms, identity string integrity protected Because EAP AKA is not a tunnelling method, it does not protect EAP method negotiation, EAP notifications, EAP success, EAP failure No ciphersuite negotiation EAP AKA packets integrity protected, some parts are encrypted Fast reconnect supported (called “re-authentication” in EAP AKA)

EAP SIM Henry Haverinen, Nokia Joe Salowey, Cisco

EAP SIM Basic Information draft-haverinen-pppext-eap-sim-07.txt EAP authentication and key distribution with GSM SIM (enhanced SIM authentication) The GSM SIM authentication solution for 3GPP WLAN interworking in the current 3GPP WLAN Interworking draft TS (TS ) –Deadline June 2003 Intended media: and other WLAN standards Requested track: Informational (?)

EAP SIM Security Claims Mechanism: symmetric secret keys distributed on GSM SIM cards, GSM A3 and A8 algorithms Mutual authentication Key derivation supported –128-bit keys –If the same SIM is used in GSM and GPRS, then effective key length may be reduced to 64 bits with attacks over GSM/GPRS –Key hierarchy described in the draft Not vulnerable to dictionary attacks Identity privacy with pseudonyms, identity string integrity protected Because EAP SIM is not a tunnelling method, it does not protect EAP method negotiation, EAP notifications, EAP success, EAP failure No ciphersuite negotiation EAP SIM packets integrity protected, some parts are encrypted Fast reconnect supported (called “re-authentication” in EAP SIM)

IPR Issues Please see the IETF IPR pages –Nokia patent claim pertaining to EAP SIM

Back-up

SIM and USIM Algorithms GSM and UMTS authentication is based on cryptographic primitives on SIM/USIM and Authentication Centre (AuC) –A3, A8 algorithms in GSM –f1, f2, f3, f4, f5 algorithms in UMTS Requirements for the algorithms have been publicly specified in ETSI and 3GPP recommendations Smart card interface publicly specified Protocols to retrieve authentication vectors from HLR/HSS/AuC publicly specified –Currently Message Authentication Part (MAP) A public example implementation MILENAGE exists –3GPP for UMTS f1…f5 –Public ETSI/SAGE specification for using MILENAGE for A3/A8 –MILENAGE is an example, it is not mandated

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.