EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

EAP-TTLS Status draft-funk-eap-ttls-v0-00.txt draft-funk-eap-ttls-v1-00.txt draft-funk-tls-inner-application-extension-01.txt Paul Funk Funk Software.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Ariel Eizenberg PPP Security Features Ariel Eizenberg

IEEE Wireless Local Area Networks (WLAN’s).

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.

EAP Mutual Cryptographic Binding draft-ietf-karp-ops-model-03 draft-ietf-karp-ops-model-03 S. Hartman M. Wasserman D. Zhang.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Eugene Chang EMU WG, IETF 70

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

SSL and IPSec CS461/ECE422 Spring Reading Chapter 22 of text Look at relevant IETF standards.

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

Mar 22, 2010IETF NEA Meeting1 NEA Working Group (oauth is in Redondo!) IETF 77 Mar 22, Co-chairs:

Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.

November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

N. Asokan, Kaisa Nyberg, Valtteri Niemi Nokia Research Center

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Transport Layer Security (TLS) IETF 73 Thursday, November Chairs: Eric Rescorla Joe Salowey.

1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.

1 SECMECH BOF EAP Methods IETF-63 Jari Arkko. 2 Outline Existing EAP methods Technical requirements EAP WG process for new methods Need for new EAP methods.

RADIUS Attributes for the Delivery of Keying Material Joe Salowey Jesse Walker Tiebing Zhang Glen Zorn.

IETF-84 EMU TEAP Updates Nancy Joseph Salowey Hao Zhou

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.

IETF-70 EAP Method Update (EMU)

The Tunneled Extensible Authentication Method (TEAM)

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

Presentation transcript:

EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011

EAP-FASTv2 Overview Inherited from EAP-FAST Version 1 (RFC4851) TLS based Tunnel EAP method with – TLV encapsulation inside protected tunnel - flexible and extensible – Built-in basic password authentication – Chained inner EAP methods – Supports provisioning of credentials

EAP-FASTv2 Features Secure – provided by TLS – Mutual authentication – Integrity protection – Confidentiality – Replay protection – Dictionary attack protection – Fragmentation – Identity Protection – Protected termination & acknowledged result indication Crypto-agility – cipher, hash, PRF negotiation Crypto-binding of the tunnel and inner method Flexible and extensible – TLV layer within the protected tunnel Built-in basic password authentication Channel binding support Efficiency– server stateful or stateless session resumption EAP Sequences

Changes from Version 1 Support TLS 1.2 for crypto-agility Key derivation makes use of TLS keying material exporters [RFC5705] Comply with TLS Ticket extension [RFC5077] Basic password authentication defined in base protocol. Additional TLV types: Identity Type TLV and Channel- Binding TLV

EAP-FASTv2 Advantages Based on existing EAP method with broad deployment base No backward compatibility issue (thru version negotiation) Server stateless session resumption (RFC5077) Basic password authentication defined in base protocol 100% compliant with EAP Tunnel Method Requirements (draft-ietf-emu-eaptunnel-req-09.txt) Crypto-agile TEAM draft is somewhat incomplete

Differences with TEAM ItemEAP-FASTv2TEAM EAP Type43 (based on existing EAP)TBD (a new one) Tunnel Key DerivationTLS-PRFTLS-PRF-128 as defined in EAP-TLS, not crypto-agile Inner Session key derivation TLS-PRFHDKF specified, but no hash function specified Master Session keyUse specific labelUse the same label for key derivation as in EAP-TLS Outer TLV and protection of outer data A-IDOuter TLV, EAP type, version included in crypto-binding Password AuthenticationBuilt-in, support password change Using EAP-GTC with EAP- PWC. Peer-ID. Server-ID, Session ID DefinedNot defined URI TLVNot definedNot clear about the purpose Potential security issue

Call for Action Adopt EAP-FAST v2 as WG item – Based on existing EAP method with broad deployment base – 100% compliant with EAP Tunnel Method Requirements – Fully specified

Questions?

Requirement Compliance Matrix RequirementCompliance Notes RFC Compliance ✔ RFC 3748, RFC 4017, RFC 5247, and RFC TLS Requirements ✔ Supports TLS Cipher Suite Negotiation ✔ Provided by TLS Tunnel Data Protection Algorithms ✔ One mandatory cipher with at least 128 bit AES Tunnel Authentication and Key Establishment ✔ Provided by TLS Tunnel Replay Protection ✔ Provided by TLS TLS Extensions ✔ Supports TLS Certificate Status Request and SessionTicket extension Peer Identity Privacy ✔ Provided by TLS Session Resumption ✔ Supports stateful and stateless (RFC5077)

Requirement Compliance Matrix (2) RequirementComplianceNotes Fragmentation ✔ Provided by TLS Protection of Data External to Tunnel ✔ Inclusion of version number in crypto-binding Extensible Attribute Types ✔ Extensive TLV, vendor type Request/Challenge Response Operation ✔ Multiple TLVs in a request and response packet Indicating Criticality of Attributes ✔ Mandatory bit in TLV Vendor Specific Support ✔ Vendor TLV Result Indication ✔ Result and IM-Result TLV Internationalization of Display Strings ✔ Support UTF-8 in password authentication request and response 4.4 EAP Channel Binding Requirements ✔ Supports channel binding Confidentiality and Integrity ✔ Provided by TLS

Requirement Compliance Matrix (3) RequirementComplianceNotes Authentication of Server ✔ Mandatory of TLS cipher Server Certificate Revocation Checking ✔ Supports TLS Certificate Status Request extension Internationalization ✔ Supports UTF-8 in password exchanges Meta-data ✔ Identity Type TLV Password Change ✔ Supports in basic password request and response Method Negotiation ✔ Protected by TLS Chained Methods ✔ Supports EAP chaining Cryptographic Binding with the TLS Tunnel ✔ Crypto-binding mandatory Peer Initiated ✔ Request-Action TLV Method Meta-data ✔ Identity Type TLV