Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

Slides:

Advertisements

Similar presentations

RadSec – A better RADIUS protocol

Advertisements

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.

Internet Engineering Task Force Provisioning of Symmetric Keys Working Group Hannes Tschofenig.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Georgy Melamed Eran Stiller

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,

September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.

Doc: Submission September 2003 Dorothy Stanley (Agere Systems) IETF Liaison Report September 2003 Dorothy Stanley – Agere Systems IEEE.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIIS and Its Higher Layer Transport Requirements: Ad hoc Update and Discussion on.

Audio/Video Transport Working Group 49th IETF, San Diego December 2000 Stephen Casner -- Packet Colin Perkins -- ISI,

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.

DSKPP And PSKC: IETF Standard Protocol And Payload For Symmetric Key Provisioning Philip Hoyer Senior Architect – CTO Office.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

WEP Protocol Weaknesses and Vulnerabilities

RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.

EAI WG meeting IETF-65, March 20, Agenda 17:40 Welcome, blue sheet, scribe, agenda bashing 17:50 Review of WG charter (approved) 17:55 Problem/framing:

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

Dime WG Status Update IETF#80, 1-April Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.

AAA and Mobile IPv6 Franck Le AAA WG - IETF55. Why Diameter support for Mobile IPv6? Mobile IPv6 is a routing protocol and does not deal with issues related.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

RADEXT WG IETF 91 Rechartering. Why? Current charter doesn’t allow us to take on new work that is waiting in the queue Has an anachronistic Diameter entanglement.

Guidelines for Cryptographic Algorithm Agility Russ Housley IETF 89 - SAAG Session.

ROLL Working Group Meeting IETF-81, Quebec City July 2011 Online Agenda and Slides at: bin/wg/wg_proceedings.cgi Co-chairs:

November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.

Forwarding and Control Element Separation (ForCES) wg Meeting Patrick Droz David Putzolu.

Support of fragmentation of RADIUS packets in authorization exchanges draft-perez-radext-radius-fragmentation IETF87 – RADEXT Diego R. Lopez - Telefónica.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Zhibi Wang January, 2007.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

RADEXT WG RADIUS Attribute Guidelines Greg Weber March 21 st, 2006 IETF-65, Dallas v1 draft-weber-radius-attr-guidelines-02.txt draft-wolff-radext-ext-attribute-00.txt.

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

Design Guidelines Thursday July 26, 2007 Bernard Aboba IETF 69 Chicago, IL.

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

1 Radius Vulnerabilities in Wireless Overview Randy Chou - Merv Andrade - Joshua Wright -

Public Key Infrastructure Using X.509 (PKIX) Working Group March 20,

IETF sec - 1 Security Work in the IETF Scott Bradner Harvard University

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

IETF 69, July 2007Slide 1 Preferential Forwarding Status bit Definition draft-muley-dutta-pwe3-redundancy-bit-01.txt Praveen Muley, Pranjal K. Dutta, Mustapha.

OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague.

ECC Design Team: Initial Report Brian Minard, Tolga Acar, Tim Polk November 8, 2006.

RADIUS Attributes for the Delivery of Keying Material Joe Salowey Jesse Walker Tiebing Zhang Glen Zorn.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Dhc WG 3/2/2004, IETF 59, Seoul. 3/2/2004dhc WG - IETF 59, Seoul2 Agenda Administrivia, Agenda bashing Ralph Droms 05 minutes DHCP Option for Proxy Server.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-05.txt Bernard Aboba Microsoft IETF 62, Minneapolis, MN.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-00.

Port Based Network Access Control

1 Session Recording Protocol Requirements and Charter IETF 76, Hiroshima Andy Hutton and Leon Portman on behalf of the team Draft authors: Kenneth Rehor,

Web Authorization Protocol WG Hannes Tschofenig, Derek Atkins.

RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt

IETF Provisioning of Symmetric Keys (keyprov) WG Update

RADEXT WG RADIUS Attribute Guidelines

Phil Hunt, Hannes Tschofenig

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

IETF-70 EAP Method Update (EMU)

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

draft-ipdvb-sec-01.txt ULE Security Requirements

draft-ietf-dtn-bpsec-06

IETF-104 (Prague) DHC WG Next steps

Presentation transcript:

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC

The Goals To develop one or more backward compatible, interoperable mechanisms for the negotiation of cryptographic algorithms within RADIUS. To satisfy the mandate from the Security Area Directorate for all IETF working groups to evaluate the feasibility for adding crypto-agility to existing IETF protocols, and propose solutions where feasible.

Process Steps (1/2) Discuss and refine the requirements for a solution to the problem, coming to consensus at IETF 68 in Prague - DONE Issue a call for document submissions meeting the problem requirements, during IETF 68, requesting documents be submitted for consideration within 30 days – DONE Authors to submit evaluation of proposals against the requirements – DONE Address the Automated Key Management requirement of RFC 4107, and discussion on the list from Sam Hartman.

Process Steps (2/2) Discussion of the proposals at IETF 69 ^H^H 70 and on the RADEXT WG mailing list. If consensus emerges, adoption of the winning proposal as a Standards Track WG work item. If consensus does not emerge, acceptance of one or more documents with substantial support as Experimental Track WG work items. Completion of work and submission of documents to the IESG.

Requirements (1/5) Proposals are not restricted to utilizing technology described in existing RFCs. Proposals MUST support the negotiation of cryptographic algorithms for per-packet integrity/authentication protection. Support for confidentiality of entire RADIUS packets is OPTIONAL. However, proposals MUST support the negotiation of algorithms for encryption (sometimes referred to as "hiding") of RADIUS attributes. It is desirable for proposals to provide for the encryption of existing attributes.

Requirements (2/5) Proposals MUST support replay protection. Existing mechanisms for replay protection of RADIUS messages are inadequate. Crypto-agility solutions need to specify mandatory-to- implement algorithms for each mechanism. Proposals need to demonstrate backward compatibility with existing implementations. A solution needs to be able to send packets that a legacy RADIUS client or server will receive and process successfully. A solution needs to be capable of receiving and processing packets from a legacy RADIUS client or server.

Requirements (3/5) Proposals need to avoid security compromise, even where the RADIUS shared secret is exposed. This includes protection against bidding down attacks. Proposals need to cede change control to the IETF. Proposals need to be interoperable between independent implementations based purely on the information provided in the specification. Proposals need to apply to all RADIUS packets. Proposals MUST include a Diameter compatibility section.

Requirements (4/5) Proposals SHOULD NOT require fundamental changes to the RADIUS operational model. Addition of new capabilities to the RADIUS protocol is out of scope; a proposal should focus on the crypto- agility problem and nothing else. Proposals should not require new attribute formats or include definition of new RADIUS services. RADEXT WG charter restriction against definition of "new security mechanisms" should be interpreted as prohibiting changes to the basic RADIUS packet format (e.g. headers), but permits new crypto- algorithms to be substituted for use in existing security mechanisms.

Requirements (5/5) - new Proposals MUST address the requirements of RFC 4107 for Automated Key Management. Is this the consensus of the WG? If this requirement would result in a blocking DISCUSS in IESG review, do we want to go forward? If we agree with this requirement, then all submitted proposals need a write-up as to how provide Automated Key Management.

Discussion points… Sam Hartman (Security Area AD) wrote on the RADEXT mailing list: I think that the applicability of RFC 4107 to radius crypto agility work is kind of complicated. I guess my main question is who is driving the work, who will use it. My personal opinion is that updating radius crypto agility without adding some form of automated key management doesn't have a lot of value and may not be worth doing. However if there are users and implementers who see the value in doing the crypto agility updates, then perhaps it makes sense to do. So, my question to you is what is driving this work besides a desire to be good security citizens?

Discussion points… Follow up discussion on the RADEXT list: David> Well, besides that, some folks at Cisco expressed a desire David> to replace the crypto elements of RADIUS (e.g. key wrap, David> MAC, etc.) with algorithms and modes that would allow David> systems including RADIUS to receive FIPS certification, for David> solutions in government and financial services markets. David> Additionally, the folks behind the EduRoam consortium in David> Europe have deployed RADIUS over TLS for inter-university David> roaming authentication. Sam: I think automated key management is important for both of these use cases.

Feedback?