Presentation is loading. Please wait.

Presentation is loading. Please wait.

EAP-PSK v8 IETF 63 – Paris, France August 2005. EAP-PSK: an independent submission to IESG Requested EAP method type number allocation Reviewed June 2005.

Published byPhebe Hawkins Modified over 8 years ago

Similar presentations

Presentation on theme: "EAP-PSK v8 IETF 63 – Paris, France August 2005. EAP-PSK: an independent submission to IESG Requested EAP method type number allocation Reviewed June 2005."— Presentation transcript:

1 EAP-PSK v8 IETF 63 – Paris, France August 2005

2 EAP-PSK: an independent submission to IESG Requested EAP method type number allocation Reviewed June 2005 by expert Jesse Walker – Update from v07 to v08 following this review – Ongoing private discussion with J. Walker on remaining open points Opened to any proposal to move forward!

3 Expert review received by EAP- PSK Many thanks to Jesse for his thorough review and detailed comments! Some remarks have been included into EAP- PSK which prompted update of EAP-PSK from v07 to v08 Some issues remain open…

4 AK and KDK derivation Issue: should AK and KDK drivation from PSK take identities of the parties into account? Applicability: problem arises if the same PSK is used by multiple parties (>2), which is explicitly forbidden in the draft (section 2.1.1 «EAP-PSK assumes that the PSK is known only to the EAP peer and EAP server. The security properties of the protocol may be compromised if it has wider distribution ») Proposed solution: – Nice feature but for the sake of simplicity, should this be the case? – Ongoing cryptographic analysis on « simple » ways to do this – The discouraged PSK from password algorithm could be enhanced to better support this feature (already partially supported)

5 Mutual authentication Issue: security review claims mutual authentication is flawed Claim: – This is not the case as mutual authentication is a cut-and- paste from a well-known cryptographic protocol – Only difference is explicit or implicit communication of elements over the wire. Be the communication of these elements explicit or implicit, there are included in the cryptographic calculations according to the protocol!

6 EAP-PSK authentication is a cut- and-paste from AKEP2 Source: [EAKD], Figure 2 Source: EAP- PSK, Figure 8 Notation: [x] K := x || MAC(x,K) = B || A || R A || R B || MAC(B || A || R A || R B,a) = A || R B || MAC(A || R B,a)

7 Key control Issue: only RAND_P (and KDK of course) are used in the TEK, MSK and EMSK derivation Claim: – This is explicitly noted in EAP-PSK section 6.7 («It should be emphasized that the peer has control of the session keys derived by EAP-PSK. In particular, it can easily choose the random number it sends in EAP-PSK so that one of the nine derived 16-byte key blocks (see Section 2.1) takes a pre-specified value. It was chosen not to prevent this control of the session keys by the peer because: a) Preventing it would have added some complexity to the protocol (typically, the inclusion of a one-way mode of operation of AES in the key derivation part). b) It is believed that the peer won't try to force the server to use some pre- specified value for the session keys. Such an attack is outside the threat model and seems to have little value compared to a peer sharing its PSK. This is however not the behavior recommended by EAP in section 7.10 of [2].)Section 2.1[2] – Is this a blocking point?

8 Other miscellaneous issues NAK and Expanded-NAK: To what extent doesn’t EAP-PSK comply with NAKs and Expanded-NAKs? Key naming: what would be the purpose and the value of EAP-PSK including explicit key names as there is no fast reconnect mechanism? And usual wording and clarity of text…

9 And now? Take the opened review issues to the list? Add more issues?

10 Any feedback welcome! Florent Bersani, France Telecom R&D florent.bersani@francetelecom.com

Download ppt "EAP-PSK v8 IETF 63 – Paris, France August 2005. EAP-PSK: an independent submission to IESG Requested EAP method type number allocation Reviewed June 2005."

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
1 Kerberos Anita Jones November, 2006. 2 Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Secure Socket Layer.

Secure Socket Layer.
Authentication & Kerberos

Authentication & Kerberos
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
D1 - 29/06/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies.

D1 - 29/06/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
1 Update on draft-ietf-smime-cades-02. 2 Current Status Completed last call. Under review by IESG. Comments to be incorporated: –From Pavel Smirnov (during.

1 Update on draft-ietf-smime-cades Current Status Completed last call. Under review by IESG. Comments to be incorporated: –From Pavel Smirnov (during.
EAP Mutual Cryptographic Binding draft-ietf-karp-ops-model-03 draft-ietf-karp-ops-model-03 S. Hartman M. Wasserman D. Zhang.

EAP Mutual Cryptographic Binding draft-ietf-karp-ops-model-03 draft-ietf-karp-ops-model-03 S. Hartman M. Wasserman D. Zhang.
Comparative studies on authentication and key exchange methods for 802.11 wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Similar presentations

Ads by Google