Presentation is loading. Please wait.

Presentation is loading. Please wait.

EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.

Published byCecil Sutton Modified over 8 years ago

Similar presentations

Presentation on theme: "EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011."— Presentation transcript:

1 EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011

2 EAP-FASTv2 Overview Inherited from EAP-FAST Version 1 (RFC4851) TLS based Tunnel EAP method with – TLV encapsulation inside protected tunnel - flexible and extensible – Built-in basic password authentication – Chained inner EAP methods – Supports provisioning of credentials

3 EAP-FASTv2 Features Secure – provided by TLS – Mutual authentication – Integrity protection – Confidentiality – Replay protection – Dictionary attack protection – Fragmentation – Identity Protection – Protected termination & acknowledged result indication Crypto-agility – cipher, hash, PRF negotiation Crypto-binding of the tunnel and inner method Flexible and extensible – TLV layer within the protected tunnel Built-in basic password authentication Channel binding support Efficiency– server stateful or stateless session resumption EAP Sequences

4 Changes from Version 1 Support TLS 1.2 for crypto-agility Key derivation makes use of TLS keying material exporters [RFC5705] Comply with TLS Ticket extension [RFC5077] Basic password authentication defined in base protocol. Additional TLV types: Identity Type TLV and Channel- Binding TLV

5 EAP-FASTv2 Advantages Based on existing EAP method with broad deployment base No backward compatibility issue (thru version negotiation) Server stateless session resumption (RFC5077) Basic password authentication defined in base protocol 100% compliant with EAP Tunnel Method Requirements (draft-ietf-emu-eaptunnel-req-09.txt) Crypto-agile TEAM draft is somewhat incomplete

6 Differences with TEAM ItemEAP-FASTv2TEAM EAP Type43 (based on existing EAP)TBD (a new one) Tunnel Key DerivationTLS-PRFTLS-PRF-128 as defined in EAP-TLS, not crypto-agile Inner Session key derivation TLS-PRFHDKF specified, but no hash function specified Master Session keyUse specific labelUse the same label for key derivation as in EAP-TLS Outer TLV and protection of outer data A-IDOuter TLV, EAP type, version included in crypto-binding Password AuthenticationBuilt-in, support password change Using EAP-GTC with EAP- PWC. Peer-ID. Server-ID, Session ID DefinedNot defined URI TLVNot definedNot clear about the purpose Potential security issue

7 Call for Action Adopt EAP-FAST v2 as WG item – Based on existing EAP method with broad deployment base – 100% compliant with EAP Tunnel Method Requirements – Fully specified

8 Questions?

9 Requirement Compliance Matrix RequirementCompliance Notes 4.1.1 RFC Compliance ✔ RFC 3748, RFC 4017, RFC 5247, and RFC 4962 4.2.1 TLS Requirements ✔ Supports TLS 1.2 4.2.1.1.1 Cipher Suite Negotiation ✔ Provided by TLS 4.2.1.1.2 Tunnel Data Protection Algorithms ✔ One mandatory cipher with at least 128 bit AES 4.2.1.1.3 Tunnel Authentication and Key Establishment ✔ Provided by TLS 4.2.1.2 Tunnel Replay Protection ✔ Provided by TLS 4.2.1.3 TLS Extensions ✔ Supports TLS Certificate Status Request and SessionTicket extension 4.2.1.4 Peer Identity Privacy ✔ Provided by TLS 4.2.1.5 Session Resumption ✔ Supports stateful and stateless (RFC5077)

10 Requirement Compliance Matrix (2) RequirementComplianceNotes 4.2.2 Fragmentation ✔ Provided by TLS 4.2.3 Protection of Data External to Tunnel ✔ Inclusion of version number in crypto-binding 4.3.1 Extensible Attribute Types ✔ Extensive TLV, vendor type 4.3.2 Request/Challenge Response Operation ✔ Multiple TLVs in a request and response packet 4.3.3 Indicating Criticality of Attributes ✔ Mandatory bit in TLV 4.3.4 Vendor Specific Support ✔ Vendor TLV 4.3.5 Result Indication ✔ Result and IM-Result TLV 4.3.6 Internationalization of Display Strings ✔ Support UTF-8 in password authentication request and response 4.4 EAP Channel Binding Requirements ✔ Supports channel binding 4.5.1.1 Confidentiality and Integrity ✔ Provided by TLS

11 Requirement Compliance Matrix (3) RequirementComplianceNotes 4.5.1.2 Authentication of Server ✔ Mandatory of TLS cipher 4.5.1.3 Server Certificate Revocation Checking ✔ Supports TLS Certificate Status Request extension 4.5.2 Internationalization ✔ Supports UTF-8 in password exchanges 4.5.3 Meta-data ✔ Identity Type TLV 4.5.4 Password Change ✔ Supports in basic password request and response 4.6.1 Method Negotiation ✔ Protected by TLS 4.6.2 Chained Methods ✔ Supports EAP chaining 4.6.3 Cryptographic Binding with the TLS Tunnel ✔ Crypto-binding mandatory 4.6.4 Peer Initiated ✔ Request-Action TLV 4.6.5 Method Meta-data ✔ Identity Type TLV

Download ppt "EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011."

Similar presentations

Authentication.

Authentication.
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CN8816: Network Security 1 Security in Wireless LAN 802.11i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
EAP-TTLS Status draft-funk-eap-ttls-v0-00.txt draft-funk-eap-ttls-v1-00.txt draft-funk-tls-inner-application-extension-01.txt Paul Funk Funk Software.

EAP-TTLS Status draft-funk-eap-ttls-v0-00.txt draft-funk-eap-ttls-v1-00.txt draft-funk-tls-inner-application-extension-01.txt Paul Funk Funk Software.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Ariel Eizenberg arielez@cs.huji.ac.il PPP Security Features Ariel Eizenberg arielez@cs.huji.ac.il.

Ariel Eizenberg PPP Security Features Ariel Eizenberg
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

Similar presentations

Ads by Google