EAP-PAX draft-clacy-eap-pax-05 - PowerPoint PPT Presentation

About This Presentation
Title:

EAP-PAX draft-clacy-eap-pax-05

Description:

ACK. CLIENT. SERVER ... ACK. Certificate Requirements. Use of certificate with PAX_SEC ... ACK, ADE(typeN, valueN) ACK, ADE(typeN 1, valueN 1) EAP-Success ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 11
Provided by: ietf
Learn more at: https://www.ietf.org
Category:
Tags: eap | pax | ack | clacy | draft | eap | pax

less

Transcript and Presenter's Notes

Title: EAP-PAX draft-clacy-eap-pax-05


1
EAP-PAXdraft-clacy-eap-pax-05
  • T. Charles Clancy
  • clancy_at_cs.umd.edu
  • Department of Computer Science
  • University of Maryland, College Park
  • Laboratory for Telecommunication Sciences
  • US Department of Defense
  • IETF 64, EMU BoF, November 10, 2005

2
Overview
  • Basic shared-key mutual authentication method
  • Includes support for
  • Ciphersuite extensibility
  • Provisioning with a weak key or password
  • Key management (deriving new authentication keys)
    with perfect forward secrecy (using
    Diffie-Hellman)
  • Identity protection / user anonymity
  • Authenticated data exchange (supports channel
    binding)
  • Provably secure

3
Subprotocols PAX_STD
CLIENT
SERVER
A
B, CID, MACCK(A, B, CID)
MACCK(B, CID)
ACK
4
Changes since -04
  • Completed full proof of security, publication
    pending, will be available online
  • http//www.cs.umd.edu/clancy/eap-pax/
  • Added support for the authenticated exchange of
    data, targeted at channel binding

5
Subprotocols PAX_SEC
CLIENT
SERVER
M, PK or CertPK
ENCPK(M, N, CID)
A, MACN(M, CID)
B, MACCK(A, B, CID)
MACCK(B, CID)
ACK
6
Certificate Requirements
  • Use of certificate with PAX_SEC is RECOMMENDED

7
Security Properties
  • Extensible Ciphersuite
  • MAC Primatives
  • HMAC-SHA1
  • AES-CBC-MAC
  • Public-Key Primatives
  • RSA-OAEP-2048
  • DH-3072, 256-bit exponents
  • Attack Resistance (dictionary, replay,
    negotiation)
  • Confidentiality (in ID protect mode)

8
Provable Security
  • Random Oracle Model Bellare 93
  • Supported primitives all act like Random Oracles
    Bellare 94, Bellare 96, Bellare 00
  • Assume probabilistic, polynomial-time attacker
  • EAP-PAX is secure against
  • passive attacks if
  • PAX_STD without DH Key O(2k)
  • PAX_STD with DH Key O(1)
  • PAX_SEC without DH Key O(2k)
  • PAX_SEC with DH Key O(1)
  • active attacks if
  • PAX_STD Key O(2k), auth limit O(kn)
  • PAX_SEC with cert Key O(kn), auth limit O(1)
  • PAX_SEC without cert Key O(2k), auth limit O(kn)

9
Channel Binding
  • Validate lower-layer EAP parameters during
    authentication
  • Need secure mechanism for exchanging parameters
  • What is needed? Confidentiality? Authenticity?
  • PAX provides authenticity, but not
    confidentiality (would require additional
    symmetric-key ciphersuite)
  • Attach Authenticated Data Exchange frames
    during authentication once keys have been derived

10
Channel Binding
CLIENT
SERVER
A
B, CID, MAC, ADE(type1, value1)
MAC, ADE(type2, value2)
ACK, ADE(type3, value3)

ACK, ADE(typeN, valueN)
ACK, ADE(typeN1, valueN1)

EAP-Success / EAP-Failure
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "EAP-PAX draft-clacy-eap-pax-05" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!