EAP-TTLS draft-funk-eap-ttls-v0-01.txt - PowerPoint PPT Presentation

About This Presentation

Title:

EAP-TTLS draft-funk-eap-ttls-v0-01.txt

Description:

EAP-TTLS. draft-funk-eap-ttls-v0-01.txt. Given by Steve Hanna for Paul Funk. emu wg, IETF 69 ... Documented in Internet-Drafts since 2001. Widely implemented ... – PowerPoint PPT presentation

Number of Views:20

Avg rating:3.0/5.0

Slides: 9

Provided by: stephen204

Learn more at: https://www.ietf.org

Category:

Tags: eap | ttls | draft | eap | funk | hanna | ttls | txt

Transcript and Presenter's Notes

Title: EAP-TTLS draft-funk-eap-ttls-v0-01.txt

1
EAP-TTLSdraft-funk-eap-ttls-v0-01.txt

Given by Steve Hanna for Paul Funk
emu wg, IETF 69

2
Overview of EAP-TTLS

TLS-based tunneled EAP method
Phase 1 like EAP-TLS
Phase 2 AVP exchange
Supports
Tunneled authentication via many methods
Multiple forms of authentication
Endpoint integrity checks
Other extensions
Documented in Internet-Drafts since 2001
Widely implemented and deployed (eduroam, etc.)
Cited by SDOs like WiMAX
Plan to submit for RFC status

3
EAP-TTLS AVPs

Diameter AVP format
32-bit type, 24-bit length
Easy to tunnel existing EAP methods
Not just password-based methods
Easy to tunnel non-EAP authentication
Easy to integrate with RADIUS servers
Can translate AVPs into RADIUS packets

4
Proposed New EAP-TTLS AVPs

Option AVPs
Client indicates acceptable options
Server indicates which option will be used
MSKCalculation
Options Outer, Inner, Mixed
KeyConfirmation (intermediate and final)
Options Enabled, Disabled
SecureCompletion
Options Disabled, Enabled
TTLS-Success, TTLS-Failure
Sent by Client and Server at end

5
Evaluation Against Requirements

Transport of encrypted password for support of
legacy password databases OK
2. Mutual authentication (specifically
authentication of the server) OK
3. Resistance to offline dictionary attacks,
man-in-the-middle attacks OK
4. Compliance with RFC 3748, RFC 4017 and EAP
keying (including EMSK and MSK generation) OK
5. Peer identity confidentiality OK

6
Evaluation Against Requirements

6. Crypto agility and ciphersuite negotiation OK
w TLS 1.2 new AVPs
7. Session resumption OK
8. Fragmentation and reassembly OK
9. Cryptographic binding OK w new AVPs
10. Password/PIN change OK when authentication
method supports

7
Evaluation Against Requirements

11. Transport Channel binding data OK w new TBD
AVPs
12. Protected result indication OK w new AVPs
13. Support for certificate validation protocols
OK w TLS CertStatus extn
14. Extension mechanism OK

8
Summary

EAP-TTLS
Well-established EAP method
Specified in Internet-Drafts since 2001
Widely implemented
Referred to by other standards bodies
No known substantial IPR problems
With forthcoming extensions, meets all Design
Team requirements (required and desired)
Offers many other features
Tunneled authentication via many methods
Multiple forms of authentication
Endpoint integrity checks (for NEA)
Why start over?

Write a Comment

User Comments (0)

About PowerShow.com

Recommended Relevance Latest Highest Rated Most Viewed

Sort by:

Related More from user

CrystalGraphics Presentations

Introducing-PowerShowcom PowerPoint PPT Presentation

Introducing-PowerShowcom - Introducing-PowerShowcom (Without Music)

CrystalGraphics 3D Character Slides for PowerPoint PowerPoint PPT Presentation

CrystalGraphics 3D Character Slides for PowerPoint - CrystalGraphics 3D Character Slides for PowerPoint

Chart and Diagram Slides for PowerPoint PowerPoint PPT Presentation

Chart and Diagram Slides for PowerPoint - Beautifully designed chart and diagram s for PowerPoint with visually stunning graphics and animation effects. Our new CrystalGraphics Chart and Diagram Slides for PowerPoint is a collection of over 1000 impressively designed data-driven chart and editable diagram s guaranteed to impress any audience. They are all artistically enhanced with visually stunning color, shadow and lighting effects. Many of them are also animated. And they’re ready for you to use in your PowerPoint presentations the moment you need them. – PowerPoint PPT presentation

Related Presentations

The IETF Extensible Authentication Protocol (EAP) Working Group PowerPoint PPT Presentation

The IETF Extensible Authentication Protocol (EAP) Working Group - Fast handoff designers should take these issues into account. 19. Backup ... Even in the generic fashion as is done in EAP Archie? Multicast SA text needs work ... | PowerPoint PPT presentation | free to view

EAP%20State%20Machines%20(draft-vollbrecht-eap-state-04.txt,ps) PowerPoint PPT Presentation

EAP%20State%20Machines%20(draft-vollbrecht-eap-state-04.txt,ps) - (draft-vollbrecht-eap-state-04.txt,ps) John Vollbrecht, Pasi Eronen, Nick Petroni, ... Including special cases for passthrough and backend ... formalism ... | PowerPoint PPT presentation | free to view

Version%201%20of%20EAP-TTLS PowerPoint PPT Presentation

Version%201%20of%20EAP-TTLS - TLS master secret permutation. Initial master key is derived as usual during initial handshake phase. Master key is permuted at the end of each application phase: ... | PowerPoint PPT presentation | free to view

WIRELESS SECURITY PowerPoint PPT Presentation

WIRELESS SECURITY - Funk Software and Interlink Networks added support for the proposed wireless security protocol, developed by Funk and Certicom, ... | PowerPoint PPT presentation | free to view

WIRELESS LAN SECURITY Using PowerPoint PPT Presentation

WIRELESS LAN SECURITY Using - Developed by Funk and Certicom. ... Funk Software and Interlink Networks added support for the proposed wireless security protocol, developed by Funk and Certicom, ... | PowerPoint PPT presentation | free to view

EAP%20WG%20Methods%20Update PowerPoint PPT Presentation

EAP%20WG%20Methods%20Update - EAP TLS (13) RFC 2716 Existing RFC. EAP SIM (18) draft-haverinen 3GPP Submit ... MD5 Tunneled (-) draft-funk Vendor I-D. EAP TLV (33) draft-josefsson* Vendor Expired ... | PowerPoint PPT presentation | free to view

EAP Methods Update EMU BOF PowerPoint PPT Presentation

EAP Methods Update EMU BOF - Room Cypress. 2. Presentations on the Web ... EAP Method Requirements (15 min) -- Bernard Aboba. RFC 3748 (EAP) RFC 4017 (method requirements for WLANs) IEEE ... | PowerPoint PPT presentation | free to view

TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt PowerPoint PPT Presentation

TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt - Reminder. A TLS Extension. EAP transported within TLS handshake messages 'Finished' message means both handshake and authentication are complete, and ' ... | PowerPoint PPT presentation | free to view

AAA-Key%20Derivation%20with%20Lower-Layer%20Parameter%20Binding%20(draft-ohba-eap-aaakey-binding-01.txt) PowerPoint PPT Presentation

AAA-Key%20Derivation%20with%20Lower-Layer%20Parameter%20Binding%20(draft-ohba-eap-aaakey-binding-01.txt) - The content of the key-binding-blob is defined by each EAP lower-layer ... If EAP authenticator sends a key-binding-blob to EAP server and the server is ... | PowerPoint PPT presentation | free to view

Extensible Authentication Protocol (EAP) Working Group PowerPoint PPT Presentation

Extensible Authentication Protocol (EAP) Working Group - EAP State Machine (20 minutes), Pasi Eronen ... EAP Keying Framework (30 minutes), Bernard Aboba ... EAP Archie (10 minutes), Jesse Walker ... | PowerPoint PPT presentation | free to view

AAA-Key%20Derivation%20with%20Lower-Layer%20Parameter%20Binding%20(draft-ohba-eap-aaakey-binding-01.txt) PowerPoint PPT Presentation

AAA-Key%20Derivation%20with%20Lower-Layer%20Parameter%20Binding%20(draft-ohba-eap-aaakey-binding-01.txt) - Existing solution: carrying channel binding parameters in EAP methods ... An octet-string carrying lower-layer parameters that need to be bound to the AAA ... | PowerPoint PPT presentation | free to view

Expert Review EAP Double TLS draft-badra-eap-double-tls-03.txt PowerPoint PPT Presentation

Expert Review EAP Double TLS draft-badra-eap-double-tls-03.txt - 1. Does the method document its security properties in sufficient ... Borrows from EAP-TLS, PEAP, TTLS mechanisms. Some confusion about the 'inner' mechanisms ... | PowerPoint PPT presentation | free to view

EAP-Authorization IETF 56 (draft-grayson-eap-authorisation-01.txt) PowerPoint PPT Presentation

EAP-Authorization IETF 56 (draft-grayson-eap-authorisation-01.txt) - Request authorization for services and session ... Uses EAP-TLV chained after authentication. Single TLV type encapsulates different authorization attributes ... | PowerPoint PPT presentation | free to view

Protected%20EAP-TLV%20IETF%2056%20(internet-draft-salowey-eap-protectedtlv-01.txt) PowerPoint PPT Presentation

Protected%20EAP-TLV%20IETF%2056%20(internet-draft-salowey-eap-protectedtlv-01.txt) - ... to authorization, session attributes etc. Protect against eaves droppers and men in the middle. ... Provide encryption and authentication for EAP-TLVs ... | PowerPoint PPT presentation | free to view

Handover%20Keys%20using%20AAA%20(draft-vidya-mipshop-fast-handover-aaa-01.txt) PowerPoint PPT Presentation

Handover%20Keys%20using%20AAA%20(draft-vidya-mipshop-fast-handover-aaa-01.txt) - Handover Master Key (HMK) shared between MN and AAAH. May be derived using EAP AMSK at time of power-up or first network access ... | PowerPoint PPT presentation | free to view

AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) PowerPoint PPT Presentation

AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) - ... of AAA-Key-name: TBD. Scope of AAA ... The level of trust relationship between an EAP authenticator and an EAP server ... New AAA attribute: Key-Binding-Blob ... | PowerPoint PPT presentation | free to view

Diameter EAP Application (draft-ietf-aaa-eap-02.txt) PowerPoint PPT Presentation

Diameter EAP Application (draft-ietf-aaa-eap-02.txt) - One EAP conversation, no role reversal. One NAS, no handoffs or key distribution ... But untrusted proxies can still misbehave! Proxy might not send a Redirect ... | PowerPoint PPT presentation | free to view

IETF-70 EAP Method Update (EMU) PowerPoint PPT Presentation

IETF-70 EAP Method Update (EMU) - Modify password based item to make use of tunnel method ... Enhanced functionality to enable a TLS-based EAP method to support channel bindings. ... | PowerPoint PPT presentation | free to view

EAP State Machines (draft-vollbrecht-eap-state-04.txt,ps) PowerPoint PPT Presentation

EAP State Machines (draft-vollbrecht-eap-state-04.txt,ps) - (draft-vollbrecht-eap-state-04.txt,ps) John Vollbrecht, Pasi Eronen, Nick Petroni, ... Including special cases for passthrough and backend ... formalism ... | PowerPoint PPT presentation | free to view

VCCV Extensions for Multi-Segment Pseudo-Wire draft-hart-pwe3-segmented-pw-vccv-01.txt draft-ietf-pwe3-segmented-pw-04.txt Mustapha A PowerPoint PPT Presentation

VCCV Extensions for Multi-Segment Pseudo-Wire draft-hart-pwe3-segmented-pw-vccv-01.txt draft-ietf-pwe3-segmented-pw-04.txt Mustapha A - VCCV Extensions for Multi-Segment Pseudo-Wire draft-hart-pwe3-segmented-pw-vccv-01.txt draft-ietf-pwe3-segmented-pw-04.txt Mustapha A ssaoui, Alcatel | PowerPoint PPT presentation | free to view

The IETF Extensible Authentication Protocol (EAP) WG PowerPoint PPT Presentation

The IETF Extensible Authentication Protocol (EAP) WG - The IETF Extensible Authentication Protocol (EAP) WG IETF-65 in Dallas, Texas Wednesday, March 22, 15:10-16:10 Room Metropolitan Presentations and Issues on the Web ... | PowerPoint PPT presentation | free to view

The IETF Extensible Authentication Protocol (EAP) Working Group PowerPoint PPT Presentation

The IETF Extensible Authentication Protocol (EAP) Working Group - The IETF Extensible Authentication Protocol (EAP) Working Group IETF-63 in Paris, France Tuesday, August 2nd, 2005, 14:00-16:00 Room 342 Presentations and Issues on ... | PowerPoint PPT presentation | free to view

Discussion Draft Olmstead Planning Committee Website Presentation to the MN Olmstead Planning Committee Wendy Weden MN Department of Human Services Compliance Office PowerPoint PPT Presentation

Discussion Draft Olmstead Planning Committee Website Presentation to the MN Olmstead Planning Committee Wendy Weden MN Department of Human Services Compliance Office - Discussion Draft Olmstead Planning Committee Website Presentation to the MN Olmstead Planning Committee Wendy Weden MN Department of Human Services | PowerPoint PPT presentation | free to view

MPLS Generic Associated Channel draft-bocci-mpls-tp-gach-gal-00.txt PowerPoint PPT Presentation

MPLS Generic Associated Channel draft-bocci-mpls-tp-gach-gal-00.txt - MPLS Generic Associated Channel draft-bocci-mpls-tp-gach-gal-00.txt Matthew Bocci (ALU) & Martin Vigoureux (ALU) (Eds.) George Swallow (Cisco), David Ward (Cisco ... | PowerPoint PPT presentation | free to view

NSIS Operation Over IP Tunnels draft-ietf-nsis-tunnel-00.txt PowerPoint PPT Presentation

NSIS Operation Over IP Tunnels draft-ietf-nsis-tunnel-00.txt - NSIS Operation Over IP Tunnels draft-ietf-nsis-tunnel-00.txt Charles Shen, Henning Schulzrinne Sung-Hyuck Lee, Jong Ho Bang IETF#66 Montreal, Quebec, Canada | PowerPoint PPT presentation | free to view

EAP-POTP The Protected One-Time Password EAP Method PowerPoint PPT Presentation

EAP-POTP The Protected One-Time Password EAP Method - EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc. Background EAP-POTP is an EAP method designed for One-Time ... | PowerPoint PPT presentation | free to view

SME Policy Assessment in the EaP Region PowerPoint PPT Presentation

SME Policy Assessment in the EaP Region - SME Policy Assessment in the EaP Region Presentation to Civil Society Forum Michaela Hauf, DG ENTR, Unit for International Affairs and Missions for Growth | PowerPoint PPT presentation | free to view