Compound Authentication Binding Problem (eap binding Draft) Agenda Compound Methods

Download 498 b.
Hajmi498 b.

Compound Authentication Binding Problem (EAP Binding Draft)


  • Compound Methods

  • Motivation

  • Problem Summary

  • Solutions

  • Conclusion/Next Steps

Compound Methods

  • Definition: Multiple authentication methods used in concert for a single purpose

    • Tunneled methods
    • Sequenced methods
  • Typical Purposes

    • Network access authentication & authorization
    • Security Association establishment for protecting data traffic
    • Service access authentication & authorization

Motivation for Compound Methods using Tunnels

  • Securing legacy methods in new environments

  • Ease of deployment for securing legacy methods

  • Providing consistent security properties and other features for different methods

  • Securing multiple credentials in sequences

Problem = Man-in-the-Middle Attacks

  • Focus is on Compound Tunneled Methods that support

  • Non-tunneled Compound Sequences are also potentially vulnerable but not addressed

Problem Conditions

  • Dual role man-in-the-middle attacker (rogue authenticator + rogue supplicant)

  • Credential and authentication method re-use with and without tunnels

  • Use of one-way server authenticated tunnel

  • Use of tunnel session keys alone and no inner method session keys

Solution Requirements

  • Fixes to existing EAP methods not ok

  • Fixes to new EAP methods maybe ok

  • Fixes to Tunnel methods ok

  • Should work for different tunnel termination models

  • Should not bring new requirements for other protocols (eg. RADIUS )

  • Forward Evolution for protocols with fix

  • Backwards compatibility for fixed protocols

  • Simplicity for fix (low compute costs & roundtrips)

  • Upgraded EAP Base protocol maybe ok

Solution Concepts

Solution Mechanisms Recommended

  • Policy restrictions

    • For non-key deriving methods client & server policy
      • Use separate credentials inside/outside tunnels
      • Use methods inside tunnels always
  • Cryptographic Binding

    • Compound Keyed MACs
      • Keyed MACs computed from safe one-way derivation from keys of all inner methods and tunnel method
      • Additional mutual authentication round trip (binding phase exchange) with keyed MACs
    • Compound Session Keys
      • Bound Key derived using safe one-way derivation from keys of all inner methods and tunnel method

Binding Phase Exchange with Compound Keyed MACs

Solution Approaches

  • Add Binding Phase to EAP base protocol or Tunnel Protocol

    • Already need for protected success/failure indication identified
    • Binding Phase exchange can also include the protected success/failure indication
    • Method Key export interface available
    • Cryptographic binding can give stronger keys
  • Add Policy rules to Client and Server

    • Provides fix for non-key deriving methods

Conclusion/Next Steps

  • Conclusion

    • Request approval for draft as EAP working group item
  • Next Steps


  • “Compound Authentication Binding Problem”, Puthenkulam, J., Lortz, V., Palekar, A., Simon, D.,

  • “Man-in-the-Middle in Tunnelled Authentication Protocols”, Asokan, N.,Niemi, V., Nyberg, K.,


Tunneled Methods Generic Model

Sequenced Methods Generic Model

Do'stlaringiz bilan baham:

Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan © 2017
ma'muriyatiga murojaat qiling