Compound Authentication Binding Problem (eap binding Draft) Agenda Compound Methods


Download 498 b.
Sana11.12.2017
Hajmi498 b.


Compound Authentication Binding Problem (EAP Binding Draft)


Agenda

  • Compound Methods

  • Motivation

  • Problem Summary

  • Solutions

  • Conclusion/Next Steps



Compound Methods

  • Definition: Multiple authentication methods used in concert for a single purpose

    • Tunneled methods
    • Sequenced methods
  • Typical Purposes

    • Network access authentication & authorization
    • Security Association establishment for protecting data traffic
    • Service access authentication & authorization


Motivation for Compound Methods using Tunnels

  • Securing legacy methods in new environments

  • Ease of deployment for securing legacy methods

  • Providing consistent security properties and other features for different methods

  • Securing multiple credentials in sequences



Problem = Man-in-the-Middle Attacks

  • Focus is on Compound Tunneled Methods that support

  • Non-tunneled Compound Sequences are also potentially vulnerable but not addressed





Problem Conditions

  • Dual role man-in-the-middle attacker (rogue authenticator + rogue supplicant)

  • Credential and authentication method re-use with and without tunnels

  • Use of one-way server authenticated tunnel

  • Use of tunnel session keys alone and no inner method session keys



Solution Requirements

  • Fixes to existing EAP methods not ok

  • Fixes to new EAP methods maybe ok

  • Fixes to Tunnel methods ok

  • Should work for different tunnel termination models

  • Should not bring new requirements for other protocols (eg. RADIUS )

  • Forward Evolution for protocols with fix

  • Backwards compatibility for fixed protocols

  • Simplicity for fix (low compute costs & roundtrips)

  • Upgraded EAP Base protocol maybe ok



Solution Concepts

  • All methods

    • Use separate credentials inside and outside tunnels
    • Use methods inside tunnels always
  • Key deriving methods

    • Can use cryptographic binding
      • Binding can provide stronger authentication & session keys
      • Avoids policy synchronization issues
      • Preserves deployment convenience of one-way authenticated tunnels


Solution Mechanisms Recommended

  • Policy restrictions

    • For non-key deriving methods client & server policy
      • Use separate credentials inside/outside tunnels
      • Use methods inside tunnels always
  • Cryptographic Binding

    • Compound Keyed MACs
      • Keyed MACs computed from safe one-way derivation from keys of all inner methods and tunnel method
      • Additional mutual authentication round trip (binding phase exchange) with keyed MACs
    • Compound Session Keys
      • Bound Key derived using safe one-way derivation from keys of all inner methods and tunnel method


Binding Phase Exchange with Compound Keyed MACs





Solution Approaches

  • Add Binding Phase to EAP base protocol or Tunnel Protocol

    • Already need for protected success/failure indication identified
    • Binding Phase exchange can also include the protected success/failure indication
    • Method Key export interface available
    • Cryptographic binding can give stronger keys
  • Add Policy rules to Client and Server



Conclusion/Next Steps

  • Conclusion

    • Request approval for draft as EAP working group item
  • Next Steps

    • Close on some of the outstanding Issues on EAP Issues list
    • Catalog new issues from comments on mailing list


References

  • “Compound Authentication Binding Problem”, Puthenkulam, J., Lortz, V., Palekar, A., Simon, D., http://www.ietf.org/internet-drafts/draft-puthenkulam-eap-binding-02.txt

  • “Man-in-the-Middle in Tunnelled Authentication Protocols”, Asokan, N.,Niemi, V., Nyberg, K., http://eprint.iacr.org/2002/163/



Backup



Tunneled Methods Generic Model



Sequenced Methods Generic Model




Do'stlaringiz bilan baham:


Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2017
ma'muriyatiga murojaat qiling