eap efficient re authentication
play

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com - PowerPoint PPT Presentation

Jun 09, 2023 •752 likes •1.05k views

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com January 2007 Contents EAP Re-authentication and Fast Re-authentication Requirements for low latency re-authentication

  1. EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com January 2007

  2. Contents • EAP Re-authentication and Fast Re-authentication • Requirements for low latency re-authentication • Constraints in designing extensions to EAP • Design Choices – Server vs. peer initiated – Re-authentication key hierarchy • With and without local re-auth server – Protocol transport – Lower layer requirements • Proposed Protocol 2

  3. EAP Re-authentication, as per today’s standards Peer Auth1 AAA-L AAA-H EAP Req/Identity Initial EAP Exchange EAP Resp/Identity Full EAP Method Exchange MSK1, EMSK1 MSK1, EMSK1 EAP Success EAP Success (MSK1) MSK1 3

  4. EAP Re-authentication, as per today’s standards Peer Auth1 Auth2 AAA-L AAA-H EAP Req/Identity Initial EAP Exchange EAP Resp/Identity Full EAP Method Exchange MSK1, EMSK1 MSK1, EMSK1 EAP Success EAP Success (MSK1) MSK1 Subsequent EAP Exchanges EAP Req/Identity EAP Resp/Identity Full EAP Method Exchange (or, Method-Specific Fast Re-authentication) MSK2, EMSK2 MSK2, EMSK2 EAP Success EAP Success (MSK2) MSK2 4

  5. Our Charter Dictates ☺ • Solutions specified by the HOKEY WG must: – Be responsive to handover and re-authentication latency performance objectives within a mobile wireless access network. – Fulfill the requirements in draft-housley-aaa-key-mgmt and draft-ietf- eap-keying. – Be independent of the access-technology. Any key hierarchy topology or protocol defined must be independent of EAP lower layers. The protocols may require additional support from the EAP lower layers that use it. – Accommodate inter-technology heterogeneous handover and roaming. – No changes to EAP methods. Any extensions defined to EAP must not cause changes to existing EAP methods. 5

  6. Re-auth Goals • MUST be better than full EAP authentication – “The protocol MUST be responsive to handover and re- authentication latency performance within a mobile access network” • EAP lower layer independence • EAP method independence • AAA protocol compatibility and keying • Co-existence with current EAP operation 6

  7. What is Low Latency? • Security becomes a burden when any latency or overhead is added to the critical handoff path ☺ – Mobile access networks resort to insecure practices when security adds latency to handoffs • Two aspects of latency – Number of roundtrips – Distance to the AS • Ideally, the protocol should be executable in parallel with connection establishment – I.e., add 0 incremental time to L2 handoffs • It may also be unacceptable to have to go back to the AS (EAP Server) upon every handoff – EAP Server may be too many hops away! 7

  8. Full EAP Authentication (E.g., EAP-AKA) EAP Peer Auth1 Server EAP Request Identity EAP Response Identity EAP Request (AKA Challenge) EAP Response (AKA Challenge) MSK1, EMSK1 MSK1, EMSK1 EAP Success EAP Success (MSK1) MSK1 EAP-AKA takes 2 Roundtrips over the infrastructure to Goal: Re-auth MUST complete; AKA fast re-authentication reduces computational finish in less than 2 expense, but takes the same number of roundtrips to complete. roundtrips AKA is one of the most commonly used protocols for network access authentication in mobile access networks. 8

  9. Server vs Peer Initiated Re-Auth • Server-initiated re-authentication preserves the EAP model – Allows for similar peer operation in open/access-controlled networks – Only model that supports legacy authenticators – Needs at least 1.5 roundtrips with modifications to authenticator operation – Needs at least 2 roundtrips with legacy authenticators • Peer-initiated re-authentication achieves more efficient operation – Can piggyback re-authentication on connection establishment on some wireless networks – Can finish in 1 roundtrip 9

  10. Server Initiated Re-Auth With Legacy Authenticators EAP Peer Auth1 Server EAP Request Identity EAP Response Identity EAP Request Re-auth EAP Response Re-auth MSK1, EMSK1 MSK1, EMSK1 EAP Success EAP Success (MSK1) MSK1 • The protocol operation is quite similar to AKA • No improvement over AKA in terms of latency or computational expense • The Peer has to provide either temporary or real identity in the Response/Identity message • EAP server has to prove possession of the key before the peer authenticates • Potential for DoS attacks on the EAP server 10

  11. Peer/Server Initiated Re-Auth With Upgraded Authenticators EAP Peer Auth1 Server EAP Request Identity EAP Initiate (Re-auth) EAP Finish (Re-auth) rMSK rMSK rMSK • The most optimal method of re-authentication is the peer-initiated model • Needs upgrades to authenticators • Optional server-initiated model is also feasible • EAP Request Identity from the Authenticator to the peer serves a trigger for Re-Auth • The Peer authenticates first • Uses temporary identity or a key identity for identity protection • The Finish message contains Server’s authentication and also serves the same purpose as EAP Success • To support peer-initiated operation, changes to peer’s state machine are needed • Peer must be able to maintain retransmission timers etc. 11

  12. Peer/Server Initiated Re-Auth With Legacy Authenticators EAP Peer Auth1 Server EAP Request Identity EAP Response Identity EAP Request Re-auth (Empty) EAP Response Re-auth (Initiate) EAP Request Re-auth (Finish) EAP Response Re-auth (Empty) MSK1, EMSK1 EAP Success EAP Success (MSK1) MSK1 • Optional EAP type-based transport with the peer-initiated model takes more roundtrips than say, EAP-AKA operation • Enables use of the same protocol over legacy authenticators • Only transport varies (code-based vs type-based) • Peer will have to prove possession of key material before server performs any computation • Perhaps acceptable as a transition mechanism over legacy authenticators • Useful for chatty EAP methods (e.g., TLS-based methods) 12

  13. Local Re-auth Server • Re-auth may still take too long if the AS is too many hops away • Must be able to perform re-auth with a local server when handing off within a local area • Key hierarchy must support both models • The re-auth protocol must support some bootstrapping capability – Local server must be provided a key – Peer may need to be provided a server ID 13

  14. Re-authentication Key Hierarchy rRK rIK rEK rMSK 1 … rMSK m TSK 1 TSK m • rRK is the Re-authentication Root Key • rIK is the Re-auth Integrity Key and used to provide proof of possession of Re-auth keys • rEK is the Encryption Key used to encrypt any confidential data exchanged between the peer and the EAP-ER server • rMSK is the MSK equivalent key • Derived based on the run of the EAP-ER protocol • Each Authenticator change, whether or not an Authenticator is revisited, is treated the same 14

  15. Where does the rRK come from? • There are at least two candidates for the parent key for the rRK – f(EMSK, “Re-authentication Root Key”) • The EMSK is managed by the EAP server – EAP server may be too many hops away from the Peer – f(Local MSK, “Re-authentication Root Key”) • Local MSK is a root key associated with an EAP-ER server in the Authenticator’s domain • Local MSK derivation itself is out of scope of the re- authentication solution 15

  16. Protocol Transport • Protocol transport considerations – EAP Code-based and Type-based transport • EAP Code-based implies authenticator support for new codes • EAP Type-based can work with current EAP authenticators – One option is to allow both • Re-auth messages may be carried in EAP Request/Response or EAP Initiate/Finish messages • Can re-auth be run over a protocol other than EAP? – Claimed benefit is to prevent any changes to EAP implementation • Peer and server implementations may treat re-auth as a new protocol for all practical purposes – At the authenticator, interactions with EAP are needed irrespective of the transport protocol used for re-auth • In many networks, access control enforcement is based on successfully finishing EAP authentication • Port control enforcement is contingent on EAP Success, MSK to TSK derivation and use • The goal of Re-Auth is also to derive the TSK eventually – port must be enabled after successful re-authentication 16

  17. Benefits of EAP-based Transport • If a new protocol were to be used to transport Re-Auth messages – Authenticators would have two different protocols and state machines installing SAs that enable controlled access • EAP-based transport allows: – Integration of state machines for initial and re-authentication – Specification benefits: • Will largely re-use: – RFC3748 – EAP keying framework – RFC3579 – RFC4072 – The list goes on… – Allows re-auth to be triggered by EAP Request Identity 17

  18. Co-existence with Vanilla EAP • Peers may roam in and out of networks that support re-authentication • Support for re-auth may be indicated by the lower layer for optimal operation • Alternatively, the peer may attempt re-auth – Upon a timeout/failure, the peer may do full authentication 18

Recommend

EAP Efficient Re-authentication Lakshminath Dondeti , ldondeti@qualcomm.com Vidya Narayanan ,

EAP Efficient Re-authentication Lakshminath Dondeti , ldondeti@qualcomm.com Vidya Narayanan ,

EAP Efficient Re-authentication Lakshminath Dondeti , ldondeti@qualcomm.com Vidya Narayanan , vidyan@qualcomm.com IETF68; March 2007 Re-auth Goals MUST be better than full EAP authentication The protocol MUST be responsive to handover

361 views • 17 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks

VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks

VulCAN: Efficient Component Authentication and Software Isolation for Automotive Control Networks Jo Van Bulck, Jan Tobias Mhlberg and Frank Piessens jo.vanbulck|jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan

654 views • 28 slides
Energy Efficient Authentication and Authorization for Multi-node Cooperative Connectivity and

Energy Efficient Authentication and Authorization for Multi-node Cooperative Connectivity and

Energy Efficient Authentication and Authorization for Multi-node Cooperative Connectivity and Reliability PhD Candidate Vandana Rohokale (vmr@es.aau.dk) Supervisor Prof. Ramjee Prasad CTIF, Aalborg, Denmark Co-supervisors Assoc. Prof. Horia

372 views • 13 slides
Extensions to EAP Keying hierarchy for Efficient Re-authentication and Visited domain Keying

Extensions to EAP Keying hierarchy for Efficient Re-authentication and Visited domain Keying

Extensions to EAP Keying hierarchy for Efficient Re-authentication and Visited domain Keying Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com IETF-67 San Diego, CA November 2006 Contents EAP keying

614 views • 15 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks Italo Dacosta and Patrick Traynor Performance, Scalability and Security Finding the right balance between performance /scalability

517 views • 24 slides
An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement Gildas Avoine 1 and Aslan Tchamkerten 2 1 Universit e catholique de Louvain, Louvain-la-Neuve, Belgium 2 Telecom ParisTech,

335 views • 31 slides
EM 3 A : Efficient Mutual Multi-hop Mobile Authentication Scheme for PMIP Networks Sanaa Taha

EM 3 A : Efficient Mutual Multi-hop Mobile Authentication Scheme for PMIP Networks Sanaa Taha

EM 3 A Introduction System Model Security Analysis Performance Evaluation Conclusions and future work EM 3 A : Efficient Mutual Multi-hop Mobile Authentication Scheme for PMIP Networks Sanaa Taha November 18, 2011 Sanaa Taha EM 3 A :

361 views • 24 slides
ASSURE Authentication Scheme for SecURE Energy Efficient Non-Volatile Memories Joydeep Rakshit

ASSURE Authentication Scheme for SecURE Energy Efficient Non-Volatile Memories Joydeep Rakshit

ASSURE Authentication Scheme for SecURE Energy Efficient Non-Volatile Memories Joydeep Rakshit Kartik Mohanram Non-Volatile Memories Workshop March 12, 2018 San Diego, CA Electrical and Computer Engineering University of Pittsburgh

971 views • 50 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
sRDMA Efficient NICbased Authentication and Encryption for Remote Direct Memory Access

sRDMA Efficient NICbased Authentication and Encryption for Remote Direct Memory Access

spcl.inf.ethz.ch @spcl_eth Konstantin Taranov, Benjamin Rothenberger, Adrian Perrig, Torsten Hoefler sRDMA Efficient NICbased Authentication and Encryption for Remote Direct Memory Access spcl.inf.ethz.ch @spcl_eth RDMA networking is

2.47k views • 30 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT

453 views • 34 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides

More recommend