1 / 11

EAP Generalized PSK (GPSK) draft-clancy-eap-gpsk-01.txt

EAP Generalized PSK (GPSK) draft-clancy-eap-gpsk-01.txt. Editors: C. Clancy, H. Tschofenig EMU WG, IETF 67, Montreal. Design Team. o Jari Arkko o Mohamad Badra o Uri Blumenthal o T. Charles Clancy o Lakshminath Dondeti o David McGrew o Joe Salowey

kin
Download Presentation

EAP Generalized PSK (GPSK) draft-clancy-eap-gpsk-01.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. EAP Generalized PSK (GPSK)draft-clancy-eap-gpsk-01.txt Editors: C. Clancy, H. Tschofenig EMU WG, IETF 67, Montreal

  2. Design Team o Jari Arkko o Mohamad Badra o Uri Blumenthal o T. Charles Clancy o Lakshminath Dondeti o David McGrew o Joe Salowey o Sharma Suman o Hannes Tschofenig o Jesse Walker

  3. Design Goals • Simple (fast) authentication based on a pre-shared symmetric key • Design constraints: • No public-key operations • Two round trips • No fragmentation • Try to support as many features as possible given those constraints

  4. Base Protocol Client Server ID_Server, RAND_Server, CSuite_List SEC_SK( ID_Client, ID_Server, RAND_Client, RAND_Server, CSuite_List, CSuite_Sel [ ENC_PK(PD_Payload_1) ] ) SEC_SK( RAND_Client, RAND_Server, CSuite_Sel [ ENC_PK(PD_Payload_2) ] ) SEC_SK( [ ENC_PK(PD_Payload_3) ] ) Note: SEC_K(X) = X || MAC_K(X)

  5. Base Protocol • Simple MAC-based mutual authentication • Supports extensibility through the use of encrypted Extended Data Fields (EDF) • Possible EDF applications: • Channel binding • Protected results indication • Identity protection • EDFs MUST not add round trips or cause packet size to exceed the EAP MTU

  6. Ciphersuites • Specified as 6-octet field consisting of vendor OID (0x000000=IETF) and 3-octet ciphersuite specifier • Server sends client a list of supported ciphersuites and client selects one from the list • Ciphersuites with NULL encryption provide only integrity and not confidentiality

  7. Key Derivation Function (KDF) • Based on the IEEE 802.11i KDF • Iterated MAC of input key Y and entropy Z • Outputs X octets of keying material GKDF-X (Y, Z) { M_0 = ""; result = ""; for i=1 to (floor( X / MACsize ) + 1) { M_i = MAC_Y (M_{i-1} || Z || i || X); result = results || M_i; } return truncate (result, X); }

  8. Key Derivation Hierarchy PSK Entropy, Identifiers KDF MK KDF MSK EMSK SK PK

  9. Implementation • Jouni Malinen produced a first implementation: http://hostap.epitest.fi/releases/snapshots/

  10. Open Issues • See http://www.tschofenig.com:8080/eap-gpsk/index • Error Handling • Identities in KDF • KDFData • Channel Binding • protected results indiciation

  11. Next Steps • Seeking approval from EMU WG to make it a WG item • Move forward with full WG participation

More Related