1 / 9

EAP Key Framework

This document provides an overview of the EAP Key Framework draft, including its current status, recent updates, and open issues. It discusses key distribution, threat modeling, fast handoff and context transfer, and the lying NAS problem. Solutions such as key scoping, attribute restrictions, logging, and method-specific binding are proposed.

lgifford
Download Presentation

EAP Key Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft

  2. Document Status • Just recently accepted as WG work item • Normative statements relating to EAP copied to RFC 2284bis • Result: EAP methods no longer dependent on Key Framework document • Substantial revisions in progress • Issue 180: Conversation overview section rewritten (-02) • Rewrites of other sections (e.g. SAs) likely in -02 • Threat model needed • Challenges • What threats do we choose to address, which ones will we not address? • Separation of media-specific behavior from general principles

  3. Currently Open Issues • Issue 15: Key Distribution Insecure • Issue 179: EAP PRF • Issue 187: Service SAs

  4. Security Issues • Key Scoping • “Correctness” in Fast Handoff & Context Transfer • The lying NAS problem

  5. Key Scoping • AAA context is associated with a key • Default scope for a AAA-Key is within a NAS • AAA protocols authenticate at NAS granularity • Diameter, RADIUS don’t use the NAS Called-Station-Id as its identity • Key is scoped to the physical NAS; can’t assume separate key cache for each “virtual NAS”, Called-station-Id, SSID, etc. • Client may not be able to recognize NAS scope without assistance from the lower layer • In IEEE 802.11 only the BSSID is announced in the Beacon/Probe Response, not the NAS-Identifier

  6. “Correctness” in Fast Handoff & Context Transfer • Definition of “Correct”: when the same state results as if the peer had authenticated with the AAA server • Examples of “incorrect” transactions: • Peer authenticates with GUEST SSID derives a key, does successful fast handoff within same physical AP to the CARRIER SSID • Result: Carrier sees an accounting record for GUEST which either doesn’t have an account, or it bills the wrong user • Peer authenticates to an AP, does fast handoff to same virtual AP in order to cause Session-Time variable to be reset. Clients gains unlimited network access. • Solution • Need AAA attributes to allow key scope restriction • Authorized SSIDs • Authorized Called, Calling-Station-Ids • “No Fast Handoff” or “No context transfer” attributes

  7. The Lying NAS Problem • NAS can provide different information to the peer and the Authentication Server • Fraud • To peer: “I offer access to the Joe’s Hotspot” • To AS: “I offer access to the CARRIER network” • Fooling user into associating to a “free” network then charging for it • Spoofing • To peer: “I’m AP57” • To AS: “I’m AP59” • Motivation: DoS on neighbor graph calculations

  8. Solutions • AAA agent checks • AAA agent (proxy, redirect, etc.) can see if NAS attributes match expected ones • Doesn’t prevent NAS from lying to the peer, only from lying to the AAA • Logging • Peer and AS can log information sent by the NAS, if a dispute arises, can verify later • Useful only for forensics • Key mixing • Peer and AS include attributes when calculating the AAA-Key • If NAS provides different info to Peer and AS, then Peer and NAS won’t be able to communicate • Only viable if relevant attributes are few and well defined, not easily extensible • Method-specific binding • EAP method includes exchange of attributes between the peer and EAP server • Peer and EAP server compare the exchanged values with ones sent by the NAS • Examples: EAP Archie, PEAPv2

  9. Questions?

More Related