1 / 8

Version 1 of EAP-TTLS

Version 1 of EAP-TTLS. draft-ietf-pppext-eap-ttls-05.txt http://www.funk.com/documents/draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software. New Version of EAP-TTLS. A version field is now defined in the Flag bits Previous version is 0, new version is 1. Version 1 features:

milos
Download Presentation

Version 1 of EAP-TTLS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt http://www.funk.com/documents/draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software

  2. New Version of EAP-TTLS • A version field is now defined in the Flag bits • Previous version is 0, new version is 1. • Version 1 features: • Session keys mixed with TLS master secret • Secure exchange of result of inner authentication • Exchange of inner AVPs moved from TLS data phase into TLS handshake • New InnerApplication extension to TLS (TLS/IA) defined to carry inner AVPs within handshake • TLS data phase is free for other uses • EAP-TTLS v1 is one binding to TLS/IA • Other protocols, such as HTTP, may also be bound to TLS/IA

  3. TLS “InnerApplication” Extension(TLS/IA) • Uses standard RFC 3546 extension mechanism • InnerApplication extension appended to ClientHello, confirmed in ServerHello • TLS/IA handshake is multi-phase: • Initial phase: • Normal TLS handshake • Instantiate cipher suite to create tunnel • Application phase(s) (normally one, may be more): • Exchange AVPs for authentication and other applications • Permute TLS master secret based on session keys • Instantiate cipher suite with new master secret • Phase Transitions • PhaseFinished terminates each handshake phase prior to final • Finished terminates final handshake phase

  4. Comparison of TLS Encapsulation In EAP-TTLS version 0 (as well as EAP-PEAP/FAST) TLS handshake data Handshake msgs CCS/Finished AVPs In EAP-TTLS version 1 TLS/IA handshake data Handshake msgs CCS/PhaseFinished AVPs CCS/Finished This space available

  5. Session Key Binding • Inner session keys are mixed into master key and: • confirmed by Finished message • mixed into outer session keys (e.g. MPPE keys) • TLS master secret permutation • Initial master key is derived as usual during initial handshake phase • Master key is permuted at the end of each application phase: • PRF is applied to create 48-octet vector • Any inner session keys developed during this phase are arithmetically added to vector • Result is new master key • Master key at end of final phase is actual master key for session

  6. Success/Failure Confirmation • Handshake message confirmation: • Each PhaseFinished or Finished message confirms handshake messages in current and all previous handshake phases • Inner authentication confirmation: • Success is signalled by exchange of Finished messages • Failure is signalled by TLS failure alert • Exchange of Finished messages prevents truncation attack

  7. Other Uses of TLS/IA • As with previous version, inner AVPs can be use for various purposes: • authentication • key exchange • client integrity attestation • etc. • TLS/IA can provide inner AVP capabilities to other protocols besides EAP-TTLS • Possible other uses for TLS/IA: • HTTP with EAP authentication • Alternative to IKE for IPsec authenticated key establishment • Setting up SSL VPN

  8. IETF Plans • Split into 3 drafts: • EAP-TTLS v0, which is deployed and has several interoperable implementations • TLS/IA, the InnerApplication extension to TLS • EAP-TTLS v1, specified as an encapsulation of TLS/IA • Submit each draft for RFC proposed standard status (weather permitting)

More Related