EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF

1
EAP-MAKE2 EAP method for Mutual Authentication
and Key Establishment, v2 EMU BoF
Michaela Vanderveen IETF 64 November 2005
2
Key Features

• Pre-shared keys
• Separate for authentication and key derivation
• MIC and key derivation use IEEE 802.11i PRF
• Computationally light
• No extra crypto code for terminals employing
  link-layer RSN based on IEEE
• Secure ciphersuite negotiation
• Encryption use is optional
• Support for user identity privacy
• Temporary user ID generationdelivery optional
• Commercial deployment (v1)

3
Message Exchange (Bellare-Rogaway based)
SPIP Peers supported ciphers SPIS Servers
chosen cipher EncrData TempID, MIC
computed over entire packet, both
nonces and IDs
4
Identity Request/Response
Peer
Server
Server obtains TempID but requires PermID
MAKE/Identity(PermID_REQ, ServerID)
MAKE/Identity(PeerID)
Typical EAP-MAKE2 exchange follows
5
Authentication Failure
6
Authentication Failure (cont)
7
Three-level Key Hierarchy
Root Secret A pre-shared secret
Root Secret A pre-shared secret
RANDS
MAKE Master Secret (MMS-A)
MAKE Master Secret (MMS-A)
RANDP
Transient EAP Keys (TEK-Auth, TEK-Cipher)
Session Keys (MSK, EMSK)
cryptographically separate
sign MIC encrypt attributes
8

Thank You
9
Security Claims Vulnerabilities

• Mutual Authentication
• Integrity Protection
• Replay protection
• Confidentiality (optional)
• Key derivation
• Dictionary attack protection
• Protected ciphersuite negotiation

• No fragmentation
• No channel binding
• No crypto binding