Title: EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF
1EAP-MAKE2 EAP method for Mutual Authentication
and Key Establishment, v2 EMU BoF
Michaela Vanderveen IETF 64 November 2005
2Key Features
- Pre-shared keys
- Separate for authentication and key derivation
- MIC and key derivation use IEEE 802.11i PRF
- Computationally light
- No extra crypto code for terminals employing
link-layer RSN based on IEEE - Secure ciphersuite negotiation
- Encryption use is optional
- Support for user identity privacy
- Temporary user ID generationdelivery optional
- Commercial deployment (v1)
3Message Exchange (Bellare-Rogaway based)
SPIP Peers supported ciphers SPIS Servers
chosen cipher EncrData TempID, MIC
computed over entire packet, both
nonces and IDs
4Identity Request/Response
Peer
Server
Server obtains TempID but requires PermID
MAKE/Identity(PermID_REQ, ServerID)
MAKE/Identity(PeerID)
Typical EAP-MAKE2 exchange follows
5Authentication Failure
6Authentication Failure (cont)
7Three-level Key Hierarchy
Root Secret A pre-shared secret
Root Secret A pre-shared secret
RANDS
MAKE Master Secret (MMS-A)
MAKE Master Secret (MMS-A)
RANDP
Transient EAP Keys (TEK-Auth, TEK-Cipher)
Session Keys (MSK, EMSK)
cryptographically separate
sign MIC encrypt attributes
8 Thank You
9Security Claims Vulnerabilities
- Mutual Authentication
- Integrity Protection
- Replay protection
- Confidentiality (optional)
- Key derivation
- Dictionary attack protection
- Protected ciphersuite negotiation
- No fragmentation
- No channel binding
- No crypto binding