EAP Password Authenticated eXchange (PAX) - PowerPoint PPT Presentation

About This Presentation
Title:

EAP Password Authenticated eXchange (PAX)

Description:

Title: Slide 1 Author: Charles Clancy Last modified by: rbunch Created Date: 3/15/2004 6:08:02 PM Document presentation format: On-screen Show Other titles – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 9
Provided by: CharlesC174
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: EAP Password Authenticated eXchange (PAX)


1
EAP Password Authenticated eXchange (PAX)
draft-clancy-eap-pax-01
  • T. Charles Clancy William A. Arbaugh
  • clancy,waa_at_cs.umd.edu
  • Department of Computer Science
  • University of Maryland, College Park
  • IETF 61, EAP WG
  • November 10, 2004

2
PAX Introduction
  • 2 round-trip MAC-based mutual authentication
  • Supports provisioning with a weak pre-shared key
  • Optional server-side certificate provides secure
    provisioning
  • Supports key management with forward secrecy
    using Diffie-Hellman
  • Optional support for identity protection
    (requires server-side certificate)
  • Extensible ciphersuite

3
Major Changes from -00 to -01
  • Address Crypto Concerns
  • mutual authentication
  • multiple uses of certain keys with different
    primitives
  • Protocol Implementation Issues
  • identity protection paradox
  • new identity protection subprotocol
  • Paranoia with MD5 and TLS-PRF
  • extensible key derivation function
  • support for HMAC-SHA1 and AES-CBC-MAC

4
PAX_STD (no identity protection)
X, Y rand(2256) If keyUpdate then A gX, B
gY, E gXY else A X, B Y, E (X
Y) AK, CK, SessionKeys KDF(AK E
KeyName)
Server
Client
A, SID, PK, CertPK
EncPK (B, CID, MACCK(A, B, CID, SID))
MACCK(B, CID, SID)
ACK
5
PAX_IDP (identity protection)
M, N, X, Y rand(2256) If keyUpdate then A
gX, B gY, E gXY else A X, B Y, E (X
Y) AK, CK, SessionKeys KDF(AK E
KeyName)
Server
Client
M, SID, PK, CertPK
EncPK (M, N, CID)
A, MACN(A, CID, SID)
B, MACCK(A, B, CID, SID)
6
Cryptographic Primitives
  • Extensible
  • Key Derivation Function
  • KDF16X(Y) MACX(Y 1)
  • KDF64X(Y) MACX(Y 1) MACX(Y 2)
  • MACX(Y 3) MACX(Y 4)
  • Currently supported
  • MAC HMAC-SHA1-128
  • AES-CBC-MAC-128
  • DH 3072-bit MODP Group RFC3526
  • PubKey RSA-OAEP-2048

7
PAX Implementation
  • Currently Supports
  • FreeRADIUS 1.0.1
  • XSupplicant 1.0.1
  • Authentication, Key Update
  • Plan to Support
  • Microsoft IAS
  • Windows XP Supplicant
  • Provisioning, Identity Protection
  • Timings Experiment
  • Cisco 1200 AP
  • Pentium 3 1.2GHz, Linux 2.4.26

8
PAX Implementation Timings
Protocol PK Crypto RT Time (ms)
PAX, no update PAX, key update PAX, provision - DH-3072 DH-3072/RSA-2048 2 2 3 9.6 127.3 N/A
EAP-TLS EAP-TLS DH-512/RSA-512 DH-3072/RSA-2048 5 7 89.8 1076.7
PEAP-MSCHAPv2 PEAP-MSCHAPv2 DH-512/RSA-512 DH-3072/RSA-2048 8 10 90.4 1027.3
TLS/PEAP used OpenSSL DSA-DH parameters, PAX used
3072-bit prime and 256-bit exponent as
recommended in RFC3766
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "EAP Password Authenticated eXchange (PAX)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!