[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECMECH] Are EAP-Methods RFIDs ?

To: secmech at ietf.org
Subject: [SECMECH] Are EAP-Methods RFIDs ?
From: Pascal Urien <urienp at tele2.fr>
Date: Thu, 10 Nov 2005 12:25:50 +0100
Cc:
List-archive: <http://www1.ietf.org/pipermail/secmech>
List-help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-id: Security mechanisms BOF <secmech.lists.ietf.org>
List-post: <mailto:secmech@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
Sender: secmech-bounces at lists.ietf.org

Hi Everybody,

The TLS resume mode (RFC 2246, section 7.3) is a nice candidate for the PSK authentication class. The pre shared key is equal to the master secret, and is associated to a session-id that works like a login (EAP-ID,...).

From a cryptographic point of view, some security proof are available, see for example http://www.cl.cam.ac.uk/users/lcp/papers/Auth/tls.pdf (4.6 Session Resumption)

According to TLS properties many crypto suites can be used in order to proof the knowledge of the PSK (e.g the master secret), like RC4, DES, 3xDES, AES, ECC, .

Because no certificates are used,.the number of exchanged bytes is quite small, around 200 bytes

   So what is wrong with EAP-TLS, with resume mode as PSK EAP method ?

In EAP-TLS, EAP-SIM or EAP-AKA it's very easy to get, with no protection, the user ID, for example its permanent EAP-ID, certificates or full identity. It's mean that even when these protocols claim anonymity properties, it's possible to collect user's identities, which in many case is an issue for privacy. concerns.

Are EAP methods really dealing today with user's privacy (from its identity protection point of view)? It seems that many EAP methods work like RFIDs.

In http://www.ietf.org/internet-drafts/draft-badra-eap-double-tls-04.txt we propose to re-used the TLS resume mode, and we are focused on anonymity rather than introducing a new cryptographic issues.

It doesn't look easy to conciliate mutual authentication and identity protection. On the peer side this should imply the secure storage of some information (like next identity, next EAP-ID, next protection key,...) computed during the last EAP session.

As an illustration this secure storage could be assumed by smartcards, like described in http://www.ietf.org/internet-drafts/draft-urien-eap-smartcard-09.txt

In my opinion there is strong need to ensure anonymity in EAP context. Do we intend to work on that subject ?

Pascal


_______________________________________________
SECMECH mailing list
SECMECH at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech

Follow-Ups:
- Re: [SECMECH] Are EAP-Methods RFIDs ?
  - From: T. Charles Clancy

Prev by Date: [SECMECH] Re: new agenda
Next by Date: Re: [SECMECH] Are EAP-Methods RFIDs ?
Previous by thread: [SECMECH] Re: new agenda
Next by thread: Re: [SECMECH] Are EAP-Methods RFIDs ?
Index(es):
- Date
- Thread