EAP State Machine Bryan D. Payne, Nick L. Petroni, Jr., & Chuk - - PowerPoint PPT Presentation

eap state machine
SMART_READER_LITE
LIVE PREVIEW

EAP State Machine Bryan D. Payne, Nick L. Petroni, Jr., & Chuk - - PowerPoint PPT Presentation

Dec 18, 2022 196 likes •277 views

EAP State Machine Bryan D. Payne, Nick L. Petroni, Jr., & Chuk Yang Seng University of Maryland, College Park 55 rd IETF November 2002 1 State Machine Revision http://www.ietf.org/internet-drafts/draft-payne-eap-sm-01.ps Update to a prior

slide-1
SLIDE 1

EAP State Machine

Bryan D. Payne, Nick L. Petroni, Jr., & Chuk Yang Seng University of Maryland, College Park

55rd IETF November 2002

1

slide-2
SLIDE 2

State Machine Revision

http://www.ietf.org/internet-drafts/draft-payne-eap-sm-01.ps

Update to a prior work (IETF 53) Changes based on design-team discussion

  • IEEE 802.1x notation
  • Nak handling
  • Identity handling

Maryland Information Systems Security Laboratory http://www.cs.umd.edu/∼npetroni/EAP/ietf55.pdf 2

slide-3
SLIDE 3

EAP Authenticator State Machine

INITIALIZATION Policy.initialize() currentId = initialIdVal RECV ID inc(currentId) policySat = Policy.isSatisfied() methodSuccess = FALSE methodFailure = FALSE POLICY TEST SUCCESS txSuccess(currentId) inc(currentId) txFailure(currentId) FAILURE inc(currentId) currentMethod = NULL && !policySat

METHOD BODY

UCT idTryCount=0 needId = requiresId(currentMethod) currentMethod = Policy.getNextMethod() ELSE needId policySat ELSE GET METHOD rxMethodResp = FALSE RECV NAK rxNak UCT Policy.recvNak(currentMeth) METHOD INIT rxNak = FALSE rxMethodResp = FALSE methodSuccess txMethodReq(currentId) inc(currentId) rxMethodResp UCT if(!isComplete(currentMethod)) { methodFailure txMethodReq(currentId) inc(currentId) } rxMethodResp rxIdResp idTryCount < maxIdTry && idTimeout NEED ID rxIdResp = FALSE idTimeout = FALSE txIdReq(currentId) inc(idTryCount) idTryCount >= maxIdTry && !rxIdResp

Maryland Information Systems Security Laboratory http://www.cs.umd.edu/∼npetroni/EAP/ietf55.pdf 3

slide-4
SLIDE 4

EAP Peer State Machine

rxSuccess && policySat SUCESS FAILURE METHOD INIT doMethod = Policy.allowMethod(currentMethod) methodSuccess || methodFailure INITIALIZATION Policy.initialize() rxIdReq = FALSE rxMethodReq = FALSE UNAUTHENTCATED rxSuccess = FALSE rxFailure = FALSE methodFailure = FALSE methodSuccess = FALSE policySat = Policy.isSatisfied() ID REQ txIdResp() NAK txNak(currentMethod) METHOD BODY rxMethodReq = FALSE txMethodResp() rxIdReq rxFailure !doMethod UCT UCT rxMethodReq doMethod rxMethodReq UCT

Maryland Information Systems Security Laboratory http://www.cs.umd.edu/∼npetroni/EAP/ietf55.pdf 4

slide-5
SLIDE 5

To Be Done

Explicit representation of timers Error handling Alternate indications of Failure / Link changes Pass-through Authenticator

Maryland Information Systems Security Laboratory http://www.cs.umd.edu/∼npetroni/EAP/ietf55.pdf 5

slide-6
SLIDE 6

References

http://www.ietf.org/internet-drafts/draft-payne-eap-sm-01.ps http://www.ietf.org/internet-drafts/draft-payne-eap-sm-01.txt http://www.ietf.org/internet-drafts/draft-ietf-eap-esteem-00.txt http://www.ietf.org/internet-drafts/draft-ietf-pppext-rfc2284bis-07.txt

Maryland Information Systems Security Laboratory http://www.cs.umd.edu/∼npetroni/EAP/ietf55.pdf 6