protocol for carrying authentication for network access
play

Protocol for Carrying Authentication for Network Access (PANA) - PowerPoint PPT Presentation

Sep 13, 2023 •267 likes •612 views

Protocol for Carrying Authentication for Network Access (PANA) (draft-ietf-pana-pana-00.txt) Authors: Dan Forsberg Yoshihiro Ohba Basavaraj Patil Hannes Tschofenig Alper Yegin IETF56 Contents Introduction PAA Discovery

  1. Protocol for Carrying Authentication for Network Access (PANA) (draft-ietf-pana-pana-00.txt) Authors: Dan Forsberg Yoshihiro Ohba Basavaraj Patil Hannes Tschofenig Alper Yegin IETF56

  2. Contents • Introduction • PAA Discovery • Carrying EAP AVPs • Creating a PANA SA • …. IETF56

  3. Producing the First Draft • Design Team was established to work on initial proposal • Work in progress: – Further discussions will be carried on the PANA ML • Scope of the solution is bounded by: – draft-ietf-pana-usage-scenarios-04.txt – draft-ietf-pana-threats-eval-02.txt – draft-ietf-pana-requirements-04.txt • Design team discussion archive available at: – http://danforsberg.info/pipermail/pana-dt • Objective: – Satisfy the above requirements and scenarios by a simple protocol design – Various optimizations and enhancements left out for future consideration IETF56

  4. Introduction: PANA Framework PaC EP PAA AAA PAA Discovery PANA Request AAA Interaction PANA Response Filter information PANA SA PANA SA installation Access control SA establishment Protected PANA Messages Note: Some protocol interactions are optional. IETF56

  5. Introduction: PANA Protocol PaC EP PAA AAA PAA Discovery PANA Request PANA Response PANA SA PANA SA Protected PANA Messages Interaction of PANA with the other protocols needs to be analyzed. IETF56

  6. What was learned from the Usage Scenarios? • PANA can be used in 1. Environments with physical layer security 2. Environments with link layer security 3. Environments where no lower security is available • Scenario (3) is the most difficult one for PANA deployment and adding the most requirements • It is difficult to support all scenarios with a single protocol. Hence some protocol steps have to be optional. • Multiple Authentication and Key Exchange methods should be supported ⇒ EAP IETF56

  7. Assumptions • Topology Knowledge Device Identifier information can be installed at the correct devices • Device Identifier Installation Security provided by DI installation is sufficient for some environments. Otherwise, DI is accompanied by cryptographic keys. • Disconnect Indication Link layer disconnect indication cannot be assumed • Session Key Establishment Session key needs to be available for PANA SA Note: Some assumptions will be explained in more details in subsequent slides. IETF56

  8. PAA Discovery (1/2) • Why? – To discover the PAA's address dynamically . • How? – 1a) (Link local) multicast UDP packet from PaC. – 1b) PaC sends data packets. • EP sends a PANA_discover message to PAA, which contains PaC’s unicast address. – PAA sends PANA_start to PaC. IETF56

  9. PAA Discovery (2/2) • Threats? – Man-in-the-Middle between PaC and PAA. – DoS against PAA, DoS against PaC. • Countermeasures? – Difficult since message exchange between neighboring nodes. • hop limit check – Goal: • Prevent off-path attacks (Cookie, Sequence numbers) • Prevent memory allocation with single message (Cookie) IETF56

  10. Initial Sequence Number and Cookie • Initial Sequence Number (ISN) mechanism is used to prevent blind DoS and off-path attacks. • Cookie mechanism is used to prevent non-blind DoS attack. – Cookie is sent from PAA in PANA_start message, but does not create any state in PAA that would enable DoS attack. – Cookie is implementation specific • Message Flow PaC PAA Message(tseq,rseq)[AVPs] ------------------------------------------------------ 1) ------------> PANA_discover(0,0) 2) <------------ PANA_start(x,0)[Cookie] 3) ------------> PANA_start(y,x)[Cookie] (continued to authentication phase) IETF56

  11. Carrying EAP over PANA • Why? – Authentication and authorization required for network access procedures • How? – EAP is payload of PANA (carried in EAP AVP ) • Threats? – MITM (injecting, modifying etc.); DoS; Eavesdropping • Countermeasures? – Use an appropriate EAP method depending on the security requirements – Difficult to prevent all attacks until PANA SA is established IETF56

  12. Carrying EAP over PANA Transport Protocol Properties • EAP requires ordered message delivery – EAP provides its own reliability and does not require the transport to be reliable • EAP recommends EAP methods to provide message fragmentation – EAP TLS and PEAP support fragmentation, for example • EAP supports retransmission for EAP Requests – Retransmission timeout calculation based on RFC2988 takes congestion control into account IETF56

  13. Carrying EAP over PANA Approach chosen by PANA • PANA does not provide fragmentation. – Use EAP method fragmentation for EAP messages – Use IP fragmentation for other messages • PANA provides: – Ordered delivery of EAP messages on top of UDP – Protection of PANA PDU after PANA SA is established IETF56

  14. Carrying EAP over PANA Sequence number handling(1/3) • Why sequence number? – To provide ordered delivery of messages – Robustness against blind DoS attack is needed • Considered approaches: – Single sequence number with PANA-layer retransmission – Dual sequence number with orderly-delivery – Dual sequence number with reliable-delivery • Selected approach: Dual sequence number with orderly-delivery – Reason: • The 1 st approach assumes ‘lock step’ messaging for all messages (EAP Success/Failure is not lock-step safe) • The 3 rd approach is not simpler than the 2 nd one • Appendix in the draft provides detailed explanation IETF56

  15. Carrying EAP over PANA Sequence number handling(2/3) • Following sequence numbers are included in PANA header – Transmitted sequence number ( tseq ) – Received sequence number ( rseq ) • tseq starts from initial sequence number and is incremented by 1 when sending a message (even it is retransmitted) • rseq is copied from the tseq field of the last accepted message • When a message is received, it is valid (in terms of sequence #) if – Its tseq > tseq of the last accepted message, AND – Its rseq falls in the range [tseq of the last ack’ed msg+1,tseq of the last transmitted msg] IETF56

  16. Carrying EAP over PANA Sequence number handling (3/3) PaC PAA Message(tseq,rseq)[AVPs] ------------------------------------------------- (continued from discovery and initial handshake phase) <----- PANA_auth(x+1,y)[EAP{Request}] -----> PANA_auth(y+1,x+1)[EAP{Response}] . . <----- PANA_auth(x+2,y+1)[EAP{Request}] -----> PANA_auth(y+2,x+2)[EAP{Response}] <----- PANA_success(x+3,y+2) // F-flag set [EAP{Success}, Device-Id, Data-Protection, MAC] -----> PANA_success_ack(y+3,x+3) [Device-Id, MAC] // F-flag set IETF56

  17. PANA SA Establishment • Why? – Protect subsequently exchanged PANA messages • E.g.: re-auth, disconnect – Bootstrap L2 or L3 access control, when needed • How? – Key derived from EAP method; No algorithm negotiation • Threats? – MITM - weak EAP methods • Countermeasures? – Mutual authentication within EAP method – Weak EAP methods ⇒ see next slides IETF56

  18. PANA SA Establishment PaC PAA AAA PAA Discovery EAP Authentication (PaC ⇔ AAA[L|H] Authentication) AAA Session Key Transport PANA SA PANA SA Protected PANA Messages PANA relies on EAP methods to produce keying material for PANA SA. IETF56

  19. PANA SA Establishment • EAP method must provide session key for PANA SA • There is no secure tunnel established between the PaC and the PAA (e.g. via ISAKMP or TLS) outside EAP! IETF56

  20. EAP Method Choice • PANA can carry any EAP authentication method • It is the responsibility of the user and the network operator to pick the right method, depending on the environment – key derivation – mutual authentication – DoS resiliency • PANA does not enable weak methods in insecure environments (a non-goal!) – PANA does not create a secure channel for them – PANA can carry EAP-tunneling methods (PEAP, EAP- TTLS) • Risk: MitM, needs to be fixed (not in PANA WG!) IETF56

  21. Device ID Choice • PaC will configure an IP address before PANA if it can – Network policy: EP might detect PaC’s attempts and trigger PANA first • DI is either a link-layer address, or IP address – IP address: when PaC can configure one prior to PANA and IPsec is used for access control. – Link-layer address: otherwise. IETF56

  22. Filter Rule Installation • PANA protocol helps identifying who should gain access • PAA helps EP build filters based on PANA results • When PAA and EP are separated, a protocol is needed – This is not “PANA protocol” – PANA WG will “identify” at least one such protocol – MIDCOM WG’s output might be useful IETF56

  23. Device Identifier Exchange • How? – Key derived from EAP method; No algorithm negotiation • Why? – By installing this device identifier unauthorized nodes are not able to inject packets. • Threats? – MITM (injecting, modifying, etc.); DoS – IP spoofing; DI reuse (e.g. after roaming) • Countermeasures? – Exchange data origin authenticated, replay and integrity protected with PANA SA – IP Spoofing and DI => see next slides IETF56

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs Haoli Wang,

A Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs Haoli Wang,

A Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs Haoli Wang, Joel Cardo, Yong Guan ECE, Iowa State University ASWN 2004 Introduction Emergence of visitor networks Visitor Networks: LANs that are

671 views • 13 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Netconf Protocol: Security Considerations Wes Hardaker &lt;hardaker@tislabs.com&gt; 2004.Aug.05

Netconf Protocol: Security Considerations Wes Hardaker &lt;hardaker@tislabs.com&gt; 2004.Aug.05

Netconf Protocol: Security Considerations Wes Hardaker &lt;hardaker@tislabs.com&gt; 2004.Aug.05 Netconf Authentication and Access Control There is inherent access control now: The authentication process should result in an entity whose

373 views • 12 slides
Mechanized Proofs for a Recursive Authentication Protocol Lawrence C. Paulson Computer

Mechanized Proofs for a Recursive Authentication Protocol Lawrence C. Paulson Computer

Recursive Authentication Protocol 1 L. C. Paulson Mechanized Proofs for a Recursive Authentication Protocol Lawrence C. Paulson Computer Laboratory University of Cambridge Recursive Authentication Protocol 2 L. C. Paulson Overview of the

363 views • 20 slides
MULTIPLE ACCESS COMMUNICATION PROTOCOL (proposal of a new SnP) SpaceWire networking Protocol

MULTIPLE ACCESS COMMUNICATION PROTOCOL (proposal of a new SnP) SpaceWire networking Protocol

1 Giovanni Saldi saldi.g@laben.it MULTIPLE ACCESS COMMUNICATION PROTOCOL (proposal of a new SnP) SpaceWire networking Protocol Meeting 3 February 15, 2005 NASA GSFC - U.S.A. MACP keywords 2 ECSS-E-50-12 A MACP SnP Physical Network

483 views • 22 slides
Contextual Access and Multi-Factor Authentication Lessons learned on getting past single-factor

Contextual Access and Multi-Factor Authentication Lessons learned on getting past single-factor

Conference 2018 Contextual Access and Multi-Factor Authentication Lessons learned on getting past single-factor authentication! Panelists Corey Scholefield - Team Lead, Identity Services Wendy Blake Director, Network and Technical Services

519 views • 33 slides
A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol developed at MIT as part of Project Athena. Is a shared-secret, trusted third party authentication system. Uses encryption to provide

280 views • 8 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
Access Network Access Network Access network: local loop infrastructure It is the last

Access Network Access Network Access network: local loop infrastructure It is the last

Access network and access service Access Network Access Network Access network: local loop infrastructure It is the last mile of the network Connects the user with the first network POP Can use different technologies

369 views • 11 slides
Review CS 3516 Computer CS 3516 Computer Networks Protocol Home Access Networks What

Review CS 3516 Computer CS 3516 Computer Networks Protocol Home Access Networks What

Protocol What does a network protocol do? Review CS 3516 Computer CS 3516 Computer Networks Protocol Home Access Networks What does a network protocol do? What are some of the main differences between DSL and Cable for home

492 views • 11 slides
1 Creating a network app application transport network data link write programs that

1 Creating a network app application transport network data link write programs that

Last time Mobile network Internet overview Global ISP whats a protocol? network edge, core, access network Home network Regional ISP Regional ISP packet-switching versus k t it hi circuit-switching Internet/ISP

524 views • 20 slides
Bypassing 802.1X In an IPv6 environment Introduction and motivation What is 802.1X? IEEE

Bypassing 802.1X In an IPv6 environment Introduction and motivation What is 802.1X? IEEE

Robert Diepeveen &amp; Ruben de Vries Bypassing 802.1X In an IPv6 environment Introduction and motivation What is 802.1X? IEEE standard Port-based network access protocol Authentication mechanism for devices wishing to attach to

357 views • 17 slides
stateless analysis of a cryptographic protocol emina torlak february 22, 2005 authentication

stateless analysis of a cryptographic protocol emina torlak february 22, 2005 authentication

stateless analysis of a cryptographic protocol emina torlak february 22, 2005 authentication to be nobody-but-yourselfin a world which is doing its best to make you everybody else - e e cummings authentication: verifying the

490 views • 15 slides
Lecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and Network

Lecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and Network

Lecture 4 - Authentication and Access CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors

403 views • 22 slides
Cryptanalysis of a Novel Authentication Protocol Conforming to EPC-C1G2 Standard Pedro

Cryptanalysis of a Novel Authentication Protocol Conforming to EPC-C1G2 Standard Pedro

Cryptanalysis of a Novel Authentication Protocol Conforming to EPC-C1G2 Standard Pedro Peris-Lopez, Julio Cesar Hernandez-Castro, Juan M. Estevez-Tapiador, and Arturo Ribagorda Computer Science Department, Carlos III University of Madrid {

451 views • 12 slides
Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi

Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi Joseph, Computer Division,BARC. Gigi@barc.gov.in Intranet Security Components 1a. Network Authentication Network Admission Control 1b. End

701 views • 38 slides
Albany Medical Center Hospital PPS PAC Meeting July 18, 2016 Meeting Attendance Please email

Albany Medical Center Hospital PPS PAC Meeting July 18, 2016 Meeting Attendance Please email

Albany Medical Center Hospital PPS PAC Meeting July 18, 2016 Meeting Attendance Please email confirmation of your participation in todays meeting to DSRIP@mail.amc.edu Name and Organization is required within 24 hours 2 Agenda

583 views • 19 slides
and How De te r mining Whe the r the GDPR Will Apply to You Visit www.a dvise nltd.c o

and How De te r mining Whe the r the GDPR Will Apply to You Visit www.a dvise nltd.c o

mining Whe the r and How the De te r GDPR Will Apply to You Spo nso re d By: and How De te r mining Whe the r the GDPR Will Apply to You Visit www.a dvise nltd.c o m a t the e nd o f this we b ina r to do wnlo a d: Co

463 views • 13 slides
CHARACTERS AND STRINGS CSSE 120Rose Hulman Institute of Technology Characters and Strings g

CHARACTERS AND STRINGS CSSE 120Rose Hulman Institute of Technology Characters and Strings g

CHARACTERS AND STRINGS CSSE 120Rose Hulman Institute of Technology Characters and Strings g Characters in Python y Just a one-character string Just a one character string &gt;&gt;&gt; myChar = 'C' &gt;&gt;&gt; print myChar p y C

370 views • 15 slides
A trichotomy of rates in supervised learning Amir Yehudayoff (Technion) Olivier Bousquet (Google)

A trichotomy of rates in supervised learning Amir Yehudayoff (Technion) Olivier Bousquet (Google)

A trichotomy of rates in supervised learning Amir Yehudayoff (Technion) Olivier Bousquet (Google) Steve Hanneke (TTIC) Shay Moran (Technion &amp; Google) Ramon van Handel (Princeton) background learning theory PAC learning is standard

503 views • 25 slides
SecLabel: Enhancing RISC-V Platform Security with Labelled Architecture Zhenyu Ning 1,2 , Yinqian

SecLabel: Enhancing RISC-V Platform Security with Labelled Architecture Zhenyu Ning 1,2 , Yinqian

SecLabel: Enhancing RISC-V Platform Security with Labelled Architecture Zhenyu Ning 1,2 , Yinqian Zhang 3 , and Fengwei Zhang 2 1 Wayne State University, 2 Southern University of Science and Technology, 3 The Ohio State University Outline

795 views • 52 slides
L ECTURE 15: Regrade requests: L EARNING T HEORY Send us email, and come and see me next

L ECTURE 15: Regrade requests: L EARNING T HEORY Send us email, and come and see me next

CS446 Introduction to Machine Learning (Fall 2013) Announcements University of Illinois at Urbana-Champaign http://courses.engr.illinois.edu/cs446 Midterm grades are available on Compass. L ECTURE 15: Regrade requests: L EARNING T HEORY Send

612 views • 5 slides
PAC Statistical Model Checking for Markov Decision Processes and Stochastic Games 1 Pranav Ashok,

PAC Statistical Model Checking for Markov Decision Processes and Stochastic Games 1 Pranav Ashok,

PAC Statistical Model Checking for Markov Decision Processes and Stochastic Games 1 Pranav Ashok, Jan K ret nsk y, Maximilian Weininger Technical University of Munich Highlights of Logic, Automata and Games Warsaw, Poland September

503 views • 14 slides
Meeting January 10, 2018 2 Agenda Networking 1. CCB Update: Where Weve Been and Where

Meeting January 10, 2018 2 Agenda Networking 1. CCB Update: Where Weve Been and Where

Project Advisory Committee Meeting January 10, 2018 2 Agenda Networking 1. CCB Update: Where Weve Been and Where Were Headed 2. (Dr. David Cohen, CCB Executive Committee Chair) Keynote Address: Jason Helgerson, New York State

483 views • 15 slides

More recommend