80 likes | 228 Views
EAP-POTP. Magnus Nyström, RSA Security OTPS Workshop, October 2005. Overview. EAP-POTP General EAP method for OTP tokens Provides mutual authentication Generates keying material Does not rely on tunnelling (provides privacy for OTP values) Enables fast session resumption EAP-POTP
E N D
EAP-POTP Magnus Nyström, RSA Security OTPS Workshop, October 2005
Overview • EAP-POTP • General EAP method for OTP tokens • Provides mutual authentication • Generates keying material • Does not rely on tunnelling (provides privacy for OTP values) • Enables fast session resumption • EAP-POTP • Complements EAP-PEAP, EAP-TTLS, and EAP-FAST • May be used as a better alternative for an “inner” EAP method than EAP-GTC, PAP, CHAP, etc
Characteristics • Built on the principle of TLVs • 14 TLVs defined: Version, Server-Info, Resume, OTP, Confirm, Vendor-Specific, Counter, Time Stamp, Keep Alive, Token Serial, User Identifier, NAK, New PIN, Protected • Protected TLV added in draft 4, offers complete privacy and integrity protection after key establishment • The method is profiled for RSA SecurID – EAP-POTP RSA SecurID (EAP method 32) • Profiles for other OTP algorithms expected and desired • May be used as a framework within a framework • EAP is framework for many authentication mechanisms • POTP is framework for OTP-based mechanisms within EAP
EAP-Request/Identity EAP-Response/Identity Radius-Access-Request Radius-Access-Challenge EAP-Request/OTP Server Info TLV OTP TLV EAP-Response/OTP User Identifier TLV OTP TLV Radius-Access-Request Radius-Access-Challenge Principles of Operation EAP RADIUS Calculate keys, Calculate MAC Calculate keys, Verify MAC, Calculate new MAC
EAP-Request/OTP Confirm TLV EAP-Response/OTP Confirm TLV Radius-Access-Request Radius-Access-Accept EAP-Success Start of encrypted and mutually authenticated session Principles of Operation, Continued EAP RADIUS Verify MAC
Recent Modifications • Draft 3, published July 6 • Slightly modified method to calculate MACs - excluding common EAP header fields "Code", "Identifier" and "Length" • New 'A' bit in OTP TLV to signal request for OTP after accepting new PIN • Session resumption also for basic mode • Draft 4, published October 14 • Added Protected TLV, leveraging established keys • Added explicit IV when sending encrypted pepper • Use of EMSK in session resumption • Protocol version stepped up (0 1) • Various clarifications and corrections • Includes a new section on error handling and result indications
For Discussion • Agreement on current design, content • Protected TLV OK? Use of EMSK? • New profiles for other OTP algorithms can be added later on • Registration of EAP Method Type, reference to EAP-POTP • Proposed schedule • Produce another revision about a month from this workshop • Could potentially be final draft, pending discussions • Publish Version 1.0 about two weeks after publication of final draft
Next steps • Agreement and stabilization of document content • Publication of draft 3 (IETF I-D -02) • Ask for IETF last-call subsequent to that?