1 / 9

EAP Channel Bindings

Explore how to address deception in AAA communications, secure information exchange post-user authentication, and derive benefits of improved roaming by implementing TLV in EAP within RADIUS protocols. Learn the solution to address lies in NAS communication and ensure data authenticity.

brubio
Download Presentation

EAP Channel Bindings

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EAP Channel Bindings • TF-MNM • Lyon, February 16, 2011 Alan DeKok FreeRADIUS

  2. The problem AAA AAA

  3. It’s all lies • NAS can lie to end user • $0.02 per minute (really $0.10) • Visited provider can lie to home server • They used 10 hours (really 10 min)

  4. Solution • Tell everyone what everyone else said • In a secure fashion

  5. I told the user X The NAS told me X The Solution AAA AAA

  6. How it works • Define a TLV in EAP to transport data • Likely RADIUS • RADIUS inside of EAP inside of TTLS inside of EAP inside of RADIUS • It’s a bit of a miracle that it works at all

  7. Security • Exchange information after user has been authenticated • Using keys derived from the EAP session • Ensures authenticity and integrity of the data

  8. Benefits • Increases the usefulness of roaming • I don’t know who the NAS is, but he’s asking to charge the user $0.02/min, and the user has agreed.

  9. Questions?

More Related