1 / 9

Authentication and Key Agreement

Authentication and Key Agreement. Flexibility in credentials Modern, publically analysed/available cryptographic primitives Freshness guarantees PFS? Mutual authentication Identity hiding for supplicant/end-user No key re-use Fast re-key Fast handoff

calida
Download Presentation

Authentication and Key Agreement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication and Key Agreement • Flexibility in credentials • Modern, publically analysed/available cryptographic primitives • Freshness guarantees • PFS? • Mutual authentication • Identity hiding for supplicant/end-user • No key re-use • Fast re-key • Fast handoff • Efficiency not an overarching concern: • Protocol runs only 1/2^N-1 packets, on average • DOS resistance

  2. Credentials flexibility • Local security policy dictates types of credentials used by end-users • Legacy authentication compatibility extremely important in market • Examples: • username/password • Tokens (SecurID, etc) • X.509 certificates

  3. Algorithms • Algorithms must provide confidentiality and integrity of the authentication and key agreement. • Public-key encryption/signature • RSA • ECC • DSA • PFS support • D-H

  4. Freshness • Most cryptographic primitives require strong random material that is “fresh”. • Not a protocol issue, per se, but a design requirement nonetheless

  5. Mutual Authentication • Both sides of authentication/key agreement must be certain of identity of other party. • Symmetric RSA/DSA schemes (public-keys on both sides) • Asymmetric schemes • Legacy on end-user side • RSA/DSA on authenticator side

  6. Identity hiding • Important to hide end-user identity in some situations (public shared networks, for example). • DISTINCT from hiding MAC address • IPSEC has gone down this road, and has much experience. • Not as easy as it sounds—active attacks make it harder.

  7. Fast rekey/fast handoff • Ability to create fresh keying material without undergoing slow authentication path (requiring username/password again, for example). • In mobile environments, ability to transition without re-doing initial authentication.

  8. Efficiency • CPU efficiency not a serious concern, since this protocol will be used relatively infrequently. • On-the-wire efficiency may be important in low-bandwidth scenarios, but again protocol is not run that often, compared to MACsec.

  9. DOS resistance • Modern key-agreement protocols fertile ground for DOS attacks. • Look to other schemes (IKE, for example) to provide guidance. • No perfect anti-DOS schemes • Increase unpleasantnesss for attacker • Detect and throw away bogosity at the earliest, cheapest point in the protocol.

More Related