110 likes | 130 Views
EAP Generalized PSK (GPSK) draft-clancy-eap-gpsk-01.txt. Editors: C. Clancy, H. Tschofenig EMU WG, IETF 67, Montreal. Design Team. o Jari Arkko o Mohamad Badra o Uri Blumenthal o T. Charles Clancy o Lakshminath Dondeti o David McGrew o Joe Salowey
E N D
EAP Generalized PSK (GPSK)draft-clancy-eap-gpsk-01.txt Editors: C. Clancy, H. Tschofenig EMU WG, IETF 67, Montreal
Design Team o Jari Arkko o Mohamad Badra o Uri Blumenthal o T. Charles Clancy o Lakshminath Dondeti o David McGrew o Joe Salowey o Sharma Suman o Hannes Tschofenig o Jesse Walker
Design Goals • Simple (fast) authentication based on a pre-shared symmetric key • Design constraints: • No public-key operations • Two round trips • No fragmentation • Try to support as many features as possible given those constraints
Base Protocol Client Server ID_Server, RAND_Server, CSuite_List SEC_SK( ID_Client, ID_Server, RAND_Client, RAND_Server, CSuite_List, CSuite_Sel [ ENC_PK(PD_Payload_1) ] ) SEC_SK( RAND_Client, RAND_Server, CSuite_Sel [ ENC_PK(PD_Payload_2) ] ) SEC_SK( [ ENC_PK(PD_Payload_3) ] ) Note: SEC_K(X) = X || MAC_K(X)
Base Protocol • Simple MAC-based mutual authentication • Supports extensibility through the use of encrypted Extended Data Fields (EDF) • Possible EDF applications: • Channel binding • Protected results indication • Identity protection • EDFs MUST not add round trips or cause packet size to exceed the EAP MTU
Ciphersuites • Specified as 6-octet field consisting of vendor OID (0x000000=IETF) and 3-octet ciphersuite specifier • Server sends client a list of supported ciphersuites and client selects one from the list • Ciphersuites with NULL encryption provide only integrity and not confidentiality
Key Derivation Function (KDF) • Based on the IEEE 802.11i KDF • Iterated MAC of input key Y and entropy Z • Outputs X octets of keying material GKDF-X (Y, Z) { M_0 = ""; result = ""; for i=1 to (floor( X / MACsize ) + 1) { M_i = MAC_Y (M_{i-1} || Z || i || X); result = results || M_i; } return truncate (result, X); }
Key Derivation Hierarchy PSK Entropy, Identifiers KDF MK KDF MSK EMSK SK PK
Implementation • Jouni Malinen produced a first implementation: http://hostap.epitest.fi/releases/snapshots/
Open Issues • See http://www.tschofenig.com:8080/eap-gpsk/index • Error Handling • Identities in KDF • KDFData • Channel Binding • protected results indiciation
Next Steps • Seeking approval from EMU WG to make it a WG item • Move forward with full WG participation