1 / 9

Enhanced Authentication Protocol: Password Authenticated eXchange (PAX)

PAX is designed for handheld devices in wireless environments, providing secure key derivation and server-controlled key management while supporting identity protection. PAX-Auth offers HMAC-based client authentication, while PAX-Update uses a mutually authenticated Diffie-Hellman protocol for key updates. The protocol ensures security under different threat models and cryptographic primitives like HMAC_SHA1_128 and RSA-OAEP-2048 are supported for secure communication.

mcgregor
Download Presentation

Enhanced Authentication Protocol: Password Authenticated eXchange (PAX)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EAP Password Authenticated eXchange (PAX) I-D.clancy-eap-pax-00 T. Charles Clancy William A. Arbaugh {clancy,waa}@cs.umd.edu Department of Computer Science University of Maryland, College Park IETF 60, EAP WG August 4, 2004

  2. PAX Design Goals • Handheld devices in a wireless environment • Minimal complexity in terms of computation, packet count, and infrastructure • Bootstrap secure key derivation using a simple preshared secret (e.g. 4-digit PIN) • Server-controlled key management • Support for identity protection • Provably secure

  3. PAX Overview • PAX-Auth: 1 RT HMAC-based client authentication • Optional server-side certificate provides identity protection • Secure under the Standard model • PAX-Update: 2 RT mutually authenticated Diffie-Hellman protocol • Only used when key update is required • Optional server-side certificate provides identity protection and security against dictionary attacks • Secure under the RO model and DDH problem

  4. PAX-Auth Client Server X, [K, CertK] [EncK] ( Y, IDC, HMACP ( X, Y, IDC ) ) key K, certificate CertK, and public-key encryption EncK optional

  5. PAX-Update Client Server gX, [K, CertK] [EncK] ( gY, IDC, HMACP’ ( gX, IDC ) ) HMACP’ ( gX, gY, IDC ) NULL

  6. Key Derivation • Entropy e = (gXY)OR (X || Y) • P’ = TLS-PRF( P, "Authentication Key", e ) • MK = TLS-PRF( P', "Master Key”, e ) • MSK = TLS-PRF( MK, "Master Session Key", e ) • Secure under the RO model

  7. Cryptographic Primitives • Extensible • Currently supported: • HMAC: HMAC_SHA1_128 • DH: 3072-bit MODP Group [RFC3526] • PubKey: RSA-OAEP-2048

  8. Related Work • EKE, SPEKE, SRP: authentication schemes secure against dictionary attacks; IPR issues • TLS: slow; requires full PKI • PSK: no support for passwords; no key management

  9. Conclusion • PAX goals: • Bootstrap secure key derivation using weak PIN • Identity protection, key management • Looking for: • Community feedback • Method publication • Questions?

More Related