Internet Engineering Task Force M. Badra
LIMOS Laboratory
Expires: July 2007 January 23, 2007
EAP Peer Credential Protection
<draft-badra-eap-peer-credential-protection-00.txt>
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 2, 2007.
Copyright Notice
Copyright (C) The Internet Society (2007). All Rights Reserved.
Abstract
Actual EAP methods provide authentication services based on the use
of certificates, secret keys or passwords. These methods, excepting
the tunneling ones, exchange peer identity in clear text. Moreover,
some of these methods do not enable the ability to exchange channel
binding information. They do not, however, define a common encoding
of the credential protection or of the channel binding or of. This
document defines AVPs to securely exchange data related to the peer
identity, when an EAP method deriving keys is deployed.
Badra Expires July 2007 [Page 1]
Internet-draft EAP Peer Credential Protection January 2007
1 Introduction
It is required that EAP methods deriving keys provides for mutual
authentication between the EAP peer and the EAP server. Peer
authentication requires exchanging data related to their identity.
Even though EAP tunneled authentication protocols protect such data,
existing widely deployed EAP methods such as EAP-TLS are not able to
protect data related to the peer identity.
Actual EAP methods provide authentication services based on the use
of certificates, secret keys or passwords. Except EAP tunneled
authentication protocols, these methods exchange peer identity in
clear text.
According to RFC 3748, EAP methods SHOULD have the ability to derive
exportable keying material. This document defines a set of AVPs
transporting identity related data, and securely exchanges them
using the derived key.
Attribute-value pairs (AVPs) provide a way to exchange arbitrary
information between peer and EAP server within a secure channel.
This document defines two AVPs (AVP Code TBS): AVP Identity-
Protection-Certificate and AVP Identity-Protection-Sharedkey to
carry data related to the peer identity. It is defined as following:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AVP Code (TBS) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AVP Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Data field of each AVP in the format is described in Section 2.
1.2 Requirements language
The key words "MUST", "MUST NOT" and "MAY" in this document are to
be interpreted as described in RFC-2119.
2 EAP methods with authentication based on certificates
For EAP methods requiring authentication based on certificates (e.g.
EAP-TLS) initially establishes a server authentication and then
exchanges an AVP of type Identity-Protection-Certificate carrying
data related to the peer identity, as long as an evidence proving
Badra Expires July 2007 [Page 2]
Internet-draft EAP Peer Credential Protection January 2007
the identity of the peer that holds the certificate and the
corresponding private key.
The evidence used here is the same defined by the security protocol
itself (e.g. IKE2, TLS, etc.).
2.1 AVP Data field: case EAP-TLS
In the case of EAP-TLS, the peer sends the AVP Identity-Protection-
Certificate once the TLS Handshake is complete. The AVP data content
is the same of the TLS certificate verify message that defined in
RFC 2246. The AVP MUST be sent immediately after exchanging the TLS
finished messages.
The server that sends the TLS certificate request message MAY deny
the peer access in the case where the peer does not transmit an AVP
carrying a valid certificate.
The following sequence illustrates the operation of the EAP-TLS
protocol with AVP Identity-Protection-Certificate.
Peer Authenticator
| |
| PPP EAP-Request/ |
| EAP-Type=EAP-TLS |
| (TLS Start) |
|<-----------------------------------------------------|
| |
| PPP EAP-Response/ |
| EAP-Type=EAP-TLS |
| (TLS client_hello) |
|----------------------------------------------------->|
| |
| PPP EAP-Request/ |
| EAP-Type=EAP-TLS |
| (TLS server_hello |
| TLS certificate, |
| [TLS server_key_exchange,] |
| [TLS certificate_request,] |
| TLS server_hello_done) |
|<-----------------------------------------------------|
| |
| PPP EAP-Response/ |
| EAP-Type=EAP-TLS |
| (TLS client_key_exchange, |
| TLS change_cipher_spec, |
| TLS finished) |
|----------------------------------------------------->|
Badra Expires July 2007 [Page 3]
Internet-draft EAP Peer Credential Protection January 2007
| |
| PPP EAP-Request/ |
| EAP-Type=EAP-TLS |
| (TLS change_cipher_spec, |
| TLS finished) |
|<-----------------------------------------------------|
| |
| PPP EAP-Response/ |
| EAP-Type=EAP-TLS |
| (AVP |
| [TLS certificate, |
| TLS certificate_verify]) |
|----------------------------------------------------->|
| |
| PPP EAP-Success |
|<-----------------------------------------------------|
2 EAP methods with authentication based on shared keys
Many EAP methods use shared key and passwords to establish a mutual
authentication as long as to derive material keys. A set of these
methods, such as EAP-AKA and EAP-SIM uses pseudonym approach
allowing the peer to use a fresh identity/key if the peers wish to
avoid having their identity unprotected.
Two cases MAY be takes with pseudonym management:
1- centralised authentication server
2- decentralised authentication server.
This document does not consider the decentralised authentication
server case, due to existing deployment reasons.
The pseudonym management in this document consists of sharing two
identities with two shared key; the first is permanent and the
second is ephemeral.
When an EAP method based on shared key is deployed, the peer will
use the ephemeral identity during the authentication phase.
If the server does not recognise the peer ephemeral identity, both
the peer and the server reuse the permanent identity.
At the end of the EAP method exchange, the server will send to the
peer an AVP Identity-Protection-Sharedkey carrying a new identity
and a new shared key. Thus, EAP methods implementing the AVP defined
by this document MUST replace the ephemeral identity with the
identity transmitted by the server.
Badra Expires July 2007 [Page 4]
Internet-draft EAP Peer Credential Protection January 2007
The following exchanges show where the server does not recognises
the peer ephemeral identity:
Peer Authenticator
| |
| PPP EAP-Request/ |
| EAP-Type=XXX |
| (XXX massages) |
|<---------------------------------------------------------|
| |
| PPP EAP-Response/ |
| EAP-Type=XXX |
| (XXX messages
| Ephemeral ID) |
|--------------------------------------------------------->|
| |
| PPP EAP-Request/ |
| EAP-Type=XXX |
| (XXX massages |
| Alert: Unrecognized ID) |
|<---------------------------------------------------------|
| |
| (XXX messages |
| Permanent ID) |
|--------------------------------------------------------->|
| |
| .. sequence of EAP-Request/Response with EAP-Type=XXX .. |
|<-------------------------------------------------------->|
| |
| PPP EAP-Request/ |
| EAP-Type=XXX |
| (XXX massages |
| (AVP |
| [Ephemeral ID, |
| shared key]) |
|<---------------------------------------------------------|
| |
| PPP EAP-Response/ |
| EAP-Type=XXX |
|--------------------------------------------------------->|
| |
| PPP EAP-Success |
|<---------------------------------------------------------|
Badra Expires July 2007 [Page 5]
Internet-draft EAP Peer Credential Protection January 2007
The following exchanges show where the server recognises the peer
ephemeral identity:
Peer Authenticator
| |
| PPP EAP-Request/ |
| EAP-Type=XXX |
| (XXX massages) |
|<---------------------------------------------------------|
| |
| PPP EAP-Response/ |
| EAP-Type=XXX |
| (XXX messages
| Ephemeral ID) |
|--------------------------------------------------------->|
| |
| .. sequence of EAP-Request/Response with EAP-Type=XXX .. |
|<-------------------------------------------------------->|
| |
| PPP EAP-Request/ |
| EAP-Type=XXX |
| (XXX massages |
| (AVP |
| [Ephemeral ID, |
| shared key]) |
|<---------------------------------------------------------|
| |
| PPP EAP-Response/ |
| EAP-Type=XXX |
|--------------------------------------------------------->|
| |
| PPP EAP-Success |
|<---------------------------------------------------------|
7 Security Considerations
The security considerations described throughout [TLS] and [EAPTLS]
apply here as well.
References
[TLS] Dierks, T. and C. Allen "The TLS Protocol Version 1.0",
RFC 2246, January 1999.
[EAP] Aboba, B., et. al., "PPP Extensible Authentication
Protocol EAP)", RFC 3748, June 2004.
[EAPTLS] Aboba, B., and D., Simon, "PPP EAP TLS Authentication
Protocol", RFC 2716, October 1999.
Badra Expires July 2007 [Page 6]
Internet-draft EAP Peer Credential Protection January 2007
Author's Addresses
Mohamad Badra
LIMOS Laboratory - UMR (6158), CNRS
France Email: badra@isima.fr
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology described
in this document or the extent to which any license under such
rights might or might not be available; nor does it represent that
it has made any independent effort to identify any such rights.
Information on the IETF's procedures with respect to rights in IETF
Documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2007). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Badra Expires July 2007 [Page 7]
Internet-draft EAP Peer Credential Protection January 2007
Funding for the RFC Editor function is currently provided by the
Internet Society.
Badra Expires July 2007 [Page 8]