1 / 8

Needham-Schroeder Key Descriptor

This presentation discusses the Needham-Schroeder Key Descriptor as applied in EAP methods, focusing on its implementation during credential requests and authentication processes. The model emphasizes the supplicant's role in driving authentication, contrasting it with traditional EAP flows. The Needham-Schroeder exchange requires additional methodologies for credential delivery to ensure successful authentication. Detailed flow sequences for Kerberos and re-establishing connections are outlined, providing a clear view of how the Needham-Schroeder protocol enhances security in 802.1x/EAP frameworks.

bronwen-lewis
Télécharger la présentation

Needham-Schroeder Key Descriptor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Needham-Schroeder Key Descriptor Robert G. Moskowitz ICSAlabs IEEE 802 Plenary Meeting Kauai, Nov 12, 2002 Needham-Schroeder Key Descriptor

  2. Needham-Schroeder Method AS Supp Credential Request Encrypted Credential Auth’ed Credential Auth Auth’ed ACK Needham-Schroeder Key Descriptor

  3. Needham-Schroeder in an EAP method • Model is the reverse of many EAP methods • The Supplicant drives the authentication • Initial Request might be just a filler record • Needham-Schroeder Request goes into an EAP Response • EAP finishes with the Supplicant having the credential for the Authenticator • But Needham-Schroeder exchange is not complete • Supplicant needs a methodology to deliver the credential to the Authenticator Needham-Schroeder Key Descriptor

  4. Needham-Schroeder in an EAP method • Authenticator needs a methodology to reply to the supplicant • After which, the authentication is Successful, i.e. the EAP method is Successful • This can best be performed in an EAPOL-Key Exchange Needham-Schroeder Key Descriptor

  5. 802.1x/EAP Exchange • The 802.1x/EAP flow for Kerberos might be • AUTH: EAP Ident REQ • SUPP: EAP Ident REP • AS: EAP REQ -- Kerberos • SUPP: EAP REP -- KRB_AS_REQ • AS: EAP REQ -- KRB_AS_REP • SUPP: EAPOL-Key -- KRB_AP_REQ • AUTH: EAPOL-Key -- KRB_AP_REP • SUPP: EAP REP -- Finished • AS: RADIUS Accept • AUTH: EAP Success Needham-Schroeder Key Descriptor

  6. 802.1x/EAP Reconnect Exchange • The 802.1x/EAP flow for Kerberos might be • AUTH: EAP Ident REQ • SUPP: EAP Ident REP • AS: EAP REQ -- Kerberos • SUPP: EAPOL-Key -- KRB_AP_REQ • AUTH: EAPOL-Key -- KRB_AP_REP • SUPP: EAP REP -- Finished • AS: RADIUS Accept • AUTH: EAP Success Needham-Schroeder Key Descriptor

  7. EAPOL-Key Format Octet Number 1 1 2-3 4-N Descriptor Type (7.6.1) EAP Type Length Needham-Schroeder Body Needham-Schroeder Key Descriptor

  8. Samples of Needham-Schroeder Body • KRB_AP_REQ (RFC 1510) • KRB_AP_REP (RFC 1510) Needham-Schroeder Key Descriptor

More Related