1 / 8

Needham-Schroeder Key Descriptor

This document, presented at the IEEE 802 Plenary Meeting in Kauai, elaborates on the Needham-Schroeder key descriptor as applied within Extensible Authentication Protocol (EAP) methods. It details the unique flow where the supplicant initiates the authentication process, leading to successful credentials delivery to the authenticator. The exchange methodology and the subsequent EAPOL-Key exchange process for Kerberos authentication are discussed, portraying the sequences involved and showcasing sample message flows essential for secure authentication solutions.

dunne
Télécharger la présentation

Needham-Schroeder Key Descriptor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Needham-Schroeder Key Descriptor Robert G. Moskowitz ICSAlabs IEEE 802 Plenary Meeting Kauai, Nov 12, 2002 Needham-Schroeder Key Descriptor

  2. Needham-Schroeder Method AS Supp Credential Request Encrypted Credential Auth’ed Credential Auth Auth’ed ACK Needham-Schroeder Key Descriptor

  3. Needham-Schroeder in an EAP method • Model is the reverse of many EAP methods • The Supplicant drives the authentication • Initial Request might be just a filler record • Needham-Schroeder Request goes into an EAP Response • EAP finishes with the Supplicant having the credential for the Authenticator • But Needham-Schroeder exchange is not complete • Supplicant needs a methodology to deliver the credential to the Authenticator Needham-Schroeder Key Descriptor

  4. Needham-Schroeder in an EAP method • Authenticator needs a methodology to reply to the supplicant • After which, the authentication is Successful, i.e. the EAP method is Successful • This can best be performed in an EAPOL-Key Exchange Needham-Schroeder Key Descriptor

  5. 802.1x/EAP Exchange • The 802.1x/EAP flow for Kerberos might be • AUTH: EAP Ident REQ • SUPP: EAP Ident REP • AS: EAP REQ -- Kerberos • SUPP: EAP REP -- KRB_AS_REQ • AS: EAP REQ -- KRB_AS_REP • SUPP: EAPOL-Key -- KRB_AP_REQ • AUTH: EAPOL-Key -- KRB_AP_REP • SUPP: EAP REP -- Finished • AS: RADIUS Accept • AUTH: EAP Success Needham-Schroeder Key Descriptor

  6. 802.1x/EAP Reconnect Exchange • The 802.1x/EAP flow for Kerberos might be • AUTH: EAP Ident REQ • SUPP: EAP Ident REP • AS: EAP REQ -- Kerberos • SUPP: EAPOL-Key -- KRB_AP_REQ • AUTH: EAPOL-Key -- KRB_AP_REP • SUPP: EAP REP -- Finished • AS: RADIUS Accept • AUTH: EAP Success Needham-Schroeder Key Descriptor

  7. EAPOL-Key Format Octet Number 1 1 2-3 4-N Descriptor Type (7.6.1) EAP Type Length Needham-Schroeder Body Needham-Schroeder Key Descriptor

  8. Samples of Needham-Schroeder Body • KRB_AP_REQ (RFC 1510) • KRB_AP_REP (RFC 1510) Needham-Schroeder Key Descriptor

More Related