Re: [Emu] FW: New Version Notification for draft-aura-eap-noob-04.txt
Hi Shiva, You are making a valid point. I think we need to do some work on analyzing the security threats and requirements regarding the error messages etc. When there is an established key, we might be able to protect the integrity of the error messages that lead to state transitions or prevent one for a longer time. Regards, Tuomas -Original Message- From: Shiva Prasad Thagadur Prakash Sent: Sunday, 4 November, 2018 09:01 To: emu@ietf.org; Aura Tuomas Subject: Re: [Emu] FW: New Version Notification for draft-aura-eap-noob-04.txt Importance: High Hi EMU, In my previous job, I was one of the team members implementing EAP- NOOB. I have now changed employers and work on something completely different (Platform Security). I am following this draft out of personal interest. I appreciate the fact that the authors have taken the time to formally verify the protocol. A paper from as recent as CCS 2018 (October): http s://papers.mathyvanhoef.com/ccs2018.pdf, shows new attacks in the Wi-Fi 4-way handshake protocol and recommends formally modelling 802.11. I would however strongly recommend the authors of this document, and others, to encrypt as many EAP messages as possible. For example, error messages sent in EAP-NOOB are still in plain. Since these messages usually cause one or the other side to change states, they should be protected. 802.11, TLS and other protocols have been taking a similar approach of encrypting as much as possible. As an example, 802.11 now uses protected management frames. Regards Shiva On ke, 2018-10-24 at 17:47 +, Aura Tuomas wrote: > Dear all, > > We have submitted a new version of our draft titled “Nimble out-of- > band authentication for EAP (EAP-NOOB)”: > > https://tools.ietf.org/html/draft-aura-eap-noob-04 > > The draft defines an EAP method where the authentication is based on a > user-assisted out-of-band (OOB) channel between the server and peer. > It is intended as a generic bootstrapping solution for > Internet-of-Things devices which have no pre-configured authentication > credentials and which are not yet registered on the authentication > server. > > What is new in version -04? Since the previous version, we have done > extensive modeling and verification of the protocol and worked to > resolve some discovered issues. We especially looked for denial-of- > service conditions that may arise from dropped messages and other > protocol failures, which both could be caused a network attacker. > Based on this analysis, we have rethought the recovery from dropped > final messages. The error handling still needs some attention. In any > case, the specification is a pretty good shape and ready for anyone to > review. > > The open-source implementation and the mCRL2 formal model are still > based on the previous version but work is ongoing to update them: > https://github.com/tuomaura/eap-noob > > Emu is the working group that closest matches our spec. Thus, we look > forward to your feedback and comments here or in the wg meeting in a > couple of weeks. > > Regards, > Tuomas > > > > -Original Message- > From: internet-dra...@ietf.org > Sent: Monday, 22 October, 2018 20:50 > To: Mohit Sethi ; Aura Tuomas > Subject: New Version Notification for draft-aura-eap-noob-04.txt > > > A new version of I-D, draft-aura-eap-noob-04.txt has been successfully > submitted by Tuomas Aura and posted to the IETF repository. > > Name: draft-aura-eap-noob > Revision: 04 > Title: Nimble out-of-band authentication for EAP (EAP-NOOB) > Document date: 2018-10-22 > Group: Individual Submission > Pages: 58 > URL: https://www.ietf.org/internet-drafts/draft-aura-eap-n > oob-04.txt > Status: https://datatracker.ietf.org/doc/draft-aura-eap-noob/ > Htmlized: https://tools.ietf.org/html/draft-aura-eap-noob-04 > Htmlized: https://datatracker.ietf.org/doc/html/draft-aura-eap- > noob > Diff: https://www.ietf.org/rfcdiff?url2=draft-aura-eap-noob > -04 > > Abstract: > Extensible Authentication Protocol (EAP) provides support for > multiple authentication methods. This document defines the EAP- > NOOB > authentication method for nimble out-of-band (OOB) authentication > and > key derivation. This EAP method is intended for bootstrapping all > kinds of Internet-of-Things (IoT) devices that have a minimal user > interface and no pre-configured authentication credentials. The > method makes use of a user-assisted one-directional OOB channel > between the peer device and authentication server. > > > > > >
Re: [Emu] FW: New Version Notification for draft-aura-eap-noob-04.txt
Hi EMU, In my previous job, I was one of the team members implementing EAP- NOOB. I have now changed employers and work on something completely different (Platform Security). I am following this draft out of personal interest. I appreciate the fact that the authors have taken the time to formally verify the protocol. A paper from as recent as CCS 2018 (October): http s://papers.mathyvanhoef.com/ccs2018.pdf, shows new attacks in the Wi-Fi 4-way handshake protocol and recommends formally modelling 802.11. I would however strongly recommend the authors of this document, and others, to encrypt as many EAP messages as possible. For example, error messages sent in EAP-NOOB are still in plain. Since these messages usually cause one or the other side to change states, they should be protected. 802.11, TLS and other protocols have been taking a similar approach of encrypting as much as possible. As an example, 802.11 now uses protected management frames. Regards Shiva On ke, 2018-10-24 at 17:47 +, Aura Tuomas wrote: > Dear all, > > We have submitted a new version of our draft titled “Nimble out-of- > band authentication for EAP (EAP-NOOB)”: > > https://tools.ietf.org/html/draft-aura-eap-noob-04 > > The draft defines an EAP method where the authentication is based on > a user-assisted out-of-band (OOB) channel between the server and > peer. It is intended as a generic bootstrapping solution for > Internet-of-Things devices which have no pre-configured > authentication credentials and which are not yet registered on the > authentication server. > > What is new in version -04? Since the previous version, we have done > extensive modeling and verification of the protocol and worked to > resolve some discovered issues. We especially looked for denial-of- > service conditions that may arise from dropped messages and other > protocol failures, which both could be caused a network attacker. > Based on this analysis, we have rethought the recovery from dropped > final messages. The error handling still needs some attention. In any > case, the specification is a pretty good shape and ready for anyone > to review. > > The open-source implementation and the mCRL2 formal model are still > based on the previous version but work is ongoing to update them: > https://github.com/tuomaura/eap-noob > > Emu is the working group that closest matches our spec. Thus, we look > forward to your feedback and comments here or in the wg meeting in a > couple of weeks. > > Regards, > Tuomas > > > > -Original Message- > From: internet-dra...@ietf.org > Sent: Monday, 22 October, 2018 20:50 > To: Mohit Sethi ; Aura Tuomas > Subject: New Version Notification for draft-aura-eap-noob-04.txt > > > A new version of I-D, draft-aura-eap-noob-04.txt has been > successfully submitted by Tuomas Aura and posted to the IETF > repository. > > Name: draft-aura-eap-noob > Revision: 04 > Title: Nimble out-of-band authentication for EAP (EAP-NOOB) > Document date: 2018-10-22 > Group: Individual Submission > Pages: 58 > URL: https://www.ietf.org/internet-drafts/draft-aura-eap-n > oob-04.txt > Status: https://datatracker.ietf.org/doc/draft-aura-eap-noob/ > Htmlized: https://tools.ietf.org/html/draft-aura-eap-noob-04 > Htmlized: https://datatracker.ietf.org/doc/html/draft-aura-eap- > noob > Diff: https://www.ietf.org/rfcdiff?url2=draft-aura-eap-noob > -04 > > Abstract: > Extensible Authentication Protocol (EAP) provides support for > multiple authentication methods. This document defines the EAP- > NOOB > authentication method for nimble out-of-band (OOB) authentication > and > key derivation. This EAP method is intended for bootstrapping all > kinds of Internet-of-Things (IoT) devices that have a minimal user > interface and no pre-configured authentication credentials. The > method makes use of a user-assisted one-directional OOB channel > between the peer device and authentication server. > > > > > > Please note that it may take a couple of minutes from the time of > submission until the htmlized version and diff are available at > tools.ietf.org. > > The IETF Secretariat > > ___ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] FW: New Version Notification for draft-aura-eap-noob-04.txt
Dear all, We have submitted a new version of our draft titled "Nimble out-of-band authentication for EAP (EAP-NOOB)": https://tools.ietf.org/html/draft-aura-eap-noob-04 The draft defines an EAP method where the authentication is based on a user-assisted out-of-band (OOB) channel between the server and peer. It is intended as a generic bootstrapping solution for Internet-of-Things devices which have no pre-configured authentication credentials and which are not yet registered on the authentication server. What is new in version -04? Since the previous version, we have done extensive modeling and verification of the protocol and worked to resolve some discovered issues. We especially looked for denial-of-service conditions that may arise from dropped messages and other protocol failures, which both could be caused a network attacker. Based on this analysis, we have rethought the recovery from dropped final messages. The error handling still needs some attention. In any case, the specification is a pretty good shape and ready for anyone to review. The open-source implementation and the mCRL2 formal model are still based on the previous version but work is ongoing to update them: https://github.com/tuomaura/eap-noob Emu is the working group that closest matches our spec. Thus, we look forward to your feedback and comments here or in the wg meeting in a couple of weeks. Regards, Tuomas -Original Message- From: internet-dra...@ietf.org Sent: Monday, 22 October, 2018 20:50 To: Mohit Sethi ; Aura Tuomas Subject: New Version Notification for draft-aura-eap-noob-04.txt A new version of I-D, draft-aura-eap-noob-04.txt has been successfully submitted by Tuomas Aura and posted to the IETF repository. Name: draft-aura-eap-noob Revision: 04 Title: Nimble out-of-band authentication for EAP (EAP-NOOB) Document date: 2018-10-22 Group: Individual Submission Pages: 58 URL:https://www.ietf.org/internet-drafts/draft-aura-eap-noob-04..txt Status: https://datatracker.ietf.org/doc/draft-aura-eap-noob/ Htmlized: https://tools.ietf.org/html/draft-aura-eap-noob-04 Htmlized: https://datatracker.ietf.org/doc/html/draft-aura-eap-noob Diff: https://www.ietf.org/rfcdiff?url2=draft-aura-eap-noob-04 Abstract: Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. This EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have a minimal user interface and no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB channel between the peer device and authentication server. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu