| Issue: AAA server assumptions | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Sun, 19 Nov 2006 22:45:54 -0800 (PST) | |
Issue: AAA server assumptions
Submitter name: Russ Housley
Submitter email address: rhousley [at] vigilsec.com
Date Submitted: November 17, 2006
Reference:
Document: KEYING-15
Comment type: Technical
Priority: S
Section: 1.5
Rationale/Explanation of issue:
The security goals section does not capture an important assumption about the AAA server that is required for the major security goal (fresh session keys known only to the peer and authenticator) to be achieved.
The AAA server is a trusted entity. When keying material is present at all, it establishes keying material with the peer and distributes keying material to the authenticator using the AAA protocol. It is trusted to only distribute keying material to the authenticator that was established with the peer, and it is
trusted to provide that keying material to no other parties. In many systems, keying material established by the EAP peer and EAP server are combined with publicly available data to derive other keys. The AAA server is trusted to refrain from deriving these same keys even though it has access to the secret values that are needed to do so. The authenticator is also a trusted party. It is trusted not to provide keying material it obtains from the AAA server to any other parties.
"The backend authentication server is a trusted entity. Where the authenticator operates in pass-through mode and an EAP method supporting key generation is used, the EAP server establishes keying material with the peer and the backend authentication server distributes keying material to the authenticator using the AAA protocol. The backend authentication server is trusted to only distribute keying material to the authenticator that was established with the peer, and it is trusted to provide that keying material to no other parties. In many systems, keying material established by the EAP peer and EAP server are combined with publicly available data to derive other keys. The backend authentication server is trusted to refrain from deriving these same keys or acting as a man-in-the-middle even though it has access to the secret values that are needed to do so. The authenticator is also a trusted party. It is trusted not to provide keying material it obtains from the backend authentication server to any other parties."
Submitter name: Russ Housley
Submitter email address: rhousley [at] vigilsec.com
Date Submitted: November 17, 2006
Reference:
Document: KEYING-15
Comment type: Technical
Priority: S
Section: 1.5
Rationale/Explanation of issue:
The security goals section does not capture an important assumption about the AAA server that is required for the major security goal (fresh session keys known only to the peer and authenticator) to be achieved.
The AAA server is a trusted entity. When keying material is present at all, it establishes keying material with the peer and distributes keying material to the authenticator using the AAA protocol. It is trusted to only distribute keying material to the authenticator that was established with the peer, and it is
trusted to provide that keying material to no other parties. In many systems, keying material established by the EAP peer and EAP server are combined with publicly available data to derive other keys. The AAA server is trusted to refrain from deriving these same keys even though it has access to the secret values that are needed to do so. The authenticator is also a trusted party. It is trusted not to provide keying material it obtains from the AAA server to any other parties.
Proposed resolution:
Add the following text to Section 1.5, after the first paragraph:
"The backend authentication server is a trusted entity. Where the authenticator operates in pass-through mode and an EAP method supporting key generation is used, the EAP server establishes keying material with the peer and the backend authentication server distributes keying material to the authenticator using the AAA protocol. The backend authentication server is trusted to only distribute keying material to the authenticator that was established with the peer, and it is trusted to provide that keying material to no other parties. In many systems, keying material established by the EAP peer and EAP server are combined with publicly available data to derive other keys. The backend authentication server is trusted to refrain from deriving these same keys or acting as a man-in-the-middle even though it has access to the secret values that are needed to do so. The authenticator is also a trusted party. It is trusted not to provide keying material it obtains from the backend authentication server to any other parties."
-
Issue: AAA server assumptions Bernard Aboba, November 19 2006
-
Re: Issue: AAA server assumptions Charles Clancy, November 20 2006
- Re: Issue: AAA server assumptions Bernard Aboba, November 22 2006
- Re: Issue: AAA server assumptions Bernard Aboba, November 22 2006
-
Re: Issue: AAA server assumptions Charles Clancy, November 20 2006
Results generated by Tiger Technologies using MHonArc.