INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 Internet Draft Florent Bersani File: draft-bersani-eap-sharedkeymethods- France Telecom R&D doctemplate-00.txt Expires: August 2004 March 2004 EAP shared key methods documentation template Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This document proposes a template for authors of EAP methods that rely on shared keys, to document their work. Since EAP methods have proliferated but only 4 are currently standardized and since no simple shared key EAP method seems to be widely available to replace EAP-MD5 that has been deprecated for security reasons, this template is the first step towards standardizing such an EAP method. This document is indeed intended to help gather information on the existing related work before requesting that a new work item be opened at IETF to standardize a replacement for EAP-MD5. Bersani Expires – September 2004 [Page 1] INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 Table of Contents 1. Introduction..................................................3 1.1 Terminology................................................3 2. Documenting an EAP shared key method..........................4 2.1 Name of the method.........................................4 2.1.1 Full Name...........................................4 2.1.2 Short Name..........................................4 2.2 Authors of the method......................................4 2.3 Documents describing the method............................4 2.3.1 Latest documents....................................4 2.3.2 Old documents.......................................4 2.3.3 Other documents.....................................4 2.4 Status of the method.......................................5 2.4.1 Current status......................................5 2.4.2 Next steps..........................................5 2.5 IPR related to the method..................................5 2.6 Special infrastructure typically required by the method....5 2.7 Implementation availability................................5 2.7.1 Has the method been implemented?....................5 2.7.2 The different implementations available.............6 2.7.3 Has the method's implementation been field tested?..6 2.8 Security of the method.....................................6 2.8.1 The different cryptographic primitives used by the method....................................................6 2.8.2 Compliance to [EAPbis] and [IEEE 802REQ] security requirements..............................................6 2.8.3 Formal proofs backing up the security of the method.7 2.9 General properties of the method...........................7 2.9.1 Is the method up to date with the recent EAP WG documents?................................................7 2.9.2 Specific design goals for the method................7 2.9.3 Specific features of the method.....................7 2.10 IANA status of the method.................................7 3. IANA considerations...........................................8 4. Security considerations.......................................8 5. Acknowledgements..............................................8 6. References....................................................8 7. Authors' Addresses............................................9 8. Full Copyright Statement......................................9 Bersani Expires – September 2004 [Page 2] INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 1. Introduction At IETF 59, the EAP WG chairs gave a presentation on the status of the different EAP methods, see [EAPMETHSTAT]. This document agrees with the conclusion of this presentation: there are too many undocumented or non-standardized EAP methods. It especially acknowledges the lack of the most basic shared key EAP method that could replace EAP-MD5 that has been deprecated for security reasons, see [EAPbis]. This document is an attempt to remedy this situation. It is indeed intended to help gather information on existing work that has been done on EAP shared key methods. The compilation of this information will both serve as a motivation to request that a new work item be opened at IETF to draft a standard shared key method and as a way to set up a design team comprised of people willing to help draft such a method (possibly including authors of former shared key EAP methods). This document is a template that needs to be filled in. Readers who feel that they have proposed a shared key EAP method are kindly requested to do so and send their input by e-mail to the author of this document at the address indicated in section 7. 1.1 Terminology Shared key : A shared key is a cryptographic key in the symmetric setting (see [HAC]). It is merely a sequence of binary digits of given length that should have been chosen at random. A shared key is sometimes referred to as a pre- shared key to emphasize that is derived by some out-of-band mechanism and that both parties already share the key before starting to communicate. Special infrastructure: By special infrastructure, this document means any additional infrastructure to the basic EAP infrastructure comprised of a standalone EAP peer and a standalone EAP server. For example, the GSM Authentication center which is typically (but not necessarily) required by [EAP-SIM] is considered to be special infrastructure, as well as the token cards possibly used by, for instance, [SecurID-EAP]. Bersani Expires – September 2004 [Page 3] INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 2. Documenting an EAP shared key method 2.1 Name of the method 2.1.1 Full Name Please state below the full name of the method, e.g. for EAP-PSK (see [EAP-PSK]): EAP Pre-Shared Key 2.1.2 Short Name Please state below the short name of the method, e.g. for EAP-PSK: EAP PSK 2.2 Authors of the method Please state below the name and contact information of the authors of your method, e.g., for EAP-PSK: Florent Bersani France Telecom R&D 38, rue du General Leclerc 92794 Issy Les Moulineaux Cedex 9 France florent.bersani@francetelecom.com 2.3 Documents describing the method If the readers filling in this template could send all the documents they mention below attached with their answer (in addition to the pointers they may provide), this would be most appreciated. 2.3.1 Latest documents Please reference below the latest versions of the documents describing the method and a way to get them, e.g. for EAP-PSK draft-bersani-eap-psk-01.txt available at the following URL: http://eappsk.chez.tiscali.fr/draft-bersani-eap-psk-01.txt 2.3.2 Old documents Please reference below the old versions of the documents describing the method and a way to get them, e.g. for EAP-PSK draft-bersani-eap-psk-00.txt available at the following URL: http://eappsk.chez.tiscali.fr/draft-bersani-eap-psk-00.txt 2.3.3 Other documents Bersani Expires – September 2004 [Page 4] INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 Please reference below any other document that you think to be useful for the understanding of your method, e.g. for EAP-PSK: "EAP-PSK: a simple symmetric key EAP method", Bersani F., presentation made at IETF 59, available at the following URL: http://www.arkko.com/publications/eap/ietf-59/ietf59_eap_psk.pdf 2.4 Status of the method 2.4.1 Current status Please state below the current status of your method (stable, work in progress, not maintained any more), e.g. for EAP-PSK: work in progress. 2.4.2 Next steps Please state below the intended next steps about your method, e.g. for EAP-PSK, progress towards a stable version and merge to/replace with a standard shared key EAP method 2.5 IPR related to the method Please state below any patent pending or already granted that you are aware of relating to your method (precision would be nice but you can of course merely state that there some patents - pending or not - related to your method), e.g. for EAP-PSK, to the best of its author's knowledge, it is free of any IPR claims 2.6 Special infrastructure typically required by the method Please state below any special infrastructure that would be typically be required for your method to work properly, e.g. for EAP-PSK, no special infrastructure is required whereas for EAP-SIM the GSM infrastructure is typically required or for EAP-GTC (see [EAPbis]), a token card is typically required. 2.7 Implementation availability 2.7.1 Has the method been implemented? Please state below if you have implemented or knows somebody who has implemented your method, e.g. for EAP-PSK, it has not (yet) been implemented. If your method has not been implemented or if future work is scheduled for some reason, please state below your plans or plans you are aware of regarding its implementation in the future, e.g. for EAP-PSK, it is currently being implemented by Florent Bersani (see Bersani Expires – September 2004 [Page 5] INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 contact address at the author of the method section) and the implementation should be released by IETF 60. 2.7.2 The different implementations available Please state below the different implementations of your method you are aware of, the platforms corresponding to these implementations and the software license status of these implementations, e.g. for EAP-PSK, no implementation is currently available. If there is work scheduled regarding the implementation of your method that you are aware of, please state below, the different implementations of your method that are planned, the platforms corresponding to these implementations and the software license status of these implementations, e.g. for EAP-PSK, a peer implementation under Windows XP using Microsoft SDK is planned as well as a server implementation for Freeradius. Both implementations will be released as open source (probably under a GNU GPL license). 2.7.3 Has the method's implementation been field tested? Please state below if you have been aware of any field test/deployment of your method and please describe briefly these tests/deployments (size, duration, results, etc.), e.g. for EAP-PSK, there hasn't been any field test/deployment. Please state below if you are aware of any future field test/deployment of your method and please describe briefly these tests/deployments (size, duration, points to be tested, etc.), e.g. for EAP-PSK, there is a field deployment planned Q3 2004 for approximately 500 hundred users during a trimester and since this will be the first deployment, the tests will focus on user experience, bandwidth and processing power consumption, unknown bugs, etc., 2.8 Security of the method 2.8.1 The different cryptographic primitives used by the method Please state below the different cryptographic primitives used by your method (block cipher, stream cipher, hash function), e.g. for EAP-PSK, AES-128 is the sole cryptographic primitive that is used. 2.8.2 Compliance to [EAPbis] and [IEEE 802REQ] security requirements Please state below the compliance status of your method regarding the security requirements expressed in [EAPbis] and [IEEE 802REQ] (complies, intends to comply, does not comply), e.g. for EAP-PSK, it complies to both documents and intends to comply as they evolve. Bersani Expires – September 2004 [Page 6] INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 2.8.3 Formal proofs backing up the security of the method Please state below if the security techniques used in your method are backed up by formal security proofs and if so, please provide pointers to these proofs, e.g. for EAP-PSK the authentication is backed by a security proof ([EAKD]) as well as the key derivation ([SOBMO]) and the protected channel part ([EAX])- however it should be clear that expert review is needed to assess if indeed the security proofs aforementioned apply to EAP-PSK, if the interfaces between the different parts do not introduce any new vulnerability and if no major security property is outside the coverage of the security proofs. 2.9 General properties of the method 2.9.1 Is the method up to date with the recent EAP WG documents? Please state below if your method is up to date (features, terminology, ...) with the recent EAP WG documents ([EAPbis] and [EKMF]), e.g. EAP-PSK was up to date with these documents in the beginning of February 2004. 2.9.2 Specific design goals for the method Please state below the different design goals that were considered while drafting your method, e.g. for EAP-PSK, design goals were: o Simplicity: It should be easy to implement and to deploy without any pre-existing infrastructure. o Wide applicability: It should be possible to use this method to authenticate over any network. In particular, it should be suitable for [IEEE 802.11] wireless LANs and comply to [IEEE 802REQ] o Security: It should be conservative in its cryptographic design and enjoy security proofs o Extensibility: It should be possible to add to this method the required extensions as their need appears o Patent-avoidance: It should be free of any Intellectual Property Right claims 2.9.3 Specific features of the method Please state below the specific features of your method you would like to highlight, e.g. for EAP-PSK, it provides a protected channel after a successful authentication for the server and the peer to communicate over. 2.10 IANA status of the method Bersani Expires – September 2004 [Page 7] INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 Please state below if your method has been allocated a PPP EAP type by IANA and if so, please state that number. 3. IANA considerations This document does not introduce any new IANA consideration. 4. Security considerations This document does not introduce any new security issue for the Internet. 5. Acknowledgements Many thanks to Laurent Butti, Aurelien Magniez and Olivier Charles for their feedback on this draft. Many thanks to the EAP WG chairs, Jari Arkko and Bernard Aboba, for motivating me to do this work. 6. References [EAKD] Bellare, M, and P. Rogaway, "Entity Authentication and Key Distribution", CRYPTO 93, LNCS 773, pp232-249, Springer-Verlag, Berlin, 1994. [EAPbis] Blunk, L. et al., "Extensible Authentication Protocol (EAP)", Internet-Draft (work in progress), February 2004, http://ietf.levkowetz.com/drafts/eap/rfc2284bis/ draft-ietf-eap-rfc2284bis-09.txt [EAPMETHSTAT] Arkko, J. and Aboba, B., "EAP WG Methods update", http://www.arkko.com/publications/eap/ietf- 59/ietf59_eap_methstatus.ppt [EAP-PSK] Bersani, F., "The EAP-PSK protocol", Internet-Draft (work in progress), February 2004, draft-bersani-eap-psk-01.txt [EAP-SIM] Haverinen, H. Salowey, J., "EAP SIM Authentication", Internet-Draft (work in progress),October 2003, draft- haverinen-pppext-eap-sim-12.txt [EAX] Bellare, M. et al., "The EAX mode of operation", January 2004, http://www.cs.ucsd.edu/users/mihir/papers/eax.pdf [EKMF] Aboba, B. et al., "EAP Key Management Framework", Internet-Draft (work in progress), October 2003, draft- ietf-eap-keying-01.txt Bersani Expires – September 2004 [Page 8] INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 [HAC] Menezes, A. et al., “Handbook of Applied Cryptography”, CRC Press, 1996. [IEEE 802REQ] Stanley, Dorothy et al., “EAP Method Requirements for Wireless LANs”, Internet-Draft (work in progress), January 2004, draft-walker-ieee802-req-00.txt [IEEE 802.11] Institute of Electrical and Electronics Engineers, "Information Technology - Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Network - Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications", IEEE Standard 802.11 [SecurID-EAP] Josefsson S., "The EAP SecurID(r) Mechanism", Internet- Draft (work in progress), February 2002, draft-josefsson-eap-securid [SOBMMO] Gilbert, H., “The Security of One-Block-to-Many Modes of Operation”, Fast Software Encryption, FSE 2003, LNCS, Springer-Verlag. 7. Authors' Addresses Florent Bersani florent.bersani@francetelecom.com France Telecom R&D 38, rue du General Leclerc 92794 Issy Les Moulineaux Cedex 9 France 8. Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. Bersani Expires – September 2004 [Page 9] INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004 The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." Bersani Expires – September 2004 [Page 10]