Re: [Emu] Questions about EAP-NOOB
Shiva Prasad Thagadur Prakash <shiva.prasad.thagadur.prakash@ericsson.com> Mon, 18 March 2019 14:37 UTC
Return-Path: <shiva.prasad.thagadur.prakash@ericsson.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4A1C13110E for <emu@ietfa.amsl.com>; Mon, 18 Mar 2019 07:37:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Hg7JkEMT; dkim=pass (1024-bit key) header.d=ericsson.com header.b=GDuHDSP7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c9JpLbKsoSeA for <emu@ietfa.amsl.com>; Mon, 18 Mar 2019 07:37:07 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 150BD13114C for <emu@ietf.org>; Mon, 18 Mar 2019 07:36:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1552919808; x=1555511808; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=f9fsLCw31WbXfUEEhIwRSqrbh40w6nh2xF3ObTCIHho=; b=Hg7JkEMTpr7hfx9szo+DxRrGS5QaozoZ1KZooO/Z08QZOmgH7rdjKeRzPAOqaxs7 zCshpODFEYHFE//v3bk5mCs9jUAgLMgHNlbyznd6NcA6t5wQcO7v5mmQFOCAGd86 yxfCvEJPpp6BcrOGkutbdTq8zYrM1N7vdwct9kkVsBI=;
X-AuditID: c1b4fb2d-db5ff7000000062f-ec-5c8fad008d34
Received: from ESESSMB501.ericsson.se (Unknown_Domain [153.88.183.119]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id CC.46.01583.00DAF8C5; Mon, 18 Mar 2019 15:36:48 +0100 (CET)
Received: from ESESBMB501.ericsson.se (153.88.183.168) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Mon, 18 Mar 2019 15:36:48 +0100
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB501.ericsson.se (153.88.183.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5 via Frontend Transport; Mon, 18 Mar 2019 15:36:48 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f9fsLCw31WbXfUEEhIwRSqrbh40w6nh2xF3ObTCIHho=; b=GDuHDSP7xbyasYqd82ASx6OLMtD4enrD04tiKiZ99vDKcbL8A39UIOPFBHTqNNFEwj+mP0oAiwy2Qo8OHtfWSEt2M1Ybn+JeosURt8OtqHIMtXYFwRsxWTS10XPKEqAEFuv/HLZNy8XxfN81YPVww4DpwQbPLHAKf68fPZNNLYM=
Received: from HE1PR0701MB2203.eurprd07.prod.outlook.com (10.168.33.136) by HE1PR0701MB2873.eurprd07.prod.outlook.com (10.168.98.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.7; Mon, 18 Mar 2019 14:36:47 +0000
Received: from HE1PR0701MB2203.eurprd07.prod.outlook.com ([fe80::2882:3a22:503c:2c24]) by HE1PR0701MB2203.eurprd07.prod.outlook.com ([fe80::2882:3a22:503c:2c24%2]) with mapi id 15.20.1709.015; Mon, 18 Mar 2019 14:36:47 +0000
From: Shiva Prasad Thagadur Prakash <shiva.prasad.thagadur.prakash@ericsson.com>
To: "emu@ietf.org" <emu@ietf.org>, "tuomas.aura@aalto.fi" <tuomas.aura@aalto.fi>, "dgarcia@odins.es" <dgarcia@odins.es>
Thread-Topic: [Emu] Questions about EAP-NOOB
Thread-Index: AQHUtv4YZAoDasa4BUyOI5o1puTbU6X+uYwwgBMIfgA=
Date: Mon, 18 Mar 2019 14:36:46 +0000
Message-ID: <1552919806.27662.12.camel@ericsson.com>
References: <26418_1548675555_5C4EE9E1_26418_441_1_e069870a-1233-fb27-5f07-13da2df1e138@odins.es> <42f019ff036243f1afd9cb67f4517eb4@aalto.fi>
In-Reply-To: <42f019ff036243f1afd9cb67f4517eb4@aalto.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dbe05113-f16e-4588-7fdb-08d6abaf2658
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:HE1PR0701MB2873;
x-ms-traffictypediagnostic: HE1PR0701MB2873:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <HE1PR0701MB287372EEA7FB717646AB94559D470@HE1PR0701MB2873.eurprd07.prod.outlook.com>
x-forefront-prvs: 098076C36C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(346002)(366004)(396003)(376002)(504964003)(189003)(199004)(305945005)(6486002)(110136005)(478600001)(186003)(53936002)(26005)(966005)(106356001)(7736002)(81166006)(14444005)(8676002)(81156014)(76176011)(8936002)(6346003)(6246003)(68736007)(99286004)(105586002)(15974865002)(97736004)(102836004)(6506007)(66066001)(2201001)(486006)(2501003)(36756003)(103116003)(11346002)(66574012)(5660300002)(446003)(25786009)(229853002)(476003)(6306002)(6512007)(14454004)(6116002)(2616005)(3846002)(6436002)(2906002)(71190400001)(71200400001)(53546011)(316002)(256004)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2873; H:HE1PR0701MB2203.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=shiva.prasad.thagadur.prakash@ericsson.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: iCKbnoUkRxf4iEKSteqwAxnZGLDj4+VO5julTRLoNC4iH2Cuk3BSo3GRFGe5EHJfbFRSVGxo7/cGgaITo1dhVpUBG7cXNWdvT2b0HdohGyg174pcv3iaVzWYwiFuPsB463DPVMwjm5Lou8/ILtyH15QnrasWYsB0HzXlrBFiUb9CHqX6U9V+BCfmTYGDY13qwkZv8G6hk5q6OCFmN0e5VZxd77rfQ96gg1xQn58mYfS8KtRvvldj07iH1hrQPWkDX7wE8y5aWjQ92O+2bG14jOufT/Kp0xofytaW74REQQ9MJvp4mwLJEFcAdxqGFIFQhmRT8VdoTzuJvVEECnSASavqXqdyTIoAY1/41Fx7ajv0n1fyGmjvWqHWVFkkhuLtRhENVVcWp82m7XtpmE7qH8k7T34ZLBYpq+mpHa8Ooqg=
Content-Type: text/plain; charset="utf-8"
Content-ID: <949CC0A48361994F9A843C09956D8BFE@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: dbe05113-f16e-4588-7fdb-08d6abaf2658
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2019 14:36:46.8552 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2873
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SfUhTURjGO7t323W0OC7NFyvJUUblR6WghH2ipJERQSG20JE3leaUXVvN vywa1VScJsOPspWTcKVOLRM10SWmiZYaKA6j6VguTUJIl4q17S7ov9/zPuc8POflUISomhtI ZcnzaIVcKhPzBGRl8pubYZsaSiQHJ8uiYzQ/nvFj+psayJiF0mb+CSLh/XwtN8Fg+M1JeKg2 cc8TKYLYdFqWpaQVEcfSBJlNv0b4uRvxt0xGB1mAKuI0iKIAR8HoUqwGCSgR7kPQaivmsGIZ wbf+Oh4rDBxYaHQSbkFiLQE60zTBOjoOjOutfFbYERjr1S7hQ/HwBajTt5Fu9sMqGLGvIDdv xQfAuf4AsfNQ6K6o5LqL+OEjsGRTusck3gMzC6ueGKGr31rbMMnmaxE0lz7yGD44Blo0Jp6b Ed4GKx9ectxM4ACYsj3xMGAMhq6PBMv+4Jjd4LIcDMOLVu+ZnTD2pBCxnATmzxbPmwFbENSs 3+WxRihY7B3eoEBYnGwkWc6BO+Wt3tAdMD7wlMNevs+DL46fnkMiTMPzBjVim2ZDeafdGxQE xmIrqUVhVf8Vr3Itg8D7oKkjgh0nQJd+jstyMJQXWvlVnsX4wmCljdQjrhH5MzTDZGccjgyn FVlXGSZHHi6n81qQ68v0vloLa0cv5k+aEaaQeLMQ1ZZIRFypklFlmxFQhNhPeDzRNRKmS1X5 tCInVXFDRjNmtJ0ixQHCdZGvRIQzpHn0dZrOpRX/XA7lE1iATiXHmY6+ng7hReimzpoulqQ5 vwdI8iemLrc77q3env0kt+7tjJfZ3z2eKAq4trv7dOqqdmhsNiQxejhJ3aJXK2sa869Yypz+ f+rCtVtS6mt04QVR9ZFF1l1VPTNfJ9TzfbqkM722+bk51XJNj7GxLuiS4Vz3W031qGRIsDY4 kCkmmUzpof2EgpH+BRLIRYouAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/jz0ItVRS7m_DmDEr45JyZgW4TOE>
Subject: Re: [Emu] Questions about EAP-NOOB
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 14:37:10 -0000
Hi Tuomas, See in line. On ke, 2019-03-06 at 12:23 +0000, Aura Tuomas wrote: > Hi Dan and Rafa, > > Thank you for the questions! > > Yes, the Initial Exchange in EAP-NOOB always ends in EAP-Failure. > Then, we give some time for the user to transfer the OOB message. > After the OOB step, the peer tries again and the Completion Exchange > ends in EAP-Success. > > Yes, the out-of-band (OOB) message is cryptographically bound to the > ECHD result. That, is the message authentication code (Hoob) in the > OOB message takes the ECDH output as one of its inputs. This statement is not completely true. If you look at the Hoob calculation specified in the draft https://tools.ietf.org/html/draft-au ra-eap-noob-05#section-3.3.2: Hoob = H(Dir,Vers,Verp,PeerId,Cryptosuites,Dirs,ServerInfo,Cryptos uitep,Dirp,[Realm],PeerInfo,0,PKs,Ns,PKp,Np,Noob). As you can see, the Hoob only confirms the public keys involved in the ECDHE exchange but not actually use the shared secret derived. Thus, it does not use the ECDHE output. However, from my implementation experience, I think this is the correct way to calculate Hoob since it allows applications to externalize the generation of random nonce Noob and the corresponding Hoob. This would allow deployments to choose how often these values are created. For example, some display devices might refersh the QR code containing Noob and Hoob every few minutes. Regards, Shiva > > > Our current implementation opportunistically tries all the W-Fi > network that support WPA2-Enterprise. It definitely would be better > to advertise the capability for EAP-NOOB in IEEE 802.11u, or even > advertise the domain of the EAP-NOOB server. I think it will take > some time before the 802.11 APs start to support EAP-NOOB in that > way, though, and we want the protocol to work with existing Wi-Fi > networks. > > The realm used by the peer is initially “eap-noob.net”. The server > can assign another realm in Initial Exchange. The main purpose for > assigning another realm is that the peer can later use it for roaming > in access networks that have AAA routing set up for the assigned > realm. > > We have only tested EAP-NOOB on Wi-Fi: https://github.com/tuomaura/ea > p-noob. It can be used on any networks that support EAP and where the > user-assisted OOB authentication methods makes sense from the user > experience perspective. > > Regards, > Tuomas > > > From: Emu <emu-bounces@ietf.org> On Behalf Of Dan Garcia > Sent: Monday, 28 January, 2019 13:39 > To: emu@ietf.org > Subject: [Emu] Questions about EAP-NOOB > Importance: High > > Dear Toumas, Mohit, > > We have been discussing EAP NOOB draft we would like to ask some > questions about it. It is a very interesting approach related to > IoT. > > > In EAP-NOOB as first step the EAP authenticator starts the > authenction (e.g. the AP), eap-noob happens but it seems there will > be a EAP failure , is this correct? > Assuming it is, if you send an EAP failure, will the EAP method still > continue? How would this work? Since we are waiting, we assume, from > an EAP success, or an alternative way of confirmation that the > authentication has been completed. > > It seems that the user gets something from the IoT device this > something is due to the ECDH, right? > > Regarding the discovery of the EAP authenticator. The AP should > announce what are the available domains to where it is connected ( a > solution based on the AAA infraestructure ?) Could this information > be provided to the AP using IEEE 802.11u? > > Related to this, what would be the realm provided by the EAP peer to > the authenticator? > > Another question would be which are the main radio technologies where > EAP NOOB is expected to be used. Are you planning to support > 802.15.4, WIFI, etc? In this line, do you have any EAP-NOOB > implementation in Contiki? > > > > Thank you in advance. > Best Regards. > Dan and Rafa. > > > -- > ================================================================= > Dan Garcia Carrillo, Ph.D. > Doctorado Industrial (MINECO) > E-mail: dgarcia@odins.es > Odin Solutions, S.L. > Polígono Industrial Oeste > C/ Perú, 5, 3º, Oficina 12 > 30820 - Alcantarilla (Murcia) - Spain > Tlf.: +34 902 570 121 > Web: www.odins.es > ================================================================= > > AVISO LEGAL: La información contenida en este correo electrónico, y > en su caso en los documentos adjuntos, es información privilegiada > para uso exclusivo de la persona y/o personas a las que va dirigido. > No está permitido el acceso a este mensaje a cualquier otra persona > distinta a los indicados. Si usted no es uno de los destinatarios, > cualquier duplicación, reproducción, distribución, así como cualquier > uso de la información contenida en él o cualquiera otra acción u > omisión tomada en relación con el mismo, está prohibida y puede ser > ilegal. En dicho caso, por favor notifíquelo al remitente y proceda a > la eliminación de este correo electrónico, así como de sus adjuntos > si los hubiere. > Asimismo, y en cumplimiento de Ley Orgánica 3/2018 de protección de > datos de carácter personal y garantía de los derechos digitales y del > Reglamento Europeo RGPD 679/2016 le informamos que sus datos están > siendo objeto de tratamiento por parte de ODIN SOLUTIONS, S.L. con > N.I.F. B-73.845.893, con la finalidad del mantenimiento y gestión de > relaciones comerciales y administrativas. La base jurídica del > tratamiento es el cumplimiento de la legislación fiscal, mercantil y > contable. No se prevén cesiones y/o transferencias internacionales de > datos. Para ejercitar sus derechos puede dirigirse a ODIN SOLUTIONS, > S.L., domiciliada en C/ Perú, 5, 3º, Oficina 12, Pol. Ind. Oeste, > 30820 Alcantarilla (Murcia), o bien por E-mail a protecciondedatos@od > ins.es, con el fin de ejercer sus derechos de acceso, rectificación, > supresión (derecho al olvido), limitación de tratamiento, > portabilidad de los datos, oposición, y a no ser objeto de decisiones > automatizadas, indicando como Asunto: ·Derechos Ley Protección de > Datos·, y adjuntando fotocopia de su D.N.I. > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu
- [Emu] Questions about EAP-NOOB Dan Garcia
- Re: [Emu] Questions about EAP-NOOB Aura Tuomas
- Re: [Emu] Questions about EAP-NOOB Alan DeKok
- Re: [Emu] Questions about EAP-NOOB Eliot Lear
- Re: [Emu] Questions about EAP-NOOB Eliot Lear
- Re: [Emu] Questions about EAP-NOOB Aura Tuomas
- Re: [Emu] Questions about EAP-NOOB Shiva Prasad Thagadur Prakash