doc

Nimble out-of-band authentication for EAP (EAP-NOOB)

Secure Bootstrapping for IoT devices

Connecting IoT appliances securely to the cloud(eap-noob)

核心场景是: no pre-configured authentication credential 的 iot device 如何 Bootstrapping

oob channel: camera, microphone, display screen, speaker, blinking led light ; 可见比ble ssp 的 numeric comparing 信息量大

oob message 的核心在于,iot device 反向授权 某个server(例如近场phone) 控制自身。

eap protocol

协议交互比较简单,就是通信双方相互交换 public key & nonce 。

  • Noob 16 bytes,属于secret nonce,用于计算mac,双向校验ecdhe交互信息的完整性。
  • Hoob 16 byte fingerprint, hash值,用于校验exchange内容的完整性,能够覆盖oob channel 的Noob被compromised的场景。

Kz 为 persistent key material,快速重连,校验MACs2

KzPrev 之前的 Kz value,在Kz校验失败时,备选校验MACs2

session key 的派生采用nist的kdf,除了ecdh的z,还加上双方的nonce,以及Noob。

注意reconnect场景下,派生session key的key derivation input参数不同。

data field

server info : type, server name, server url, ssid list

peer info: type , peer name, manufacturer, model, serial number, mac address, ssid, bssid

special-use domain name: eap-noob.arpa

security

authentication principle: Noob & Hoob;Noob可以碰一碰直连。。。

identifying correct endpoint: 设备证明…,避免clone the device identity

trusted path issues and misbinding attack: physical & device certification

peer identifiers and attributes: server assign random peerID

identity protection: privacy, …

downgrading threat: 支持reconnect的时候协商升级ciphersuite

protected success and failure indications: successful verification with mac;failure are not protected

recovery from loss of last message: Kz …

eap security claims

authentication mechanism: ecdhe key exchange with oob authentication (Noob)

protected cryptosuite negotiation

mutual authentication

integrity protection

replay protection

confidentiality : no

key derivation

key strength

dictionary attack protection

fast reconnect

cryptographic binding : not applicable

session independence

fragmentation: no

channel binding



Published

31 May 2021

Tags


Share On