eap-noob
doc
Nimble out-of-band authentication for EAP (EAP-NOOB)
Secure Bootstrapping for IoT devices
Connecting IoT appliances securely to the cloud(eap-noob)
核心场景是: no pre-configured authentication credential 的 iot device 如何 Bootstrapping
oob channel: camera, microphone, display screen, speaker, blinking led light ; 可见比ble ssp 的 numeric comparing 信息量大
oob message 的核心在于,iot device 反向授权 某个server(例如近场phone) 控制自身。
eap protocol
协议交互比较简单,就是通信双方相互交换 public key & nonce 。
- Noob 16 bytes,属于secret nonce,用于计算mac,双向校验ecdhe交互信息的完整性。
- Hoob 16 byte fingerprint, hash值,用于校验exchange内容的完整性,能够覆盖oob channel 的Noob被compromised的场景。
Kz 为 persistent key material,快速重连,校验MACs2
KzPrev 之前的 Kz value,在Kz校验失败时,备选校验MACs2
session key 的派生采用nist的kdf,除了ecdh的z,还加上双方的nonce,以及Noob。
注意reconnect场景下,派生session key的key derivation input参数不同。
data field
server info : type, server name, server url, ssid list
peer info: type , peer name, manufacturer, model, serial number, mac address, ssid, bssid
special-use domain name: eap-noob.arpa
security
authentication principle: Noob & Hoob;Noob可以碰一碰直连。。。
identifying correct endpoint: 设备证明…,避免clone the device identity
trusted path issues and misbinding attack: physical & device certification
peer identifiers and attributes: server assign random peerID
identity protection: privacy, …
downgrading threat: 支持reconnect的时候协商升级ciphersuite
protected success and failure indications: successful verification with mac;failure are not protected
recovery from loss of last message: Kz …
eap security claims
authentication mechanism: ecdhe key exchange with oob authentication (Noob)
protected cryptosuite negotiation
mutual authentication
integrity protection
replay protection
confidentiality : no
key derivation
key strength
dictionary attack protection
fast reconnect
cryptographic binding : not applicable
session independence
fragmentation: no
channel binding
