Dear all
We have just submitted a new IETF Draft titled “Nimble out-of-band
authentication for EAP (EAP-NOOB)”.
The draft defines an EAP method where the authentication is based on a
user-assisted out-of-band (OOB) channel between the server and peer. It
is intended as a generic bootstrapping solution for Internet-of-Things
devices which have no pre-configured authentication credentials and
which are not yet registered on the authentication server. Consider
devices you just bought or borrowed.
The EAP-NOOB method is more generic than most ad-hoc bootstrapping
solutions in that it supports many types of OOB channels. We specify the
exact in-band messages but only the OOB message contents and not the OOB
channel details. Also, EAP-NOOB supports ubicomp devices with only
output (e.g. display) or only input (e.g. camera). Moreover, it makes
combined use of both secrecy and integrity of the OOB channel for more
robust security than the ad-hoc solutions. We have put a lot of effort
into designing a robust security protocol.
For one application example, we have used an earlier version of the
protocol for bootstrapping security for ubiquitous displays: the user
can configure wireless network access, link the device to a cloud
service, and register ownership of the device for a specific cloud user
– all in one simple step of scanning a QR code with a smart phone. There
seemed to more potential to this idea than just using it for our own
system, and thus we decided to write a generic EAP method for
out-of-band authentication.
The draft is available here:
https://tools.ietf.org/html/draft-aura-eap-noob-00
Please see if you can make use of it. We look forward to your feedback
and comments.
Regards
/--Mohit
-------- Forwarded Message --------
Subject: New Version Notification for draft-aura-eap-noob-00.txt
Date: Mon, 08 Feb 2016 04:30:35 -0800
From: internet-dra...@ietf.org
To: Tuomas Aura <tuomas.a...@aalto.fi>, Mohit Sethi <mo...@piuha.net>
A new version of I-D, draft-aura-eap-noob-00.txt
has been successfully submitted by Tuomas Aura and posted to the
IETF repository.
Name: draft-aura-eap-noob
Revision: 00
Title: Nimble out-of-band authentication for EAP (EAP-NOOB)
Document date: 2016-02-08
Group: Individual Submission
Pages: 35
URL:https://www.ietf.org/internet-drafts/draft-aura-eap-noob-00.txt
Status:https://datatracker.ietf.org/doc/draft-aura-eap-noob/
Htmlized:https://tools.ietf.org/html/draft-aura-eap-noob-00
Abstract:
Extensible Authentication Protocol (EAP) [RFC3748] provides support
for multiple authentication methods. This document defines the EAP-
NOOB authentication method for nimble out-of-band (OOB)
authentication and key derivation. This EAP method is intended for
bootstrapping all kinds of Internet-of-Things (IoT) devices that have
a minimal user interface and no pre-configured authentication
credentials. The method makes use of a user-assisted one-directional
OOB channel between the peer device and authentication server.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu