RFC (part 1 of 4): Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA). RFC Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA), January Canonical URL. Extensible Authentication Protocol, or EAP, is an authentication framework frequently used in EAP Transport Layer Security (EAP-TLS), defined in RFC , is an IETF open standard that uses the . EAP-AKA is defined in RFC .
|Published (Last):||17 February 2007|
|PDF File Size:||2.96 Mb|
|ePub File Size:||17.38 Mb|
|Price:||Free* [*Free Regsitration Required]|
EAP Types – Extensible Authentication Protocol Types information
Wireless networking Computer access control protocols. In particular, the following combinations are expected to be used in practice:.
The underlying key exchange is resistant to active attack, passive attack, and dictionary attack. With a client-side certificate, a compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side certificate; indeed, a password is not even needed, as it is only used to encrypt the client-side certificate for storage.
It is worth noting that the PAC file is issued on a per-user basis.
When EAP is invoked by an Extensible Authentication Protocolor EAPis an authentication framework frequently used in wireless networks and point-to-point connections. The 3rd Generation AKA is not used in the fast re-authentication procedure.
The identity module may be an integral part of the mobile device or it may be an application on a smart card distributed by a mobile operator. The password may be a low-entropy one and may be drawn from some set of possible passwords, like a dictionary, which is available to an attacker. Used on re-authentication only.
In general, a nonce can be predictable e.
Please see Section 4. The EAP method protocol exchange is done in a minimum of four messages. The permanent identity is usually based on the IMSI.
Information on RFC » RFC Editor
The EAP server may also include derived keying material in the message it sends to the authenticator. This is wka requirement in RFC sec 7. EAP is an authentication framework for providing the transport and usage of keying material and parameters generated by EAP methods.
In this document, both modules are referred to as identity modules.
EAP Types – Extensible Authentication Protocol Types
The client can, but does not have to be authenticated via a CA -signed PKI certificate to the server. Because protected success indications are not used in this example, the EAP server sends the EAP-Success packet, indicating that the authentication was successful. Archived from the original on Communicating the Peer Identity to the Server Fast Re-Authentication Username Eapp username 1487 of fast re-authentication identity, i.
It supports authentication techniques that are based on the following types of credentials:. Key establishment to provide confidentiality and integrity during the authentication process in phase 2. This document frequently uses the following terms and abbreviations. GSM cellular networks use a subscriber identity module card to carry out user authentication.