RFC (part 1 of 4): Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA). RFC Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA), January Canonical URL. Extensible Authentication Protocol, or EAP, is an authentication framework frequently used in EAP Transport Layer Security (EAP-TLS), defined in RFC , is an IETF open standard that uses the . EAP-AKA is defined in RFC .

Author: Maukazahn Gurisar
Country: Sudan
Language: English (Spanish)
Genre: Business
Published (Last): 17 February 2007
Pages: 348
PDF File Size: 2.96 Mb
ePub File Size: 17.38 Mb
ISBN: 984-2-42140-295-4
Downloads: 21160
Price: Free* [*Free Regsitration Required]
Uploader: Goltisar

EAP Types – Extensible Authentication Protocol Types information

Wireless networking Computer access control protocols. In particular, the following combinations are expected to be used in practice:.

Pseudonym Identity A pseudonym identity of the peer, including an NAI realm portion in environments where a realm is used. WPA2 and potentially authenticate the wireless hotspot. By using this site, you agree to aep Terms of Use and Privacy Policy. There are currently about 4817 different methods defined. From the vector, the EAP server derives the keying material, as specified in Section 6. Archived from the original PDF on 12 December It does not specify an Internet standard of any kind.


The underlying key exchange is resistant to active attack, passive attack, and dictionary attack. With a client-side certificate, a compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side certificate; indeed, a password is not even needed, as it is only used to encrypt the client-side certificate for storage.

It is worth noting that the PAC file is issued on a per-user basis.

When EAP is invoked by an Extensible Authentication Protocolor EAPis an authentication framework frequently used in wireless networks and point-to-point connections. The 3rd Generation AKA is not used in the fast re-authentication procedure.

The identity module may be an integral part of the mobile device or it may be an application on a smart card distributed by a mobile operator. The password may be a low-entropy one and may be drawn from some set of possible passwords, like a dictionary, which is available to an attacker. Used on re-authentication only.

In general, a nonce can be predictable e.

Please see Section 4. The EAP method protocol exchange is done in a minimum of four messages. The permanent identity is usually based on the IMSI.

Information on RFC » RFC Editor

The EAP server may also include derived keying material in the message it sends to the authenticator. This is wka requirement in RFC sec 7. EAP is an authentication framework for providing the transport and usage of keying material and parameters generated by EAP methods.


In this document, both modules are referred to as identity modules.

EAP Types – Extensible Authentication Protocol Types

The client can, but does not have to be authenticated via a CA -signed PKI certificate to the server. Because protected success indications are not used in this example, the EAP server sends the EAP-Success packet, indicating that the authentication was successful. Archived from the original on Communicating the Peer Identity to the Server Fast Re-Authentication Username Eapp username 1487 of fast re-authentication identity, i.

It supports authentication techniques that are based on the following types of credentials:. Key establishment to provide confidentiality and integrity during the authentication process in phase 2. This document frequently uses the following terms and abbreviations. GSM cellular networks use a subscriber identity module card to carry out user authentication.