RFC (part 1 of 4): Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA). RFC Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA), January Canonical URL. Extensible Authentication Protocol, or EAP, is an authentication framework frequently used in EAP Transport Layer Security (EAP-TLS), defined in RFC , is an IETF open standard that uses the . EAP-AKA is defined in RFC .
|Published (Last):||17 November 2017|
|PDF File Size:||1.84 Mb|
|ePub File Size:||8.45 Mb|
|Price:||Free* [*Free Regsitration Required]|
Network Working Group J. Arkko Request for Comments: It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. EAP-AKA includes optional identity privacy support, optional result indications, and an optional fast re-authentication procedure.
Table of Contents 1.
Terms and Conventions Used in This Document Format, Generation, and Usage of Peer Identities Communicating the Peer Identity to the Server Attacks against Identity Privacy Message Sequence Examples Informative Fall Back on Full Authentication Requesting the Permanent Identity Message Format and Protocol Extensibility Flooding the Authentication Centre Brute-Force and Dictionary Attacks Protection, Replay Protection, and Confidentiality AKA is based on challenge-response mechanisms and symmetric cryptography.
In this document, both modules are referred to as identity modules. These include the following: AKA works in the following manner: The “home environment” refers to the home operator’s authentication network infrastructure. If this process is successful the AUTN is valid and the sequence number used to generate AUTN is within the correct rangethe identity module produces an authentication result RES and sends it to the home environment.
Information on RFC » RFC Editor
If the result is correct, IK and CK can be used to protect further communications between the identity module and the home environment. When verifying AUTN, the identity module may detect that the sequence number the network uses is not within the correct range. In this case, the identity module calculates a sequence number synchronization parameter AUTS and sends it to the network. AKA authentication may then be retried with a new authentication vector generated using the synchronized sequence number.
In the 3rd generation mobile networks, AKA is used for both radio network authentication and IP multimedia service authentication purposes. This document frequently uses the following terms and abbreviations. The mobile network element that can authenticate subscribers in the mobile networks.
A value generated by the peer upon experiencing a synchronization failure, bits.
The 3rd Generation AKA is not used in the fast re-authentication procedure. Fast Re-Authentication Identity A fast re-authentication identity of the peer, including an NAI realm portion in environments where a realm is used. Used on re-authentication only. Fast Re-Authentication Username The username portion of fast re-authentication identity, i.
The identity module may be an integral part of the mobile device or it may be an application on a smart card distributed by a mobile operator. Nonce A value that is used at most once or that is never repeated within the same cryptographic context. In general, a nonce can be predictable e. Because some cryptographic properties may depend on the randomness of the nonce, attention should be paid to whether a nonce is required to be random or not.
In this document, the term nonce is only used to denote random nonces, and it is not used to denote counters. Permanent Identity The permanent identity of the peer, including an NAI realm portion in environments where a realm is used. The permanent identity is usually based on the IMSI. Used on full authentication only. Permanent Username The username portion of permanent identity, i.
Pseudonym Identity A pseudonym identity of the peer, including an NAI realm portion in environments where a realm is used. Pseudonym Username The username portion of pseudonym identity, i.
Random number generated by the AuC, bits.
R UIM is an application that is resident on devices such as smart cards, which may be fixed in the terminal or distributed by CDMA operators when removable. Sequence number used in the authentication process, 48 bits.
The authenticator typically communicates with an EAP server that is located on a backend authentication server using an AAA protocol. On full authentication, the peer’s identity response includes either the user’s International Mobile Subscriber Identity IMSIor a temporary identity pseudonym if identity privacy is in effect, as specified in Section 4. As specified in [ RFC ], the initial identity request is not required, and MAY be bypassed in cases where the network can presume the identity, such as when using leased lines, dedicated dial-ups, etc.
Please see Section 4. From the vector, the EAP server derives the keying material, as specified in Section 6. The vector may be obtained by contacting an Authentication Centre AuC on the mobile network; for example, per UMTS specifications, several vectors may be obtained at a time.
Vectors may be stored in the EAP server for use at a later time, but they may not be reused. The packet format and the use of attributes are specified in Section 8. The encrypted data is not shown in the figures of this section. Because protected success indications are not used in this example, the EAP server sends the EAP-Success packet, indicating that the authentication was successful.
Extensible Authentication Protocol
Protected success indications are discussed in Section 6. The EAP server may also include derived keying material in the message it sends to the authenticator. The peer eaap derived the same keying material, so the authenticator does not forward the keying material to the peer along with EAP-Success. Figure 2 shows how the EAP server rejects the Peer due to a failed authentication.
Network authentication fails The AKA uses shared secrets between the Peer and the Peer’s home operator, together with a sequence number, to actually perform an authentication. In certain circumstances, shown in Figure 4it is possible for the sequence numbers to get out of sequence. In addition to the full authentication scenarios described above, EAP-AKA includes a fast re-authentication procedure, which is specified in Section 5.
Fast re-authentication is based on keys derived on full authentication. If the peer has maintained state information for re-authentication and wants to use fast re-authentication, then the peer indicates this by using a specific fast re-authentication identity instead of the permanent identity or a ea; identity.