In certain circumstances, shown in Figure 4, it is possible for the sequence numbers to get out of sequence. This sentence is misleading. It is recommended that the EAP servers implement some centralized mechanism to allow all EAP servers of the home operator to map pseudonyms generated by other severs to the permanent identity. It is recommended that the EAP servers implement some centralized mechanism to allow all EAP servers of the home operator to map pseudonyms generated by other servers to the permanent identity. For example, on the second fast re-authentication, counter value is two or greater, etc. It should say: [
|Published (Last):||16 July 2013|
|PDF File Size:||20.59 Mb|
|ePub File Size:||4.62 Mb|
|Price:||Free* [*Free Regsitration Required]|
It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. EAP-AKA includes optional identity privacy support, optional result indications, and an optional fast re-authentication procedure. Table of Attributes Security Considerations Identity Protection Mutual Authentication Flooding the Authentication Centre Key Derivation Brute-Force and Dictionary Attacks Protection, Replay Protection, and Confidentiality Negotiation Attacks Protected Result Indications Man-in-the-Middle Attacks Generating Random Numbers Security Claims Acknowledgements and Contributions Normative References Informative References Pseudo-Random Number Generator SA ].
AKA is based on challenge-response mechanisms and symmetric cryptography. In this document, both modules are referred to as identity modules. These include the following: o The use of the AKA also as a secure PPP authentication method in devices that already contain an identity module. AKA works in the following manner: o The identity module and the home environment have agreed on a secret key beforehand.
If this process is successful the AUTN is valid and the sequence number used to generate AUTN is within the correct range , the identity module produces an authentication result RES and sends it to the home environment. If the result is correct, IK and CK can be used to protect further communications between the identity module and the home environment. When verifying AUTN, the identity module may detect that the sequence number the network uses is not within the correct range.
In this case, the identity module calculates a sequence number synchronization parameter AUTS and sends it to the network. AKA authentication may then be retried with a new authentication vector generated using the synchronized sequence number. In the 3rd generation mobile networks, AKA is used for both radio network authentication and IP multimedia service authentication purposes.
This document frequently uses the following terms and abbreviations. The mobile network element that can authenticate subscribers in the mobile networks. A value generated by the peer upon experiencing a synchronization failure, bits. The 3rd Generation AKA is not used in the fast re-authentication procedure.
Fast Re-Authentication Identity A fast re-authentication identity of the peer, including an NAI realm portion in environments where a realm is used.
Used on re-authentication only. Fast Re-Authentication Username The username portion of fast re-authentication identity, i. The identity module may be an integral part of the mobile device or it may be an application on a smart card distributed by a mobile operator.
Nonce A value that is used at most once or that is never repeated within the same cryptographic context. In general, a nonce can be predictable e. Because some cryptographic properties may depend on the randomness of the nonce, attention should be paid to whether a nonce is required to be random or not. In this document, the term nonce is only used to denote random nonces, and it is not used to denote counters. Permanent Identity The permanent identity of the peer, including an NAI realm portion in environments where a realm is used.
The permanent identity is usually based on the IMSI. Used on full authentication only. Permanent Username The username portion of permanent identity, i. Pseudonym Username The username portion of pseudonym identity, i.
Random number generated by the AuC, bits. R UIM is an application that is resident on devices such as smart cards, which may be fixed in the terminal or distributed by CDMA operators when removable. Sequence number used in the authentication process, 48 bits. The authenticator typically communicates with an EAP server that is located on a backend authentication server using an AAA protocol.
As specified in [ RFC ], the initial identity request is not required, and MAY be bypassed in cases where the network can presume the identity, such as when using leased lines, dedicated dial-ups, etc.
Please see Section 4. From the vector, the EAP server derives the keying material, as specified in Section 6. The vector may be obtained by contacting an Authentication Centre AuC on the mobile network; for example, per UMTS specifications, several vectors may be obtained at a time.
Vectors may be stored in the EAP server for use at a later time, but they may not be reused. The packet format and the use of attributes are specified in Section 8. The encrypted data is not shown in the figures of this section. Because protected success indications are not used in this example, the EAP server sends the EAP-Success packet, indicating that the authentication was successful. Protected success indications are discussed in Section 6. The EAP server may also include derived keying material in the message it sends to the authenticator.
The peer has derived the same keying material, so the authenticator does not forward the keying material to the peer along with EAP-Success.
In certain circumstances, shown in Figure 4, it is possible for the sequence numbers to get out of sequence. In addition to the full authentication scenarios described above, EAP-AKA includes a fast re-authentication procedure, which is specified in Section 5.
Fast re-authentication is based on keys derived on full authentication. If the peer has maintained state information for re-authentication and wants to use fast re-authentication, then the peer indicates this by using a specific fast re-authentication identity instead of the permanent identity or a pseudonym identity.
Operation 4. Identity Management 4. Format, Generation, and Usage of Peer Identities 4. The formats of these packets are specified in [ RFC ].
The IMSI is a string of not more than 15 digits. When used in a roaming environment, the NAI is composed of a username and a realm, separated with " " username realm. The username portion identifies the subscriber within the realm. In this document, the term identity or peer identity refers to the whole identity string that is used to identify the peer. The peer identity may include a realm portion. Because the permanent identity never changes, revealing it would help observers to track the user.
The permanent identity is usually based on the IMSI, which may further help the tracking, because the same identifier may be used in other contexts as well. Please see Section For example, myoperator. In this example, is the permanent username. For example, 2s7ah6n9q myoperator. In this example, 2s7ah6n9q is the pseudonym username.
In this case, is the fast re-authentication username. Unlike permanent usernames and pseudonym usernames, fast re-authentication usernames are one-time identifiers, which are not re-used across EAP exchanges. The first two types of identities are used only on full authentication, and the last type only on fast re-authentication.
When the optional identity privacy support is not used, the non-pseudonym permanent identity is used on full authentication.
The fast re-authentication exchange is specified in Section 5. Username Decoration In some environments, the peer may need to decorate the identity by prepending or appending the username with a string, in order to indicate supplementary AAA routing information in addition to the NAI realm.
The usage of an NAI realm portion is not considered to be decoration. Username decoration is out of the scope of this document. However, it should be noted that username decoration might prevent the server from recognizing a valid username. The use of a realm portion is not mandatory. In this case, the peer is typically configured with the NAI realm of the home operator. Such a reserved NAI realm may be useful as a hint of the first authentication method to use during method negotiation.
When the peer is using a pseudonym username instead of the permanent username, the peer selects the realm name portion similarly to how it selects the realm portion when using the permanent username. As there are no DNS servers running at owlan. In this case the selection of the username, its format, and its processing is out of the scope of this document. The EAP server produces pseudonym usernames and fast re-authentication identities in an implementation-dependent manner.
EAP AKA RFC 4187 PDF
Methods[ edit ] EAP is an authentication framework, not a specific authentication mechanism. There are currently about 40 different methods defined. Additionally, a number of vendor-specific methods and new proposals exist. The standard also describes the conditions under which the AAA key management requirements described in RFC can be satisfied. It is especially useful for Internet-of-Things IoT gadgets and toys that come with no information about any owner, network or server. The user then confirms this exchange by transferring the OOB message. Alternatively, users can transfer the OOB message from the server to the peer, when for example, the device being bootstrapped is a camera that can only read a QR code.
Extensible Authentication Protocol
Arkko Request for Comments: V. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. All rights reserved.