The review of Extensible Authentication Protocol and its methods

Authentication is associated with a scenario, in which some party (the applicant) presented the identity of the principal and states that this is the principal. Authentication allows some other party (verifier) to make sure that this statement is legitimate. Authentication is widely used in access control systems to networks and resources of computing systems. In this context, of considerable interest is the Extensible Authentication Protocol (EAP), specified by the IETF in RFC 3748, which provides an effective mechanism for embedding various authentication methods into it, as well as the proper methods of EAP authentication, some of which were standardized in specifications IETF. This article is a review of Extensible Authentication Protocol (EAP) and its methods, specified by IETF. EAP provide an effective flexible authentication mechanism that can be easily expanded with new authentication methods. The variety of mechanisms used to implement the authentication service are shown. The work was performed under support of the Russian Foundation for Basic Research, research grant № 16-07-00603 "The verification of security functionality of the EAP authentication protocol and evaluation of the robustness of its implementations against attacks".

security, authentication, access control, EAP, EAP methods

1. IETF RFC 3748. B. Aboba, et al. Extensible Authentication Protocol (EAP). June 2004. Доступно по ссылке: https://tools.ietf.org/html/rfc3748

2. IETF RFC 1661. W. Simpson. The Point-to-Point Protocol (PPP). July 1994. Available at https://tools.ietf.org/html/rfc1661

3. IEEE Standard 802, Institute of Electrical and Electronics Engineers, "Local and Metropolitan Area Networks: Overview and Architecture", 1990.

4. IETF RFC 791, Internet Protocol, September 1981. Available at https://tools.ietf.org/html/rfc791

5. IEEE Standard 802.1X-2010 - IEEE Standard for Local and metropolitan area networks--Port-Based Network Access Control, 2010.

6. IETF RFC 3579. B. Aboba and P. Calhoun. RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP). September 2003. Available at https://tools.ietf.org/html/rfc3579

7. IETF RFC 4072. Eronen, et al. Diameter Extensible Authentication Protocol (EAP) Application. August 2005. Available at https://tools.ietf.org/html/rfc4072

8. IEEE Standard 802.11-2007, Institute of Electrical and Electronics Engineers, "Standard for Local and metropolitan area networks - specific requirements – part 11: Wireless LAN Medium Access Control and Physical Layer specifications", 2007.

9. IEEE Standard 802.16e-2005, Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed Bands. December 2005.

10. IETF RFC 4306. Kaufman, C., Ed. Internet Key Exchange (IKEv2) Protocol. December 2005. Available at https://tools.ietf.org/html/rfc4306

11. Extensible Authentication Protocol (EAP) Registry, Available at http://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml, 25.04.2018

12. IETF RFC 5246. Dierks, T. and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. August 2008. Available at https://tools.ietf.org/html/rfc5246

13. IETF RFC 1994. W. Simpson. PPP Challenge Handshake Authentication Protoco. August 1996. Available at https://tools.ietf.org/html/rfc1994

14. IETF RFC 2289. N. Haller, et al. A One-Time Password System. February 1998. Available at https://tools.ietf.org/html/rfc2289

15. IETF RFC 4793. M. Nystroem. The EAP Protected One-Time Password Protocol (EAP-POTP). February 2007. Available at https://tools.ietf.org/html/rfc4793

16. IETF RFC 4186. Haverinen & Salowey. Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM). January 2006. Available at https://tools.ietf.org/html/rfc4186

17. European Telecommunications Standards Institute, "GSM Technical Specification GSM 03.20 (ETS 300 534): "Digital cellular telecommunication system (Phase 2); Security related network functions"", August 1997.

18. European Telecommunications Standards Institute, "GSM Technical Specification GSM 03.03 (ETS 300 523): "Digital cellular telecommunication system (Phase 2); Numbering, addressing and identification"", April 1997.

19. IETF RFC 4187. Arkko & Haverinen. Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA). January 2006. Available at https://tools.ietf.org/html/rfc4187

20. 3rd Generation Partnership Project, "3GPP Technical Specification 3GPP TS 33.102 V5.1.0: "Technical Specification Group Services and System Aspects; 3G Security; Security Architecture (Release 5)"", December 2002.

21. 3rd Generation Partnership Project 2, "3GPP2 Enhanced Cryptographic Algorithms", September 2003.

22. 3rd Generation Partnership Project, "3GPP Technical Specification 3GPP TS 23.003 V6.8.0: "3rd Generation Parnership Project; Technical Specification Group Core Network; Numbering, addressing and identification (Release 6)"", December 2005.

23. IETF RFC 5448. Arkko, et al. Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA'). May 2009. Available at https://tools.ietf.org/html/rfc5448

24. IETF RFC 4764. F. Bersani and H. Tschofenig. The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method. January 2007. Available at https://tools.ietf.org/html/rfc4764

25. IETF RFC 4763. M. Vanderveen and H. Soliman. Extensible Authentication Protocol Method for Shared-secret Authentication and Key Establishment (EAP-SAKE). November 2006. Available at https://tools.ietf.org/html/rfc4763

26. M. Bellare and P. Rogaway. Entity Authentication and key distribution. In Advances in Cryptology - Crypto 93 Proceedings, pages 232-249, 1993.

27. M. Bellare and P. Rogaway. Provably secure session key distribution: the three party case. In Proc. 27th Annual Symposium on the Theory of Computing, pages 57-66, 1995.

28. IETF RFC 5433. Clancy & Tschofenig. Extensible Authentication Protocol - Generalized Pre-Shared Key (EAP-GPSK) Method. February 2009. Available at https://tools.ietf.org/html/rfc5433

29. IETF RFC 5931, Harkins & Zorn. Extensible Authentication Protocol (EAP) Authentication Using Only a Password. August 2010. Available at https://tools.ietf.org/html/rfc5931

30. Barker, E., Johnson, D., and M. Smid. Recommendations for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. NIST Special Publication 800-56A, March 2007.

31. IETF RFC 6124. Sheffer, et al. An EAP Authentication Method Based on the Encrypted Key Exchange (EKE) Protocol. February 2011. Available at https://tools.ietf.org/html/rfc6124

32. Bellovin, S. and M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. Proc. IEEE Symp. on Research in Security and Privacy , May 1992.

33. IETF RFC 5216. Simon, et al. The EAP-TLS Authentication Protocol. March 2008. Available at https://tools.ietf.org/html/rfc5216

34. IETF RFC 4346. Dierks, T. and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.1. April 2006. Available at https://tools.ietf.org/html/rfc4346

35. IETF RFC 5106. Tschofenig, et al. The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method. February 2008. Available at https://tools.ietf.org/html/rfc5106

36. IETF RFC 5281. Funk & Blake-Wilson. Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0). August 2008. Available at https://tools.ietf.org/html/rfc5281

37. IETF RFC 2865. Rigney, C., Willens, S., Rubens, A., and W. Simpson. Remote Authentication Dial In User Service (RADIUS). June 2000. Available at https://tools.ietf.org/html/rfc2865

38. IETF RFC 3588. Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko. Diameter Base Protocol. September 2003. Available at https://tools.ietf.org/html/rfc3588

39. IETF RFC 4851. Cam-Winget, et al. The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST). May 2007. Available at https://tools.ietf.org/html/rfc4851

40. IETF RFC 4507. Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig. Transport Layer Security (TLS) Session Resumption without Server-Side State. May 2006. Available at https://tools.ietf.org/html/rfc4507

41. IETF RFC 7170. Zhou, et al. Tunnel Extensible Authentication Protocol (TEAP) Version 1. May 2014. Available at https://tools.ietf.org/html/rfc7170

42. Microsoft Corporation. [MS-PEAP]: Protected Extensible Authentication Protocol (PEAP). December 2017. Available at https://msdn.microsoft.com/en-us/library/cc238354.aspx, 25.04.2018

43. IETF RFC 6678. Hoeper, K., Hanna, S., Zhou, H., and J. Salowey. Requirements for a Tunnel-Based Extensible Authentication Protocol (EAP) Method. July 2012. Available at https://tools.ietf.org/html/rfc6678

44. IETF RFC 5705. Rescorla, E. Keying Material Exporters for Transport Layer Security (TLS). March 2010. Available at https://tools.ietf.org/html/rfc5705

45. IETF RFC 5077. Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig. Transport Layer Security (TLS) Session Resumption without Server-Side State. January 2008. Available at https://tools.ietf.org/html/rfc5077