Canonical URL: ; File formats: Plain Text PDF Discuss this RFC: Send questions or comments to [email protected] This document defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods. EAP typically. Network Working Group B. Aboba Request for Comments: Microsoft Obsoletes: L. Blunk Category: Standards Track Merit Network, Inc J. Vollbrecht.
|Published (Last):||18 January 2004|
|PDF File Size:||18.88 Mb|
|ePub File Size:||13.20 Mb|
|Price:||Free* [*Free Regsitration Required]|
However, it is possible for a pass-through authenticator acting as a AAA client to provide correct information to the AAA server while communicating misleading information to the EAP peer via a lower layer protocol. Similarly, in IEEE For details, see Section 7. Network Working Group B. In order to avoid synchronization problems, prior to sending a success result indication, it is desirable for the sender to verify that sufficient authorization exists for granting access, though, as discussed below, this is not always possible.
Although it is difficult to define what “comparable effort” rvc “typical block cipher” exactly mean, reasonable approximations are sufficient here.
Where cryptographic binding is supported, a mechanism is also needed to protect against downgrade attacks that would bypass it.
Similarly, a server that has successfully authenticated the peer does not consider the authentication successful until it receives an indication that the peer has authenticated the server. It forwards EAP packets received from the peer and destined to its authenticator layer to the backend authentication server; packets received from the backend authentication server destined to the peer are forwarded to it. Alternatively, the authentication conversation can uetf until the authenticator determines that successful authentication has occurred, in which case the authenticator MUST transmit an EAP Success Code oetf.
Therefore, unless a host implements an EAP authenticator layer, these packets will be silently discarded. The key strength depends on the methods used to eitf the keys. The Request has a Type field to indicate what is being requested.
Note that the user’s name is never transmitted in unencrypted clear text, improving privacy. In general, a fragmented EAP packet will require as many round-trips to send as there are fragments. Success and Failure are discussed in Section 4. In particular, the following combinations are expected to be used in practice:. The standard also describes the conditions under which the AAA key management requirements described in RFC can be satisfied.
It supports authentication techniques that are based on the following types of credentials:. To address security vulnerabilities, “tunneled” methods MUST support protection against man-in-the-middle attacks. It is also possible that result indications may not be supported in both directions or that synchronization may not be achieved in all modes of operation.
Man-in-the-Middle Attacks Where EAP is dfc within another protocol that omits peer authentication, there exists a potential vulnerability to a man-in- the-middle attack. This derivation occurs on the AAA server. The highest security available is when the “private keys” of client-side certificate are housed in smart cards.
It is recommended that any uetf used for authentication failure not be reset until after successful authentication, or subsequent termination of the failed link. Distribution of this memo is unlimited. It was co-developed by Funk Software and Certicom and is widely supported across platforms.
Dictionary attack resistance Where password authentication is used, passwords are commonly selected from a small set as compared to a set of N-bit keyswhich raises a concern about dictionary attacks. An EAP method implementation on a host may register to receive packets from the peer or authenticator layers, or both, depending on which role s it supports. Since EAP supports retransmission, it is robust against transient connectivity losses. Since EAP does not require IP connectivity, it provides just enough support for the reliable transport of authentication protocols, and no more.
For example, a certificate 37488 octets in size would require ten round-trips to send with a octet EAP MTU. Within a mutually authenticating method, requiring that the server authenticate to the peer before the peer will accept a Success packet prevents an attacker from acting as a rogue authenticator.
If an authentication algorithm is used that is known to be vulnerable to dictionary attacks, then the conversation may be tunneled within a protected channel in order to provide additional protection. As with the Request packet, the Response packet contains a Type field, which corresponds to the Type field of itef Request.
There are currently about 40 different methods defined. If executed correctly, binding serves to mitigate man-in-the-middle vulnerabilities. Nak Type 3 or Expanded Nak Type are utilized for the purposes of method negotiation.
RFC – Extensible Authentication Protocol (EAP) –
In this mode, the server authenticates the peer and is aware of whether the peer has authenticated it. It is possible to use a different authentication credential and thereby technique in each direction. This is a 378 in RFC sec 7. Due to limitations of the design, this also implies the need for unicast key derivations and EAP method exchanges to occur in each direction. In these situations, use of EAP methods with fewer roundtrips is advisable. To protect EAP packets against modification, spoofing, or replay, methods supporting protected ciphersuite negotiation, mutual authentication, and key derivation, as well as integrity and replay protection, are recommended.
RFC – Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs
For example, the identity may not be required where it is determined by the port to which the peer has connected leased lines. Therefore, a mechanism needs to be provided to transmit the AAA-Key from the authentication server to the authenticator that needs it. An introduction to LEAP authentication”. EAP-GTC carries a text challenge from the authentication server, and a reply generated by a security token. Channel ieff The communication within an EAP 37748 of integrity-protected channel properties such as endpoint identifiers which can be compared to values communicated via out of band mechanisms such as via a AAA or lower layer protocol.
For instance, if keys are derived from a shared secret such as a password or a long-term secretand possibly some public information such as nonces, the effective key strength is limited by the strength of the long-term secret assuming that the derivation procedure is computationally simple.
Extensible Authentication Protocol
Method-specific MICs may be used to provide protection. Note that there is no requirement that an implementation conform to this model, as long as the on-the-wire behavior is consistent with it.
The authenticator is responsible for retransmitting requests as described in Section 4.
Archived from the original PDF on 12 December This is distinct from the ciphersuite negotiated between the peer and authenticator, used to protect data.
Similarly, while an authentication failure will result in denied access to the controlled port in [IEEE Where a single EAP authentication method is utilized, but other methods are run within it a “tunneled” methoditef prohibition against multiple authentication methods does not apply.