datatracker.ietf.org
Sign in
Version 5.10.0, 2014-12-21
Report a bug

The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method
RFC 4764

Document type: RFC - Experimental (January 2007; No errata)
Document stream: ISE
Last updated: 2013-03-02
Other versions: plain text, pdf, html

ISE State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 4764 (Experimental)
Responsible AD: Jari Arkko
Send notices to: florent.bersani@francetelecom.com, eap-chairs@tools.ietf.org

Network Working Group                                         F. Bersani
Request for Comments: 4764                            France Telecom R&D
Category: Experimental                                     H. Tschofenig
                                           Siemens Networks GmbH & Co KG
                                                            January 2007

                         The EAP-PSK Protocol:
    A Pre-Shared Key Extensible Authentication Protocol (EAP) Method

Status of This Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

IESG Note

   This RFC is not a candidate for any level of Internet Standard.  The
   IETF disclaims any knowledge of the fitness of this RFC for any
   purpose and in particular notes that the decision to publish is not
   based on IETF review for such things as security, congestion control,
   or inappropriate interaction with deployed protocols.  The RFC Editor
   has chosen to publish this document at its discretion.  Readers of
   this document should exercise caution in evaluating its value for
   implementation and deployment.  See RFC 3932 for more information.

   The IESG thinks that this work is related to IETF work done in WGs
   EMU and EAP, but this does not prevent publishing.

Abstract

   This document specifies EAP-PSK, an Extensible Authentication
   Protocol (EAP) method for mutual authentication and session key
   derivation using a Pre-Shared Key (PSK).  EAP-PSK provides a
   protected communication channel when mutual authentication is
   successful for both parties to communicate over.  This document
   describes the use of this channel only for protected exchange of
   result indications, but future EAP-PSK extensions may use the channel
   for other purposes.  EAP-PSK is designed for authentication over
   insecure networks such as IEEE 802.11.

Bersani & Tschofenig          Experimental                      [Page 1]
RFC 4764                        EAP-PSK                     January 2007

Table of Contents

   1. Introduction ....................................................4
      1.1. Design Goals for EAP-PSK ...................................4
           1.1.1. Simplicity ..........................................4
           1.1.2. Wide Applicability ..................................5
           1.1.3. Security ............................................5
           1.1.4. Extensibility .......................................5
      1.2. Terminology ................................................5
      1.3. Conventions ................................................8
      1.4. Related Work ...............................................9
   2. Protocol Overview ..............................................12
      2.1. EAP-PSK Key Hierarchy .....................................13
           2.1.1. The PSK ............................................13
           2.1.2. AK .................................................14
           2.1.3. KDK ................................................14
      2.2. The TEK ...................................................15
      2.3. The MSK ...................................................15
      2.4. The EMSK ..................................................15
      2.5. The IV ....................................................15
   3. Cryptographic Design of EAP-PSK ................................15
      3.1. The Key Setup .............................................16
      3.2. The Authenticated Key Exchange ............................19
      3.3. The Protected Channel .....................................23
   4. EAP-PSK Message Flows ..........................................25
      4.1. EAP-PSK Standard Authentication ...........................26
      4.2. EAP-PSK Extended Authentication ...........................28
   5. EAP-PSK Message Format .........................................31
      5.1. EAP-PSK First Message .....................................32
      5.2. EAP-PSK Second Message ....................................34
      5.3. EAP-PSK Third Message .....................................36
      5.4. EAP-PSK Fourth Message ....................................39
   6. Rules of Operation for the EAP-PSK Protected Channel ...........41
      6.1. Protected Result Indications ..............................41
           6.1.1. CONT ...............................................42
           6.1.2. DONE_SUCCESS .......................................43
           6.1.3. DONE_FAILURE .......................................43
      6.2. Extended Authentication ...................................43

[include full document text]