datatracker.ietf.org
Sign in
Version 5.7.1.p2, 2014-10-29
Report a bug

Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA')
RFC 5448

Document type: RFC - Informational (May 2009; No errata)
Updates RFC 4187
Was draft-arkko-eap-aka-kdf (individual in gen area)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5448 (Informational)
Responsible AD: Russ Housley
Send notices to: jari.arkko@piuha.net, pasi.eronen@nokia.com, vesa.lehtovirta@ericsson.com, draft-arkko-eap-aka-kdf@tools.ietf.org

Network Working Group                                           J. Arkko
Request for Comments: 5448                                 V. Lehtovirta
Updates: 4187                                                   Ericsson
Category: Informational                                        P. Eronen
                                                                   Nokia
                                                                May 2009

        Improved Extensible Authentication Protocol Method for
       3rd Generation Authentication and Key Agreement (EAP-AKA')

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   This specification defines a new EAP method, EAP-AKA', which is a
   small revision of the EAP-AKA (Extensible Authentication Protocol
   Method for 3rd Generation Authentication and Key Agreement) method.
   The change is a new key derivation function that binds the keys
   derived within the method to the name of the access network.  The new
   key derivation mechanism has been defined in the 3rd Generation
   Partnership Project (3GPP).  This specification allows its use in EAP
   in an interoperable manner.  In addition, EAP-AKA' employs SHA-256
   instead of SHA-1.

   This specification also updates RFC 4187, EAP-AKA, to prevent bidding
   down attacks from EAP-AKA'.

Arkko, et al.                Informational                      [Page 1]
RFC 5448                        EAP-AKA'                        May 2009

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Requirements Language  . . . . . . . . . . . . . . . . . . . .  3
   3.  EAP-AKA' . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
     3.1.  AT_KDF_INPUT . . . . . . . . . . . . . . . . . . . . . . .  6
     3.2.  AT_KDF . . . . . . . . . . . . . . . . . . . . . . . . . .  8
     3.3.  Key Generation . . . . . . . . . . . . . . . . . . . . . . 10
     3.4.  Hash Functions . . . . . . . . . . . . . . . . . . . . . . 12
       3.4.1.  PRF' . . . . . . . . . . . . . . . . . . . . . . . . . 12
       3.4.2.  AT_MAC . . . . . . . . . . . . . . . . . . . . . . . . 13
       3.4.3.  AT_CHECKCODE . . . . . . . . . . . . . . . . . . . . . 13
   4.  Bidding Down Prevention for EAP-AKA  . . . . . . . . . . . . . 14
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 15
     5.1.  Security Properties of Binding Network Names . . . . . . . 18
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 19
     6.1.  Type Value . . . . . . . . . . . . . . . . . . . . . . . . 19
     6.2.  Attribute Type Values  . . . . . . . . . . . . . . . . . . 19
     6.3.  Key Derivation Function Namespace  . . . . . . . . . . . . 19
   7.  Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 20
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 20
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 20
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 20
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 21
   Appendix A.  Changes from RFC 4187 . . . . . . . . . . . . . . . . 23
   Appendix B.  Importance of Explicit Negotiation  . . . . . . . . . 23
   Appendix C.  Test Vectors  . . . . . . . . . . . . . . . . . . . . 24

1.  Introduction

   This specification defines a new Extensible Authentication Protocol
   (EAP)[RFC3748] method, EAP-AKA', which is a small revision of the
   EAP-AKA method originally defined in [RFC4187].  What is new in EAP-
   AKA' is that it has a new key derivation function, specified in
   [3GPP.33.402].  This function binds the keys derived within the
   method to the name of the access network.  This limits the effects of
   compromised access network nodes and keys.  This specification
   defines the EAP encapsulation for AKA when the new key derivation
   mechanism is in use.

   3GPP has defined a number of applications for the revised AKA
   mechanism, some based on native encapsulation of AKA over 3GPP radio
   access networks and others based on the use of EAP.

   For making the new key derivation mechanisms usable in EAP-AKA,
   additional protocol mechanisms are necessary.  Given that RFC 4187

[include full document text]