Perfect-Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' PFS)
draft-ietf-emu-aka-pfs-05
Network Working Group J. Arkko
Internet-Draft K. Norrman
Updates: RFC5448 (if approved) V. Torvinen
Intended status: Informational Ericsson
Expires: May 3, 2021 October 30, 2020
Perfect-Forward Secrecy for the Extensible Authentication Protocol
Method for Authentication and Key Agreement (EAP-AKA' PFS)
draft-ietf-emu-aka-pfs-05
Abstract
Many different attacks have been reported as part of revelations
associated with pervasive surveillance. Some of the reported attacks
involved compromising smart cards, such as attacking SIM card
manufacturers and operators in an effort to compromise shared secrets
stored on these cards. Since the publication of those reports,
manufacturing and provisioning processes have gained much scrutiny
and have improved. However, the danger of resourceful attackers for
these systems is still a concern.
This specification is an optional extension to the EAP-AKA'
authentication method which was defined in [I-D.ietf-emu-rfc5448bis].
The extension, when negotiated, provides Perfect Forward Secrecy for
the session key generated as a part of the authentication run in EAP-
AKA'. This prevents an attacker who has gained access to the long-
term pre-shared secret in a SIM card from being able to decrypt any
past communications. In addition, if the attacker stays merely a
passive eavesdropper, the extension prevents attacks against future
sessions. This forces attackers to use active attacks instead.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 3, 2021.
Arkko, et al. Expires May 3, 2021 [Page 1]
Internet-Draft EAP-AKA' PFS October 2020
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Protocol Design and Deployment Objectives . . . . . . . . . . 4
3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. AKA . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2. EAP-AKA' Protocol . . . . . . . . . . . . . . . . . . . . 6
3.3. Attacks Against Long-Term Shared Secrets in Smart Cards . 8
4. Requirements Language . . . . . . . . . . . . . . . . . . . . 8
5. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 8
6. Extensions to EAP-AKA' . . . . . . . . . . . . . . . . . . . 11
6.1. AT_PUB_ECDHE . . . . . . . . . . . . . . . . . . . . . . 11
6.2. AT_KDF_PFS . . . . . . . . . . . . . . . . . . . . . . . 12
6.3. New Key Derivation Functions . . . . . . . . . . . . . . 14
6.4. ECDHE Groups . . . . . . . . . . . . . . . . . . . . . . 15
6.5. Message Processing . . . . . . . . . . . . . . . . . . . 15
6.5.1. EAP-Request/AKA'-Identity . . . . . . . . . . . . . . 16
6.5.2. EAP-Response/AKA'-Identity . . . . . . . . . . . . . 16
6.5.3. EAP-Request/AKA'-Challenge . . . . . . . . . . . . . 16
6.5.4. EAP-Response/AKA'-Challenge . . . . . . . . . . . . . 17
6.5.5. EAP-Request/AKA'-Reauthentication . . . . . . . . . . 17
6.5.6. EAP-Response/AKA'-Reauthentication . . . . . . . . . 17
6.5.7. EAP-Response/AKA'-Synchronization-Failure . . . . . . 18
6.5.8. EAP-Response/AKA'-Authentication-Reject . . . . . . . 18
6.5.9. EAP-Response/AKA'-Client-Error . . . . . . . . . . . 18
6.5.10. EAP-Request/AKA'-Notification . . . . . . . . . . . . 18
Show full document text