datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2
RFC 4169

Document type: RFC - Informational (November 2005)
Was draft-torvinen-http-digest-aka-v2 (individual in tsv area)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4169 (Informational)
Responsible AD: Allison Mankin
Send notices to: vesa.torvinen@ericsson.com, jari.arkko@ericsson.com, mankin@psg.com

Network Working Group                                        V. Torvinen
Request for Comments: 4169                             Turku Polytechnic
Category: Informational                                         J. Arkko
                                                              M. Naslund
                                                                Ericsson
                                                           November 2005

     Hypertext Transfer Protocol (HTTP) Digest Authentication Using
            Authentication and Key Agreement (AKA) Version-2

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   HTTP Digest, as specified in RFC 2617, is known to be vulnerable to
   man-in-the-middle attacks if the client fails to authenticate the
   server in TLS, or if the same passwords are used for authentication
   in some other context without TLS.  This is a general problem that
   exists not just with HTTP Digest, but also with other IETF protocols
   that use tunneled authentication.  This document specifies version 2
   of the HTTP Digest AKA algorithm (RFC 3310).  This algorithm can be
   implemented in a way that it is resistant to the man-in-the-middle
   attack.

Torvinen                     Informational                      [Page 1]
RFC 4169                   HTTP Digest AKAv2               November 2005

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . .  4
   2.  HTTP Digest AKAv2  . . . . . . . . . . . . . . . . . . . . . .  5
       2.1.  Password generation  . . . . . . . . . . . . . . . . . .  6
       2.2.  Session keys . . . . . . . . . . . . . . . . . . . . . .  6
   3.  Example Digest AKAv2 Operation . . . . . . . . . . . . . . . .  7
   4.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
       4.1.  Multiple Authentication Schemes and Algorithms . . . . .  7
       4.2.  Session Protection . . . . . . . . . . . . . . . . . . .  7
       4.3.  Man-in-the-middle attacks  . . . . . . . . . . . . . . .  8
       4.4.  Entropy  . . . . . . . . . . . . . . . . . . . . . . . .  9
   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
       5.1.  Registration Information . . . . . . . . . . . . . . . . 10
   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
       6.1.  Normative References . . . . . . . . . . . . . . . . . . 11
       6.2.  Informative References . . . . . . . . . . . . . . . . . 11

1.  Introduction

   The Hypertext Transfer Protocol (HTTP) Digest Authentication,
   described in [4], has been extended in [6] to support the
   Authentication and Key Agreement (AKA) mechanism [7].  The AKA
   mechanism performs authentication and session key agreement in
   Universal Mobile Telecommunications System (UMTS) networks.  HTTP
   Digest AKA enables the usage of AKA as a one-time password generation
   mechanism for Digest authentication.

   HTTP Digest is known to be vulnerable to man-in-the-middle attacks,
   even when run inside TLS, if the same HTTP Digest authentication
   credentials are used in some other context without TLS.  The attacker
   may initiate a TLS session with a server, and when the server
   challenges the attacker with HTTP Digest, the attacker masquerades
   the server to the victim.  If the victim responds to the challenge,
   the attacker is able to use this response towards the server in HTTP
   Digest.  Note that this attack is an instance of a general attack
   that affects a number of IETF protocols, such as PIC.  The general
   problem is discussed in [8] and [9].

   Because of the vulnerability described above, the use of HTTP Digest
   "AKAv1" should be limited to the situations in which the client is
   able to demonstrate that, in addition to the AKA response, it
   possesses the AKA session keys.  This is possible, for example, if
   the underlying security protocol uses the AKA-generated session keys
   to protect the authentication response.  This is the case, for
   example, in the 3GPP IP Multimedia Core Network Subsystem (IMS),
   where HTTP Digest "AKAv1" is currently applied.  However, HTTP Digest

Torvinen                     Informational                      [Page 2]
RFC 4169                   HTTP Digest AKAv2               November 2005

   "AKAv1" should not be used with tunnelled security protocols that do
   not utilize the AKA session keys.  For example, the use of HTTP
   Digest "AKAv1" is not necessarily secure with TLS if the server side

[include full document text]