Technical Summary
The Extensible Authentication Protocol (EAP) provides support for
multiple authentication methods. This document defines the EAP-NOOB
authentication method for nimble out-of-band (OOB) authentication and
key derivation. The EAP method is intended for bootstrapping all
kinds of Internet-of-Things (IoT) devices that have no pre-configured
authentication credentials. The method makes use of a user-assisted
one-directional OOB message between the peer device and
authentication server to authenticate the in-band key exchange. The
device must have an input or output interface, such as a display,
microphone, speaker or blinking light, which can send or receive
dynamically generated messages of tens of bytes in length.
Working Group Summary
The document received a detailed early IoT directorate review.
Document Quality
At least three public implementations of the protocol are available:
1. wpa_supplicant - https://github.com/tuomaura/eap-noob
2. contiki - https://github.com/eduingles/coap-eap-noob
3. hostap - https://github.com/Vogeltak/hostap
The protocol has security proofs:
1. Proverif: https://github.com/tuomaura/eap-noob/tree/master/protocolmodel/proverif
2. mcrl2: https://github.com/tuomaura/eap-noob/tree/master/protocolmodel/mcrl2
Personnel
Document Shepherd - Joe Salowey
Responsible AD - Roman Danyliw