IETF RFC 3748 PDF
Canonical URL: ; File formats: Plain Text PDF Discuss this RFC: Send questions or comments to [email protected] This document defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods. EAP typically. Network Working Group B. Aboba Request for Comments: Microsoft Obsoletes: L. Blunk Category: Standards Track Merit Network, Inc J. Vollbrecht.
|Published (Last):||27 October 2014|
|PDF File Size:||16.12 Mb|
|ePub File Size:||13.72 Mb|
|Price:||Free* [*Free Regsitration Required]|
Channel binding The communication within an EAP method of integrity-protected channel properties such as endpoint identifiers which can be compared to values communicated via out of band mechanisms such as via a AAA or lower layer protocol.
This page was last edited on 21 Decemberat This would make the peer vulnerable to attacks that negotiate the least secure method from among a set. For example, errors can occur prior to key derivation, and so it may not be possible to protect all failure indications.
It provides a protected communication channel, when mutual authentication is successful, for both parties to communicate and is designed for authentication over insecure networks such as IEEE Integrity protection This refers to providing data origin authentication and ieyf against unauthorized modification of information for EAP packets including EAP Requests and Responses. As described in Section 4.
RFC – Extensible Authentication Protocol (EAP) –
In order to protect against dictionary attacks, authentication methods resistant to dictionary attacks as defined in Section 7. For example, where a method supports error messages, an implicit success indication may be defined as the reception of a specific message without a preceding error message. It can use an existing and widely deployed authentication protocol and infrastructure, incorporating legacy password mechanisms and authentication databases, while the secure tunnel provides protection from eavesdropping and man-in-the-middle attack.
As noted in Section 2. This is because separate authentications that are not bound cryptographically so as to demonstrate they are part of the same session are 7348 to man-in-the-middle attacks, as discussed in Section 7.
In general, a fragmented Rfv packet will require as many round-trips to send as there are fragments. The sequence of Requests and Responses continues as long as needed. EAP is not a wire protocol ; instead it only defines message formats. A method supporting protected result indications MUST indicate which result indications are protected, and which are not.
EAP Types – Extensible Authentication Protocol Types information
For example, an authenticator might terminate one EAP method, then forward the next method in the sequence to another party without the peer’s iet or consent. This may enable an authenticator to impersonate another authenticator or communicate incorrect information via out- of-band mechanisms such as via a AAA or lower layer protocol. The Request has a Type field to indicate what is being requested. There is therefore no support for “pass-through peer” operation.
There have also been proposals to use IEEE Although iett is difficult to define what “comparable effort” and “typical block cipher” exactly mean, reasonable approximations are sufficient here.
For example, the EAP server may not be aware of an authorization decision made by a AAA proxy; the AAA server may check authorization only after authentication has completed successfully, to discover that authorization cannot be granted, or the AAA server may grant access but the authenticator may be unable to provide it due to a temporary lack of resources. If an authentication algorithm is used that is known to be vulnerable to dictionary attacks, then the conversation may be tunneled within a protected channel in order to provide additional protection.
Archived from the original PDF on 12 December For example, in IEEE It also strays iet the previous PPP authentication model of negotiating a specific authentication mechanism during LCP. Breaking a cryptographic assumption would typically require inverting a one-way function or predicting the outcome of a cryptographic pseudo-random number generator without knowledge of the secret state.
However, it is possible for a pass-through authenticator acting as a AAA client to provide correct information to the AAA server while communicating misleading information to the EAP peer via a lower layer protocol.
Were a sequence of EAP authentication methods to idtf permitted, the peer might not have proof that a single entity has acted as the authenticator for all EAP methods within the sequence.
Peer-to-Peer Operation Since EAP is a peer-to-peer protocol, an independent and simultaneous authentication may take place in the reverse direction depending on the capabilities of the lower layer. These messages are not authenticated or integrity protected, and although they 37748 not forwardable, they are spoofable by an attacker within range. Support for pass-through is optional.
In this case, it is necessary for both ends to implement EAP authenticator and peer layers. This derivation occurs on the AAA server. Therefore, in order to avoid downgrading attacks which would lead to weaker ciphersuites being used, clients implementing lower layer ciphersuite negotiation SHOULD protect against negotiation downgrading.
In addition, the EAP method implementations on both peers must support both authenticator and peer functionality. Archived from the original on Where the authenticator supports local authentication methods, it MAY examine the Type field to determine whether to act on the packet itself or iftf it.
This may rcc intentional in the case of identity privacy. This is distinct from the ciphersuite negotiated between the peer and authenticator, used to protect data. Please address the information to the IETF at ietf- ipr ietf. EAP is in wide use. Use of cleartext passwords would allow the password to be captured by an attacker with access to a link over which EAP packets are transmitted.
This explanation SHOULD include the parameters required to achieve the stated key strength based on current knowledge of the algorithms.
Extensible Authentication Protocol – Wikipedia
Lower layers such as IEEE The key strength depends on the methods used to derive the keys. Due to limitations of the design, this also implies the need for unicast key derivations and EAP method exchanges to occur in each direction.
Where EAP is used in pass-through mode, the EAP peer typically does not verify the identity of the pass-through authenticator, it only verifies that the pass-through authenticator is trusted by the EAP server. Within a mutually authenticating method, requiring that the server authenticate to the peer before the peer will accept a Success packet prevents an attacker from acting as a rogue authenticator. Multiple authentication methods within an EAP conversation are not supported due to their vulnerability to man-in-the-middle attacks see Section 7.
EAP provides its own support for duplicate elimination and retransmission, but is reliant on lower layer ordering guarantees. In addition to the security claims that are made, the specification MUST indicate which of the security claims detailed in Section 7.