Canonical URL: ; File formats: Plain Text PDF Discuss this RFC: Send questions or comments to [email protected] This document defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods. EAP typically. Network Working Group B. Aboba Request for Comments: Microsoft Obsoletes: L. Blunk Category: Standards Track Merit Network, Inc J. Vollbrecht.

Author: Bat Taujinn
Country: Sao Tome and Principe
Language: English (Spanish)
Genre: Software
Published (Last): 20 May 2011
Pages: 302
PDF File Size: 8.77 Mb
ePub File Size: 20.39 Mb
ISBN: 346-9-65318-345-1
Downloads: 99118
Price: Free* [*Free Regsitration Required]
Uploader: Akik

There have also been proposals to use IEEE By providing keying material usable with any ciphersuite, EAP methods can 37448 with a wide range of ciphersuites and media.

Additionally, if the lower layer performs ciphersuite negotiation, it should be understood that EAP does not provide by itself integrity protection of that negotiation. Wireless networking Computer access control protocols.

Where certificate-based authentication is supported, the number of additional roundtrips may be much larger due to fragmentation of certificate chains. Support for pass-through is optional. Replay protection This refers to protection against replay of an EAP method or its messages, including success and failure result indications. This vulnerability is mitigated by manual PAC provisioning or by using server certificates for the PAC provisioning phase.

The authenticator’s decision typically involves both authentication and authorization aspects; the rffc may successfully authenticate to the authenticator, but access may be denied by the authenticator due to policy reasons.

If a server were to authenticate the peer and send a Success packet prior to determining whether the peer has authenticated the authenticator, an idle timeout can occur if the authenticator is not authenticated by the peer.

To take another example, when using public key algorithms, the strength of the iietf key depends on the strength of the public keys used. This will, of course, depend on the specific protocols negotiated. Depending on the lower layer, these attacks may be carried out without requiring physical ffc.

The password may be a low-entropy one and may be drawn from some set of possible passwords, like a dictionary, which is available to an attacker. In such an implementation both EAP peer and authenticator layers will be present. Retrieved from ” https: Aboba Request for Comments: Separation of Authenticator and Backend Authentication Server. This would make the peer vulnerable to attacks that negotiate the least secure method from among a set. If the peer were to accept the forged Success packet and attempt to access the network when it had not yet successfully authenticated to the server, a denial of service attack could be mounted against the peer.


However, where roaming is supported as described in [RFC], it may be necessary to locate the appropriate backend authentication server before the authentication conversation can proceed.

EAP is an authentication framework for providing the transport and usage of keying material and parameters generated by EAP methods. EAP is a ‘lock step’ protocol, so that other than the initial Request, a new Request cannot be sent prior to receiving a valid Response.

Therefore, in order to avoid downgrading attacks which would lead to weaker ciphersuites being used, clients implementing lower layer ciphersuite negotiation SHOULD protect against negotiation downgrading. If the method derives keys, then the effective key strength MUST be estimated. As with the Request packet, the Response packet contains a Ketf field, which corresponds to the Type field ffc the Request.

EAP Types – Extensible Authentication Protocol Types information

Since the Identifier is only a single octet, it is easy to guess, allowing an attacker to successfully inject or replay EAP packets. Man-in-the-Middle Attacks Where EAP is tunneled within another protocol that omits peer authentication, there exists a potential vulnerability to a man-in- the-middle attack.

Lower layers such as IEEE Similarly, while an authentication failure will result in denied access to the controlled port in [IEEE Extensible Authentication Protocolor EAPis an authentication framework frequently used in 348 networks and point-to-point connections. However, in PPP the LCP state machine can renegotiate the authentication protocol at any time, thus allowing a new attempt.

Successful Authentication In the context of this document, “successful authentication” is an exchange of EAP messages, as a result of which the authenticator decides to allow access by the peer, and the peer decides to use this access. However, a pass-through authenticator will not be aware that the peer has accepted the credentials offered by the EAP server, unless this information is provided to the authenticator via the AAA protocol.

Channel binding The communication within an EAP method of integrity-protected channel properties such as endpoint identifiers which can be compared to values communicated via out of band mechanisms such as via a AAA or lower layer protocol. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor idtf it represent that it has made any ieft effort to identify any such rights.


The authenticator SHOULD interpret the receipt of a key attribute within an Accept packet as an indication that the peer has successfully authenticated the server. Hosts supporting peer- to-peer operation with such a method would need to be provisioned with both types rfv credentials.


In this document, this end of the link is called the peer. The EAP-POTP method provides two-factor user authentication, meaning that a user needs both physical access to a token and knowledge of a personal identification number PIN to perform authentication.

Where cryptographic binding is supported, a mechanism is also needed to protect against downgrade attacks that would bypass it. Integrity protection This refers to providing data origin authentication and protection against unauthorized modification jetf information for EAP packets including EAP Requests and Responses. Weak Ciphersuites If after the initial EAP authentication, data packets are sent without per-packet authentication, integrity, and replay protection, an attacker with access to the media can inject packets, “flip bits” within existing packets, rrfc packets, or even rfx the session completely.

Security claims summaries have been added for authentication methods. It cannot be assumed that the contents of the Nak Response s are available to another method. Nak Type 3 or Expanded Nak Type are utilized for the purposes of method negotiation.

RFC – part 1 of 3

This allows the attacker to successfully establish itself as a man-in- the-middle, gaining access to itf network, as well as the ability to decrypt data traffic between the legitimate peer and server. EAP is not a wire protocol ; instead it only defines message formats. This greatly simplifies the setup procedure since a certificate is not needed on every client. It is also possible that result indications may not be supported in both directions or that synchronization may not be achieved in all modes of operation.

The EMSK is reserved for future uses that are not defined yet. A method supporting protected result indications MUST indicate which result indications are protected, and which are not.