📄 draft-arkko-pppext-eap-aka-15.txt
字号:
Arkko & Haverinen Expires June 21, 2005 [Page 11]
Internet-Draft EAP-AKA Authentication December 2004 Peer Authenticator | EAP-Request/Identity | |<------------------------------------------------------| | | | EAP-Response/Identity | | (Includes user's NAI) | |------------------------------------------------------>| | +------------------------------+ | | Server runs AKA algorithms, | | | generates RAND and AUTN. | | +------------------------------+ | EAP-Request/AKA-Challenge | | (AT_RAND, AT_AUTN, AT_MAC) | |<------------------------------------------------------| +-------------------------------------+ | | Peer runs AKA algorithms, | | | verifies AUTN and MAC, derives RES | | | and session key | | +-------------------------------------+ | | EAP-Response/AKA-Challenge | | (AT_RES, AT_MAC) | |------------------------------------------------------>| | +--------------------------------+ | | Server checks the given RES, | | | and MAC and finds them correct.| | +--------------------------------+ | EAP-Success | |<------------------------------------------------------| Figure 1: EAP-AKA full authentication procedure Figure 2 shows how the EAP server rejects the Peer due to a failed authentication.Arkko & Haverinen Expires June 21, 2005 [Page 12]
Internet-Draft EAP-AKA Authentication December 2004 Peer Authenticator | EAP-Request/Identity | |<------------------------------------------------------| | | | EAP-Response/Identity | | (Includes user's NAI) | |------------------------------------------------------>| | +------------------------------+ | | Server runs AKA algorithms, | | | generates RAND and AUTN. | | +------------------------------+ | EAP-Request/AKA-Challenge | | (AT_RAND, AT_AUTN, AT_MAC) | |<------------------------------------------------------| +-------------------------------------+ | | Peer runs AKA algorithms, | | | possibly verifies AUTN, and sends an| | | invalid response | | +-------------------------------------+ | | EAP-Response/AKA-Challenge | | (AT_RES, AT_MAC) | |------------------------------------------------------>| | +------------------------------------------+ | | Server checks the given RES and the MAC, | | | and finds one of them incorrct. | | +------------------------------------------+ | EAP-Request/AKA-Notification | |<------------------------------------------------------| | EAP-Response/AKA-Notification | |------------------------------------------------------>| | EAP-Failure | |<------------------------------------------------------| Figure 2: Peer authentication fails Figure 3 shows the peer rejecting the AUTN of the EAP server. The peer sends an explicit error message (EAP-Response/AKA-Authentication-Reject) to the EAP server, as usual in AKA when AUTN is incorrect. This allows the EAP server to produce the same error statistics as AKA in general produces in UMTS or cdma2000.Arkko & Haverinen Expires June 21, 2005 [Page 13]
Internet-Draft EAP-AKA Authentication December 2004 Peer Authenticator | EAP-Request/Identity | |<------------------------------------------------------| | EAP-Response/Identity | | (Includes user's NAI) | |------------------------------------------------------>| | +------------------------------+ | | Server runs AKA algorithms, | | | generates RAND and a bad AUTN| | +------------------------------+ | EAP-Request/AKA-Challenge | | (AT_RAND, AT_AUTN, AT_MAC) | |<------------------------------------------------------| +-------------------------------------+ | | Peer runs AKA algorithms | | | and discovers AUTN that can not be | | | verified | | +-------------------------------------+ | | EAP-Response/AKA-Authentication-Reject | |------------------------------------------------------>| | EAP-Failure | |<------------------------------------------------------| Figure 3: Network authentication fails The AKA uses shared secrets between the Peer and the Peer's home operator together with a sequence number to actually perform an authentication. In certain circumstances it is possible for the sequence numbers to get out of sequence. Figure 4 shows what happens then.Arkko & Haverinen Expires June 21, 2005 [Page 14]
Internet-Draft EAP-AKA Authentication December 2004 Peer Authenticator | EAP-Request/Identity | |<------------------------------------------------------| | EAP-Response/Identity | | (Includes user's NAI) | |------------------------------------------------------>| | +------------------------------+ | | Server runs AKA algorithms, | | | generates RAND and AUTN. | | +------------------------------+ | EAP-Request/AKA-Challenge | | (AT_RAND, AT_AUTN, AT_MAC) | |<------------------------------------------------------| +-------------------------------------+ | | Peer runs AKA algorithms | | | and discovers AUTN that contains an | | | inappropriate sequence number | | +-------------------------------------+ | | EAP-Response/AKA-Synchronization-Failure | | (AT_AUTS) | |------------------------------------------------------>| | +---------------------------+ | | Perform resynchronization | | | Using AUTS and | | | the sent RAND | | +---------------------------+ | | Figure 4: Sequence number synchronization After the resynchronization process has taken place in the server and AAA side, the process continues by the server side sending a new EAP-Request/AKA-Challenge message. In addition to the full authentication scenarios described above, EAP-AKA includes a fast re-authentication procedure, which is specified in Section 5. Fast re-authentication is based on keys derived on full authentication. If the peer has maintained state information for re-authentication and wants to use fast re-authentication, then the peer indicates this by using a specific fast re-authentication identity instead of the permanent identity or a pseudonym identity.4. Operation4.1 Identity ManagementArkko & Haverinen Expires June 21, 2005 [Page 15]
Internet-Draft EAP-AKA Authentication December 20044.1.1 Format, Generation and Usage of Peer Identities4.1.1.1 General In the beginning of EAP authentication, the Authenticator or the EAP server usually issues the EAP-Request/Identity packet to the peer. The peer responds with EAP-Response/Identity, which contains the user's identity. The formats of these packets are specified in [RFC3748]. Subscribers of mobile networks are identified with the International Mobile Subscriber Identity (IMSI) [TS 23.003]. The IMSI is a string of not more than 15 digits. It is composed of a three digit Mobile Country Code (MCC), a two or three digit Mobile Network Code (MNC) and a not more than 10 digit Mobile Subscriber Identification Number (MSIN). MCC and MNC uniquely identify the GSM operator and help identify the AuC from which the authentication vectors need to be retrieved for this subscriber. Internet AAA protocols identify users with the Network Access Identifier (NAI) [RFC2486]. When used in a roaming environment, the NAI is composed of a username and a realm, separated with "@" (username@realm). The username portion identifies the subscriber within the realm. This section specifies the peer identity format used in EAP-AKA. In this document, the term identity or peer identity refers to the whole identity string that is used to identify the peer. The peer identity may include a realm portion. "Username" refers to the portion of the peer identity that identifies the user, i.e. the username does not include the realm portion.4.1.1.2 Identity Privacy Support EAP-AKA includes optional identity privacy (anonymity) support that can be used to hide the cleartext permanent identity and thereby to make the subscriber's EAP exchanges untraceable to eavesdroppers. Because the permanent identity never changes, revealing it would help observers to track the user. The permanent identity is usually based on the IMSI, which may further help the tracking, because the same identifier may be used in other contexts as well. Identity privacy is based on temporary identities, or pseudonyms, which are equivalent to but separate from the Temporary Mobile Subscriber Identities (TMSI) that are used on cellular networks. Please see Section 11.1 for security considerations regarding identity privacy.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -