EAP-AKA, EAP method for 3rd Generation Authentication and Key Agreement

Description Glossary RFCs Publications Obsolete RFCs

Description:

Protocol suite: PPP.
Protocol type:EAP subprotocol.
Base protocol: EAP, PPP Extensible Authentication Protocol.
EAP type:23.
SNMP MIBs:
Working groups:
Links:

An EAP mechanism for authentication and session key distribution that uses the (AKA) Authentication and Key Agreement mechanism. AKA is used in the 3rd generation mobile networks Universal Mobile Telecommunications System (UMTS) and CDMA2000. AKA is based on symmetric keys, and typically runs in a Subscriber Identity Module, which is a UMTS Subscriber Identity Module, USIM, or a (Removable) User Identity Module, (R)UIM, similar to a smart card. EAP-AKA includes optional identity privacy support, optional result indications, and an optional fast re-authentication procedure.


Glossary:

AuC, Authentication Centre.
The mobile network element that can authenticate subscribers in the mobile networks.

AUTN.
AKA parameter. AUTN is an authentication value generated by the AuC, which, together with the RAND, authenticates the server to the peer. 128 bits.

AUTS.
AKA parameter. A value generated by the peer upon experiencing a synchronization failure. 112 bits.

Fast re-authentication.
An EAP-AKA authentication exchange that is based on keys derived upon a preceding full authentication exchange. The 3rd Generation AKA is not used in the fast re-authentication procedure.

Fast re-authentication identity.
A fast re-authentication identity of the peer, including an NAI realm portion in environments where a realm is used. Used on re-authentication only.

Fast re-authentication username.
The username portion of fast re-authentication identity, i.e., not including any realm portions.

Full authentication.
An EAP-AKA authentication exchange that is based on the 3rd Generation AKA procedure.

NAI, Network Access Identifier.

Identity module.
The part of the mobile device that contains authentication and key agreement primitives. The identity module may be an integral part of the mobile device or it may be an application on a smart card distributed by a mobile operator. USIM and (R)UIM are identity modules.

Nonce.
A value that is used at most once or that is never repeated within the same cryptographic context. In general, a nonce can be predictable (e.g., a counter) or unpredictable (e.g., a random value). Because some cryptographic properties may depend on the randomness of the nonce, attention should be paid to whether a nonce is required to be random or not.

Permanent identity.
The permanent identity of the peer, including an NAI realm portion in environments where a realm is used. The permanent identity is usually based on the IMSI. Used on full authentication only.

Permanent username.
The username portion of permanent identity, i.e., not including any realm portions.

Pseudonym identity.
A pseudonym identity of the peer, including an NAI realm portion in environments where a realm is used. Used on full authentication only.

Pseudonym username.
The username portion of pseudonym identity, i.e., not including any realm portions.

RAND.
AKA parameter. Random number generated by the AuC. 128 bits.

RES.
Authentication result from the peer, which, together with the RAND, authenticates the peer to the server. 128 bits.

(R)UIM, CDMA2000 (Removable) User Identity Module.
An application that is resident on devices such as smart cards, which may be fixed in the terminal or distributed by CDMA2000 operators (when removable).

SQN.
AKA parameter. Sequence number used in the authentication process. 48 bits.

SIM, Subscriber Identity Module.
Traditionally a smart card distributed by a GSM operator.

SRES.
The authentication result parameter in GSM. Corresponds to the RES parameter in 3G AKA. 32 bits.

UAK, UIM Authentication Key.
Used in CDMA2000 AKA. Both the identity module and the network can optionally generate the UAK during the AKA computation in CDMA2000.

USIM, UMTS Subscriber Identity Module.
An application that is resident on devices such as smart cards distributed by UMTS operators.


RFCs:

[RFC 4187] Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA).


Publications:


Obsolete RFCs:


Description Glossary RFCs Publications Obsolete RFCs