Browse > Article

A Comparative Analysis of EAP Authentication/Key-Establishment Protocols  

Park DongGook (순천대학교 정보통신공학부)
Cho Kyung-Ryong (순천대학교 정보통신공학부)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.9, no.6, 2005 , pp. 1323-1332 More about this Journal
Abstract
EAP (Extensible authentication protocol) is a sort of general framework for authentication rather than a specific authentication protocol. An important consequence of this is that EAP can accommodate a variety of authentication/key-establishment protocols for different internet access networks possibly integrated to a common IP core network This paper tries a comparative analysis of several specific authentication/key establishment protocols for EAP, and suggest a strategic viewpoint toward the question: which one to un. In addition, we tried to make things clear about an intellectual property right issue with regard to some password-based protocols.
Keywords
EAP; WLAN;
Citations & Related Records
연도 인용수 순위
  • Reference
1 L. Blunk and J. Vollbrecht, 'PPP Extensible Authentication Protocol (EAP),' IETF RFC 2284, March 1998
2 IEEE, 'LAN MAN standards of the IEEE Computer Society: wireless LAN medium access control (MAC)and physical layer(PHY)specification', IEEE Standard 802.11, 1997
3 G. Zorn, 'Deriving Keys for use with Microsoft Point-to-Point (MPPE)', IETF draft, Octo-ber 2000
4 D. Jablon, 'Extended password methods immune to dictionary attack', In WETICE '97 Enterprise Security Workshop, Cambridge, MA, June 1997
5 http://www.ietf.org/ietf/IPR/LUCENT-SRP
6 http://www.ietf.org/ietf/IPR/PHOENIX-SRP-RFC2945.txt
7 N. Doraswamy and D. Harkins, IPSec: the new security standard for the Internet, internets, and virtual private networks, 2nd Ed., Prentice Hall, 2003
8 J. Carlson, B. Aboba and H. Haverinen, 'EAP SRP-SHAI Authentication Protocol', IETF draft, July 2001
9 B. Aboba and D. Simon, 'PPP EAP TLS Authentication Protocol,' IETF RFC 2716, October 1999
10 P. Funk and S. Blake-Wilson, 'EAP Tunneled TLS Authentication Protocol (EAP-TTLS)', IETF draft, July 2004
11 H. Andersson et aI., 'Portected EAP protocol (PEAP)', IETF draft, 23 Februry 2002
12 B. Schneier, Applied Cryptography, 2nd ed. Wiley, 1996, pp. 171-173
13 http://www.cisco.com/warp/public/784/packet/exclusive/apr02.htmI
14 IEEE Standard 802.1X, Standards for Local and Metropolitan Area Networks: Port-Based Access Control, 2001
15 http://www.ietf.org/ietf/IPR/WU-SRP
16 L. Salgarelli, 'EAP SKE authentication and key exchange protocol', IETF draft, Nov 1, 2003
17 B. Lolyd, et aI. 'PPP Authentication Protocols', IETF RFC 1992, October 1992
18 S.M. Bellovin and M. Merritt, 'Encrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks', Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy, 1992, pp.72-84
19 DongGook Park, et aI., 'Forward secrecy and its application to future mobile communications security', PKC 2000, Lecture Note in Computer Science (LNCS) 1751, Springer-Verlag, 2000
20 S.M. Bellovin and M. Merritt, 'Cryptographic Protocols for Secure Communications', U.S. Patent #5,241,599,31 August 1993
21 W. Simpson, 'PPP Challenge Handshake Authentication Protocol (CHAP)', IETF RFC 1994, August 1996
22 D. Jablon, 'Cryptographic methods Is for remote authentication', U.S. Patent #6,226,383, 1 May 2001
23 L.C. Paulson, 'Inductive Analysis of the Internet Protocol TLS', ACM Transactions on Computer and System Security 23, 1999, pp. 332-351
24 T. Wu, 'The Secure Remote Password Protocol', in Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, CA, Mar 1998, pp. 97-111