درباره ما
ITU-T X.1034
Guidelines on extensible authentication protocol based authentication and key management in a data communication network - Study Group 17
Year: 2011
Abstract: The extensible authentication protocol (EAP) is an authentication framework that supports multiple authentication mechanisms between a supplicant and an authentication server. EAP can work directly over lower layers, e.g., the data link layer, such as the point-to-point protocol (PPP), IEEE 802, CDMA2000, UMTS, or VDSL/ADSL. For example, IEEE 802.1X is a typical transport mechanism for EAP over 802 LANs. The EAP basically performs authentication for a device attached to a LAN, establishing a secure point-to-point connection or preventing access by an unauthorized device. In other words, EAP can be used to authenticate the supplicant wishing to access the network. The AAA function may be used as one of the key functions for lower-layer security of a data communication network. AAA enables transporting the secret key from the authentication server to the authenticator. Thus, defining the requirements of the EAP method and key management protocol, establishing criteria for selecting an optimal EAP method among several existing EAP methods, and defining a suitable framework for EAP and an optimal key management protocol including key derivation methods for lower-layer security in end-to-end data communication are essential. This Recommendation applies mainly to EAP-based authentication and key management protocol for data communication with a wireless access network where communication through the wireless access network should be protected by the key material derived from the key management protocol.
This Recommendation describes a framework for authentication and key management to secure the lower layer in data communication. It also provides guidance on the selection of EAP methods for a data communication network and describes the mechanism for key management and possible key hierarchy for lower-layer security in a data communication network. This Recommendation is to provide complete sets for EAP-based authentication itself but also the key management, from threat analysis to requirements, allowing the network operator to choose an adequate EAP method by using some criteria described for a specific network environment.
This Recommendation describes a framework for authentication and key management to secure the lower layer in data communication. It also provides guidance on the selection of EAP methods for a data communication network and describes the mechanism for key management and possible key hierarchy for lower-layer security in a data communication network. This Recommendation is to provide complete sets for EAP-based authentication itself but also the key management, from threat analysis to requirements, allowing the network operator to choose an adequate EAP method by using some criteria described for a specific network environment.
Show full item record
| contributor author | ITU-T - International Telecommunication Union/ITU Telcommunication Sector | |
| date accessioned | 2017-09-04T18:48:45Z | |
| date available | 2017-09-04T18:48:45Z | |
| date copyright | 2011.02.01 | |
| date issued | 2011 | |
| identifier other | KPSHUEAAAAAAAAAA.pdf | |
| identifier uri | http://yse.yabesh.ir/std;jsessioutho9193177793325273135A68A1095801/handle/yse/230025 | |
| description abstract | The extensible authentication protocol (EAP) is an authentication framework that supports multiple authentication mechanisms between a supplicant and an authentication server. EAP can work directly over lower layers, e.g., the data link layer, such as the point-to-point protocol (PPP), IEEE 802, CDMA2000, UMTS, or VDSL/ADSL. For example, IEEE 802.1X is a typical transport mechanism for EAP over 802 LANs. The EAP basically performs authentication for a device attached to a LAN, establishing a secure point-to-point connection or preventing access by an unauthorized device. In other words, EAP can be used to authenticate the supplicant wishing to access the network. The AAA function may be used as one of the key functions for lower-layer security of a data communication network. AAA enables transporting the secret key from the authentication server to the authenticator. Thus, defining the requirements of the EAP method and key management protocol, establishing criteria for selecting an optimal EAP method among several existing EAP methods, and defining a suitable framework for EAP and an optimal key management protocol including key derivation methods for lower-layer security in end-to-end data communication are essential. This Recommendation applies mainly to EAP-based authentication and key management protocol for data communication with a wireless access network where communication through the wireless access network should be protected by the key material derived from the key management protocol. This Recommendation describes a framework for authentication and key management to secure the lower layer in data communication. It also provides guidance on the selection of EAP methods for a data communication network and describes the mechanism for key management and possible key hierarchy for lower-layer security in a data communication network. This Recommendation is to provide complete sets for EAP-based authentication itself but also the key management, from threat analysis to requirements, allowing the network operator to choose an adequate EAP method by using some criteria described for a specific network environment. | |
| language | English | |
| title | ITU-T X.1034 | num |
| title | Guidelines on extensible authentication protocol based authentication and key management in a data communication network - Study Group 17 | en |
| type | standard | |
| page | 36 | |
| status | Active | |
| tree | ITU-T - International Telecommunication Union/ITU Telcommunication Sector:;2011 | |
| contenttype | fulltext |