Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지

A Comparative Analysis of EAP Authentication/Key-Establishment Protocols

EAP 인증/키설정 프로토콜 비교분석

  • 박동국 (순천대학교 정보통신공학부) ;
  • 조경룡 (순천대학교 정보통신공학부)
  • Published : 2005.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

EAP (Extensible authentication protocol) is a sort of general framework for authentication rather than a specific authentication protocol. An important consequence of this is that EAP can accommodate a variety of authentication/key-establishment protocols for different internet access networks possibly integrated to a common IP core network This paper tries a comparative analysis of several specific authentication/key establishment protocols for EAP, and suggest a strategic viewpoint toward the question: which one to un. In addition, we tried to make things clear about an intellectual property right issue with regard to some password-based protocols.

EAP (Extensible authentication protocol) 프로토콜은 사실, IP 기반 위에서 다양한 유무선 접속 환경에 맞는 여러 가지 인증/키설정 (authentication and key establishment) 프로토콜을 수용할 수 있게 해주는 일종의 큰 틀이라고 할 수 있다. EAP와 함께 쓰일 수 있는 다양한 인증/키설정 프로토콜이 IETF에서 표준화되고 있고, 실제 환경에서 쓰이고 있다. 본 논문은, 이들 프로토콜 중에서 대표적인 것들 여섯 개를 골라서 비교 분석하고, 일부 유력한 패스워드 방식 인증/키설정 프로토콜을 둘러싼 지적재산권 분쟁의 여지에 대하여 기술적 해석을 시도하였으며, 이용환경 관점에서 어떤 취사 선택을 해야 할 것인가를 결론부분에서 제안하였다.

Keywords

References

  1. L. Blunk and J. Vollbrecht, 'PPP Extensible Authentication Protocol (EAP),' IETF RFC 2284, March 1998
  2. IEEE Standard 802.1X, Standards for Local and Metropolitan Area Networks: Port-Based Access Control, 2001
  3. IEEE, 'LAN MAN standards of the IEEE Computer Society: wireless LAN medium access control (MAC)and physical layer(PHY)specification', IEEE Standard 802.11, 1997
  4. B. Lolyd, et aI. 'PPP Authentication Protocols', IETF RFC 1992, October 1992
  5. W. Simpson, 'PPP Challenge Handshake Authentication Protocol (CHAP)', IETF RFC 1994, August 1996
  6. G. Zorn, 'Deriving Keys for use with Microsoft Point-to-Point (MPPE)', IETF draft, Octo-ber 2000
  7. B. Schneier, Applied Cryptography, 2nd ed. Wiley, 1996, pp. 171-173
  8. http://www.cisco.com/warp/public/784/packet/exclusive/apr02.htmI
  9. B. Aboba and D. Simon, 'PPP EAP TLS Authentication Protocol,' IETF RFC 2716, October 1999
  10. L.C. Paulson, 'Inductive Analysis of the Internet Protocol TLS', ACM Transactions on Computer and System Security 23, 1999, pp. 332-351
  11. P. Funk and S. Blake-Wilson, 'EAP Tunneled TLS Authentication Protocol (EAP-TTLS)', IETF draft, July 2004
  12. T. Wu, 'The Secure Remote Password Protocol', in Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, CA, Mar 1998, pp. 97-111
  13. J. Carlson, B. Aboba and H. Haverinen, 'EAP SRP-SHAI Authentication Protocol', IETF draft, July 2001
  14. S.M. Bellovin and M. Merritt, 'Encrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks', Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy, 1992, pp.72-84
  15. S.M. Bellovin and M. Merritt, 'Cryptographic Protocols for Secure Communications', U.S. Patent #5,241,599,31 August 1993
  16. D. Jablon, 'Extended password methods immune to dictionary attack', In WETICE '97 Enterprise Security Workshop, Cambridge, MA, June 1997
  17. D. Jablon, 'Cryptographic methods Is for remote authentication', U.S. Patent #6,226,383, 1 May 2001
  18. http://www.ietf.org/ietf/IPR/LUCENT-SRP
  19. http://www.ietf.org/ietf/IPR/WU-SRP
  20. http://www.ietf.org/ietf/IPR/PHOENIX-SRP-RFC2945.txt
  21. DongGook Park, et aI., 'Forward secrecy and its application to future mobile communications security', PKC 2000, Lecture Note in Computer Science (LNCS) 1751, Springer-Verlag, 2000
  22. N. Doraswamy and D. Harkins, IPSec: the new security standard for the Internet, internets, and virtual private networks, 2nd Ed., Prentice Hall, 2003
  23. H. Andersson et aI., 'Portected EAP protocol (PEAP)', IETF draft, 23 Februry 2002
  24. L. Salgarelli, 'EAP SKE authentication and key exchange protocol', IETF draft, Nov 1, 2003