1、 International Telecommunication Union ITU-T X.1034TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (02/2011) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Information and network security Network security Guidelines on extensible authentication protocol based authentication and ke
2、y management in a data communication network Recommendation ITU-T X.1034 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400
3、X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049Security manage
4、ment X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.11
5、79 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overvie
6、w of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, ple
7、ase refer to the list of ITU-T Recommendations. Rec. ITU-T X.1034 (02/2011) i Recommendation ITU-T X.1034 Guidelines on extensible authentication protocol based authentication and key management in a data communication network Summary The extensible authentication protocol (EAP) is an authentication
8、 framework that supports multiple authentication mechanisms between a supplicant and an authentication server in a data communication network. EAP can be used as a basic tool for enabling user authentication and distribution of session keys in a data communication network. Since there are several EA
9、P methods, the application designer should select the optimal EAP method among them. This revision of Recommendation ITU-T X.1034 describes a framework for EAP-based authentication and key management for securing the lower layer in a communication network. It provides guidance on the selection of EA
10、P methods and describes the mechanism for key management for the lower layer of a data communication network. The framework described in this Recommendation can be applied to protect data communication networks with wireless or wired access networks with a shared medium. History Edition Recommendati
11、on Approval Study Group 1.0 ITU-T X.1034 2008-04-06 17 2.0 ITU-T X.1034 2011-02-13 17 ii Rec. ITU-T X.1034 (02/2011) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs)
12、. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication St
13、andardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of informat
14、ion technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency.
15、 Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some ot
16、her obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or impl
17、ementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development proces
18、s. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly
19、urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1034 (02/2011) iii Table of Contents Page 1 Scope 1 2 References.
20、1 3 Terms and definitions . 2 3.1 Terms defined elsewhere 2 3.2 Terms defined in this Recommendation . 2 4 Abbreviations and acronyms 4 5 Conventions 4 6 EAP-based authentication and key management framework . 5 6.1 Introduction 5 6.2 General features of EAP . 6 6.3 Basic operational procedures for
21、authentication and key management protocols . 7 7 EAP protocols . 7 7.1 Vulnerabilities in EAP 7 7.2 Set of requirements for EAP . 8 7.3 Criteria for evaluating and classifying EAP methods 10 7.4 EAP method 12 7.5 Evaluation of existing EAP methods 12 8 Key management 12 8.1 Practical threats to a s
22、pecific wireless access network . 12 8.2 General operational phases for key management . 13 8.3 Set of requirements for key management . 14 8.4 Flow of the key management protocol . 16 8.5 Requirements classification of key management . 17 9 Cryptographic key for key management. 18 9.1 General polic
23、y model . 18 9.2 Possible cryptographic key hierarchy and key derivation 18 Appendix I Evaluation of existing EAP methods . 20 Appendix II AAA protocol . 23 Appendix III Overview of the existing EAP methods 24 III.1 Pre-shared secret-based EAP methods . 24 III.2 EAP methods based on public key . 25
24、III.3 EAP methods that support both shared secret and public key 26 III.4 Tunnel-based EAP methods . 26 Bibliography. 28 Rec. ITU-T X.1034 (02/2011) 1 Recommendation ITU-T X.1034 Guidelines on extensible authentication protocol based authentication and key management in a data communication network
25、1 Scope The extensible authentication protocol (EAP) is an authentication framework that supports multiple authentication mechanisms between a supplicant and an authentication server. EAP can work directly over lower layers, e.g., the data link layer, such as the point-to-point protocol (PPP), IEEE
26、802, CDMA2000, UMTS, or VDSL/ADSL. For example, IEEE 802.1X is a typical transport mechanism for EAP over 802 LANs. The EAP basically performs authentication for a device attached to a LAN, establishing a secure point-to-point connection or preventing access by an unauthorized device. In other words
27、, EAP can be used to authenticate the supplicant wishing to access the network. The AAA function may be used as one of the key functions for lower-layer security of a data communication network. AAA enables transporting the secret key from the authentication server to the authenticator. Thus, defini
28、ng the requirements of the EAP method and key management protocol, establishing criteria for selecting an optimal EAP method among several existing EAP methods, and defining a suitable framework for EAP and an optimal key management protocol including key derivation methods for lower-layer security
29、in end-to-end data communication are essential. This Recommendation applies mainly to EAP-based authentication and key management protocol for data communication with a wireless access network where communication through the wireless access network should be protected by the key material derived fro
30、m the key management protocol. This Recommendation describes a framework for authentication and key management to secure the lower layer in data communication. It also provides guidance on the selection of EAP methods for a data communication network and describes the mechanism for key management an
31、d possible key hierarchy for lower-layer security in a data communication network. This Recommendation is to provide complete sets for EAP-based authentication itself but also the key management, from threat analysis to requirements, allowing the network operator to choose an adequate EAP method by
32、using some criteria described for a specific network environment. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were vali
33、d. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations
34、is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.805 Recommendation ITU-T X.805 (2003), Security architecture for systems providing end-to-end communications. ITU-T X.1121 Recommendatio
35、n ITU-T X.1121 (2004), Framework of security technologies for mobile end-to-end data communications. ITU-T X.1151 Recommendation ITU-T X.1151 (2007), Guideline on secure password-based authentication protocol with key exchange. IETF RFC 3748 IETF RFC 3748 (2004), Extensible Authentication Protocol (
36、EAP). 2 Rec. ITU-T X.1034 (02/2011) IETF RFC 4017 IETF RFC 4017 (2005), Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs. IETF RFC 5216 IETF RFC 5216 (2008), The EAP-TLS Authentication Protocol. ISO/IEC 8802-11 ISO/IEC 8802-11:2005/Amd.6:2006, Information technology Tel
37、ecommunications and information exchange between systems Local and metropolitan area networks Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications Amendment 6: Medium Access Control (MAC) Security Enhancements). 3 Terms and definitions 3.1 T
38、erms defined elsewhere 3.1.1 passive attack ITU-T X.1151: This refers to an attack that involves listening, i.e., eavesdropping, without modifying or supplementing information. 3.1.2 server-compromised attack ITU-T X.1151: This refers to an attack wherein an attacker obtains verifier information fro
39、m the server and launches a dictionary attack on the password file. 3.1.3 temporal key (TK) ISO/IEC 8802-11: This pertains to the keying materials for the encryption and integrity of messages during later data sessions. TK generally resides in the part of PTK. 3.2 Terms defined in this Recommendatio
40、n 3.2.1 4-way handshake adapted from IETF RFC 4017: A 4-way handshake is a process consisting of 4 messages exchanged by two parties, where a pair-wise master key is involved. As a Pair-wise Authentication and Key Management Protocol (AKMP) defined in ISO/IEC 8802-11, it confirms the mutual possessi
41、on of a Pair-wise Master Key by two parties and distributes a Group Key. 3.2.2 authentication, authorization, accounting (AAA) adapted from IETF RFC 4017: The AAA protocol can be used as transport mechanism for the EAP message; it consists of RADIUS and Diameter. In general, the terms “AAA server“ a
42、nd “backend authentication server“ are used interchangeably. 3.2.3 authenticator adapted from IETF RFC 4017: The authenticator refers to the endpoint of the link initiating EAP authentication when a supplicant wants to access the network. 3.2.4 backend authentication server adapted from IETF RFC 401
43、7: A backend authentication server, i.e., authentication server, pertains to an entity providing authentication service to an authenticator. A typical backend authentication server is the AAA server. 3.2.5 credentials: A set of security-related information comprising keys, keying material and crypto
44、graphic algorithm-related parameters that can be used to establish the identity of an entity, or to help that entity communicate securely. 3.2.6 EAP server adapted from IETF RFC 4017: This entity executes the EAP authentication method with the supplicant. In case no backend authentication server is
45、used, the EAP server plays the role of the authenticator. In case a backend authentication server is used, that is, if the authenticator operates in pass-through mode, i.e., the authenticator forwards the EAP message without any modification to the supplicant or vice versa, the EAP server is placed
46、on the backend authentication server. 3.2.7 key confirmation: A procedure to prove one entity that another entity established the correct secret keying material as a result of a key establishment. Rec. ITU-T X.1034 (02/2011) 3 3.2.8 man-in-the-middle attack adapted from ITU-T X.1151: This refers to
47、an attack wherein an attacker intercepts the public key being exchanged by two entities and substitutes his/her own public key to impersonate the recipient, where the attacker can own the public key or take a copy of it while being exchanged. This attack compromises the security of the cryptosystem.
48、 3.2.9 master key (MK): Top-level keying material is shared between the supplicant and the authentication server to derive the master session key. In general, a master key is different from the master session key. This is because the MK represents a positive access decision for a supplicant by the a
49、uthentication server. 3.2.10 master session key (MSK) adapted from IETF RFC 4017: This refers to the keying material derived between the EAP peer and server and exported to the authenticator using the EAP method. MSK is at least 64 octets long. In existing implementations, an AAA server acting as an EAP server transports the MSK to the authenticator. It refers to the privilege given to a supplicant by an authenticator to access the lower layer of a data communication network. In this Recomm
