Implementation of EAP authentication into IKEv2 protocol
نویسندگان
چکیده
IKEv2 is a protocol for exchanging keys in the IPsec architecture. In it's specification, EAP was proposed as one of the authentication mechanisms. EAP is extensible authentication protocol based on client/server architecture and allows introduction of additional EAP methods. Implementation of this protocol is complex and in our project it was decided to include one of the existing implementations of EAP into IKEv2 protocol. WPA_supplicant implementation is chosen for peer and this article mainly describes how it was included. IKEv2 responder, on the other side, will rely on RADIUS server for EAP. Therefore it should provide protocol traverse between IKEv2 and RADIUS, both encapsulating EAP packets.
منابع مشابه
The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method
This document specifies EAP-IKEv2, an Extensible Authentication Protocol (EAP) method that is based on the Internet Key Exchange (IKEv2) protocol. EAP-IKEv2 provides mutual authentication and session key establishment between an EAP peer and an EAP server. It supports authentication techniques that are based on passwords, high-entropy shared keys, and public key certificates. EAP-IKEv2 further ...
متن کاملA Measurement Study on IKEv2 Authentication Performance in Wireless Networks
This paper presents an experimental evaluation of the performance costs of a wide variety of authentication methods over IKEv2 in wireless networks. The studied methods are preshared keys (PSK), extensible authentication protocol (EAP) using MD5, SIM, TTLS-MD5, TLS, and PEAP-MSCHAPv2. For the EAP-based methods RADIUS is used as authentication, authorization, and accounting (AAA) server. Two net...
متن کاملCGA as alternative security credentials with IKEv2: implementation and analysis
Internet Protocol security (IPsec) is a protocol suite enabling secure IP communications by authentication and/or encryption. Internet Key Exchange version 2 (IKEv2) mechanism is recommended to configure dynamically IPsec between IP nodes and the authentication of each peer is usually based on either pre-shared keys, X.509 certificates or Extensible Authentication Protocol (EAP). However, these...
متن کاملDiameter IKEv 2 SK : Using Shared Keys to Support Interaction between
The Internet Key Exchange Protocol version 2 (IKEv2) is a component of the IPsec architecture and is used to perform mutual authentication as well as to establish and to maintain IPsec Security Associations (SAs) between the respective parties. IKEv2 supports several different authentication mechanisms, such as the Extensible Authentication Protocol (EAP), certificates, and Shared Key (SK). Dia...
متن کاملRFC 5998 Extension for EAP in IKEv 2 September 2010
IKEv2 specifies that Extensible Authentication Protocol (EAP) authentication must be used together with responder authentication based on public key signatures. This is necessary with old EAP methods that provide only unilateral authentication using, e.g., one-time passwords or token cards. This document specifies how EAP methods that provide mutual authentication and key agreement can be used ...
متن کامل