EAP-AKA-Prime =============== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the Expansion of EAP-AKA-Prime?** * **EAP-AKA-Prime** stands for **Extensible Authentication Protocol - Authentication and Key Agreement (AKA) Prime**. * It is an enhanced version of **EAP-AKA**, designed for authentication and key management in **mobile networks**, specifically **5G** and **4G LTE**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is EAP-AKA-Prime?** * **EAP-AKA-Prime** is an authentication protocol used for secure communication between mobile devices (like smartphones) and network servers. * It is an evolved version of **EAP-AKA**, primarily used in **5G networks** for **authentication** and **key agreement** between devices and the network. * It provides stronger protection against certain types of attacks compared to its predecessor (EAP-AKA). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is EAP-AKA-Prime useful?** * **Improved Security**: EAP-AKA-Prime is more resistant to security threats, such as **man-in-the-middle attacks** and **credential theft**, offering enhanced protection for mobile network communications. * **Enhanced Authentication**: It uses a more secure process for mutual authentication, which ensures that both the client and the network are verified. * **Supports 5G Networks**: EAP-AKA-Prime is built for next-generation mobile networks, making it essential for **5G** technology. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * **Key Exchange**: The device and network exchange cryptographic keys using **EAP-AKA-Prime** to secure communications and ensure that unauthorized devices cannot connect. * **Mutual Authentication**: Both the device and the network authenticate each other, ensuring trust and secure data transfer. * **Session Key Generation**: After authentication, a session key is generated, which is used to encrypt communication between the device and the network. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is EAP-AKA-Prime used?** * **Mobile Networks**: It is used extensively in **4G LTE** and **5G mobile networks** for authentication and secure key management. * **SIM-based Authentication**: Used in scenarios where a **SIM card** is present in mobile devices, especially for **cellular** and **Wi-Fi networks**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * EAP-AKA-Prime operates at the **Application Layer (Layer 7)** of the OSI model. * It is part of the **EAP framework** and relies on lower layers for transport (such as **RADIUS**). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-AKA-Prime Windows specific?** * **No**, **EAP-AKA-Prime** is not Windows-specific. * It can be used on any platform that supports the **EAP framework**, including **Android**, **iOS**, **Linux**, and **Windows**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-AKA-Prime Linux Specific?** * **No**, **EAP-AKA-Prime** is not Linux-specific. * It can work across multiple operating systems, as long as the network supports the **EAP-AKA-Prime** protocol, which is designed to be OS-agnostic. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by EAP-AKA-Prime?** * **EAP-AKA-Prime** uses the **RADIUS** protocol for communication between the client (mobile device) and the server (authentication server). * RADIUS typically uses **UDP** (User Datagram Protocol) as the transport protocol. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by EAP-AKA-Prime?** * **EAP-AKA-Prime** operates over **UDP port 1812** for authentication requests, which is the default port for **RADIUS**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-AKA-Prime using Client-server model?** * Yes, **EAP-AKA-Prime** follows the **client-server model**. * The **client** (e.g., mobile device) authenticates with the **server** (e.g., network authentication server), and the server makes decisions based on the client’s credentials. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-AKA-Prime protocol uses certificates?** * Yes, **EAP-AKA-Prime** can utilize **certificates** in certain cases to verify the authenticity of the server or the client during the authentication process. * These certificates help in securing the authentication process and preventing man-in-the-middle attacks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How many frame exchanges are seen during connection for EAP-AKA-Prime protocol?** * The **EAP-AKA-Prime** connection procedure typically involves **three** frame exchanges: 1. **Initial Authentication Request** 2. **Authentication Response** 3. **Authentication Success/Failure** .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-AKA-Prime Protocol uses client certificates?** * **No**, **EAP-AKA-Prime** generally does not require **client certificates**. * It relies on **SIM-based authentication** and other methods for verifying the client’s identity. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-AKA-Prime Protocol uses Server Certificates?** * **Yes**, **EAP-AKA-Prime** typically uses **server certificates** to verify the authenticity of the network (server) during the authentication process. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-AKA-Prime Protocol depends on TCP?** * **No**, **EAP-AKA-Prime** typically depends on **UDP**, since it uses the **RADIUS protocol** for transport, which operates over UDP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-AKA-Prime Protocol depends on UDP?** * **Yes**, **EAP-AKA-Prime** relies on **UDP** for transport, since it uses **RADIUS** over UDP for authentication and other communication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the roles involved when testing EAP-AKA-Prime Protocol?** * **Testers/Engineers**: Individuals responsible for validating the functionality and security of the protocol. * **RADIUS Server**: The server that handles authentication requests. * **Client Devices**: Mobile devices, such as smartphones, which are involved in the connection process. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-AKA-Prime Protocol work with free radius server on Linux?** * **Yes**, **EAP-AKA-Prime** can work with the **FreeRADIUS** server on **Linux**. * FreeRADIUS supports various EAP protocols, including **EAP-AKA-Prime**, for authentication purposes. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-AKA-Prime Protocol work with Internal radius server of hostapd?** * **Yes**, **EAP-AKA-Prime** can work with the **internal RADIUS server** provided by **hostapd** on **Linux** systems. * Hostapd supports various EAP methods, including **EAP-AKA-Prime**. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the RFC version used for EAP-AKA-Prime Protocol?** * The **RFC** version for **EAP-AKA-Prime** is **RFC 4187**. * It is part of the broader **EAP** framework for authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **During Connection Procedure which EPoL Packets are encrypted?** * During the **connection procedure**, the **EAP-AKA-Prime** protocol encrypts the **authentication** and **key exchange** packets to ensure privacy and prevent tampering. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can you Explain different stages of Connection Procedure for EAP-AKA-Prime Protocol?** * **Stage 1**: The mobile device sends an **EAP-Request/Identity** packet. * **Stage 2**: The server responds with an **EAP-Response/Identity** packet and performs authentication. * **Stage 3**: The key exchange process is completed, followed by the **EAP-Success** message. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the final output of Connection Procedure?** * The final output is the **generation of a session key** (PMK), which is used to establish a secure connection between the client device and the network. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the format of the key generated after the connection procedure?** * The key generated is typically a **PMK** (**Pairwise Master Key**) used for encrypting data traffic during the session. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is the use of PMK generated by the Connection Procedure?** * The **PMK** is used to generate the **PTK** (**Pairwise Transient Key**) during the connection process, ensuring encrypted communication between the mobile device and the network. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`EAP_AKA_Prime Version&IEEE Details ` * :ref:`EAP_AKA_Prime Basic Setup on Ubuntu ` * :ref:`EAP_AKA_Prime Protocol Packet Details ` * :ref:`EAP_AKA_Prime Usecases ` * :ref:`EAP_AKA_Prime Basic Features ` * :ref:`Reference links ` .. _EAP_AKA_Prime_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _EAP_AKA_Prime_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _EAP_AKA_Prime_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _EAP_AKA_Prime_step5: .. tab-set:: .. tab-item:: EAP_AKA_Prime Version&RFC Details * rfc details .. _EAP_AKA_Prime_step18: .. tab-set:: .. tab-item:: EAP_AKA_Prime Basic Setup on Ubuntu * setup .. _EAP_AKA_Prime_step6: .. tab-set:: .. tab-item:: EAP_AKA_Prime Protocol Packet Details * packet details .. _EAP_AKA_Prime_step7: .. tab-set:: .. tab-item:: EAP_AKA_Prime Usecases * usecases .. _EAP_AKA_Prime_step8: .. tab-set:: .. tab-item:: EAP_AKA_Prime Basic Features * features .. _EAP_AKA_Prime_step17: .. tab-set:: .. tab-item:: Reference links * Reference links