EAP-AKA

What is the Expansion of EAP-AKA?

• EAP-AKA stands for Extensible Authentication Protocol - Authentication and Key Agreement.

• It is an authentication protocol used for mobile devices and networks, providing secure authentication and key management for mobile network access.

What is EAP-AKA?

• EAP-AKA is an authentication protocol used in 3G and 4G LTE networks for mutual authentication and secure key management between devices (such as smartphones) and the network.

• It provides secure SIM-based authentication using a shared secret stored in the SIM card.

Why is EAP-AKA useful?

• SIM-Based Authentication: EAP-AKA utilizes the SIM card to securely authenticate mobile devices, ensuring that only authorized devices can access the network.

• Secure Key Exchange: It offers a secure way to exchange keys between the device and the network for encryption of data during communication.

• Mutual Authentication: Both the mobile device and the network authenticate each other, reducing the risk of attacks like man-in-the-middle.

How it works?

• Key Agreement: EAP-AKA facilitates a process where the device and network mutually agree on a session key used for encryption.

• SIM-Based Authentication: The device uses the SIM card to perform authentication. A secret stored in the SIM card (shared with the network) is used for authentication.

• Key Derivation: After successful authentication, a key (PMK - Pairwise Master Key) is generated for securing communication between the device and the network.

Where is EAP-AKA used?

• Mobile Networks: Primarily used in 3G and 4G LTE cellular networks for secure mobile device authentication.

• Wi-Fi Networks: EAP-AKA is also used in some Wi-Fi networks, especially when SIM card-based authentication is required.

Which OSI layer does this protocol belong to?

• EAP-AKA operates at the Application Layer (Layer 7) of the OSI model.

• It uses lower layers for transport, commonly relying on RADIUS (Remote Authentication Dial-In User Service) for transport.

Is EAP-AKA windows specific?

• No, EAP-AKA is not Windows-specific.

• It is platform-agnostic and can be implemented on any platform supporting EAP and SIM-based authentication, including Android, iOS, Linux, and Windows.

Is EAP-AKA Linux Specific?

• No, EAP-AKA is not Linux-specific.

• Similar to other platforms, Linux-based devices can support EAP-AKA if the appropriate network infrastructure (like RADIUS server) is in place.

Which Transport Protocol is used by EAP-AKA?

• EAP-AKA typically uses the RADIUS protocol for communication between the client device and the authentication server.

• RADIUS usually operates over UDP (User Datagram Protocol) for transport.

Which Port is used by EAP-AKA?

• When using RADIUS, EAP-AKA typically uses UDP port 1812 for authentication requests and UDP port 1813 for accounting.

Is EAP-AKA using Client-server model?

• Yes, EAP-AKA follows the client-server model.

• The client (e.g., mobile device) authenticates with the server (e.g., RADIUS or network authentication server), which processes the authentication request and issues a response.

Whether EAP-AKA protocol uses certificates?

• Yes, EAP-AKA uses certificates in some cases, particularly when mutual authentication requires secure server verification.

• Server certificates are used to authenticate the server to the client.

How many frame exchanges are seen during connection for EAP-AKA protocol?

• EAP-AKA typically involves four frame exchanges:

  1. EAP-Request/Identity: The client sends an identity request.

  2. EAP-Response/Identity: The server responds with a request for the client’s identity.

  3. EAP-Request/AKA: A request for authentication.

  4. EAP-Success: The server sends an authentication success message.

Whether EAP-AKA Protocol uses client certificates?

• No, EAP-AKA generally does not require client certificates.

• It relies on SIM card-based authentication, where the client proves its identity through the SIM card shared secret.

Whether EAP-AKA Protocol uses Server Certificates?

• Yes, EAP-AKA typically uses server certificates to authenticate the network during the authentication process.

Is EAP-AKA Protocol depends on TCP?

• No, EAP-AKA does not depend on TCP.

• It uses RADIUS, which relies on UDP (User Datagram Protocol) as the transport protocol.

Is EAP-AKA Protocol depends on UDP?

• Yes, EAP-AKA depends on UDP.

• RADIUS, which is used for transporting EAP-AKA messages, operates over UDP.

What are the roles involved when testing EAP-AKA Protocol?

• Test Engineers: Responsible for testing the EAP-AKA protocol, ensuring it functions correctly under various conditions.

• RADIUS Server Administrators: Ensure the RADIUS server is correctly configured to handle EAP-AKA requests.

• Client Devices: Mobile devices that initiate the authentication process.

Does EAP-AKA Protocol work with free radius server on Linux?

• Yes, EAP-AKA can work with the FreeRADIUS server on Linux systems.

• FreeRADIUS supports various EAP protocols, including EAP-AKA.

Does EAP-AKA Protocol work with Internal radius server of hostapd?

• Yes, EAP-AKA can work with the internal RADIUS server of hostapd on Linux systems.

What is the RFC version used for EAP-AKA Protocol?

• EAP-AKA is specified in RFC 4187, which defines the use of the Authentication and Key Agreement (AKA) for mobile device authentication.

During Connection Procedure which EPoL Packets are encrypted?

• During the EAP-AKA authentication process, EAP and key exchange packets are encrypted for privacy.

Can you Explain different stages of Connection Procedure for EAP-AKA Protocol?

• Stage 1: The client sends an EAP-Request/Identity message.

• Stage 2: The network responds with an EAP-Response/Identity.

• Stage 3: The client and server exchange authentication information, generating a session key.

• Stage 4: EAP-Success message is sent, confirming successful authentication.

What is the final output of Connection Procedure?

• The final output is the generation of a PMK (Pairwise Master Key), used to encrypt data traffic between the device and the network.

What is the format of the key generated after the connection procedure?

• The key generated is the PMK (Pairwise Master Key), used for encrypting traffic between the client device and the network.

Where the use of PMK generated by the Connection Procedure?

• The PMK is used to generate the PTK (Pairwise Transient Key), which is then used for data encryption during the communication session.

Topics in this section,

• Learnings in this section

• Terminology

• Version Info

• EAP_AKA Version&IEEE Details

• EAP_AKA Basic Setup on Ubuntu

• EAP_AKA Protocol Packet Details

• EAP_AKA Usecases

• EAP_AKA Basic Features

• Reference links

Learnings in this section

• In this section, you are going to learn

Terminology

• Terminology

Version Info

• Version Info

EAP_AKA Version&RFC Details

• rfc details

EAP_AKA Basic Setup on Ubuntu

• setup

EAP_AKA Protocol Packet Details

• packet details

EAP_AKA Usecases

• usecases

EAP_AKA Basic Features

• features

Reference links

• Reference links