]> Huawei

Ruanjiandadao Road Nanjing 210000 China ray.yanlei@huawei.com

Security EMU EAP Multiple PSKs PSK Producer This document defines an Extensible Authentication Protocol (EAP) method for supporting the negotiation of a PSK among multiple PSKs.

Introduction The existing PSK-based EAP methods, EAP-GPSK , EAP-PSK , EAP-SAKE and EAP-PAX , assumed that only one PSK had been configured for the EAP peer and server. A single PSK does not provide perfect forward secrecy .
Compromise of the PSK leads to compromise of recorded past sessions. Moreover, compromise of the PSK enables the attacker to impersonate the peer and the server, and it allows the adversary to compromise future sessions. One solution is to use multiple PSKs between the EAP peer and server. Traditional manual configuration of PSKs lacks automation and is less efficient. Currently, there are some new manners of configuring PSKs more efficiently. Quantum keys generated by a quantum network can be automatically obtained through a network and configured as PSKs. In the mobile communication scenario, plenty of quantum keys can be offline implanted into mobile terminals. In the post-quantum scenario, each communication peer is typically assumed to have a list of post-quantum PSKs . If there are ample PSKs, using each PSK only once will provide perfect forward secrecy. Moreover, the attacker cannot impersonate the peer and the server by compromising a used PSK; one PSK's compromise will not influence future sessions. Furthermore, the issue of PSK identity collisions should be considered when managing multiple PSKs. PSKs can be configured in different manners, for example, through traditional manual configuration or obtained through quantum key generators. The PSK identities in different configuration methods usually do not have a unified plan. Thus, it is possible that a PSK identity may clash with another PSK identity configured in a different manner. Even obtained from different quantum key generators, the PSKs' identity may have a collision. Thus, multiple PSKs should be managed by category. This document modifies the EAP-GPSK to support the negotiation of a PSK among multiple PSKs.

Terminology

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Overview

Security Considerations

IANA Considerations

References Normative References This memo defines an Extensible Authentication Protocol (EAP) method called EAP Generalized Pre-Shared Key (EAP-GPSK). This method is a lightweight shared-key authentication protocol supporting mutual authentication and key derivation. [STANDARDS-TRACK] The possibility of quantum computers poses a serious challenge to cryptographic algorithms deployed widely today. The Internet Key Exchange Protocol Version 2 (IKEv2) is one example of a cryptosystem that could be broken; someone storing VPN communications today could decrypt them at a later time when a quantum computer is available. It is anticipated that IKEv2 will be extended to support quantum-secure key exchange algorithms; however, that is not likely to happen in the near term. To address this problem before then, this document describes an extension of IKEv2 to allow it to be resistant to a quantum computer by using preshared keys. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References This document defines an Extensible Authentication Protocol (EAP) method called EAP-PAX (Password Authenticated eXchange). This method is a lightweight shared-key authentication protocol with optional support for key provisioning, key management, identity protection, and authenticated data exchange. This memo provides information for the Internet community. This document specifies EAP-PSK, an Extensible Authentication Protocol (EAP) method for mutual authentication and session key derivation using a Pre-Shared Key (PSK). EAP-PSK provides a protected communication channel when mutual authentication is successful for both parties to communicate over. This document describes the use of this channel only for protected exchange of result indications, but future EAP-PSK extensions may use the channel for other purposes. EAP-PSK is designed for authentication over insecure networks such as IEEE 802.11. This memo defines an Experimental Protocol for the Internet community. This document specifies an Extensible Authentication Protocol (EAP) mechanism for Shared-secret Authentication and Key Establishment (SAKE). This RFC is published as documentation for the IANA assignment of an EAP Type for a vendor's EAP method per RFC 3748. The specification has passed Designated Expert review for this IANA assignment. This memo provides information for the Internet community.

Acknowledgements

Contributors