Network Working Group                                           J. Arkko
Request for Comments: 4187                                      Ericsson
Category: Informational                                     H. Haverinen
                                                                   Nokia
                                                            January 2006
        
Network Working Group                                           J. Arkko
Request for Comments: 4187                                      Ericsson
Category: Informational                                     H. Haverinen
                                                                   Nokia
                                                            January 2006
        

Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)

第三代认证和密钥协商的可扩展认证协议方法(EAP-AKA)

Status of This Memo

关于下段备忘

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2006).

版权所有(C)互联网协会(2006年)。

IESG Note

IESG注释

The EAP-AKA protocol was developed by 3GPP. The documentation of EAP-AKA is provided as information to the Internet community. While the EAP WG has verified that EAP-AKA is compatible with EAP as defined in RFC 3748, no other review has been done, including validation of the security claims. The IETF has also not reviewed the security of the underlying UMTS AKA algorithms.

EAP-AKA协议由3GPP开发。EAP-AKA的文件作为信息提供给互联网社区。虽然EAP工作组已验证EAP-AKA与RFC 3748中定义的EAP兼容,但尚未进行其他审查,包括验证担保声明。IETF也没有审查底层UMTS AKA算法的安全性。

Abstract

摘要

This document specifies an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution that uses the Authentication and Key Agreement (AKA) mechanism. AKA is used in the 3rd generation mobile networks Universal Mobile Telecommunications System (UMTS) and CDMA2000. AKA is based on symmetric keys, and typically runs in a Subscriber Identity Module, which is a UMTS Subscriber Identity Module, USIM, or a (Removable) User Identity Module, (R)UIM, similar to a smart card.

本文档指定了用于身份验证和会话密钥分发的可扩展身份验证协议(EAP)机制,该机制使用身份验证和密钥协商(AKA)机制。AKA用于第三代移动网络通用移动通信系统(UMTS)和CDMA2000。AKA基于对称密钥,通常在用户标识模块中运行,该模块是UMTS用户标识模块、USIM或(可移动)用户标识模块(R)UIM,类似于智能卡。

EAP-AKA includes optional identity privacy support, optional result indications, and an optional fast re-authentication procedure.

EAP-AKA包括可选的身份隐私支持、可选的结果指示和可选的快速重新认证过程。

Table of Contents

目录

   1. Introduction and Motivation .....................................4
   2. Terms and Conventions Used in This Document .....................5
   3. Protocol Overview ...............................................9
   4. Operation ......................................................15
      4.1. Identity Management .......................................15
           4.1.1. Format, Generation, and Usage of Peer Identities ...15
           4.1.2. Communicating the Peer Identity to the Server ......21
           4.1.3. Choice of Identity for the EAP-Response/Identity ...23
           4.1.4. Server Operation in the Beginning of
                  EAP-AKA Exchange ...................................23
           4.1.5. Processing of EAP-Request/AKA-Identity by
                  the Peer ...........................................24
           4.1.6. Attacks against Identity Privacy ...................25
           4.1.7. Processing of AT_IDENTITY by the Server ............26
      4.2. Message Sequence Examples (Informative) ...................27
           4.2.1. Usage of AT_ANY_ID_REQ .............................27
           4.2.2. Fall Back on Full Authentication ...................28
           4.2.3. Requesting the Permanent Identity 1 ................29
           4.2.4. Requesting the Permanent Identity 2 ................30
           4.2.5. Three EAP/AKA-Identity Round Trips .................30
   5. Fast Re-Authentication .........................................32
      5.1. General ...................................................32
      5.2. Comparison to AKA .........................................33
      5.3. Fast Re-Authentication Identity ...........................33
      5.4. Fast Re-Authentication Procedure ..........................35
      5.5. Fast Re-Authentication Procedure when Counter is
           Too Small .................................................37
   6. EAP-AKA Notifications ..........................................38
      6.1. General ...................................................38
      6.2. Result Indications ........................................39
      6.3. Error Cases ...............................................40
           6.3.1. Peer Operation .....................................41
           6.3.2. Server Operation ...................................41
           6.3.3. EAP-Failure ........................................42
           6.3.4. EAP-Success ........................................42
   7. Key Generation .................................................43
   8. Message Format and Protocol Extensibility ......................45
      8.1. Message Format ............................................45
      8.2. Protocol Extensibility ....................................47
   9. Messages .......................................................48
      9.1. EAP-Request/AKA-Identity ..................................48
      9.2. EAP-Response/AKA-Identity .................................48
      9.3. EAP-Request/AKA-Challenge .................................49
      9.4. EAP-Response/AKA-Challenge ................................49
      9.5. EAP-Response/AKA-Authentication-Reject ....................50
      9.6. EAP-Response/AKA-Synchronization-Failure ..................50
        
   1. Introduction and Motivation .....................................4
   2. Terms and Conventions Used in This Document .....................5
   3. Protocol Overview ...............................................9
   4. Operation ......................................................15
      4.1. Identity Management .......................................15
           4.1.1. Format, Generation, and Usage of Peer Identities ...15
           4.1.2. Communicating the Peer Identity to the Server ......21
           4.1.3. Choice of Identity for the EAP-Response/Identity ...23
           4.1.4. Server Operation in the Beginning of
                  EAP-AKA Exchange ...................................23
           4.1.5. Processing of EAP-Request/AKA-Identity by
                  the Peer ...........................................24
           4.1.6. Attacks against Identity Privacy ...................25
           4.1.7. Processing of AT_IDENTITY by the Server ............26
      4.2. Message Sequence Examples (Informative) ...................27
           4.2.1. Usage of AT_ANY_ID_REQ .............................27
           4.2.2. Fall Back on Full Authentication ...................28
           4.2.3. Requesting the Permanent Identity 1 ................29
           4.2.4. Requesting the Permanent Identity 2 ................30
           4.2.5. Three EAP/AKA-Identity Round Trips .................30
   5. Fast Re-Authentication .........................................32
      5.1. General ...................................................32
      5.2. Comparison to AKA .........................................33
      5.3. Fast Re-Authentication Identity ...........................33
      5.4. Fast Re-Authentication Procedure ..........................35
      5.5. Fast Re-Authentication Procedure when Counter is
           Too Small .................................................37
   6. EAP-AKA Notifications ..........................................38
      6.1. General ...................................................38
      6.2. Result Indications ........................................39
      6.3. Error Cases ...............................................40
           6.3.1. Peer Operation .....................................41
           6.3.2. Server Operation ...................................41
           6.3.3. EAP-Failure ........................................42
           6.3.4. EAP-Success ........................................42
   7. Key Generation .................................................43
   8. Message Format and Protocol Extensibility ......................45
      8.1. Message Format ............................................45
      8.2. Protocol Extensibility ....................................47
   9. Messages .......................................................48
      9.1. EAP-Request/AKA-Identity ..................................48
      9.2. EAP-Response/AKA-Identity .................................48
      9.3. EAP-Request/AKA-Challenge .................................49
      9.4. EAP-Response/AKA-Challenge ................................49
      9.5. EAP-Response/AKA-Authentication-Reject ....................50
      9.6. EAP-Response/AKA-Synchronization-Failure ..................50
        
      9.7. EAP-Request/AKA-Reauthentication ..........................50
      9.8. EAP-Response/AKA-Reauthentication .........................51
      9.9. EAP-Response/AKA-Client-Error .............................52
      9.10. EAP-Request/AKA-Notification .............................52
      9.11. EAP-Response/AKA-Notification ............................52
   10. Attributes ....................................................53
      10.1. Table of Attributes ......................................53
      10.2. AT_PERMANENT_ID_REQ ......................................54
      10.3. AT_ANY_ID_REQ ............................................54
      10.4. AT_FULLAUTH_ID_REQ .......................................54
      10.5. AT_IDENTITY ..............................................55
      10.6. AT_RAND ..................................................55
      10.7. AT_AUTN ..................................................56
      10.8. AT_RES ...................................................56
      10.9. AT_AUTS ..................................................57
      10.10. AT_NEXT_PSEUDONYM .......................................57
      10.11. AT_NEXT_REAUTH_ID .......................................58
      10.12. AT_IV, AT_ENCR_DATA, and AT_PADDING .....................58
      10.13. AT_CHECKCODE ............................................60
      10.14. AT_RESULT_IND ...........................................62
      10.15. AT_MAC ..................................................63
      10.16. AT_COUNTER ..............................................64
      10.17. AT_COUNTER_TOO_SMALL ....................................64
      10.18. AT_NONCE_S ..............................................65
      10.19. AT_NOTIFICATION .........................................65
      10.20. AT_CLIENT_ERROR_CODE ....................................66
   11. IANA and Protocol Numbering Considerations ....................66
   12. Security Considerations .......................................68
      12.1. Identity Protection ......................................69
      12.2. Mutual Authentication ....................................69
      12.3. Flooding the Authentication Centre .......................69
      12.4. Key Derivation ...........................................70
      12.5. Brute-Force and Dictionary Attacks .......................70
      12.6. Protection, Replay Protection, and Confidentiality .......70
      12.7. Negotiation Attacks ......................................71
      12.8. Protected Result Indications .............................72
      12.9. Man-in-the-Middle Attacks ................................72
      12.10. Generating Random Numbers ...............................73
   13. Security Claims ...............................................73
   14. Acknowledgements and Contributions ............................74
   15. References ....................................................74
      15.1. Normative References .....................................74
      15.2. Informative References ...................................76
   Appendix A.  Pseudo-Random Number Generator .......................77
        
      9.7. EAP-Request/AKA-Reauthentication ..........................50
      9.8. EAP-Response/AKA-Reauthentication .........................51
      9.9. EAP-Response/AKA-Client-Error .............................52
      9.10. EAP-Request/AKA-Notification .............................52
      9.11. EAP-Response/AKA-Notification ............................52
   10. Attributes ....................................................53
      10.1. Table of Attributes ......................................53
      10.2. AT_PERMANENT_ID_REQ ......................................54
      10.3. AT_ANY_ID_REQ ............................................54
      10.4. AT_FULLAUTH_ID_REQ .......................................54
      10.5. AT_IDENTITY ..............................................55
      10.6. AT_RAND ..................................................55
      10.7. AT_AUTN ..................................................56
      10.8. AT_RES ...................................................56
      10.9. AT_AUTS ..................................................57
      10.10. AT_NEXT_PSEUDONYM .......................................57
      10.11. AT_NEXT_REAUTH_ID .......................................58
      10.12. AT_IV, AT_ENCR_DATA, and AT_PADDING .....................58
      10.13. AT_CHECKCODE ............................................60
      10.14. AT_RESULT_IND ...........................................62
      10.15. AT_MAC ..................................................63
      10.16. AT_COUNTER ..............................................64
      10.17. AT_COUNTER_TOO_SMALL ....................................64
      10.18. AT_NONCE_S ..............................................65
      10.19. AT_NOTIFICATION .........................................65
      10.20. AT_CLIENT_ERROR_CODE ....................................66
   11. IANA and Protocol Numbering Considerations ....................66
   12. Security Considerations .......................................68
      12.1. Identity Protection ......................................69
      12.2. Mutual Authentication ....................................69
      12.3. Flooding the Authentication Centre .......................69
      12.4. Key Derivation ...........................................70
      12.5. Brute-Force and Dictionary Attacks .......................70
      12.6. Protection, Replay Protection, and Confidentiality .......70
      12.7. Negotiation Attacks ......................................71
      12.8. Protected Result Indications .............................72
      12.9. Man-in-the-Middle Attacks ................................72
      12.10. Generating Random Numbers ...............................73
   13. Security Claims ...............................................73
   14. Acknowledgements and Contributions ............................74
   15. References ....................................................74
      15.1. Normative References .....................................74
      15.2. Informative References ...................................76
   Appendix A.  Pseudo-Random Number Generator .......................77
        
1. Introduction and Motivation
1. 介绍和动机

This document specifies an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution that uses the 3rd generation Authentication and Key Agreement mechanism, specified for Universal Mobile Telecommunications System (UMTS) in [TS33.102] and for CDMA2000 in [S.S0055-A]. UMTS and CDMA2000 are global 3rd generation mobile network standards that use the same AKA mechanism.

本文件规定了一种用于认证和会话密钥分发的可扩展认证协议(EAP)机制,该机制使用[TS33.102]中针对通用移动通信系统(UMTS)和[S.S0055-A]中针对CDMA2000规定的第三代认证和密钥协商机制。UMTS和CDMA2000是使用相同AKA机制的全球第三代移动网络标准。

2nd generation mobile networks and 3rd generation mobile networks use different authentication and key agreement mechanisms. The Global System for Mobile communications (GSM) is a 2nd generation mobile network standard, and EAP-SIM [EAP-SIM] specifies an EAP mechanism that is based on the GSM authentication and key agreement primitives.

第二代移动网络和第三代移动网络使用不同的身份验证和密钥协商机制。全球移动通信系统(GSM)是第二代移动网络标准,EAP-SIM[EAP-SIM]指定了基于GSM认证和密钥协议原语的EAP机制。

AKA is based on challenge-response mechanisms and symmetric cryptography. AKA typically runs in a UMTS Subscriber Identity Module (USIM) or a CDMA2000 (Removable) User Identity Module ((R)UIM). In this document, both modules are referred to as identity modules. Compared to the 2nd generation mechanisms such as GSM AKA, the 3rd generation AKA provides substantially longer key lengths and mutual authentication.

AKA基于质询响应机制和对称密码。AKA通常在UMTS用户标识模块(USIM)或CDMA2000(可移动)用户标识模块(UIM)中运行。在本文档中,这两个模块都称为标识模块。与第二代机制(如GSM AKA)相比,第三代AKA提供了更长的密钥长度和相互认证。

The introduction of AKA inside EAP allows several new applications. These include the following:

AKA在EAP中的引入允许几个新的应用。这些措施包括:

o The use of the AKA also as a secure PPP authentication method in devices that already contain an identity module. o The use of the 3rd generation mobile network authentication infrastructure in the context of wireless LANs o Relying on AKA and the existing infrastructure in a seamless way with any other technology that can use EAP.

o 在已经包含身份模块的设备中,使用AKA还可以作为安全PPP身份验证方法。o在无线局域网环境下使用第三代移动网络认证基础设施o依靠AKA和现有基础设施与任何其他可使用EAP的技术无缝结合。

AKA works in the following manner:

AKA的工作方式如下:

o The identity module and the home environment have agreed on a secret key beforehand. (The "home environment" refers to the home operator's authentication network infrastructure.) o The actual authentication process starts by having the home environment produce an authentication vector, based on the secret key and a sequence number. The authentication vector contains a random part RAND, an authenticator part AUTN used for authenticating the network to the identity module, an expected result part XRES, a 128-bit session key for integrity check IK, and a 128-bit session key for encryption CK.

o 身份模块和家庭环境已经事先约定了一个密钥。(家庭环境是指家庭运营商的认证网络基础设施。)o实际认证过程从家庭环境根据密钥和序列号生成认证向量开始。认证向量包含随机部分RAND、用于向标识模块认证网络的认证器部分AUTN、预期结果部分XRES、用于完整性检查IK的128位会话密钥和用于加密CK的128位会话密钥。

o The RAND and the AUTN are delivered to the identity module. o The identity module verifies the AUTN, again based on the secret key and the sequence number. If this process is successful (the AUTN is valid and the sequence number used to generate AUTN is within the correct range), the identity module produces an authentication result RES and sends it to the home environment. o The home environment verifies the correct result from the identity module. If the result is correct, IK and CK can be used to protect further communications between the identity module and the home environment.

o RAND和AUTN被传送到识别模块。o身份模块再次基于密钥和序列号验证AUTN。如果此过程成功(AUTN有效且用于生成AUTN的序列号在正确范围内),则标识模块将生成身份验证结果RES并将其发送到家庭环境。o家庭环境验证来自身份模块的正确结果。如果结果正确,IK和CK可用于保护识别模块与家庭环境之间的进一步通信。

When verifying AUTN, the identity module may detect that the sequence number the network uses is not within the correct range. In this case, the identity module calculates a sequence number synchronization parameter AUTS and sends it to the network. AKA authentication may then be retried with a new authentication vector generated using the synchronized sequence number.

验证AUTN时,识别模块可能检测到网络使用的序列号不在正确范围内。在这种情况下,识别模块计算序列号同步参数AUTS并将其发送到网络。然后可以使用使用同步序列号生成的新认证向量重试AKA认证。

For a specification of the AKA mechanisms and how the cryptographic values AUTN, RES, IK, CK and AUTS are calculated, see [TS33.102] for UMTS and [S.S0055-A] for CDMA2000.

有关AKA机制的规范以及如何计算加密值AUTN、RES、IK、CK和AUTS,请参见[TS33.102]中的UMTS和[S.S0055-a]中的CDMA2000。

In EAP-AKA, the EAP server node obtains the authentication vectors, compares RES and XRES, and uses CK and IK in key derivation.

在EAP-AKA中,EAP服务器节点获取认证向量,比较RES和XRES,并在密钥推导中使用CK和IK。

In the 3rd generation mobile networks, AKA is used for both radio network authentication and IP multimedia service authentication purposes. Different user identities and formats are used for these; the radio network uses the International Mobile Subscriber Identifier (IMSI), whereas the IP multimedia service uses the Network Access Identifier (NAI) [RFC4282].

在第三代移动网络中,AKA用于无线网络认证和IP多媒体服务认证。不同的用户身份和格式用于这些;无线网络使用国际移动用户标识符(IMSI),而IP多媒体服务使用网络接入标识符(NAI)[RFC4282]。

2. Terms and Conventions Used in This Document
2. 本文件中使用的术语和约定

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

The terms and abbreviations "authenticator", "backend authentication server", "EAP server", "peer", "Silently Discard", "Master Session Key (MSK)", and "Extended Master Session Key (EMSK)" in this document are to be interpreted as described in [RFC3748].

本文件中的术语和缩写“验证器”、“后端身份验证服务器”、“EAP服务器”、“对等方”、“静默放弃”、“主会话密钥(MSK)”和“扩展主会话密钥(EMSK)”应按照[RFC3748]中所述进行解释。

This document frequently uses the following terms and abbreviations. The AKA parameters are specified in detail in [TS33.102] for UMTS and [S.S0055-A] for CDMA2000.

本文件经常使用以下术语和缩写。[TS33.102]对UMTS和[S.S0055-A]对CDMA2000详细规定了AKA参数。

AAA protocol

AAA协议

Authentication, Authorization and Accounting protocol

认证、授权和记帐协议

AKA

又称作

Authentication and Key Agreement

身份验证和密钥协商

AuC

AuC

Authentication Centre. The mobile network element that can authenticate subscribers in the mobile networks.

认证中心。可以对移动网络中的订户进行身份验证的移动网元。

AUTN

奥特

AKA parameter. AUTN is an authentication value generated by the AuC, which, together with the RAND, authenticates the server to the peer, 128 bits.

AKA参数。AUTN是AuC生成的身份验证值,它与RAND一起向对等方验证服务器,128位。

AUTS

导演

AKA parameter. A value generated by the peer upon experiencing a synchronization failure, 112 bits.

AKA参数。对等方在遇到同步失败时生成的值,112位。

EAP

EAP

Extensible Authentication Protocol [RFC3748]

可扩展身份验证协议[RFC3748]

Fast Re-Authentication

快速重新认证

An EAP-AKA authentication exchange that is based on keys derived upon a preceding full authentication exchange. The 3rd Generation AKA is not used in the fast re-authentication procedure.

一种EAP-AKA身份验证交换,它基于在之前的完全身份验证交换基础上派生的密钥。第三代AKA不用于快速重新认证过程。

Fast Re-Authentication Identity

快速重认证身份

A fast re-authentication identity of the peer, including an NAI realm portion in environments where a realm is used. Used on re-authentication only.

对等方的快速重新身份验证标识,包括使用领域的环境中的NAI领域部分。仅用于重新身份验证。

Fast Re-Authentication Username

快速重新验证用户名

The username portion of fast re-authentication identity, i.e., not including any realm portions.

快速重新身份验证标识的用户名部分,即不包括任何领域部分。

Full Authentication

完全认证

An EAP-AKA authentication exchange that is based on the 3rd Generation AKA procedure.

基于第三代AKA过程的EAP-AKA身份验证交换。

GSM

GSM

Global System for Mobile communications.

全球移动通信系统。

NAI

Network Access Identifier [RFC4282]

网络访问标识符[RFC4282]

Identity Module

识别模块

Identity module is used in this document to refer to the part of the mobile device that contains authentication and key agreement primitives. The identity module may be an integral part of the mobile device or it may be an application on a smart card distributed by a mobile operator. USIM and (R)UIM are identity modules.

在本文档中,标识模块用于指移动设备中包含身份验证和密钥协议原语的部分。身份模块可以是移动设备的组成部分,也可以是由移动运营商分发的智能卡上的应用程序。USIM和(R)UIM是标识模块。

Nonce

暂时

A value that is used at most once or that is never repeated within the same cryptographic context. In general, a nonce can be predictable (e.g., a counter) or unpredictable (e.g., a random value). Because some cryptographic properties may depend on the randomness of the nonce, attention should be paid to whether a nonce is required to be random or not. In this document, the term nonce is only used to denote random nonces, and it is not used to denote counters.

在同一加密上下文中最多使用一次或从不重复的值。通常,nonce可以是可预测的(例如计数器)或不可预测的(例如随机值)。由于某些密码特性可能取决于nonce的随机性,因此应注意nonce是否需要是随机的。在本文档中,术语nonce仅用于表示随机nonce,而不用于表示计数器。

Permanent Identity

永久身份

The permanent identity of the peer, including an NAI realm portion in environments where a realm is used. The permanent identity is usually based on the IMSI. Used on full authentication only.

对等方的永久身份,包括使用领域的环境中的NAI领域部分。永久身份通常基于IMSI。仅用于完全身份验证。

Permanent Username

永久用户名

The username portion of permanent identity, i.e., not including any realm portions.

永久身份的用户名部分,即不包括任何领域部分。

Pseudonym Identity

笔名身份

A pseudonym identity of the peer, including an NAI realm portion in environments where a realm is used. Used on full authentication only.

对等方的笔名标识,包括使用领域的环境中的NAI领域部分。仅用于完全身份验证。

Pseudonym Username

假名用户名

The username portion of pseudonym identity, i.e., not including any realm portions.

笔名标识的用户名部分,即不包括任何领域部分。

RAND

兰德

An AKA parameter. Random number generated by the AuC, 128 bits.

参数。AuC生成的随机数,128位。

RES

皇家经济学会

Authentication result from the peer, which, together with the RAND, authenticates the peer to the server, 128 bits.

来自对等方的身份验证结果,与RAND一起,对服务器的对等方进行身份验证,128位。

(R)UIM

(R) UIM

CDMA2000 (Removable) User Identity Module. (R)UIM is an application that is resident on devices such as smart cards, which may be fixed in the terminal or distributed by CDMA2000 operators (when removable).

CDMA2000(可移动)用户标识模块。(R) UIM是一种驻留在智能卡等设备上的应用程序,智能卡可以固定在终端中,也可以由CDMA2000运营商分发(如果可以移动)。

SQN

SQN

An AKA parameter. Sequence number used in the authentication process, 48 bits.

参数。身份验证过程中使用的序列号,48位。

SIM

模拟

Subscriber Identity Module. The SIM is traditionally a smart card distributed by a GSM operator.

用户识别模块。SIM卡传统上是由GSM运营商分发的智能卡。

SRES

SRES

The authentication result parameter in GSM, corresponds to the RES parameter in 3G AKA, 32 bits.

GSM中的认证结果参数对应于3G AKA中的RES参数,32位。

UAK

乌克兰联合酋长国

UIM Authentication Key, used in CDMA2000 AKA. Both the identity module and the network can optionally generate the UAK during the AKA computation in CDMA2000. UAK is not used in this version of EAP-AKA.

UIM身份验证密钥,用于CDMA2000 AKA。身份模块和网络都可以在CDMA2000中的AKA计算期间选择性地生成UAK。此版本的EAP-AKA中未使用UAK。

UIM

UIM

Please see (R)UIM.

请参见(R)UIM。

USIM

乌西姆

UMTS Subscriber Identity Module. USIM is an application that is resident on devices such as smart cards distributed by UMTS operators.

UMTS用户识别模块。USIM是驻留在UMTS运营商分发的智能卡等设备上的应用程序。

3. Protocol Overview
3. 协议概述

Figure 1 shows the basic, successful full authentication exchange in EAP-AKA, when optional result indications are not used. The authenticator typically communicates with an EAP server that is located on a backend authentication server using an AAA protocol. The authenticator shown in the figure is often simply relaying EAP messages to and from the EAP server, but these backend AAA communications are not shown. At the minimum, EAP-AKA uses two roundtrips to authenticate and authorize the peer and generate session keys. As in other EAP schemes, an identity request/response message pair is usually exchanged first. On full authentication, the peer's identity response includes either the user's International Mobile Subscriber Identity (IMSI), or a temporary identity (pseudonym) if identity privacy is in effect, as specified in Section 4.1. (As specified in [RFC3748], the initial identity request is not required, and MAY be bypassed in cases where the network can presume the identity, such as when using leased lines, dedicated dial-ups, etc. Please see Section 4.1.2 for specification of how to obtain the identity via EAP AKA messages.)

图1显示了在EAP-AKA中,当未使用可选结果指示时,基本的、成功的完全身份验证交换。认证器通常使用AAA协议与位于后端认证服务器上的EAP服务器通信。图中所示的验证器通常只是将EAP消息中继到EAP服务器,或从EAP服务器中继EAP消息,但未显示这些后端AAA通信。EAP-AKA至少使用两次往返来验证和授权对等方并生成会话密钥。与其他EAP方案一样,通常首先交换身份请求/响应消息对。完全认证时,对等方的身份响应包括用户的国际移动用户身份(IMSI)或临时身份(笔名)(如果身份隐私有效),如第4.1节所述。(如[RFC3748]中所述,不需要初始身份请求,在网络可以假定身份的情况下,例如使用租用线路、专用拨号等时,可以绕过初始身份请求。有关如何通过EAP AKA消息获取身份的规范,请参阅第4.1.2节。)

After obtaining the subscriber identity, the EAP server obtains an authentication vector (RAND, AUTN, RES, CK, IK) for use in authenticating the subscriber. From the vector, the EAP server derives the keying material, as specified in Section 6.4. The vector may be obtained by contacting an Authentication Centre (AuC) on the mobile network; for example, per UMTS specifications, several vectors may be obtained at a time. Vectors may be stored in the EAP server for use at a later time, but they may not be reused.

在获得订户标识之后,EAP服务器获得用于认证订户的认证向量(RAND、AUTN、RES、CK、IK)。根据第6.4节的规定,EAP服务器从矢量中导出键控材料。可通过联系移动网络上的认证中心(AuC)来获得向量;例如,根据UMTS规范,一次可以获得多个向量。向量可以存储在EAP服务器中以供以后使用,但不能重复使用。

In CDMA2000, the vector may include a sixth value called the User Identity Module Authentication Key (UAK). This key is not used in EAP-AKA.

在CDMA2000中,向量可以包括称为用户身份模块认证密钥(UAK)的第六值。EAP-AKA中未使用此密钥。

Next, the EAP server starts the actual AKA protocol by sending an EAP-Request/AKA-Challenge message. EAP-AKA packets encapsulate parameters in attributes, encoded in a Type, Length, Value format. The packet format and the use of attributes are specified in Section 8. The EAP-Request/AKA-Challenge message contains a RAND random number (AT_RAND), a network authentication token (AT_AUTN), and a message authentication code (AT_MAC). The EAP-Request/ AKA-Challenge message MAY optionally contain encrypted data, which is used for identity privacy and fast re-authentication support, as described in Section 4.1. The AT_MAC attribute contains a message authentication code covering the EAP packet. The encrypted data is not shown in the figures of this section.

接下来,EAP服务器通过发送EAP请求/AKA质询消息来启动实际的AKA协议。EAP-AKA数据包将参数封装在属性中,以类型、长度和值格式编码。第8节规定了数据包格式和属性的使用。EAP请求/AKA质询消息包含随机数(AT_RAND)、网络身份验证令牌(AT_AUTN)和消息身份验证码(AT_MAC)。EAP请求/AKA质询消息可选择性地包含加密数据,用于身份隐私和快速重新认证支持,如第4.1节所述。AT_MAC属性包含覆盖EAP数据包的消息身份验证代码。本节图中未显示加密数据。

The peer runs the AKA algorithm (typically using an identity module) and verifies the AUTN. If this is successful, the peer is talking to a legitimate EAP server and proceeds to send the EAP-Response/ AKA-Challenge. This message contains a result parameter that allows the EAP server, in turn, to authenticate the peer, and the AT_MAC attribute to integrity protect the EAP message.

对等方运行AKA算法(通常使用标识模块)并验证AUTN。如果成功,则对等方正在与合法的EAP服务器对话,并继续发送EAP响应/AKA质询。此消息包含一个结果参数,该参数允许EAP服务器依次对对等方进行身份验证,并允许AT_MAC属性保护EAP消息的完整性。

The EAP server verifies that the RES and the MAC in the EAP-Response/ AKA-Challenge packet are correct. Because protected success indications are not used in this example, the EAP server sends the EAP-Success packet, indicating that the authentication was successful. (Protected success indications are discussed in Section 6.2.) The EAP server may also include derived keying material in the message it sends to the authenticator. The peer has derived the same keying material, so the authenticator does not forward the keying material to the peer along with EAP-Success.

EAP服务器验证EAP响应/AKA质询数据包中的RES和MAC是否正确。由于本例中未使用受保护的成功指示,EAP服务器发送EAP成功数据包,指示身份验证成功。(第6.2节讨论了受保护的成功指示。)EAP服务器还可以在发送给认证者的消息中包含衍生密钥材料。对等方已派生相同的密钥材料,因此身份验证器不会将密钥材料与EAP成功一起转发给对等方。

       Peer                                             Authenticator
          |                      EAP-Request/Identity             |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/Identity                                 |
          | (Includes user's NAI)                                 |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server runs AKA algorithms,  |
          |                            | generates RAND and AUTN.     |
          |                            +------------------------------+
          |                         EAP-Request/AKA-Challenge     |
          |                         (AT_RAND, AT_AUTN, AT_MAC)    |
          |<------------------------------------------------------|
      +-------------------------------------+                     |
      | Peer runs AKA algorithms,           |                     |
      | verifies AUTN and MAC, derives RES  |                     |
      | and session key                     |                     |
      +-------------------------------------+                     |
          | EAP-Response/AKA-Challenge                            |
          | (AT_RES, AT_MAC)                                      |
          |------------------------------------------------------>|
          |                          +--------------------------------+
          |                          | Server checks the given RES,   |
          |                          | and MAC and finds them correct.|
          |                          +--------------------------------+
          |                                          EAP-Success  |
          |<------------------------------------------------------|
        
       Peer                                             Authenticator
          |                      EAP-Request/Identity             |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/Identity                                 |
          | (Includes user's NAI)                                 |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server runs AKA algorithms,  |
          |                            | generates RAND and AUTN.     |
          |                            +------------------------------+
          |                         EAP-Request/AKA-Challenge     |
          |                         (AT_RAND, AT_AUTN, AT_MAC)    |
          |<------------------------------------------------------|
      +-------------------------------------+                     |
      | Peer runs AKA algorithms,           |                     |
      | verifies AUTN and MAC, derives RES  |                     |
      | and session key                     |                     |
      +-------------------------------------+                     |
          | EAP-Response/AKA-Challenge                            |
          | (AT_RES, AT_MAC)                                      |
          |------------------------------------------------------>|
          |                          +--------------------------------+
          |                          | Server checks the given RES,   |
          |                          | and MAC and finds them correct.|
          |                          +--------------------------------+
          |                                          EAP-Success  |
          |<------------------------------------------------------|
        

Figure 1: EAP-AKA full authentication procedure

图1:EAP-AKA完全认证过程

Figure 2 shows how the EAP server rejects the Peer due to a failed authentication.

图2显示了EAP服务器如何因身份验证失败而拒绝对等方。

       Peer                                              Authenticator
          |                      EAP-Request/Identity             |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/Identity                                 |
          | (Includes user's NAI)                                 |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server runs AKA algorithms,  |
          |                            | generates RAND and AUTN.     |
          |                            +------------------------------+
          |                      EAP-Request/AKA-Challenge        |
          |                      (AT_RAND, AT_AUTN, AT_MAC)       |
          |<------------------------------------------------------|
      +-------------------------------------+                     |
      | Peer runs AKA algorithms,           |                     |
      | possibly verifies AUTN, and sends an|                     |
      | invalid response                    |                     |
      +-------------------------------------+                     |
          | EAP-Response/AKA-Challenge                            |
          | (AT_RES, AT_MAC)                                      |
          |------------------------------------------------------>|
          |              +------------------------------------------+
          |              | Server checks the given RES and the MAC, |
          |              | and finds one of them incorrect.         |
          |              +------------------------------------------+
          |                      EAP-Request/AKA-Notification     |
          |<------------------------------------------------------|
          | EAP-Response/AKA-Notification                         |
          |------------------------------------------------------>|
          |                                          EAP-Failure  |
          |<------------------------------------------------------|
        
       Peer                                              Authenticator
          |                      EAP-Request/Identity             |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/Identity                                 |
          | (Includes user's NAI)                                 |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server runs AKA algorithms,  |
          |                            | generates RAND and AUTN.     |
          |                            +------------------------------+
          |                      EAP-Request/AKA-Challenge        |
          |                      (AT_RAND, AT_AUTN, AT_MAC)       |
          |<------------------------------------------------------|
      +-------------------------------------+                     |
      | Peer runs AKA algorithms,           |                     |
      | possibly verifies AUTN, and sends an|                     |
      | invalid response                    |                     |
      +-------------------------------------+                     |
          | EAP-Response/AKA-Challenge                            |
          | (AT_RES, AT_MAC)                                      |
          |------------------------------------------------------>|
          |              +------------------------------------------+
          |              | Server checks the given RES and the MAC, |
          |              | and finds one of them incorrect.         |
          |              +------------------------------------------+
          |                      EAP-Request/AKA-Notification     |
          |<------------------------------------------------------|
          | EAP-Response/AKA-Notification                         |
          |------------------------------------------------------>|
          |                                          EAP-Failure  |
          |<------------------------------------------------------|
        

Figure 2: Peer authentication fails

图2:对等身份验证失败

Figure 3 shows the peer rejecting the AUTN of the EAP server.

图3显示了拒绝EAP服务器AUTN的对等方。

The peer sends an explicit error message (EAP-Response/ AKA-Authentication-Reject) to the EAP server, as usual in AKA when AUTN is incorrect. This allows the EAP server to produce the same error statistics that AKA generally produces in UMTS or CDMA2000.

当AUTN不正确时,对等方向EAP服务器发送一条明确的错误消息(EAP响应/AKA身份验证拒绝),与AKA中的正常情况相同。这允许EAP服务器产生与AKA在UMTS或CDMA2000中通常产生的相同的错误统计信息。

        Peer                                             Authenticator
          |                      EAP-Request/Identity             |
          |<------------------------------------------------------|
          | EAP-Response/Identity                                 |
          | (Includes user's NAI)                                 |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server runs AKA algorithms,  |
          |                            | generates RAND and a bad AUTN|
          |                            +------------------------------+
          |                         EAP-Request/AKA-Challenge     |
          |                         (AT_RAND, AT_AUTN, AT_MAC)    |
          |<------------------------------------------------------|
      +-------------------------------------+                     |
      | Peer runs AKA algorithms            |                     |
      | and discovers AUTN that can not be  |                     |
      | verified                            |                     |
      +-------------------------------------+                     |
          | EAP-Response/AKA-Authentication-Reject                |
          |------------------------------------------------------>|
          |                                          EAP-Failure  |
          |<------------------------------------------------------|
        
        Peer                                             Authenticator
          |                      EAP-Request/Identity             |
          |<------------------------------------------------------|
          | EAP-Response/Identity                                 |
          | (Includes user's NAI)                                 |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server runs AKA algorithms,  |
          |                            | generates RAND and a bad AUTN|
          |                            +------------------------------+
          |                         EAP-Request/AKA-Challenge     |
          |                         (AT_RAND, AT_AUTN, AT_MAC)    |
          |<------------------------------------------------------|
      +-------------------------------------+                     |
      | Peer runs AKA algorithms            |                     |
      | and discovers AUTN that can not be  |                     |
      | verified                            |                     |
      +-------------------------------------+                     |
          | EAP-Response/AKA-Authentication-Reject                |
          |------------------------------------------------------>|
          |                                          EAP-Failure  |
          |<------------------------------------------------------|
        

Figure 3: Network authentication fails

图3:网络身份验证失败

The AKA uses shared secrets between the Peer and the Peer's home operator, together with a sequence number, to actually perform an authentication. In certain circumstances, shown in Figure 4, it is possible for the sequence numbers to get out of sequence.

AKA使用对等方和对等方的家庭操作员之间的共享秘密以及序列号来实际执行身份验证。在某些情况下,如图4所示,序列号可能会失去顺序。

        Peer                                             Authenticator
          |                      EAP-Request/Identity             |
          |<------------------------------------------------------|
          | EAP-Response/Identity                                 |
          | (Includes user's NAI)                                 |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server runs AKA algorithms,  |
          |                            | generates RAND and AUTN.     |
          |                            +------------------------------+
          |                         EAP-Request/AKA-Challenge     |
          |                         (AT_RAND, AT_AUTN, AT_MAC)    |
          |<------------------------------------------------------|
      +-------------------------------------+                     |
      | Peer runs AKA algorithms            |                     |
      | and discovers AUTN that contains an |                     |
      | inappropriate sequence number       |                     |
      +-------------------------------------+                     |
          | EAP-Response/AKA-Synchronization-Failure              |
          | (AT_AUTS)                                             |
          |------------------------------------------------------>|
          |                              +---------------------------+
          |                              | Perform resynchronization |
          |                              | Using AUTS and            |
          |                              | the sent RAND             |
          |                              +---------------------------+
          |                                                       |
        
        Peer                                             Authenticator
          |                      EAP-Request/Identity             |
          |<------------------------------------------------------|
          | EAP-Response/Identity                                 |
          | (Includes user's NAI)                                 |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server runs AKA algorithms,  |
          |                            | generates RAND and AUTN.     |
          |                            +------------------------------+
          |                         EAP-Request/AKA-Challenge     |
          |                         (AT_RAND, AT_AUTN, AT_MAC)    |
          |<------------------------------------------------------|
      +-------------------------------------+                     |
      | Peer runs AKA algorithms            |                     |
      | and discovers AUTN that contains an |                     |
      | inappropriate sequence number       |                     |
      +-------------------------------------+                     |
          | EAP-Response/AKA-Synchronization-Failure              |
          | (AT_AUTS)                                             |
          |------------------------------------------------------>|
          |                              +---------------------------+
          |                              | Perform resynchronization |
          |                              | Using AUTS and            |
          |                              | the sent RAND             |
          |                              +---------------------------+
          |                                                       |
        

Figure 4: Sequence number synchronization

图4:序列号同步

After the resynchronization process has taken place in the server and AAA side, the process continues by the server side sending a new EAP-Request/AKA-Challenge message.

在服务器端和AAA端发生重新同步过程后,服务器端继续发送新的EAP请求/AKA质询消息。

In addition to the full authentication scenarios described above, EAP-AKA includes a fast re-authentication procedure, which is specified in Section 5. Fast re-authentication is based on keys derived on full authentication. If the peer has maintained state information for re-authentication and wants to use fast re-authentication, then the peer indicates this by using a specific fast re-authentication identity instead of the permanent identity or a pseudonym identity.

除了上述完全认证场景外,EAP-AKA还包括第5节中规定的快速重新认证过程。快速重新身份验证基于完全身份验证派生的密钥。如果对等方维护了用于重新身份验证的状态信息,并且希望使用快速重新身份验证,则对等方通过使用特定的快速重新身份验证标识而不是永久标识或假名标识来指示这一点。

4. Operation
4. 活动
4.1. Identity Management
4.1. 身份管理
4.1.1. Format, Generation, and Usage of Peer Identities
4.1.1. 对等身份的格式、生成和使用
4.1.1.1. General
4.1.1.1. 全体的

In the beginning of EAP authentication, the Authenticator or the EAP server usually issues the EAP-Request/Identity packet to the peer. The peer responds with EAP-Response/Identity, which contains the user's identity. The formats of these packets are specified in [RFC3748].

在EAP认证开始时,认证者或EAP服务器通常向对等方发出EAP请求/标识数据包。对等方使用EAP响应/标识进行响应,其中包含用户的标识。[RFC3748]中规定了这些数据包的格式。

Subscribers of mobile networks are identified with the International Mobile Subscriber Identity (IMSI) [TS23.003]. The IMSI is a string of not more than 15 digits. It is composed of a Mobile Country Code (MCC) of 3 digits, a Mobile Network Code (MNC) of 2 or 3 digits, and a Mobile Subscriber Identification Number (MSIN) of not more than 10 digits. MCC and MNC uniquely identify the GSM operator and help identify the AuC from which the authentication vectors need to be retrieved for this subscriber.

移动网络的用户通过国际移动用户标识(IMSI)[TS23.003]进行标识。IMSI是一个不超过15位的字符串。它由3位数字的移动国家代码(MCC)、2位或3位数字的移动网络代码(MNC)和不超过10位数字的移动用户标识号(MSIN)组成。MCC和MNC唯一地标识GSM运营商,并帮助标识需要为此用户检索认证向量的AuC。

Internet AAA protocols identify users with the Network Access Identifier (NAI) [RFC4282]. When used in a roaming environment, the NAI is composed of a username and a realm, separated with "@" (username@realm). The username portion identifies the subscriber within the realm.

Internet AAA协议使用网络访问标识符(NAI)标识用户[RFC4282]。在漫游环境中使用时,NAI由用户名和域组成,用“@”分隔(username@realm). 用户名部分标识域中的订户。

This section specifies the peer identity format used in EAP-AKA. In this document, the term identity or peer identity refers to the whole identity string that is used to identify the peer. The peer identity may include a realm portion. "Username" refers to the portion of the peer identity that identifies the user, i.e., the username does not include the realm portion.

本节规定了EAP-AKA中使用的对等身份格式。在本文档中,术语标识或对等标识是指用于标识对等方的整个标识字符串。对等身份可以包括领域部分。“用户名”是指对等身份中标识用户的部分,即用户名不包括领域部分。

4.1.1.2. Identity Privacy Support
4.1.1.2. 身份隐私支持

EAP-AKA includes optional identity privacy (anonymity) support that can be used to hide the cleartext permanent identity and thereby make the subscriber's EAP exchanges untraceable to eavesdroppers. Because the permanent identity never changes, revealing it would help observers to track the user. The permanent identity is usually based on the IMSI, which may further help the tracking, because the same identifier may be used in other contexts as well. Identity privacy is based on temporary identities, or pseudonyms, which are equivalent

EAP-AKA包括可选的身份隐私(匿名)支持,可用于隐藏明文永久身份,从而使订阅者的EAP交换无法被窃听者追踪。因为永久身份永远不会改变,透露它将有助于观察者跟踪用户。永久身份通常基于IMSI,这可能进一步有助于跟踪,因为相同的标识符也可以在其他上下文中使用。身份隐私基于临时身份或笔名,它们是等效的

to but separate from the Temporary Mobile Subscriber Identities (TMSI) that are used on cellular networks. Please see Section 12.1 for security considerations regarding identity privacy.

与蜂窝网络上使用的临时移动用户身份(TMSI)分离。有关身份隐私的安全注意事项,请参见第12.1节。

4.1.1.3. Username Types in EAP-AKA Identities
4.1.1.3. EAP-AKA标识中的用户名类型

There are three types of usernames in EAP-AKA peer identities:

EAP-AKA对等身份中有三种类型的用户名:

(1) Permanent usernames. For example, 0123456789098765@myoperator.com might be a valid permanent identity. In this example, 0123456789098765 is the permanent username.

(1) 永久用户名。例如0123456789098765@myoperator.com可能是一个有效的永久身份。在本例中,0123456789098765是永久用户名。

(2) Pseudonym usernames. For example, 2s7ah6n9q@myoperator.com might be a valid pseudonym identity. In this example, 2s7ah6n9q is the pseudonym username.

(2) 假名用户名。例如2s7ah6n9q@myoperator.com可能是有效的笔名身份。在本例中,2s7ah6n9q是假名用户名。

(3) Fast re-authentication usernames. For example, 43953754@myoperator.com might be a valid fast re-authentication identity. In this case, 43953754 is the fast re-authentication username. Unlike permanent usernames and pseudonym usernames, fast re-authentication usernames are one-time identifiers, which are not re-used across EAP exchanges.

(3) 快速重新验证用户名。例如43953754@myoperator.com可能是有效的快速重新身份验证标识。在本例中,43953754是快速重新身份验证用户名。与永久用户名和假名不同,快速重新身份验证用户名是一次性标识符,不会在EAP交换中重复使用。

The first two types of identities are used only on full authentication, and the last type only on fast re-authentication. When the optional identity privacy support is not used, the non-pseudonym permanent identity is used on full authentication. The fast re-authentication exchange is specified in Section 5.

前两种类型的标识仅用于完全身份验证,最后一种类型仅用于快速重新身份验证。如果未使用可选身份隐私支持,则在完全身份验证时使用非笔名永久身份。第5节规定了快速重新认证交换。

4.1.1.4. Username Decoration
4.1.1.4. 用户名装饰

In some environments, the peer may need to decorate the identity by prepending or appending the username with a string, in order to indicate supplementary AAA routing information in addition to the NAI realm. (The usage of an NAI realm portion is not considered to be decoration.) Username decoration is out of the scope of this document. However, it should be noted that username decoration might prevent the server from recognizing a valid username. Hence, although the peer MAY use username decoration in the identities that the peer includes in EAP-Response/Identity, and although the EAP server MAY accept a decorated peer username in this message, the peer or the EAP server MUST NOT decorate any other peer identities that are used in various EAP-AKA attributes. Only the identity used in EAP-Response/Identity may be decorated.

在某些环境中,对等方可能需要通过在用户名前面加上字符串或在用户名后面加上字符串来修饰身份,以指示除NAI领域之外的补充AAA路由信息。(NAI领域部分的使用不被视为修饰。)用户名修饰不在本文档的范围内。但是,应该注意,用户名修饰可能会阻止服务器识别有效的用户名。因此,尽管对等方可以在其包含在EAP响应/标识中的标识中使用用户名修饰,并且尽管EAP服务器可以在该消息中接受修饰的对等方用户名,但是对等方或EAP服务器不得修饰在各种EAP-AKA属性中使用的任何其他对等方标识。只能修饰EAP响应/标识中使用的标识。

4.1.1.5. NAI Realm Portion
4.1.1.5. 奈王国部分

The peer MAY include a realm portion in the peer identity, as per the NAI format. The use of a realm portion is not mandatory.

根据NAI格式,对等方可以在对等方身份中包括领域部分。领域部分的使用不是强制性的。

If a realm is used, the realm MAY be chosen by the subscriber's home operator and it MAY be a configurable parameter in the EAP-AKA peer implementation. In this case, the peer is typically configured with the NAI realm of the home operator. Operators MAY reserve a specific realm name for EAP-AKA users. This convention makes it easy to recognize that the NAI identifies an AKA subscriber. Such a reserved NAI realm may be useful as a hint of the first authentication method to use during method negotiation. When the peer is using a pseudonym username instead of the permanent username, the peer selects the realm name portion similarly to how it selects the realm portion when using the permanent username.

如果使用领域,则该领域可由订户的家庭运营商选择,并且它可以是EAP-AKA对等实现中的可配置参数。在这种情况下,对等方通常配置家庭运营商的NAI领域。运营商可以为EAP-AKA用户保留特定的域名。该约定使得容易识别NAI识别AKA订户。这样一个保留的NAI域可以用作在方法协商期间使用的第一个身份验证方法的提示。当对等方使用假名用户名而不是永久用户名时,对等方选择领域名称部分的方式与使用永久用户名时选择领域部分的方式类似。

If no configured realm name is available, the peer MAY derive the realm name from the MCC and MNC portions of the IMSI. A RECOMMENDED way to derive the realm from the IMSI, using the realm 3gppnetwork.org, will be specified in [TS23.003].

如果没有配置的领域名称可用,对等方可以从IMSI的MCC和MNC部分派生领域名称。[TS23.003]中将指定使用realm 3gppnetwork.org从IMSI派生领域的推荐方法。

Some old implementations derive the realm name from the IMSI by concatenating "mnc", the MNC digits of IMSI, ".mcc", the MCC digits of IMSI, and ".owlan.org". For example, if the IMSI is 123456789098765, and the MNC is three digits long, then the derived realm name is "mnc456.mcc123.owlan.org". As there are no DNS servers running at owlan.org, these realm names can only be used with manually configured AAA routing. New implementations SHOULD use the mechanism specified in [TS23.003] instead of owlan.org.

一些旧的实现通过连接“mnc”、IMSI的mnc数字、.mcc、IMSI的mcc数字和“.owlan.org”从IMSI派生领域名称。例如,如果IMSI是123456789098765,MNC是三位数,那么派生的领域名称是“mnc456.mcc123.owlan.org”。由于owlan.org上没有运行DNS服务器,这些域名只能与手动配置的AAA路由一起使用。新的实现应该使用[TS23.003]中指定的机制,而不是owlan.org。

The IMSI is a string of digits without any explicit structure, so the peer may not be able to determine the length of the MNC portion. If the peer is not able to determine whether the MNC is two or three digits long, the peer MAY use a 3-digit MNC. If the correct length of the MNC is two, then the MNC used in the realm name includes the first digit of MSIN. Hence, when configuring AAA networks for operators that have 2-digit MNC's, the network SHOULD also be prepared for realm names with incorrect 3-digit MNC's.

IMSI是没有任何显式结构的一串数字,因此对等方可能无法确定MNC部分的长度。如果对等方无法确定跨国公司的长度是两位数还是三位数,则对等方可以使用三位数的跨国公司。如果MNC的正确长度为2,则领域名称中使用的MNC包括MSIN的第一位数字。因此,当为具有2位数MNC的运营商配置AAA网络时,网络还应为具有不正确的3位数MNC的域名做好准备。

4.1.1.6. Format of the Permanent Username
4.1.1.6. 永久用户名的格式

The non-pseudonym permanent username SHOULD be derived from the IMSI. In this case, the permanent username MUST be of the format "0" | IMSI, where the character "|" denotes concatenation. In other words, the first character of the username is the digit zero (ASCII value 30 hexadecimal), followed by the IMSI. The IMSI is an ASCII string that consists of not more than 15 decimal digits (ASCII values between 30

非笔名永久用户名应来自IMSI。在这种情况下,永久用户名的格式必须为“0”| IMSI,其中字符“|”表示串联。换句话说,用户名的第一个字符是数字零(ASCII值30十六进制),后跟IMSI。IMSI是一个ASCII字符串,由不超过15个十进制数字组成(ASCII值介于30和30之间)

and 39 hexadecimal), one character per IMSI digit, in the order as specified in [TS23.003]. For example, a permanent username derived from the IMSI 295023820005424 would be encoded as the ASCII string "0295023820005424" (byte values in hexadecimal notation: 30 32 39 35 30 32 33 38 32 30 30 30 35 34 32 34)

和39十六进制),每个IMSI数字一个字符,按照[TS23.003]中规定的顺序。例如,从IMSI 295023820005424派生的永久用户名将被编码为ASCII字符串“0295023820005424”(十六进制表示法中的字节值:30 32 39 30 32 33 30 34)

The EAP server MAY use the leading "0" as a hint to try EAP-AKA as the first authentication method during method negotiation, rather than using, for example, EAP-SIM. The EAP-AKA server MAY propose EAP-AKA even if the leading character was not "0".

EAP服务器可以使用前导“0”作为提示,在方法协商期间尝试将EAP-AKA作为第一认证方法,而不是使用例如EAP-SIM。即使主角不是“0”,EAP-AKA服务器也可能提出EAP-AKA。

Alternatively, an implementation MAY choose a permanent username that is not based on the IMSI. In this case the selection of the username, its format, and its processing is out of the scope of this document. In this case, the peer implementation MUST NOT prepend any leading characters to the username.

或者,实现可以选择不基于IMSI的永久用户名。在这种情况下,用户名的选择、格式及其处理超出了本文档的范围。在这种情况下,对等实现不能在用户名前加任何前导字符。

4.1.1.7. Generating Pseudonyms and Fast Re-Authentication Identities by the Server

4.1.1.7. 由服务器生成假名和快速重新身份验证身份

Pseudonym usernames and fast re-authentication identities are generated by the EAP server. The EAP server produces pseudonym usernames and fast re-authentication identities in an implementation-dependent manner. Only the EAP server needs to be able to map the pseudonym username to the permanent identity, or to recognize a fast re-authentication identity.

笔名用户名和快速重新身份验证标识由EAP服务器生成。EAP服务器以依赖于实现的方式生成假名用户名和快速重新身份验证标识。只有EAP服务器需要能够将假名用户名映射到永久身份,或者识别快速重新身份验证身份。

EAP-AKA includes no provisions to ensure that the same EAP server that generated a pseudonym username will be used on the authentication exchange when the pseudonym username is used. It is recommended that the EAP servers implement some centralized mechanism to allow all EAP servers of the home operator to map pseudonyms generated by other severs to the permanent identity. If no such mechanism is available, then the EAP server, failing to understand a pseudonym issued by another server, can request the peer to send the permanent identity.

EAP-AKA不包含任何条款,以确保在使用假名用户名时,在身份验证交换上使用生成假名用户名的同一EAP服务器。建议EAP服务器实施某种集中式机制,以允许家庭运营商的所有EAP服务器将其他服务器生成的假名映射到永久身份。如果没有此类机制可用,则EAP服务器无法理解另一台服务器发出的假名,可以请求对等方发送永久身份。

When issuing a fast re-authentication identity, the EAP server may include a realm name in the identity that will cause the fast re-authentication request to be forwarded to the same EAP server.

当发出快速重新认证标识时,EAP服务器可在标识中包含领域名称,该名称将导致快速重新认证请求转发到同一EAP服务器。

When generating fast re-authentication identities, the server SHOULD choose a fresh, new fast re-authentication identity that is different from the previous ones that were used after the same full authentication exchange. A full authentication exchange and the associated fast re-authentication exchanges are referred to here as the same "full authentication context". The fast re-authentication identity SHOULD include a random component. The random component

在生成快速重新身份验证标识时,服务器应选择一个新的快速重新身份验证标识,该标识不同于在相同的完全身份验证交换之后使用的先前标识。完全认证交换和相关联的快速重新认证交换在这里被称为相同的“完全认证上下文”。快速重新身份验证标识应包含随机组件。随机分量

works as a full authentication context identifier. A context-specific fast re-authentication identity can help the server to detect whether its fast re-authentication state information matches the peer's fast re-authentication state information (in other words, whether the state information is from the same full authentication exchange). The random component also makes the fast re-authentication identities unpredictable, so an attacker cannot initiate a fast re-authentication exchange to get the server's EAP-Request/AKA-Reauthentication packet.

用作完整身份验证上下文标识符。特定于上下文的快速重新身份验证标识可以帮助服务器检测其快速重新身份验证状态信息是否与对等方的快速重新身份验证状态信息匹配(换句话说,状态信息是否来自同一完全身份验证交换)。随机组件还使快速重新身份验证身份不可预测,因此攻击者无法启动快速重新身份验证交换以获取服务器的EAP请求/AKA重新身份验证数据包。

Transmitting pseudonyms and fast re-authentication identities from the server to the peer is discussed in Section 4.1.1.8. The pseudonym is transmitted as a username, without an NAI realm, and the fast re-authentication identity is transmitted as a complete NAI, including a realm portion if a realm is required. The realm is included in the fast re-authentication identity in order to allow the server to include a server-specific realm.

第4.1.1.8节讨论了从服务器向对等方传输假名和快速重新认证身份。笔名作为用户名传输,没有NAI领域,快速重新认证身份作为完整的NAI传输,如果需要领域,则包括领域部分。域包含在快速重新身份验证标识中,以便允许服务器包含特定于服务器的域。

Regardless of construction method, the pseudonym username MUST conform to the grammar specified for the username portion of an NAI. Also, the fast re-authentication identity MUST conform to the NAI grammar. The EAP servers that the subscribers of an operator can use MUST ensure that the pseudonym usernames and the username portions used in fast re-authentication identities that they generate are unique.

不管构造方法如何,假名用户名必须符合NAI用户名部分指定的语法。此外,快速重新认证标识必须符合NAI语法。运营商的订户可以使用的EAP服务器必须确保其生成的快速重新认证身份中使用的假名用户名和用户名部分是唯一的。

In any case, it is necessary that permanent usernames, pseudonym usernames, and fast re-authentication usernames are separate and recognizable from each other. It is also desirable that EAP-SIM and EAP-AKA usernames be recognizable from each other as an aid to the server when deciding which method to offer.

在任何情况下,永久用户名、假名用户名和快速重新身份验证用户名都必须相互分离并可识别。当决定提供哪种方法时,EAP-SIM和EAP-AKA用户名彼此可识别,作为对服务器的帮助也是可取的。

In general, it is the task of the EAP server and the policies of its administrator to ensure sufficient separation of the usernames. Pseudonym usernames and fast re-authentication usernames are both produced and used by the EAP server. The EAP server MUST compose pseudonym usernames and fast re-authentication usernames so that it can recognize if an NAI username is an EAP-AKA pseudonym username or an EAP-AKA fast re-authentication username. For instance, when the usernames have been derived from the IMSI, the server could use different leading characters in the pseudonym usernames and fast re-authentication usernames (e.g., the pseudonym could begin with a leading "2" character). When mapping a fast re-authentication identity to a permanent identity, the server SHOULD only examine the username portion of the fast re-authentication identity and ignore the realm portion of the identity.

通常,EAP服务器及其管理员的任务是确保用户名的充分分离。笔名用户名和快速重新身份验证用户名均由EAP服务器生成和使用。EAP服务器必须组成假名用户名和快速重新认证用户名,以便能够识别NAI用户名是EAP-AKA假名用户名还是EAP-AKA快速重新认证用户名。例如,当用户名来自IMSI时,服务器可以在假名用户名和快速重新认证用户名中使用不同的前导字符(例如,假名可以以前导“2”字符开头)。将快速重新身份验证标识映射到永久标识时,服务器应仅检查快速重新身份验证标识的用户名部分,而忽略标识的领域部分。

Because the peer may fail to save a pseudonym username that was sent in an EAP-Request/AKA-Challenge (for example, due to malfunction), the EAP server SHOULD maintain, at least, the most recently used pseudonym username in addition to the most recently issued pseudonym username. If the authentication exchange is not completed successfully, then the server SHOULD NOT overwrite the pseudonym username that was issued during the most recent successful authentication exchange.

由于对等方可能无法保存在EAP请求/AKA质询中发送的假名用户名(例如,由于故障),EAP服务器应至少保留最近使用的假名用户名以及最近发布的假名用户名。如果身份验证交换未成功完成,则服务器不应覆盖最近一次成功身份验证交换期间发出的假名用户名。

4.1.1.8. Transmitting Pseudonyms and Fast Re-Authentication Identities to the Peer

4.1.1.8. 向对等方传输假名和快速重新认证身份

The server transmits pseudonym usernames and fast re-authentication identities to the peer in cipher, using the AT_ENCR_DATA attribute.

服务器使用AT_ENCR_DATA属性以密码方式将假名用户名和快速重新身份验证身份传输给对等方。

The EAP-Request/AKA-Challenge message MAY include an encrypted pseudonym username and/or an encrypted fast re-authentication identity in the value field of the AT_ENCR_DATA attribute. Because identity privacy support and fast re-authentication are optional to implement, the peer MAY ignore the AT_ENCR_DATA attribute and always use the permanent identity. On fast re-authentication (discussed in Section 5), the server MAY include a new, encrypted fast re-authentication identity in the EAP-Request/AKA-Reauthentication message.

EAP请求/AKA质询消息可以在AT_ENCR_数据属性的值字段中包括加密的假名用户名和/或加密的快速重新认证标识。由于身份隐私支持和快速重新身份验证是可选的,因此对等方可能会忽略AT_ENCR_数据属性,并始终使用永久身份。关于快速重新认证(在第5节中讨论),服务器可以在EAP请求/AKA重新认证消息中包括新的、加密的快速重新认证标识。

On receipt of the EAP-Request/AKA-Challenge, the peer MAY decrypt the encrypted data in AT_ENCR_DATA; and if a pseudonym username is included, the peer may use the obtained pseudonym username on the next full authentication. If a fast re-authentication identity is included, then the peer MAY save it together with other fast re-authentication state information, as discussed in Section 5, for the next fast re-authentication.

在接收到EAP请求/AKA质询时,对等方可以解密AT_ENCR_数据中的加密数据;并且如果包括假名用户名,对等方可以在下一次完全认证时使用获得的假名用户名。如果包括快速重新认证标识,则对等方可将其与其他快速重新认证状态信息一起保存,如第5节所述,以用于下一次快速重新认证。

If the peer does not receive a new pseudonym username in the EAP-Request/AKA-Challenge message, the peer MAY use an old pseudonym username instead of the permanent username on next full authentication. The username portions of fast re-authentication identities are one-time usernames, which the peer MUST NOT re-use. When the peer uses a fast re-authentication identity in an EAP exchange, the peer MUST discard the fast re-authentication identity and not re-use it in another EAP authentication exchange, even if the authentication exchange was not completed.

如果对等方在EAP请求/AKA质询消息中未收到新的假名用户名,则对等方可在下次完全身份验证时使用旧的假名用户名而不是永久用户名。快速重新身份验证标识的用户名部分是一次性用户名,对等方不得重复使用。当对等方在EAP交换中使用快速重新身份验证标识时,该对等方必须放弃该快速重新身份验证标识,并且不得在另一个EAP身份验证交换中重新使用它,即使身份验证交换未完成。

4.1.1.9. Usage of the Pseudonym by the Peer
4.1.1.9. 对等方使用笔名的情况

When the optional identity privacy support is used on full authentication, the peer MAY use a pseudonym username received as part of a previous full authentication sequence as the username

当可选的身份隐私支持用于完全认证时,对等方可以使用作为先前完全认证序列的一部分接收的假名用户名作为用户名

portion of the NAI. The peer MUST NOT modify the pseudonym username received in AT_NEXT_PSEUDONYM. However, as discussed above, the peer MAY need to decorate the username in some environments by appending or prepending the username with a string that indicates supplementary AAA routing information.

NAI的一部分。对等方不得修改AT_NEXT_假名中接收的假名用户名。然而,如上所述,在某些环境中,对等方可能需要通过在用户名后面附加或前面加上表示补充AAA路由信息的字符串来修饰用户名。

When using a pseudonym username in an environment where a realm portion is used, the peer concatenates the received pseudonym username with the "@" character and an NAI realm portion. The selection of the NAI realm is discussed above. The peer can select the realm portion similarly, regardless of whether it uses the permanent username or a pseudonym username.

在使用领域部分的环境中使用假名用户名时,对等方将收到的假名用户名与“@”字符和NAI领域部分连接起来。上文讨论了NAI领域的选择。对等方可以类似地选择领域部分,而不管它使用的是永久用户名还是假名用户名。

4.1.1.10. Usage of the Fast Re-Authentication Identity by the Peer
4.1.1.10. 对等方对快速重新身份验证身份的使用

On fast re-authentication, the peer uses the fast re-authentication identity received as part of the previous authentication sequence. A new fast re-authentication identity may be delivered as part of both full authentication and fast re-authentication. The peer MUST NOT modify the username part of the fast re-authentication identity received in AT_NEXT_REAUTH_ID, except in cases when username decoration is required. Even in these cases, the "root" fast re-authentication username must not be modified, but it may be appended or prepended with another string.

在快速重新认证时,对等方使用作为先前认证序列的一部分接收的快速重新认证标识。新的快速重新认证标识可以作为完全认证和快速重新认证的一部分进行交付。对等方不得修改AT_NEXT_REAUTH_ID中接收的快速重新身份验证标识的用户名部分,除非需要修改用户名。即使在这些情况下,也不能修改“root”快速重新身份验证用户名,但可以用另一个字符串将其追加或加在前面。

4.1.2. Communicating the Peer Identity to the Server
4.1.2. 将对等身份通信到服务器
4.1.2.1. General
4.1.2.1. 全体的

The peer identity MAY be communicated to the server with the EAP-Response/Identity message. This message MAY contain the permanent identity, a pseudonym identity, or a fast re-authentication identity. If the peer uses the permanent identity or a pseudonym identity, which the server is able to map to the permanent identity, then the authentication proceeds as discussed in the overview of Section 3. If the peer uses a fast re-authentication identity, and if the fast re-authentication identity matches with a valid fast re-authentication identity maintained by the server, then a fast re-authentication exchange is performed, as described in Section 5.

对等身份可以通过EAP响应/身份消息传送给服务器。此消息可能包含永久身份、假名身份或快速重新身份验证身份。如果对等方使用服务器能够映射到永久身份的永久身份或假名身份,则认证按照第3节概述中的讨论进行。如果对等方使用快速重新认证标识,并且如果快速重新认证标识与服务器维护的有效快速重新认证标识匹配,则执行快速重新认证交换,如第5节所述。

The peer identity can also be transmitted from the peer to the server using EAP-AKA messages instead of EAP-Response/Identity. In this case, the server includes an identity requesting attribute (AT_ANY_ID_REQ, AT_FULLAUTH_ID_REQ or AT_PERMANENT_ID_REQ) in the EAP-Request/AKA-Identity message; and the peer includes the AT_IDENTITY attribute, which contains the peer's identity, in the EAP-Response/AKA-Identity message. The AT_ANY_ID_REQ attribute is a general identity requesting attribute, which the server uses if it

还可以使用EAP-AKA消息(而不是EAP响应/标识)将对等身份从对等传输到服务器。在这种情况下,服务器在EAP请求/AKA标识消息中包括标识请求属性(AT_ANY_ID_REQ、AT_FULLAUTH_ID_REQ或AT_PERMANENT_ID_REQ);对等方在EAP响应/AKA标识消息中包含AT_标识属性,该属性包含对等方的标识。AT_ANY_ID_REQ属性是一个通用的身份请求属性,如果需要,服务器将使用该属性

does not specify which kind of an identity the peer should return in AT_IDENTITY. The server uses the AT_FULLAUTH_ID_REQ attribute to request either the permanent identity or a pseudonym identity. The server uses the AT_PERMANENT_ID_REQ attribute to request that the peer send its permanent identity. The EAP-Request/AKA-Challenge, EAP-Response/AKA-Challenge, or the packets used on fast re-authentication may optionally include the AT_CHECKCODE attribute, which enables the protocol peers to ensure the integrity of the AKA-Identity packets. AT_CHECKCODE is specified in Section 10.13.

不指定对等方应在AT_标识中返回哪种标识。服务器使用AT_FULLAUTH_ID_REQ属性请求永久身份或假名身份。服务器使用AT_PERMANENT_ID_REQ属性请求对等方发送其永久标识。EAP请求/AKA质询、EAP响应/AKA质询或用于快速重新认证的分组可以可选地包括AT_CHECKCODE属性,该属性使得协议对等方能够确保AKA身份分组的完整性。第10.13节规定了AT_检查代码。

The identity format in the AT_IDENTITY attribute is the same as in the EAP-Response/Identity packet (except that identity decoration is not allowed). The AT_IDENTITY attribute contains a permanent identity, a pseudonym identity, or a fast re-authentication identity.

AT_identity属性中的标识格式与EAP响应/标识数据包中的标识格式相同(但不允许进行标识修饰)。AT_IDENTITY属性包含永久身份、假名身份或快速重新身份验证身份。

Please note that only the EAP-AKA peer and the EAP-AKA server process the AT_IDENTITY attribute and entities that pass through; EAP packets do not process this attribute. Hence, the authenticator and other intermediate AAA elements (such as possible AAA proxy servers) will continue to refer to the peer with the original identity from the EAP-Response/Identity packet unless the identity authenticated in the AT_IDENTITY attribute is communicated to them in another way within the AAA protocol.

请注意,只有EAP-AKA对等方和EAP-AKA服务器处理AT_标识属性和通过的实体;EAP数据包不处理此属性。因此,认证器和其他中间AAA元素(例如可能的AAA代理服务器)将继续引用具有来自EAP响应/标识分组的原始标识的对等方,除非在AT_标识属性中认证的标识在AAA协议内以另一种方式传送给它们。

4.1.2.2. Relying on EAP-Response/Identity Discouraged
4.1.2.2. 不鼓励依赖EAP响应/身份

The EAP-Response/Identity packet is not method specific; therefore, in many implementations it may be handled by an EAP Framework. This introduces an additional layer of processing between the EAP peer and EAP server. The extra layer of processing may cache identity responses or add decorations to the identity. A modification of the identity response will cause the EAP peer and EAP server to use different identities in the key derivation, which will cause the protocol to fail.

EAP响应/标识数据包不是特定于方法的;因此,在许多实现中,它可能由EAP框架处理。这在EAP对等机和EAP服务器之间引入了额外的处理层。额外的处理层可以缓存身份响应或为身份添加修饰。修改标识响应将导致EAP对等方和EAP服务器在密钥派生中使用不同的标识,这将导致协议失败。

For this reason, it is RECOMMENDED that the EAP peer and server use the method-specific identity attributes in EAP-AKA, and the server is strongly discouraged from relying upon the EAP-Response/Identity.

因此,建议EAP对等方和服务器使用EAP-AKA中特定于方法的标识属性,强烈建议服务器不要依赖EAP响应/标识。

In particular, if the EAP server receives a decorated identity in EAP-Response/Identity, then the EAP server MUST use the identity-requesting attributes to request the peer to send an unmodified and undecorated copy of the identity in AT_IDENTITY.

特别是,如果EAP服务器在EAP响应/标识中接收到修饰的标识,则EAP服务器必须使用标识请求属性请求对等方在AT_标识中发送未修改和未修饰的标识副本。

4.1.3. Choice of Identity for the EAP-Response/Identity
4.1.3. 为EAP响应/标识选择标识

If EAP-AKA peer is started upon receiving an EAP-Request/Identity message, then the peer MAY use an EAP-AKA identity in the EAP-Response/Identity packet. In this case, the peer performs the following steps.

如果EAP-AKA对等方在接收到EAP请求/标识消息时启动,则该对等方可以在EAP响应/标识分组中使用EAP-AKA标识。在这种情况下,对等方执行以下步骤。

If the peer has maintained fast re-authentication state information and if the peer wants to use fast re-authentication, then the peer transmits the fast re-authentication identity in EAP-Response/Identity.

如果对等方维护了快速重新认证状态信息,并且如果对等方希望使用快速重新认证,则对等方在EAP响应/标识中发送快速重新认证标识。

Else, if the peer has a pseudonym username available, then the peer transmits the pseudonym identity in EAP-Response/Identity.

否则,如果对等方具有可用的假名用户名,则对等方在EAP响应/标识中传输假名标识。

In other cases, the peer transmits the permanent identity in EAP-Response/Identity.

在其他情况下,对等方在EAP响应/标识中传输永久标识。

4.1.4. Server Operation in the Beginning of EAP-AKA Exchange
4.1.4. EAP-AKA Exchange开始时的服务器操作

As discussed in Section 4.1.2.2, the server SHOULD NOT rely on an identity string received in EAP-Response/Identity. Therefore, the RECOMMENDED way to start an EAP-AKA exchange is to ignore any received identity strings. The server SHOULD begin the EAP-AKA exchange by issuing the EAP-Request/AKA-Identity packet with an identity-requesting attribute to indicate that the server wants the peer to include an identity in the AT_IDENTITY attribute of the EAP-Response/AKA-Identity message. Three methods to request an identity from the peer are discussed below.

如第4.1.2.2节所述,服务器不应依赖EAP响应/标识中接收的标识字符串。因此,建议启动EAP-AKA交换的方法是忽略任何接收到的标识字符串。服务器应通过发出具有身份请求属性的EAP请求/AKA标识包来开始EAP-AKA交换,以指示服务器希望对等方在EAP响应/AKA标识消息的AT_标识属性中包含标识。下面讨论从对等方请求身份的三种方法。

If the server chooses to not ignore the contents of EAP-Response/Identity, then the server may already receive an EAP-AKA identity in this packet. However, if the EAP server has not received any EAP-AKA peer identity (permanent identity, pseudonym identity, or fast re-authentication identity) from the peer when sending the first EAP-AKA request, or if the EAP server has received an EAP-Response/Identity packet but the contents do not appear to be a valid permanent identity, pseudonym identity, or a re-authentication identity, then the server MUST request an identity from the peer using one of the methods below.

如果服务器选择不忽略EAP响应/标识的内容,则服务器可能已经在此数据包中接收到EAP-AKA标识。但是,如果EAP服务器在发送第一个EAP-AKA请求时未从对等方接收到任何EAP-AKA对等身份(永久身份、假名身份或快速重新认证身份),或者如果EAP服务器已接收到EAP响应/身份数据包,但内容似乎不是有效的永久身份,然后,服务器必须使用以下方法之一从对等方请求身份。

The server sends the EAP-Request/AKA-Identity message with the AT_PERMANENT_ID_REQ attribute to indicate that the server wants the peer to include the permanent identity in the AT_IDENTITY attribute of the EAP-Response/AKA-Identity message. This is done in the following cases:

服务器发送带有AT_PERMANENT_ID_REQ属性的EAP请求/AKA标识消息,以指示服务器希望对等方在EAP响应/AKA标识消息的AT_标识属性中包含永久标识。这是在以下情况下完成的:

o The server does not support fast re-authentication or identity privacy. o The server decided to process a received identity, and the server recognizes the received identity as a pseudonym identity, but the server is not able to map the pseudonym identity to a permanent identity.

o 服务器不支持快速重新身份验证或身份隐私。o服务器决定处理接收到的身份,并且服务器将接收到的身份识别为假名身份,但服务器无法将假名身份映射为永久身份。

The server issues the EAP-Request/AKA-Identity packet with the AT_FULLAUTH_ID_REQ attribute to indicate that the server wants the peer to include a full authentication identity (pseudonym identity or permanent identity) in the AT_IDENTITY attribute of the EAP-Response/AKA-Identity message. This is done in the following cases:

服务器发出带有AT_FULLAUTH_ID_REQ属性的EAP请求/AKA标识数据包,以指示服务器希望对等方在EAP响应/AKA标识消息的AT_标识属性中包含完整的身份验证标识(笔名标识或永久标识)。这是在以下情况下完成的:

o The server does not support fast re-authentication and the server supports identity privacy o The server decided to process a received identity, and the server recognizes the received identity as a re-authentication identity but the server is not able to map the re-authentication identity to a permanent identity

o 服务器不支持快速重新身份验证,并且服务器支持身份隐私,因为服务器决定处理接收到的身份,并且服务器将接收到的身份识别为重新身份验证身份,但服务器无法将重新身份验证身份映射到永久身份

The server issues the EAP-Request/AKA-Identity packet with the AT_ANY_ID_REQ attribute to indicate that the server wants the peer to include an identity in the AT_IDENTITY attribute of the EAP-Response/AKA-Identity message, and the server does not indicate any preferred type for the identity. This is done in other cases, such as when the server ignores a received EAP-Response/Identity, when the server does not have any identity, or when the server does not recognize the format of a received identity.

服务器发出带有AT_ANY_ID_REQ属性的EAP Request/AKA Identity数据包,以指示服务器希望对等方在EAP响应/AKA Identity消息的AT_Identity属性中包含一个标识,并且服务器不指示该标识的任何首选类型。在其他情况下,例如当服务器忽略接收到的EAP响应/标识时,当服务器没有任何标识时,或者当服务器无法识别接收到的标识的格式时,可以执行此操作。

4.1.5. Processing of EAP-Request/AKA-Identity by the Peer
4.1.5. 对等方对EAP请求/AKA身份的处理

Upon receipt of an EAP-Request/AKA-Identity message, the peer MUST perform the following steps.

在收到EAP请求/AKA身份消息后,对等方必须执行以下步骤。

If the EAP-Request/AKA-Identity includes AT_PERMANENT_ID_REQ, and if the peer does not have a pseudonym available, then the peer MUST respond with EAP-Response/AKA-Identity and include the permanent identity in AT_IDENTITY. If the peer has a pseudonym available, then the peer MAY refuse to send the permanent identity; hence, in this case the peer MUST either respond with EAP-Response/AKA-Identity and include the permanent identity in AT_IDENTITY or respond with EAP-Response/AKA-Client-Error packet with code "unable to process packet".

如果EAP请求/AKA标识包括AT_PERMANENT_ID_REQ,并且如果对等方没有可用的假名,则对等方必须使用EAP Response/AKA标识进行响应,并将永久标识包括在AT_标识中。如果对等方有可用的笔名,则对等方可拒绝发送永久身份;因此,在这种情况下,对等方必须要么响应EAP响应/AKA标识并将永久标识包含在AT_标识中,要么响应代码为“无法处理数据包”的EAP响应/AKA客户端错误数据包。

If the EAP-Request/AKA-Identity includes AT_FULL_AUTH_ID_REQ, and if the peer has a pseudonym available, then the peer SHOULD respond with EAP-Response/AKA-Identity and include the pseudonym identity in

如果EAP请求/AKA标识包括AT_FULL_AUTH_ID_REQ,并且如果对等方有可用的假名,则对等方应使用EAP响应/AKA标识进行响应,并将假名标识包括在请求中

AT_IDENTITY. If the peer does not have a pseudonym when it receives this message, then the peer MUST respond with EAP-Response/ AKA-Identity and include the permanent identity in AT_IDENTITY. The Peer MUST NOT use a fast re-authentication identity in the AT_IDENTITY attribute.

AT_身份。如果对等方在收到此消息时没有假名,则对等方必须使用EAP响应/AKA标识进行响应,并将永久标识包含在AT_标识中。对等方不得在AT_标识属性中使用快速重新身份验证标识。

If the EAP-Request/AKA-Identity includes AT_ANY_ID_REQ, and if the peer has maintained fast re-authentication state information and wants to use fast re-authentication, then the peer responds with EAP-Response/AKA-Identity and includes the fast re-authentication identity in AT_IDENTITY. Else, if the peer has a pseudonym identity available, then the peer responds with EAP-Response/AKA-Identity and includes the pseudonym identity in AT_IDENTITY. Else, the peer responds with EAP-Response/AKA-Identity and includes the permanent identity in AT_IDENTITY.

如果EAP请求/AKA标识包括AT_ANY_ID_REQ,并且如果对等方维护了快速重新认证状态信息并希望使用快速重新认证,则对等方使用EAP响应/AKA标识进行响应,并将快速重新认证标识包括在AT_标识中。否则,如果对等方具有可用的假名标识,则对等方使用EAP响应/AKA标识进行响应,并将假名标识包含在AT_标识中。否则,对等方使用EAP响应/AKA标识进行响应,并将永久标识包含在AT_标识中。

An EAP-AKA exchange may include several EAP/AKA-Identity rounds. The server may issue a second EAP-Request/AKA-Identity, if it was not able to recognize the identity the peer used in the previous AT_IDENTITY attribute. At most three EAP/AKA-Identity rounds can be used, so the peer MUST NOT respond to more than three EAP-Request/AKA-Identity messages within an EAP exchange. The peer MUST verify that the sequence of EAP-Request/AKA-Identity packets the peer receives comply with the sequencing rules defined in this document. That is, AT_ANY_ID_REQ can only be used in the first EAP-Request/AKA-Identity; in other words, AT_ANY_ID_REQ MUST NOT be used in the second or third EAP-Request/AKA-Identity. AT_FULLAUTH_ID_REQ MUST NOT be used if the previous EAP-Request/AKA-Identity included AT_PERMANENT_ID_REQ. The peer operation, in cases when it receives an unexpected attribute or an unexpected message, is specified in Section 6.3.1.

EAP-AKA交换可能包括多个EAP/AKA身份轮次。如果服务器无法识别对等方在上一个AT_标识属性中使用的标识,则可能会发出第二个EAP请求/AKA标识。最多可以使用三个EAP/AKA身份轮次,因此对等方在一个EAP交换中不得响应三个以上的EAP请求/AKA身份消息。对等方必须验证对等方接收的EAP请求/AKA身份数据包的顺序是否符合本文档中定义的顺序规则。也就是说,AT_ANY_ID_REQ只能在第一个EAP请求/AKA标识中使用;换句话说,在第二个或第三个EAP请求/AKA标识中不得使用AT_ANY_ID_REQ。如果之前的EAP请求/AKA标识包含在永久性标识请求中,则不得使用AT FULLAUTH标识请求。第6.3.1节规定了对等操作,在接收到意外属性或意外消息的情况下。

4.1.6. Attacks against Identity Privacy
4.1.6. 对身份隐私的攻击

The section above specifies two possible ways the peer can operate upon receipt of AT_PERMANENT_ID_REQ because a received AT_PERMANENT_ID_REQ does not necessarily originate from the valid network. However, an active attacker may transmit an EAP-Request/AKA-Identity packet with an AT_PERMANENT_ID_REQ attribute to the peer, in an effort to find out the true identity of the user. If the peer does not want to reveal its permanent identity, then the peer sends the EAP-Response/AKA-Client-Error packet with the error code "unable to process packet", and the authentication exchange terminates.

上述部分规定了对等方在收到AT_PERMANENT_ID_REQ时的两种可能操作方式,因为收到的AT_PERMANENT_ID_REQ不一定来自有效网络。但是,主动攻击者可能会向对等方发送带有AT_PERMANENT_ID_REQ属性的EAP请求/AKA标识数据包,以查明用户的真实身份。如果对等方不想透露其永久身份,则对等方发送错误代码为“无法处理数据包”的EAP响应/AKA客户端错误数据包,认证交换终止。

Basically, there are two different policies that the peer can employ with regard to AT_PERMANENT_ID_REQ. A "conservative" peer assumes that the network is able to maintain pseudonyms robustly. Therefore,

基本上,对于AT_PERMANENT_ID_REQ,对等方可以采用两种不同的策略。“保守的”对等网络假设网络能够可靠地维护假名。因此

if a conservative peer has a pseudonym username, the peer responds with EAP-Response/AKA-Client-Error to the EAP packet with AT_PERMANENT_ID_REQ, because the peer believes that the valid network is able to map the pseudonym identity to the peer's permanent identity. (Alternatively, the conservative peer may accept AT_PERMANENT_ID_REQ in certain circumstances, for example if the pseudonym was received a long time ago.) The benefit of this policy is that it protects the peer against active attacks on anonymity. On the other hand, a "liberal" peer always accepts the AT_PERMANENT_ID_REQ and responds with the permanent identity. The benefit of this policy is that it works even if the valid network sometimes loses pseudonyms and is not able to map them to the permanent identity.

如果保守的对等方具有假名用户名,则该对等方使用EAP Response/AKA Client Error对带有AT_PERMANENT_ID_REQ的EAP数据包进行响应,因为该对等方认为有效的网络能够将假名身份映射到该对等方的永久身份。(或者,在某些情况下,保守的对等方可以接受AT_PERMANENT_ID_REQ,例如,如果假名是很久以前收到的。)此策略的好处是,它保护对等方免受主动匿名攻击。另一方面,“自由”对等方总是接受AT_PERMANENT_ID_REQ并以永久身份进行响应。此策略的好处是,即使有效网络有时会丢失笔名,并且无法将其映射到永久身份,它也可以工作。

4.1.7. Processing of AT_IDENTITY by the Server
4.1.7. 服务器对AT_标识的处理

When the server receives an EAP-Response/AKA-Identity message with the AT_IDENTITY (in response to the server's identity requesting attribute), the server MUST operate as follows.

当服务器收到带有AT_标识的EAP响应/AKA标识消息(响应服务器的标识请求属性)时,服务器必须按如下方式操作。

If the server used AT_PERMANENT_ID_REQ, and if the AT_IDENTITY does not contain a valid permanent identity, then the server sends an EAP-Request/AKA-Notification packet with AT_NOTIFICATION code "General failure" (16384) to terminate the EAP exchange. If the server recognizes the permanent identity and is able to continue, then the server proceeds with full authentication by sending EAP-Request/AKA-Challenge.

如果服务器使用AT_PERMANENT_ID_REQ,并且AT_标识不包含有效的永久标识,则服务器发送带有AT_通知代码“General failure”(16384)的EAP Request/AKA通知数据包以终止EAP交换。如果服务器识别永久身份并能够继续,则服务器通过发送EAP请求/AKA质询继续进行完全身份验证。

If the server used AT_FULLAUTH_ID_REQ, and if AT_IDENTITY contains a valid permanent identity or a pseudonym identity that the server can map to a valid permanent identity, then the server proceeds with full authentication by sending EAP-Request/AKA-Challenge. If AT_IDENTITY contains a pseudonym identity that the server is not able to map to a valid permanent identity, or an identity that the server is not able to recognize or classify, then the server sends EAP-Request/ AKA-Identity with AT_PERMANENT_ID_REQ.

如果AT_FULLAUTH_ID_REQ使用的服务器,并且AT_标识包含服务器可以映射到有效永久标识的有效永久标识或假名标识,则服务器通过发送EAP请求/AKA质询继续进行完全身份验证。如果AT_标识包含服务器无法映射到有效永久标识的假名标识,或服务器无法识别或分类的标识,则服务器发送带有AT_永久标识的EAP请求/AKA标识。

If the server used AT_ANY_ID_REQ, and if the AT_IDENTITY contains a valid permanent identity or a pseudonym identity that the server can map to a valid permanent identity, then the server proceeds with full authentication by sending EAP-Request/ AKA-Challenge.

如果AT_ANY_ID_REQ使用的服务器,并且AT_标识包含服务器可以映射到有效永久标识的有效永久标识或假名标识,则服务器通过发送EAP请求/AKA质询继续进行完全身份验证。

If the server used AT_ANY_ID_REQ, and if AT_IDENTITY contains a valid fast re-authentication identity and the server agrees on using re-authentication, then the server proceeds with fast re-authentication by sending EAP-Request/AKA-Reauthentication (Section 5).

如果AT_ANY_ID_REQ使用的服务器,并且AT_标识包含有效的快速重新身份验证标识,并且服务器同意使用重新身份验证,则服务器通过发送EAP请求/AKA重新身份验证(第5节)进行快速重新身份验证。

If the server used AT_ANY_ID_REQ, and if the peer sent an EAP-Response/AKA-Identity with AT_IDENTITY that contains an identity that the server recognizes as a fast re-authentication identity, but the server is not able to map the identity to a permanent identity, then the server sends EAP-Request/AKA-Identity with AT_FULLAUTH_ID_REQ.

如果服务器使用AT_ANY_ID_REQ,并且如果对等方发送了具有AT_标识的EAP响应/AKA标识,该AT_标识包含服务器识别为快速重新身份验证标识的标识,但服务器无法将该标识映射到永久标识,则服务器发送具有AT_FULLAUTH_ID_REQ的EAP请求/AKA标识。

If the server used AT_ANY_ID_REQ, and if AT_IDENTITY contains a valid fast re-authentication identity, which the server is able to map to a permanent identity, and if the server does not want to use fast re-authentication, then the server proceeds with full authentication by sending EAP-Request/AKA-Challenge.

如果AT_ANY_ID_REQ使用的服务器,并且AT_标识包含有效的快速重新身份验证标识(服务器能够映射到永久身份),并且如果服务器不希望使用快速重新身份验证,则服务器通过发送EAP请求/AKA质询继续进行完全身份验证。

If the server used AT_ANY_ID_REQ, and AT_IDENTITY contains an identity that the server recognizes as a pseudonym identity but the server is not able to map the pseudonym identity to a permanent identity, then the server sends EAP-Request/AKA-Identity with AT_PERMANENT_ID_REQ.

如果AT_ANY_ID_REQ使用的服务器和AT_IDENTITY包含服务器识别为假名标识的标识,但服务器无法将假名标识映射到永久标识,则服务器发送带有AT_permanent_ID_REQ的EAP请求/AKA标识。

If the server used AT_ANY_ID_REQ, and AT_IDENTITY contains an identity that the server is not able to recognize or classify, then the server sends EAP-Request/AKA-Identity with AT_FULLAUTH_ID_REQ.

如果AT_ANY_ID_REQ使用的服务器,且AT_IDENTITY包含服务器无法识别或分类的标识,则服务器发送带有AT_FULLAUTH_ID_REQ的EAP请求/AKA标识。

4.2. Message Sequence Examples (Informative)
4.2. 消息序列示例(信息性)

This section contains non-normative message sequence examples to illustrate how the peer identity can be communicated to the server.

本节包含非规范性消息序列示例,以说明如何将对等身份传递给服务器。

4.2.1. Usage of AT_ANY_ID_REQ
4.2.1. 使用AT_任意_ID_请求

Obtaining the peer identity with EAP-AKA attributes is illustrated in Figure 5 below.

使用EAP-AKA属性获取对等身份如下图5所示。

       Peer                                             Authenticator
          |                                                       |
          |                            +------------------------------+
          |                            | Server does not have any     |
          |                            | Subscriber identity available|
          |                            | When starting EAP-AKA        |
          |                            +------------------------------+
          |          EAP-Request/AKA-Identity                     |
          |          (AT_ANY_ID_REQ)                              |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY)                                         |
          |------------------------------------------------------>|
          |                                                       |
                     Figure 5: Usage of AT_ANY_ID_REQ
        
       Peer                                             Authenticator
          |                                                       |
          |                            +------------------------------+
          |                            | Server does not have any     |
          |                            | Subscriber identity available|
          |                            | When starting EAP-AKA        |
          |                            +------------------------------+
          |          EAP-Request/AKA-Identity                     |
          |          (AT_ANY_ID_REQ)                              |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY)                                         |
          |------------------------------------------------------>|
          |                                                       |
                     Figure 5: Usage of AT_ANY_ID_REQ
        
4.2.2. Fall Back on Full Authentication
4.2.2. 依赖于完全身份验证

Figure 6 illustrates the case when the server does not recognize the fast re-authentication identity the peer used in AT_IDENTITY.

图6说明了服务器无法识别AT_标识中使用的对等方的快速重新身份验证标识的情况。

       Peer                                             Authenticator
          |                                                       |
          |                            +------------------------------+
          |                            | Server does not have any     |
          |                            | Subscriber identity available|
          |                            | When starting EAP-AKA        |
          |                            +------------------------------+
          |        EAP-Request/AKA-Identity                       |
          |        (AT_ANY_ID_REQ)                                |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY containing a fast re-auth. identity)     |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server does not recognize    |
          |                            | The fast re-auth.            |
          |                            | Identity                     |
          |                            +------------------------------+
          |     EAP-Request/AKA-Identity                          |
          |     (AT_FULLAUTH_ID_REQ)                              |
          |<------------------------------------------------------|
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with a full-auth. Identity)              |
          |------------------------------------------------------>|
          |                                                       |
        
       Peer                                             Authenticator
          |                                                       |
          |                            +------------------------------+
          |                            | Server does not have any     |
          |                            | Subscriber identity available|
          |                            | When starting EAP-AKA        |
          |                            +------------------------------+
          |        EAP-Request/AKA-Identity                       |
          |        (AT_ANY_ID_REQ)                                |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY containing a fast re-auth. identity)     |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server does not recognize    |
          |                            | The fast re-auth.            |
          |                            | Identity                     |
          |                            +------------------------------+
          |     EAP-Request/AKA-Identity                          |
          |     (AT_FULLAUTH_ID_REQ)                              |
          |<------------------------------------------------------|
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with a full-auth. Identity)              |
          |------------------------------------------------------>|
          |                                                       |
        

Figure 6: Fall back on full authentication

图6:使用完全身份验证

If the server recognizes the fast re-authentication identity, but still wants to fall back on full authentication, the server may issue the EAP-Request/AKA-Challenge packet. In this case, the full authentication procedure proceeds as usual.

如果服务器识别出快速重新身份验证标识,但仍希望退回到完全身份验证,则服务器可能会发出EAP请求/AKA质询数据包。在这种情况下,完整身份验证过程照常进行。

4.2.3. Requesting the Permanent Identity 1
4.2.3. 申请永久身份证1

Figure 7 illustrates the case when the EAP server fails to decode a pseudonym identity included in the EAP-Response/Identity packet.

图7说明了EAP服务器无法解码EAP响应/标识数据包中包含的假名标识的情况。

       Peer                                             Authenticator
          |                               EAP-Request/Identity    |
          |<------------------------------------------------------|
          | EAP-Response/Identity                                 |
          | (Includes a pseudonym)                                |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server fails to decode the   |
          |                            | Pseudonym.                   |
          |                            +------------------------------+
          |  EAP-Request/AKA-Identity                             |
          |  (AT_PERMANENT_ID_REQ)                                |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with permanent identity)                 |
          |------------------------------------------------------>|
          |                                                       |
        
       Peer                                             Authenticator
          |                               EAP-Request/Identity    |
          |<------------------------------------------------------|
          | EAP-Response/Identity                                 |
          | (Includes a pseudonym)                                |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server fails to decode the   |
          |                            | Pseudonym.                   |
          |                            +------------------------------+
          |  EAP-Request/AKA-Identity                             |
          |  (AT_PERMANENT_ID_REQ)                                |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with permanent identity)                 |
          |------------------------------------------------------>|
          |                                                       |
        

Figure 7: Requesting the permanent identity 1

图7:申请永久身份1

If the server recognizes the permanent identity, then the authentication sequence proceeds as usual with the EAP Server issuing the EAP-Request/AKA-Challenge message.

如果服务器识别出永久身份,则身份验证序列将照常进行,EAP服务器将发出EAP请求/AKA质询消息。

4.2.4. Requesting the Permanent Identity 2
4.2.4. 申请永久身份证2

Figure 8 illustrates the case when the EAP server fails to decode the pseudonym included in the AT_IDENTITY attribute.

图8说明了EAP服务器无法解码AT_IDENTITY属性中包含的假名的情况。

       Peer                                             Authenticator
          |                                                       |
          |                            +------------------------------+
          |                            | Server does not have any     |
          |                            | Subscriber identity available|
          |                            | When starting EAP-AKA        |
          |                            +------------------------------+
          |        EAP-Request/AKA-Identity                       |
          |        (AT_ANY_ID_REQ)                                |
          |<------------------------------------------------------|
          |                                                       |
          |EAP-Response/AKA-Identity                              |
          |(AT_IDENTITY with a pseudonym identity)                |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server fails to decode the   |
          |                            | Pseudonym in AT_IDENTITY     |
          |                            +------------------------------+
          |                EAP-Request/AKA-Identity               |
          |                (AT_PERMANENT_ID_REQ)                  |
          |<------------------------------------------------------|
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with permanent identity)                 |
          |------------------------------------------------------>|
          |                                                       |
        
       Peer                                             Authenticator
          |                                                       |
          |                            +------------------------------+
          |                            | Server does not have any     |
          |                            | Subscriber identity available|
          |                            | When starting EAP-AKA        |
          |                            +------------------------------+
          |        EAP-Request/AKA-Identity                       |
          |        (AT_ANY_ID_REQ)                                |
          |<------------------------------------------------------|
          |                                                       |
          |EAP-Response/AKA-Identity                              |
          |(AT_IDENTITY with a pseudonym identity)                |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server fails to decode the   |
          |                            | Pseudonym in AT_IDENTITY     |
          |                            +------------------------------+
          |                EAP-Request/AKA-Identity               |
          |                (AT_PERMANENT_ID_REQ)                  |
          |<------------------------------------------------------|
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with permanent identity)                 |
          |------------------------------------------------------>|
          |                                                       |
        

Figure 8: Requesting the permanent identity 2

图8:申请永久身份2

4.2.5. Three EAP/AKA-Identity Round Trips
4.2.5. 三次EAP/AKA身份往返

Figure 9 illustrates the case with three EAP/AKA-Identity round trips.

图9说明了三次EAP/AKA身份往返的情况。

       Peer                                             Authenticator
          |                                                       |
          |                            +------------------------------+
          |                            | Server does not have any     |
          |                            | Subscriber identity available|
          |                            | When starting EAP-AKA        |
          |                            +------------------------------+
          |        EAP-Request/AKA-Identity                       |
          |        (AT_ANY_ID_REQ)                                |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with fast re-auth. identity)             |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server does not accept       |
          |                            | The fast re-authentication   |
          |                            | Identity                     |
          |                            +------------------------------+
          |                                                       |
          :                                                       :
          :                                                       :
        
       Peer                                             Authenticator
          |                                                       |
          |                            +------------------------------+
          |                            | Server does not have any     |
          |                            | Subscriber identity available|
          |                            | When starting EAP-AKA        |
          |                            +------------------------------+
          |        EAP-Request/AKA-Identity                       |
          |        (AT_ANY_ID_REQ)                                |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with fast re-auth. identity)             |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server does not accept       |
          |                            | The fast re-authentication   |
          |                            | Identity                     |
          |                            +------------------------------+
          |                                                       |
          :                                                       :
          :                                                       :
        
          :                                                       :
          :                                                       :
          |     EAP-Request/AKA-Identity                          |
          |     (AT_FULLAUTH_ID_REQ)                              |
          |<------------------------------------------------------|
          |EAP-Response/AKA-Identity                              |
          |(AT_IDENTITY with a pseudonym identity)                |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server fails to decode the   |
          |                            | Pseudonym in AT_IDENTITY     |
          |                            +------------------------------+
          |           EAP-Request/AKA-Identity                    |
          |           (AT_PERMANENT_ID_REQ)                       |
          |<------------------------------------------------------|
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with permanent identity)                 |
          |------------------------------------------------------>|
          |                                                       |
        
          :                                                       :
          :                                                       :
          |     EAP-Request/AKA-Identity                          |
          |     (AT_FULLAUTH_ID_REQ)                              |
          |<------------------------------------------------------|
          |EAP-Response/AKA-Identity                              |
          |(AT_IDENTITY with a pseudonym identity)                |
          |------------------------------------------------------>|
          |                            +------------------------------+
          |                            | Server fails to decode the   |
          |                            | Pseudonym in AT_IDENTITY     |
          |                            +------------------------------+
          |           EAP-Request/AKA-Identity                    |
          |           (AT_PERMANENT_ID_REQ)                       |
          |<------------------------------------------------------|
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY with permanent identity)                 |
          |------------------------------------------------------>|
          |                                                       |
        

Figure 9: Three EAP-AKA Start rounds

图9:EAP-AKA三轮启动

After the last EAP-Response/AKA-Identity message, the full authentication sequence proceeds as usual.

在最后一个EAP响应/AKA标识消息之后,完整的身份验证序列照常进行。

5. Fast Re-Authentication
5. 快速重新认证
5.1. General
5.1. 全体的

In some environments, EAP authentication may be performed frequently. Because the EAP-AKA full authentication procedure uses the AKA algorithms, and therefore requires fresh authentication vectors from the Authentication Centre, the full authentication procedure may result in many network operations when used very frequently. Therefore, EAP-AKA includes a more inexpensive fast re-authentication procedure that does not make use of the AKA algorithms and does not need new vectors from the Authentication Centre.

在某些环境中,可能会频繁执行EAP身份验证。由于EAP-AKA完全认证过程使用AKA算法,因此需要来自认证中心的新认证向量,因此在非常频繁地使用时,完全认证过程可能导致许多网络操作。因此,EAP-AKA包括更便宜的快速重新认证过程,该过程不使用AKA算法,并且不需要来自认证中心的新向量。

Fast re-authentication is optional to implement for both the EAP-AKA server and peer. On each EAP authentication, either one of the entities may fall back on full authentication if is does not want to use fast re-authentication.

对于EAP-AKA服务器和对等机,快速重新认证是可选的。在每个EAP身份验证中,如果is不希望使用快速重新身份验证,则其中任何一个实体都可能会采用完全身份验证。

Fast re-authentication is based on the keys derived on the preceding full authentication. The same K_aut and K_encr keys used in full authentication are used to protect EAP-AKA packets and attributes, and the original Master Key from full authentication is used to generate a fresh Master Session Key, as specified in Section 7.

快速重新身份验证基于在前面的完全身份验证中派生的密钥。完全认证中使用的相同K_aut和K_encr密钥用于保护EAP-AKA数据包和属性,完全认证中的原始主密钥用于生成新的主会话密钥,如第7节所述。

The fast re-authentication exchange makes use of an unsigned 16-bit counter, included in the AT_COUNTER attribute. The counter has three goals: 1) it can be used to limit the number of successive reauthentication exchanges without full-authentication 2) it contributes to the keying material, and 3) it protects the peer and the server from replays. On full authentication, both the server and the peer initialize the counter to one. The counter value of at least one is used on the first fast re-authentication. On subsequent fast re-authentications, the counter MUST be greater than on any of the previous fast re-authentications. For example, on the second fast re-authentication, counter value is two or greater, etc. The AT_COUNTER attribute is encrypted.

快速重新身份验证交换使用AT_计数器属性中包含的无符号16位计数器。计数器有三个目标:1)它可以用来限制连续的重新身份验证交换次数,而无需完全身份验证;2)它有助于密钥材料;3)它可以保护对等方和服务器免受重播。在完全身份验证时,服务器和对等方都将计数器初始化为1。在第一次快速重新认证时使用至少一个计数器值。在随后的快速重新身份验证中,计数器必须大于之前任何快速重新身份验证中的计数器。例如,在第二次快速重新身份验证时,计数器值为2或更大,等等。AT_计数器属性是加密的。

Both the peer and the EAP server maintain a copy of the counter. The EAP server sends its counter value to the peer in the fast re-authentication request. The peer MUST verify that its counter value is less than or equal to the value sent by the EAP server.

对等方和EAP服务器都维护计数器的副本。EAP服务器在快速重新身份验证请求中将其计数器值发送给对等方。对等方必须验证其计数器值是否小于或等于EAP服务器发送的值。

The server includes an encrypted server random nonce (AT_NONCE_S) in the fast re-authentication request. The AT_MAC attribute in the peer's response is calculated over NONCE_S to provide a challenge/response authentication scheme. The NONCE_S also contributes to the new Master Session Key.

服务器在快速重新身份验证请求中包含一个加密的服务器随机时间(AT_nonce)。对等方响应中的AT_MAC属性在当前时间计算,以提供质询/响应身份验证方案。临时密钥也有助于新的主会话密钥。

Both the peer and the server SHOULD have an upper limit for the number of subsequent fast re-authentications allowed before a full authentication needs to be performed. Because a 16-bit counter is used in fast re-authentication, the theoretical maximum number of re-authentications is reached when the counter value reaches FFFF hexadecimal. In order to use fast re-authentication, the peer and the EAP server need to store the following values: Master Key, latest counter value and the next fast re-authentication identity. K_aut and K_encr may either be stored or derived again from MK. The server may also need to store the permanent identity of the user.

在需要执行完全身份验证之前,对等方和服务器都应该有允许的后续快速重新身份验证的数量上限。由于16位计数器用于快速重新身份验证,因此当计数器值达到FFFF十六进制时,将达到理论上的最大重新身份验证次数。为了使用快速重新身份验证,对等方和EAP服务器需要存储以下值:主密钥、最新计数器值和下一个快速重新身份验证标识。K_aut和K_encr可以存储或再次从MK派生。服务器可能还需要存储用户的永久身份。

5.2. Comparison to AKA
5.2. 与AKA的比较

When analyzing the fast re-authentication exchange, it may be helpful to compare it with the 3rd generation Authentication and Key Agreement (AKA) exchange used on full authentication. The counter corresponds to the AKA sequence number, NONCE_S corresponds to RAND, the AT_MAC in EAP-Request/AKA-Reauthentication corresponds to AUTN, the AT_MAC in EAP-Response/AKA-Reauthentication corresponds to RES, AT_COUNTER_TOO_SMALL corresponds to AUTS, and encrypting the counter corresponds to the usage of the Anonymity Key. Also, the key generation on fast re-authentication, with regard to random or fresh material, is similar to AKA -- the server generates the NONCE_S and counter values, and the peer only verifies that the counter value is fresh.

在分析快速重新身份验证交换时,将其与用于完全身份验证的第三代身份验证和密钥协议(AKA)交换进行比较可能会有所帮助。计数器对应于AKA序列号,NONCE_S对应于RAND,EAP请求/AKA重新验证中的AT_MAC对应于AUTN,EAP响应/AKA重新验证中的AT_MAC对应于RES,AT_计数器太小对应于AUT,加密计数器对应于匿名密钥的使用。此外,关于随机或新鲜材料的快速重新身份验证上的密钥生成与AKA类似——服务器生成NONCE_S和计数器值,对等方仅验证计数器值是否新鲜。

It should also be noted that encrypting the AT_NONCE_S, AT_COUNTER, or AT_COUNTER_TOO_SMALL attributes is not important to the security of the fast re-authentication exchange.

还应注意,加密当前、当前计数器或当前计数器太小的属性对于快速重新身份验证交换的安全性并不重要。

5.3. Fast Re-Authentication Identity
5.3. 快速重认证身份

The fast re-authentication procedure makes use of separate re-authentication user identities. Pseudonyms and the permanent identity are reserved for full authentication only. If a fast re-authentication identity is lost and the network does not recognize it, the EAP server can fall back on full authentication. If the EAP server supports fast re-authentication, it MAY include the skippable AT_NEXT_REAUTH_ID attribute in the encrypted data of EAP- Request/- AKA-Challenge message. This attribute contains a new re-authentication identity for the next fast re-authentication. The attribute also works as a capability flag that indicates that the server supports fast re-authentication and that the server wants to continue using fast re-authentication within the current context. The peer MAY ignore this attribute, in which case it will use full authentication next time. If the peer wants to use fast re-authentication, it uses this fast re-authentication identity on next authentication. Even if the peer has a fast re-authentication

快速重新身份验证过程使用单独的重新身份验证用户身份。笔名和永久身份仅用于完全身份验证。如果快速重新身份验证标识丢失且网络无法识别,则EAP服务器可以采用完全身份验证。如果EAP服务器支持快速重新身份验证,它可能会在EAP-Request/-AKA质询消息的加密数据中包含可跳过的AT_NEXT_REAUTH_ID属性。此属性包含下一次快速重新身份验证的新重新身份验证标识。该属性还用作功能标志,指示服务器支持快速重新身份验证,并且服务器希望在当前上下文中继续使用快速重新身份验证。对等方可能会忽略此属性,在这种情况下,下次将使用完全身份验证。如果对等方希望使用快速重新身份验证,它将在下次身份验证时使用此快速重新身份验证标识。即使对等方具有快速重新身份验证

identity, the peer MAY discard the re-authentication identity and use a pseudonym or the permanent identity instead, in which case full authentication MUST be performed. If the EAP server does not include the AT_NEXT_REAUTH_ID in the encrypted data of EAP-Request/AKA-Challenge or EAP-Request/AKA-Reauthentication, then the peer MUST discard its current fast re-authentication state information and perform a full authentication next time.

身份,对等方可以放弃重新认证身份并使用假名或永久身份,在这种情况下,必须执行完全认证。如果EAP服务器在EAP Request/AKA Challenge或EAP Request/AKA Reauthentication的加密数据中未包含AT_NEXT_REAUTH_ID,则对等方必须放弃其当前快速重新身份验证状态信息,并在下次执行完全身份验证。

In environments where a realm portion is needed in the peer identity, the fast re-authentication identity received in AT_NEXT_REAUTH_ID MUST contain both a username portion and a realm portion, as per the NAI format. The EAP Server can choose an appropriate realm part in order to have the AAA infrastructure route subsequent fast re-authentication-related requests to the same AAA server. For example, the realm part MAY include a portion that is specific to the AAA server. Hence, it is sufficient to store the context required for fast re-authentication in the AAA server that performed the full authentication.

在对等身份中需要领域部分的环境中,根据NAI格式,在AT_NEXT_REAUTH_ID中接收的快速重新身份验证身份必须同时包含用户名部分和领域部分。EAP服务器可以选择适当的领域部分,以便AAA基础设施将后续快速重新认证相关请求路由到同一AAA服务器。例如,领域部分可以包括特定于AAA服务器的部分。因此,在执行完全身份验证的AAA服务器中存储快速重新身份验证所需的上下文就足够了。

The peer MAY use the fast re-authentication identity in the EAP-Response/Identity packet or, in response to the server's AT_ANY_ID_REQ attribute, the peer MAY use the fast re-authentication identity in the AT_IDENTITY attribute of the EAP-Response/ AKA-Identity packet.

对等方可以在EAP响应/标识分组中使用快速重新认证标识,或者,响应于服务器的AT_ANY_ID_REQ属性,对等方可以在EAP响应/AKA标识分组的AT_标识属性中使用快速重新认证标识。

The peer MUST NOT modify the username portion of the fast re-authentication identity, but the peer MAY modify the realm portion or replace it with another realm portion. The peer might need to modify the realm in order to influence the AAA routing, for example, to make sure that the correct server is reached. It should be noted that sharing the same fast re-authentication key among several servers may have security risks, so changing the realm portion of the NAI in order to change the EAP server is not desirable.

对等方不得修改快速重新身份验证标识的用户名部分,但对等方可以修改域部分或用另一个域部分替换它。对等方可能需要修改域以影响AAA路由,例如,以确保到达正确的服务器。应当注意,在多个服务器之间共享相同的快速重新认证密钥可能具有安全风险,因此不希望为了改变EAP服务器而改变NAI的领域部分。

Even if the peer uses a fast re-authentication identity, the server may want to fall back on full authentication, for example, because the server does not recognize the fast re-authentication identity or does not want to use fast re-authentication. If the server was able to decode the fast re-authentication identity to the permanent identity, the server issues the EAP-Request/AKA-Challenge packet to initiate full authentication. If the server was not able to recover the peer's identity from the fast re-authentication identity, the server starts the full authentication procedure by issuing an EAP-Request/AKA-Identity packet. This packet always starts a full authentication sequence if it does not include the AT_ANY_ID_REQ attribute.

即使对等方使用快速重新身份验证标识,服务器也可能希望退回到完全身份验证,例如,因为服务器无法识别快速重新身份验证标识或不希望使用快速重新身份验证。如果服务器能够将快速重新身份验证身份解码为永久身份,则服务器将发出EAP请求/AKA质询数据包以启动完全身份验证。如果服务器无法从快速重新身份验证中恢复对等方的身份,则服务器将通过发出EAP请求/AKA身份数据包来启动完整身份验证过程。如果此数据包不包含AT_ANY_ID_REQ属性,则它总是启动完整的身份验证序列。

5.4. Fast Re-Authentication Procedure
5.4. 快速重新认证过程

Figure 10 illustrates the fast re-authentication procedure. In this example, the optional protected success indication is not used. Encrypted attributes are denoted with '*'. The peer uses its fast re-authentication identity in the EAP-Response/Identity packet. As discussed above, an alternative way to communicate the fast re-authentication identity to the server is for the peer to use the AT_IDENTITY attribute in the EAP-Response/AKA-Identity message. This latter case is not illustrated in the figure below, and it is only possible when the server requests that the peer send its identity by including the AT_ANY_ID_REQ attribute in the EAP-Request/AKA-Identity packet.

图10说明了快速重新认证过程。在此示例中,未使用可选的受保护成功指示。加密属性用“*”表示。对等方在EAP响应/标识数据包中使用其快速重新身份验证标识。如上所述,向服务器传送快速重新认证标识的替代方法是对等方在EAP响应/AKA标识消息中使用AT_标识属性。后一种情况未在下图中说明,并且仅当服务器请求对等方通过在EAP请求/AKA标识数据包中包含AT_ANY_ID_REQ属性来发送其标识时才可能。

If the server recognizes the identity as a valid fast re-authentication identity, and if the server agrees to use fast re-authentication, then the server sends the EAP- Request/AKA-Reauthentication packet to the peer. This packet MUST include the encrypted AT_COUNTER attribute, with a fresh counter value, the encrypted AT_NONCE_S attribute that contains a random number chosen by the server, the AT_ENCR_DATA and the AT_IV attributes used for encryption, and the AT_MAC attribute that contains a message authentication code over the packet. The packet MAY also include an encrypted AT_NEXT_REAUTH_ID attribute that contains the next fast re-authentication identity.

如果服务器将该标识识别为有效的快速重新身份验证标识,并且如果服务器同意使用快速重新身份验证,则服务器将EAP-Request/AKA重新身份验证数据包发送给对等方。此数据包必须包括加密的AT_计数器属性(具有新计数器值)、加密的AT_NONCE_S属性(包含服务器选择的随机数)、用于加密的AT_ENCR_数据和AT_IV属性,以及AT_MAC属性(包含数据包上的消息身份验证代码)。该分组还可以包括加密的AT_NEXT_REAUTH_ID属性,该属性包含下一个快速重新认证标识。

Fast re-authentication identities are one-time identities. If the peer does not receive a new fast re-authentication identity, it MUST use either the permanent identity or a pseudonym identity on the next authentication to initiate full authentication.

快速重新身份验证身份是一次性身份。如果对等方没有收到新的快速重新身份验证标识,则必须在下一次身份验证时使用永久身份或假名身份来启动完全身份验证。

The peer verifies that AT_MAC is correct and that the counter value is fresh (greater than any previously used value). The peer MAY save the next fast re-authentication identity from the encrypted AT_NEXT_REAUTH_ID for next time. If all checks are successful, the peer responds with the EAP-Response/AKA-Reauthentication packet, including the AT_COUNTER attribute with the same counter value and the AT_MAC attribute.

对等方验证AT_MAC是否正确,计数器值是否新鲜(大于以前使用的任何值)。对等方可以从加密的AT_next_REAUTH_ID保存下一个快速重新身份验证标识,以备下次使用。如果所有检查都成功,对等方将使用EAP响应/AKA重新验证数据包进行响应,包括具有相同计数器值的AT_计数器属性和AT_MAC属性。

The server verifies the AT_MAC attribute and also verifies that the counter value is the same that it used in the EAP-Request/AKA-Reauthentication packet. If these checks are successful, the fast re-authentication has succeeded and the server sends the EAP-Success packet to the peer.

服务器验证AT_MAC属性,并验证计数器值是否与EAP请求/AKA重新验证数据包中使用的计数器值相同。如果这些检查成功,则快速重新身份验证已成功,服务器将EAP成功数据包发送给对等方。

If protected success indications (Section 6.2) were used, the EAP-Success packet would be preceded by an EAP-AKA notification round.

如果使用了受保护的成功指示(第6.2节),则EAP成功数据包之前将有一轮EAP-AKA通知。

        Peer                                             Authenticator
          |                                                       |
          |                               EAP-Request/Identity    |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/Identity                                 |
          | (Includes a fast re-authentication identity)          |
          |------------------------------------------------------>|
          |                          +--------------------------------+
          |                          | Server recognizes the identity |
          |                          | and agrees on using fast       |
          |                          | re-authentication              |
          |                          +--------------------------------+
          |  EAP-Request/AKA-Reauthentication                     |
          |  (AT_IV, AT_ENCR_DATA, *AT_COUNTER,                   |
          |   *AT_NONCE_S, *AT_NEXT_REAUTH_ID, AT_MAC)            |
          |<------------------------------------------------------|
          |                                                       |
          :                                                       :
          :                                                       :
        
        Peer                                             Authenticator
          |                                                       |
          |                               EAP-Request/Identity    |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/Identity                                 |
          | (Includes a fast re-authentication identity)          |
          |------------------------------------------------------>|
          |                          +--------------------------------+
          |                          | Server recognizes the identity |
          |                          | and agrees on using fast       |
          |                          | re-authentication              |
          |                          +--------------------------------+
          |  EAP-Request/AKA-Reauthentication                     |
          |  (AT_IV, AT_ENCR_DATA, *AT_COUNTER,                   |
          |   *AT_NONCE_S, *AT_NEXT_REAUTH_ID, AT_MAC)            |
          |<------------------------------------------------------|
          |                                                       |
          :                                                       :
          :                                                       :
        
          :                                                       :
          :                                                       :
          |                                                       |
     +-----------------------------------------------+            |
     | Peer verifies AT_MAC and the freshness of     |            |
     | the counter. Peer MAY store the new re-       |            |
     | authentication identity for next re-auth.     |            |
     +-----------------------------------------------+            |
          |                                                       |
          | EAP-Response/AKA-Reauthentication                     |
          | (AT_IV, AT_ENCR_DATA, *AT_COUNTER with same value,    |
          |  AT_MAC)                                              |
          |------------------------------------------------------>|
          |                          +--------------------------------+
          |                          | Server verifies AT_MAC and     |
          |                          | the counter                    |
          |                          +--------------------------------+
          |                                          EAP-Success  |
          |<------------------------------------------------------|
          |                                                       |
        
          :                                                       :
          :                                                       :
          |                                                       |
     +-----------------------------------------------+            |
     | Peer verifies AT_MAC and the freshness of     |            |
     | the counter. Peer MAY store the new re-       |            |
     | authentication identity for next re-auth.     |            |
     +-----------------------------------------------+            |
          |                                                       |
          | EAP-Response/AKA-Reauthentication                     |
          | (AT_IV, AT_ENCR_DATA, *AT_COUNTER with same value,    |
          |  AT_MAC)                                              |
          |------------------------------------------------------>|
          |                          +--------------------------------+
          |                          | Server verifies AT_MAC and     |
          |                          | the counter                    |
          |                          +--------------------------------+
          |                                          EAP-Success  |
          |<------------------------------------------------------|
          |                                                       |
        

Figure 10: Reauthentication

图10:重新验证

5.5. Fast Re-Authentication Procedure when Counter is Too Small
5.5. 计数器太小时的快速重新身份验证过程

If the peer does not accept the counter value of EAP-Request/ AKA-Reauthentication, it indicates the counter synchronization problem by including the encrypted AT_COUNTER_TOO_SMALL in EAP-Response/AKA-Reauthentication. The server responds with EAP-Request/AKA-Challenge to initiate a normal full authentication procedure. This is illustrated in Figure 11. Encrypted attributes are denoted with '*'.

如果对等方不接受EAP请求/AKA重新身份验证的计数器值,则通过在EAP响应/AKA重新身份验证中包含加密的AT_计数器太小来指示计数器同步问题。服务器响应EAP请求/AKA质询以启动正常的完全身份验证过程。如图11所示。加密属性用“*”表示。

        Peer                                             Authenticator
          |          EAP-Request/AKA-Identity                     |
          |          (AT_ANY_ID_REQ)                              |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY)                                         |
          | (Includes a fast re-authentication identity)          |
          |------------------------------------------------------>|
          |                                                       |
          |  EAP-Request/AKA-Reauthentication                     |
          |  (AT_IV, AT_ENCR_DATA, *AT_COUNTER,                   |
          |   *AT_NONCE_S, *AT_NEXT_REAUTH_ID, AT_MAC)            |
          |<------------------------------------------------------|
     +-----------------------------------------------+            |
     | AT_MAC is valid but the counter is not fresh. |            |
     +-----------------------------------------------+            |
          | EAP-Response/AKA-Reauthentication                     |
          | (AT_IV, AT_ENCR_DATA, *AT_COUNTER_TOO_SMALL,          |
          |  *AT_COUNTER, AT_MAC)                                 |
          |------------------------------------------------------>|
          |            +----------------------------------------------+
          |            | Server verifies AT_MAC but detects           |
          |            | That peer has included AT_COUNTER_TOO_SMALL|
          |            +----------------------------------------------+
          |                        EAP-Request/AKA-Challenge      |
          |<------------------------------------------------------|
     +---------------------------------------------------------------+
     |                Normal full authentication follows.            |
     +---------------------------------------------------------------+
          |                                                       |
        
        Peer                                             Authenticator
          |          EAP-Request/AKA-Identity                     |
          |          (AT_ANY_ID_REQ)                              |
          |<------------------------------------------------------|
          |                                                       |
          | EAP-Response/AKA-Identity                             |
          | (AT_IDENTITY)                                         |
          | (Includes a fast re-authentication identity)          |
          |------------------------------------------------------>|
          |                                                       |
          |  EAP-Request/AKA-Reauthentication                     |
          |  (AT_IV, AT_ENCR_DATA, *AT_COUNTER,                   |
          |   *AT_NONCE_S, *AT_NEXT_REAUTH_ID, AT_MAC)            |
          |<------------------------------------------------------|
     +-----------------------------------------------+            |
     | AT_MAC is valid but the counter is not fresh. |            |
     +-----------------------------------------------+            |
          | EAP-Response/AKA-Reauthentication                     |
          | (AT_IV, AT_ENCR_DATA, *AT_COUNTER_TOO_SMALL,          |
          |  *AT_COUNTER, AT_MAC)                                 |
          |------------------------------------------------------>|
          |            +----------------------------------------------+
          |            | Server verifies AT_MAC but detects           |
          |            | That peer has included AT_COUNTER_TOO_SMALL|
          |            +----------------------------------------------+
          |                        EAP-Request/AKA-Challenge      |
          |<------------------------------------------------------|
     +---------------------------------------------------------------+
     |                Normal full authentication follows.            |
     +---------------------------------------------------------------+
          |                                                       |
        

Figure 11: Fast re-authentication counter too small

图11:快速重新验证计数器太小

In the figure above, the first three messages are similar to the basic fast re-authentication case. When the peer detects that the counter value is not fresh, it includes the AT_COUNTER_TOO_SMALL attribute in EAP-Response/AKA-Reauthentication. This attribute

在上图中,前三条消息类似于基本的快速重新身份验证案例。当对等方检测到计数器值不新鲜时,它在EAP响应/AKA重新验证中包含AT_counter_TOO_SMALL属性。这个属性

doesn't contain any data but it is a request for the server to initiate full authentication. In this case, the peer MUST ignore the contents of the server's AT_NEXT_REAUTH_ID attribute.

不包含任何数据,但它是服务器启动完全身份验证的请求。在这种情况下,对等方必须忽略服务器的AT_NEXT_REAUTH_ID属性的内容。

On receipt of AT_COUNTER_TOO_SMALL, the server verifies AT_MAC and verifies that AT_COUNTER contains the same counter value as in the EAP-Request/AKA-Reauthentication packet. If not, the server terminates the authentication exchange by sending the EAP-Request/AKA-Notification packet with AT_NOTIFICATION code "General failure" (16384). If all checks on the packet are successful, the server transmits an EAP-Request/AKA-Challenge packet and the full authentication procedure is performed as usual. Because the server already knows the subscriber identity, it MUST NOT use the EAP-Request/AKA-Identity packet to request the identity.

在收到AT_计数器太小时,服务器验证AT_MAC并验证AT_计数器是否包含与EAP请求/AKA重新验证数据包中相同的计数器值。否则,服务器通过发送带有AT_通知代码“一般故障”(16384)的EAP请求/AKA通知数据包来终止身份验证交换。如果对数据包的所有检查都成功,则服务器将发送EAP请求/AKA质询数据包,并像往常一样执行完整的身份验证过程。因为服务器已经知道订户标识,所以它不能使用EAP请求/AKA标识包来请求标识。

It should be noted that in this case, peer identity is only transmitted in the AT_IDENTITY attribute at the beginning of the whole EAP exchange. The fast re-authentication identity used in this AT_IDENTITY attribute will be used in key derivation (see Section 7).

应当注意,在这种情况下,对等身份仅在整个EAP交换开始时在AT_identity属性中传输。此AT_标识属性中使用的快速重新身份验证标识将用于密钥派生(参见第7节)。

6. EAP-AKA Notifications
6. EAP-AKA通知
6.1. General
6.1. 全体的

EAP-AKA does not prohibit the use of the EAP Notifications as specified in [RFC3748]. EAP Notifications can be used at any time in the EAP-AKA exchange. It should be noted that EAP-AKA does not protect EAP Notifications. EAP-AKA also specifies method-specific EAP-AKA notifications, which are protected in some cases.

EAP-AKA不禁止使用[RFC3748]中规定的EAP通知。EAP通知可在EAP-AKA exchange中随时使用。应注意,EAP-AKA不保护EAP通知。EAP-AKA还指定特定于方法的EAP-AKA通知,在某些情况下这些通知受到保护。

The EAP server can use EAP-AKA notifications to convey notifications and result indications (Section 6.2) to the peer.

EAP服务器可以使用EAP-AKA通知向对等方传送通知和结果指示(第6.2节)。

The server MUST use notifications in cases discussed in Section 6.3.2. When the EAP server issues an EAP-Request/AKA-Notification packet to the peer, the peer MUST process the notification packet. The peer MAY show a notification message to the user and the peer MUST respond to the EAP server with an EAP-Response/AKA-Notification packet, even if the peer did not recognize the notification code.

服务器必须在第6.3.2节讨论的情况下使用通知。当EAP服务器向对等方发出EAP请求/AKA通知包时,对等方必须处理该通知包。对等方可以向用户显示通知消息,并且对等方必须使用EAP响应/AKA通知包响应EAP服务器,即使对等方不识别通知代码。

An EAP-AKA full authentication exchange or a fast re-authentication exchange MUST NOT include more than one EAP-AKA notification round.

EAP-AKA完全身份验证交换或快速重新身份验证交换不得包含多个EAP-AKA通知轮。

The notification code is a 16-bit number. The most significant bit is called the Success bit (S bit). The S bit specifies whether the notification implies failure. The code values with the S bit set to zero (code values 0...32767) are used on unsuccessful cases. The

通知代码是一个16位数字。最高有效位称为成功位。S位指定通知是否意味着失败。S位设置为零的代码值(代码值0…32767)用于不成功的情况。这个

receipt of a notification code from this range implies failed EAP exchange, so the peer can use the notification as a failure indication. After receiving the EAP-Response/AKA-Notification for these notification codes, the server MUST send the EAP-Failure packet.

从该范围接收到通知代码意味着EAP交换失败,因此对等方可以使用该通知作为失败指示。在收到这些通知代码的EAP响应/AKA通知后,服务器必须发送EAP故障数据包。

The receipt of a notification code with the S bit set to one (values 32768...65536) does not imply failure. Notification code "Success" (32768) has been reserved as a general notification code to indicate successful authentication.

接收S位设置为1(值32768…65536)的通知代码并不意味着失败。通知代码“Success”(32768)已保留为通用通知代码,以指示身份验证成功。

The second most significant bit of the notification code is called the Phase bit (P bit). It specifies at which phase of the EAP-AKA exchange the notification can be used. If the P bit is set to zero, the notification can only be used after a successful EAP/AKA-Challenge round in full authentication or a successful EAP/AKA-Reauthentication round in re-authentication. A re-authentication round is considered successful only if the peer has successfully verified AT_MAC and AT_COUNTER attributes, and does not include the AT_COUNTER_TOO_SMALL attribute in EAP-Response/AKA-Reauthentication.

通知代码的第二个最高有效位称为相位位(P位)。它指定在EAP-AKA交换的哪个阶段可以使用通知。如果P位设置为零,则通知只能在完全身份验证中成功的EAP/AKA质询轮或重新身份验证中成功的EAP/AKA重新身份验证轮后使用。仅当对等方已成功验证AT_MAC和AT_计数器属性,并且在EAP响应/AKA重新验证中未包含AT_计数器太小属性时,重新验证回合才被视为成功。

If the P bit is set to one, the notification can only by used before the EAP/AKA-Challenge round in full authentication or before the EAP/AKA-Reauthentication round in reauthentication. These notifications can only be used to indicate various failure cases. In other words, if the P bit is set to one, then the S bit MUST be set to zero.

如果P位设置为1,则通知只能在完全身份验证中的EAP/AKA质询轮之前或在重新身份验证中的EAP/AKA重新身份验证轮之前使用。这些通知只能用于指示各种故障情况。换句话说,如果P位设置为1,则S位必须设置为0。

Section 9.10 and Section 9.11 specify what other attributes must be included in the notification packets.

第9.10节和第9.11节规定了通知包中必须包含的其他属性。

Some of the notification codes are authorization related and hence not usually considered as part of the responsibility of an EAP method. However, they are included as part of EAP-AKA because there are currently no other ways to convey this information to the user in a localizable way, and the information is potentially useful for the user. An EAP-AKA server implementation may decide never to send these EAP-AKA notifications.

一些通知代码与授权相关,因此通常不被视为EAP方法责任的一部分。然而,它们作为EAP-AKA的一部分被包括在内,因为目前没有其他方式以可本地化的方式向用户传达该信息,并且该信息对用户可能有用。EAP-AKA服务器实现可能决定从不发送这些EAP-AKA通知。

6.2. Result Indications
6.2. 结果显示

As discussed in Section 6.3, the server and the peer use explicit error messages in all error cases. If the server detects an error after successful authentication, the server uses an EAP-AKA notification to indicate failure to the peer. In this case, the result indication is integrity and replay protected.

如第6.3节所述,服务器和对等方在所有错误情况下都使用显式错误消息。如果服务器在成功身份验证后检测到错误,则服务器将使用EAP-AKA通知向对等方指示失败。在这种情况下,结果指示为完整性和重播保护。

By sending an EAP-Response/AKA-Challenge packet or an EAP-Response/AKA-Reauthentication packet (without AT_COUNTER_TOO_SMALL), the peer indicates that it has successfully authenticated the server and that the peer's local policy accepts the EAP exchange. In other words, these packets are implicit success indications from the peer to the server.

通过发送EAP响应/AKA质询数据包或EAP响应/AKA重新验证数据包(AT_计数器不太小),对等方表示已成功验证服务器,并且对等方的本地策略接受EAP交换。换句话说,这些数据包是从对等方到服务器的隐式成功指示。

EAP-AKA also supports optional protected success indications from the server to the peer. If the EAP server wants to use protected success indications, it includes the AT_RESULT_IND attribute in the EAP-Request/AKA-Challenge or the EAP-Request/AKA-Reauthentication packet. This attribute indicates that the EAP server would like to use result indications in both successful and unsuccessful cases. If the peer also wants this, the peer includes AT_RESULT_IND in EAP-Response/AKA-Challenge or EAP-Response/AKA-Reauthentication. The peer MUST NOT include AT_RESULT_IND if it did not receive AT_RESULT_IND from the server. If both the peer and the server used AT_RESULT_IND, then the EAP exchange is not complete yet, but an EAP-AKA notification round will follow. The following EAP-AKA notification may indicate either failure or success.

EAP-AKA还支持从服务器到对等机的可选受保护成功指示。如果EAP服务器希望使用受保护的成功指示,它将在EAP请求/AKA质询或EAP请求/AKA重新验证数据包中包含AT_RESULT_IND属性。此属性表示EAP服务器希望在成功和不成功的情况下都使用结果指示。如果对等方也希望这样,则对等方在EAP响应/AKA质询或EAP响应/AKA重新验证中包含AT_RESULT_IND。如果对等方未从服务器接收到AT_RESULT_IND,则该对等方不得包含AT_RESULT_IND。如果对等方和服务器都在\u RESULT\u IND使用,则EAP交换尚未完成,但随后将出现一轮EAP-AKA通知。以下EAP-AKA通知可能表示失败或成功。

Success indications with the AT_NOTIFICATION code "Success" (32768) can only be used if both the server and the peer indicate they want to use them with AT_RESULT_IND. If the server did not include AT_RESULT_IND in the EAP-Request/AKA-Challenge or EAP-Request/AKA-Reauthentication packet, or if the peer did not include AT_RESULT_IND in the corresponding response packet, then the server MUST NOT use protected success indications.

只有当服务器和对等方都表示希望将AT_结果标识与AT_结果标识一起使用时,才能使用带有AT_通知代码“Success”(32768)的成功标识。如果服务器未将AT_结果标识包含在EAP请求/AKA质询或EAP请求/AKA重新验证数据包中,或者,如果对等方未在相应的响应数据包中包含AT_RESULT_IND,则服务器不得使用受保护的成功指示。

Because the server uses the AT_NOTIFICATION code "Success" (32768) to indicate that the EAP exchange has completed successfully, the EAP exchange cannot fail when the server processes the EAP-AKA response to this notification. Hence, the server MUST ignore the contents of the EAP-AKA response it receives to the EAP-Request/AKA-Notification with this code. Regardless of the contents of the EAP-AKA response, the server MUST send EAP-Success as the next packet.

由于服务器使用AT_通知代码“Success”(32768)表示EAP交换已成功完成,因此当服务器处理EAP-AKA对此通知的响应时,EAP交换不能失败。因此,服务器必须使用此代码忽略它接收到的EAP请求/AKA通知的EAP-AKA响应的内容。无论EAP-AKA响应的内容如何,服务器都必须将EAP Success作为下一个数据包发送。

6.3. Error Cases
6.3. 错误案例

This section specifies the operation of the peer and the server in error cases. The subsections below require the EAP-AKA peer and server to send an error packet (EAP-Response/AKA-Client-Error, EAP-Response/AKA-Authentication-Reject or EAP-Response/AKA-Synchronization-Failure from the peer and EAP-Request/AKA-Notification from the server) in error cases. However, implementations SHOULD NOT rely upon the correct error reporting behavior of the peer, authenticator, or server. It is possible for error messages and other messages to be lost in transit,

本节指定对等机和服务器在错误情况下的操作。以下小节要求EAP-AKA对等方和服务器在错误情况下发送错误数据包(来自对等方的EAP响应/AKA客户端错误、EAP响应/AKA身份验证拒绝或EAP响应/AKA同步失败以及来自服务器的EAP请求/AKA通知)。但是,实现不应依赖于对等方、验证器或服务器的正确错误报告行为。错误消息和其他消息可能在传输过程中丢失,

or for a malicious participant to attempt to consume resources by not issuing error messages. Both the peer and the EAP server SHOULD have a mechanism to clean up state even if an error message or EAP-Success is not received after a timeout period.

或者恶意参与者试图通过不发出错误消息来消耗资源。即使超时后未收到错误消息或EAP Success,对等服务器和EAP服务器都应具有清除状态的机制。

6.3.1. Peer Operation
6.3.1. 对等操作

Two special error messages have been specified for error cases that are related to the processing of the AKA AUTN parameter, as described in Section 3: (1) if the peer does not accept AUTN, the peer responds with EAP-Response/AKA-Authentication-Reject (Section 9.5), and the server issues EAP-Failure, and (2) if the peer detects that the sequence number in AUTN is not correct, the peer responds with EAP-Response/AKA-Synchronization-Failure (Section 9.6), and the server proceeds with a new EAP-Request/AKA-Challenge.

如第3节所述,已为与AKA AUTN参数处理相关的错误情况指定了两条特殊错误消息:(1)如果对等方不接受AUTN,则对等方响应EAP响应/AKA认证拒绝(第9.5节),服务器发出EAP故障,以及(2)如果对等方检测到AUTN中的序列号不正确,则对等方响应EAP响应/AKA同步失败(第9.6节),服务器继续执行新的EAP请求/AKA质询。

In other error cases, when an EAP-AKA peer detects an error in a received EAP-AKA packet, the EAP-AKA peer responds with the EAP-Response/AKA-Client-Error packet. In response to the EAP-Response/AKA-Client-Error, the EAP server MUST issue the EAP-Failure packet, and the authentication exchange terminates.

在其他错误情况下,当EAP-AKA对等方在接收到的EAP-AKA数据包中检测到错误时,EAP-AKA对等方使用EAP响应/AKA客户端错误数据包进行响应。为了响应EAP响应/AKA客户端错误,EAP服务器必须发出EAP失败数据包,并且身份验证交换终止。

By default, the peer uses the client error code 0, "unable to process packet". This error code is used in the following cases:

默认情况下,对等方使用客户端错误代码0,“无法处理数据包”。此错误代码用于以下情况:

o EAP exchange is not acceptable according to the peer's local policy. o The peer is not able to parse the EAP request, i.e., the EAP request is malformed. o The peer encountered a malformed attribute. o Wrong attribute types or duplicate attributes have been included in the EAP request. o A mandatory attribute is missing. o Unrecognized non-skippable attribute. o Unrecognized or unexpected EAP-AKA Subtype in the EAP request. o Invalid AT_MAC. The peer SHOULD log this event. o Invalid AT_CHECKCODE. The peer SHOULD log this event. o Invalid pad bytes in AT_PADDING. o The peer does not want to process AT_PERMANENT_ID_REQ.

o 根据对等方的本地策略,EAP交换是不可接受的。o对等方无法解析EAP请求,即EAP请求的格式不正确。o对等方遇到格式错误的属性。o EAP请求中包含错误的属性类型或重复的属性。o缺少强制属性。o无法识别的不可跳过属性。o EAP请求中存在无法识别或意外的EAP-AKA子类型。o在_MAC无效。对等方应记录此事件。o无效的AT_检查码。对等方应记录此事件。o AT_填充中的填充字节无效。o对等方不希望处理永久ID请求。

6.3.2. Server Operation
6.3.2. 服务器操作

If an EAP-AKA server detects an error in a received EAP-AKA response, the server MUST issue the EAP-Request/AKA-Notification packet with an AT_NOTIFICATION code that implies failure. By default, the server uses one of the general failure codes ("General failure after authentication" (0) or "General failure" (16384)). The choice

如果EAP-AKA服务器在接收到的EAP-AKA响应中检测到错误,则服务器必须发出EAP请求/AKA通知数据包,其中包含表示失败的AT_通知代码。默认情况下,服务器使用常规故障代码之一(“身份验证后的常规故障”(0)或“常规故障”(16384))。选择

between these two codes depends on the phase of the EAP-AKA exchange, see Section 6. The error cases when the server issues an EAP-Request/AKA-Notification that implies failure include the following:

这两个代码之间的差异取决于EAP-AKA交换的阶段,见第6节。服务器发出表示失败的EAP请求/AKA通知时的错误情况包括:

o The server is not able to parse the peer's EAP response. o The server encounters a malformed attribute, a non-recognized non-skippable attribute, or a duplicate attribute. o A mandatory attribute is missing or an invalid attribute was included. o Unrecognized or unexpected EAP-AKA Subtype in the EAP Response. o Invalid AT_MAC. The server SHOULD log this event. o Invalid AT_CHECKCODE. The server SHOULD log this event. o Invalid AT_COUNTER.

o 服务器无法分析对等方的EAP响应。o服务器遇到格式错误的属性、无法识别的不可跳过属性或重复属性。o缺少强制属性或包含无效属性。o EAP响应中未识别或意外的EAP-AKA子类型。o在_MAC无效。服务器应记录此事件。o无效的AT_检查码。服务器应记录此事件。o在柜台无效。

6.3.3. EAP-Failure
6.3.3. EAP故障

The EAP-AKA server sends EAP-Failure in three cases:

EAP-AKA服务器在三种情况下发送EAP故障:

1. In response to an EAP-Response/AKA-Client-Error packet the server has received from the peer, or

1. 作为对EAP响应/AKA客户端错误数据包的响应,服务器已从对等方收到,或

2. In response to an EAP-Response/AKA-Authentication-Reject packet the server has received from the peer, or

2. 响应服务器从对等方收到的EAP响应/AKA身份验证拒绝数据包,或

3. Following an EAP-AKA notification round, when the AT_NOTIFICATION code implies failure.

3. 在EAP-AKA通知轮之后,当AT_通知代码暗示失败时。

The EAP-AKA server MUST NOT send EAP-Failure in other cases than these three. However, it should be noted that even though the EAP-AKA server would not send an EAP-Failure, an authorization decision that happens outside EAP-AKA, such as in the AAA server or in an intermediate AAA proxy, may result in a failed exchange.

EAP-AKA服务器不得在这三种情况之外的其他情况下发送EAP故障。然而,应该注意的是,即使EAP-AKA服务器不会发送EAP故障,在EAP-AKA之外发生的授权决策,例如在AAA服务器或中间AAA代理中,也可能导致交换失败。

The peer MUST accept the EAP-Failure packet in case 1), case 2), and case 3) above. The peer SHOULD silently discard the EAP-Failure packet in other cases.

在上述情况1)、情况2)和情况3)中,对等方必须接受EAP故障数据包。在其他情况下,对等方应默默地丢弃EAP故障数据包。

6.3.4. EAP-Success
6.3.4. EAP成功

On full authentication, the server can only send EAP-Success after the EAP/AKA-Challenge round. The peer MUST silently discard any EAP-Success packets if they are received before the peer has successfully authenticated the server and sent the EAP-Response/AKA-Challenge packet.

在完全身份验证时,服务器只能在EAP/AKA质询轮之后发送EAP Success。如果在对等方成功验证服务器并发送EAP响应/AKA质询数据包之前收到任何EAP成功数据包,则对等方必须以静默方式丢弃这些数据包。

If the peer did not indicate that it wants to use protected success indications with AT_RESULT_IND (as discussed in Section 6.2) on full authentication, then the peer MUST accept EAP-Success after a successful EAP/AKA-Challenge round.

如果对等方未表示希望在完全认证时使用AT_RESULT_IND(如第6.2节所述)的受保护成功指示,则对等方必须在成功的EAP/AKA质询回合后接受EAP success。

If the peer indicated that it wants to use protected success indications with AT_RESULT_IND (as discussed in Section 6.2), then the peer MUST NOT accept EAP-Success after a successful EAP/ AKA-Challenge round. In this case, the peer MUST only accept EAP-Success after receiving an EAP-AKA Notification with the AT_NOTIFICATION code "Success" (32768).

如果对等方表示希望使用AT_RESULT_IND(如第6.2节所述)的受保护成功指示,则对等方不得在成功的EAP/AKA挑战回合后接受EAP成功。在这种情况下,对等方必须在收到带有AT_通知代码“Success”(32768)的EAP-AKA通知后才接受EAP Success。

On fast re-authentication, EAP-Success can only be sent after the EAP/AKA-Reauthentication round. The peer MUST silently discard any EAP-Success packets if they are received before the peer has successfully authenticated the server and sent the EAP-Response/AKA-Reauthentication packet.

在快速重新身份验证中,EAP成功只能在EAP/AKA重新身份验证回合后发送。如果在对等方成功验证服务器并发送EAP响应/AKA重新验证数据包之前收到任何EAP成功数据包,则对等方必须以静默方式丢弃这些数据包。

If the peer did not indicate that it wants to use protected success indications with AT_RESULT_IND (as discussed in Section 6.2) on fast re-authentication, then the peer MUST accept EAP-Success after a successful EAP/AKA-Reauthentication round.

如果对等方未表示希望在快速重新认证时使用AT_RESULT_IND(如第6.2节所述)的受保护成功指示,则对等方必须在成功的EAP/AKA重新认证轮后接受EAP success。

If the peer indicated that it wants to use protected success indications with AT_RESULT_IND (as discussed in Section 6.2), then the peer MUST NOT accept EAP-Success after a successful EAP/AKA-Reauthentication round. In this case, the peer MUST only accept EAP-Success after receiving an EAP-AKA Notification with the AT_NOTIFICATION code "Success" (32768).

如果对等方表示希望使用具有AT_RESULT_IND的受保护成功指示(如第6.2节所述),则对等方在成功的EAP/AKA重新验证回合后不得接受EAP成功。在这种情况下,对等方必须在收到带有AT_通知代码“Success”(32768)的EAP-AKA通知后才接受EAP Success。

If the peer receives an EAP-AKA notification (Section 6) that indicates failure, then the peer MUST no longer accept the EAP-Success packet, even if the server authentication was successfully completed.

如果对等方收到表明失败的EAP-AKA通知(第6节),则对等方不得再接受EAP成功数据包,即使服务器身份验证已成功完成。

7. Key Generation
7. 密钥生成

This section specifies how keying material is generated.

本节指定如何生成关键帧材质。

On EAP-AKA full authentication, a Master Key (MK) is derived from the underlying AKA values (CK and IK keys), and the identity, as follows.

在EAP-AKA完全身份验证中,主密钥(MK)由基础AKA值(CK和IK密钥)和标识派生,如下所示。

MK = SHA1(Identity|IK|CK)

MK=SHA1(身份| IK | CK)

In the formula above, the "|" character denotes concatenation. Identity denotes the peer identity string without any terminating null characters. It is the identity from the last AT_IDENTITY attribute sent by the peer in this exchange, or, if AT_IDENTITY was

在上面的公式中,“|”字符表示串联。标识表示没有任何终止空字符的对等标识字符串。它是此交换中对等方发送的最后一个AT_标识属性的标识,或者,如果AT_标识为

not used, the identity from the EAP-Response/Identity packet. The identity string is included as-is, without any changes. As discussed in Section 4.1.2.2, relying on EAP-Response/Identity for conveying the EAP-AKA peer identity is discouraged, and the server SHOULD use the EAP-AKA method-specific identity attributes. The hash function SHA-1 is specified in [SHA-1].

未使用,来自EAP响应/标识数据包的标识。标识字符串按原样包含,没有任何更改。如第4.1.2.2节所述,不鼓励依靠EAP响应/标识来传递EAP-AKA对等标识,服务器应使用EAP-AKA方法特定的标识属性。哈希函数SHA-1在[SHA-1]中指定。

The Master Key is fed into a Pseudo-Random number Function (PRF), which generates separate Transient EAP Keys (TEKs) for protecting EAP-AKA packets, as well as a Master Session Key (MSK) for link layer security and an Extended Master Session Key (EMSK) for other purposes. On fast re-authentication, the same TEKs MUST be used for protecting EAP packets, but a new MSK and a new EMSK MUST be derived from the original MK and from new values exchanged in the fast re-authentication.

主密钥被馈送到伪随机数函数(PRF)中,伪随机数函数生成用于保护EAP-AKA数据包的单独瞬态EAP密钥(TEK),以及用于链路层安全的主会话密钥(MSK)和用于其他目的的扩展主会话密钥(EMSK)。在快速重新认证时,必须使用相同的TEK来保护EAP数据包,但必须从原始MK和快速重新认证中交换的新值派生出新的MSK和新的EMSK。

EAP-AKA requires two TEKs for its own purposes: the authentication key K_aut, to be used with the AT_MAC attribute, and the encryption key K_encr, to be used with the AT_ENCR_DATA attribute. The same K_aut and K_encr keys are used in full authentication and subsequent fast re-authentications.

EAP-AKA需要两个TEK用于其自身目的:与AT_MAC属性一起使用的身份验证密钥K_aut,以及与AT_encr_数据属性一起使用的加密密钥K_encr。在完全身份验证和随后的快速重新身份验证中使用相同的K_aut和K_encr密钥。

Key derivation is based on the random number generation specified in NIST Federal Information Processing Standards (FIPS) Publication 186-2 [PRF]. The pseudo-random number generator is specified in the change notice 1 (2001 October 5) of [PRF] (Algorithm 1). As specified in the change notice (page 74), when Algorithm 1 is used as a general-purpose pseudo-random number generator, the "mod q" term in step 3.3 is omitted. The function G used in the algorithm is constructed via Secure Hash Standard as specified in Appendix 3.3 of the standard. It should be noted that the function G is very similar to SHA-1, but the message padding is different. Please refer to [PRF] for full details. For convenience, the random number algorithm with the correct modification is cited in Annex A.

密钥推导基于NIST联邦信息处理标准(FIPS)出版物186-2[PRF]中规定的随机数生成。[PRF](算法1)的变更通知1(2001年10月5日)中规定了伪随机数生成器。如变更通知(第74页)所述,当算法1用作通用伪随机数生成器时,省略步骤3.3中的“mod q”项。算法中使用的函数G是通过本标准附录3.3中规定的安全哈希标准构造的。应该注意的是,函数G与SHA-1非常相似,但消息填充不同。有关详细信息,请参阅[PRF]。为方便起见,附录A中引用了经过正确修改的随机数算法。

160-bit XKEY and XVAL values are used, so b = 160. On each full authentication, the Master Key is used as the initial secret seed-key XKEY. The optional user input values (XSEED_j) in step 3.1 are set to zero.

使用160位XKEY和XVAL值,因此b=160。在每次完全身份验证时,主密钥用作初始密钥种子密钥XKEY。步骤3.1中的可选用户输入值(XSEED_j)设置为零。

On full authentication, the resulting 320-bit random numbers x_0, x_1, ..., x_m-1 are concatenated and partitioned into suitable-sized chunks and used as keys in the following order: K_encr (128 bits), K_aut (128 bits), Master Session Key (64 bytes), Extended Master Session Key (64 bytes).

在完全身份验证时,生成的320位随机数x_0、x_1、…、x_m-1被连接并划分为适当大小的块,并按以下顺序用作密钥:K_encr(128位)、K_aut(128位)、主会话密钥(64字节)、扩展主会话密钥(64字节)。

On fast re-authentication, the same pseudo-random number generator can be used to generate a new Master Session Key and a new Extended Master Session Key. The seed value XKEY' is calculated as follows:

在快速重新身份验证中,可以使用相同的伪随机数生成器生成新的主会话密钥和新的扩展主会话密钥。种子值XKEY'的计算如下:

XKEY' = SHA1(Identity|counter|NONCE_S| MK)

XKEY'=SHA1(身份|计数器|暂时| S | MK)

In the formula above, the Identity denotes the fast re-authentication identity, without any terminating null characters, from the AT_IDENTITY attribute of the EAP-Response/AKA-Identity packet, or, if EAP-Response/AKA-Identity was not used on fast re-authentication, it denotes the identity string from the EAP-Response/Identity packet. The counter denotes the counter value from the AT_COUNTER attribute used in the EAP-Response/AKA-Reauthentication packet. The counter is used in network byte order. NONCE_S denotes the 16-byte random NONCE_S value from the AT_NONCE_S attribute used in the EAP-Request/AKA-Reauthentication packet. The MK is the Master Key derived on the preceding full authentication.

在上面的公式中,标识表示来自EAP响应/AKA标识包的AT_标识属性的快速重新身份验证标识,不带任何终止空字符,或者,如果EAP响应/AKA标识未用于快速重新身份验证,则表示来自EAP响应/标识包的标识字符串。计数器表示EAP响应/AKA重新验证数据包中使用的AT_计数器属性中的计数器值。计数器按网络字节顺序使用。NONCE_S表示EAP请求/AKA重新验证数据包中使用的AT_NONCE_S属性中的16字节随机NONCE_S值。MK是在前面的完全身份验证中派生的主密钥。

   On fast re-authentication, the pseudo-random number generator is run
   with the new seed value XKEY', and the resulting 320-bit random
   numbers x_0, x_1, ..., x_m-1 are concatenated and partitioned into
   64-byte chunks and used as the new 64-byte Master Session Key and the
   new 64-byte Extended Master Session Key.  Note that because K_encr
   and K_aut are not derived on fast re-authentication, the Master
   Session Key and the Extended Master Session key are obtained from the
   beginning of the key stream x_0, x_1, ....
        
   On fast re-authentication, the pseudo-random number generator is run
   with the new seed value XKEY', and the resulting 320-bit random
   numbers x_0, x_1, ..., x_m-1 are concatenated and partitioned into
   64-byte chunks and used as the new 64-byte Master Session Key and the
   new 64-byte Extended Master Session Key.  Note that because K_encr
   and K_aut are not derived on fast re-authentication, the Master
   Session Key and the Extended Master Session key are obtained from the
   beginning of the key stream x_0, x_1, ....
        

The first 32 bytes of the MSK can be used as the Pairwise Master Key (PMK) for IEEE 802.11i.

MSK的前32个字节可用作IEEE 802.11i的成对主密钥(PMK)。

When the RADIUS attributes specified in [RFC2548] are used to transport keying material, then the first 32 bytes of the MSK correspond to MS-MPPE-RECV-KEY and the second 32 bytes to MS-MPPE-SEND-KEY. In this case, only 64 bytes of keying material (the MSK) are used.

当[RFC2548]中指定的半径属性用于传输键控材料时,MSK的前32字节对应于MS-MPPE-RECV-KEY,第二32字节对应于MS-MPPE-SEND-KEY。在这种情况下,仅使用64字节的键控材料(MSK)。

8. Message Format and Protocol Extensibility
8. 消息格式和协议扩展性
8.1. Message Format
8.1. 消息格式

As specified in [RFC3748], EAP packets begin with the Code, Identifiers, Length, and Type fields, which are followed by EAP-method-specific Type-Data. The Code field in the EAP header is set to 1 for EAP requests, and to 2 for EAP Responses. The usage of the Length and Identifier fields in the EAP header is also specified in [RFC3748]. In EAP-AKA, the Type field is set to 23.

如[RFC3748]中所述,EAP数据包以代码、标识符、长度和类型字段开头,后跟EAP方法特定的类型数据。EAP头中的代码字段对于EAP请求设置为1,对于EAP响应设置为2。[RFC3748]中还规定了EAP标头中长度和标识符字段的用法。在EAP-AKA中,类型字段设置为23。

In EAP-AKA, the Type-Data begins with an EAP-AKA header that consists of a 1-octet Subtype field, and a 2-octet reserved field. The Subtype values used in EAP-AKA are defined in Section 11. The formats of the EAP header and the EAP-AKA header are shown below.

在EAP-AKA中,类型数据以EAP-AKA报头开始,该报头由1个八位字节的子类型字段和2个八位字节的保留字段组成。第11节定义了EAP-AKA中使用的子类型值。EAP标头和EAP-AKA标头的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Subtype    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Subtype    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The rest of the Type-Data, immediately following the EAP-AKA header, consists of attributes that are encoded in Type, Length, Value format. The figure below shows the generic format of an attribute.

紧跟在EAP-AKA头之后的其余类型数据由以类型、长度、值格式编码的属性组成。下图显示了属性的通用格式。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Attribute Type |    Length     | Value...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Attribute Type |    Length     | Value...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Attribute Type

属性类型

Indicates the particular type of attribute. The attribute type values are listed in Section 11.

指示属性的特定类型。第11节列出了属性类型值。

Length

Indicates the length of this attribute in multiples of 4 bytes. The maximum length of an attribute is 1024 bytes. The length includes the Attribute Type and Length bytes.

以4字节的倍数表示此属性的长度。属性的最大长度为1024字节。长度包括属性类型和长度字节。

Value

价值

The particular data associated with this attribute. This field is always included and it is two or more bytes in length. The type and length fields determine the format and length of the value field.

与此属性关联的特定数据。此字段始终包含在内,长度为两个或更多字节。类型和长度字段决定值字段的格式和长度。

Attributes numbered within the range 0 through 127 are called non-skippable attributes. When an EAP-AKA peer encounters a non-skippable attribute type that the peer does not recognize, the peer MUST send the EAP-Response/AKA-Client-Error packet, and the authentication exchange terminates. If an EAP-AKA server encounters a non-skippable attribute that the server does not recognize, then the server sends EAP-Request/AKA-Notification packet with an

编号在0到127之间的属性称为不可跳过属性。当EAP-AKA对等方遇到对等方无法识别的不可跳过属性类型时,对等方必须发送EAP响应/AKA客户端错误数据包,并且身份验证交换终止。如果EAP-AKA服务器遇到服务器无法识别的不可跳过属性,则服务器将发送带有

AT_NOTIFICATION code that implies general failure ("General failure after authentication" (0), or "General failure" (16384), depending on the phase of the exchange), and the authentication exchange terminates.

表示一般故障的AT_通知代码(“身份验证后的一般故障”(0)或“一般故障”(16384),具体取决于交换的阶段),并且身份验证交换终止。

When an attribute numbered in the range 128 through 255 is encountered but not recognized, that particular attribute is ignored, but the rest of the attributes and message data MUST still be processed. The Length field of the attribute is used to skip the attribute value when searching for the next attribute. These attributes are called skippable attributes.

遇到编号在128到255之间的属性但无法识别时,将忽略该特定属性,但仍必须处理其余属性和消息数据。属性的长度字段用于在搜索下一个属性时跳过属性值。这些属性称为可跳过属性。

Unless otherwise specified, the order of the attributes in an EAP-AKA message is insignificant, and an EAP-AKA implementation should not assume a certain order will be used.

除非另有规定,否则EAP-AKA消息中属性的顺序无关紧要,EAP-AKA实现不应假定将使用特定顺序。

Attributes can be encapsulated within other attributes. In other words, the value field of an attribute type can be specified to contain other attributes.

属性可以封装在其他属性中。换句话说,属性类型的值字段可以指定为包含其他属性。

8.2. Protocol Extensibility
8.2. 协议扩展性

EAP-AKA can be extended by specifying new attribute types. If skippable attributes are used, it is possible to extend the protocol without breaking old implementations. As specified in Section 10.13, if new attributes are specified for EAP-Request/AKA-Identity or EAP-Response/AKA-Identity, then the AT_CHECKCODE MUST be used to integrity protect the new attributes.

EAP-AKA可以通过指定新的属性类型进行扩展。如果使用了可跳过属性,则可以在不破坏旧实现的情况下扩展协议。如第10.13节所述,如果为EAP请求/AKA标识或EAP响应/AKA标识指定了新属性,则必须使用AT_检查码来完整性保护新属性。

When specifying new attributes, it should be noted that EAP-AKA does not support message fragmentation. Hence, the sizes of the new extensions MUST be limited so that the maximum transfer unit (MTU) of the underlying lower layer is not exceeded. According to [RFC3748], lower layers must provide an EAP MTU of 1020 bytes or greater, so any extensions to EAP-AKA SHOULD NOT exceed the EAP MTU of 1020 bytes.

指定新属性时,应注意EAP-AKA不支持消息分段。因此,必须限制新扩展的大小,以便不超过底层的最大传输单位(MTU)。根据[RFC3748],较低层必须提供1020字节或更大的EAP MTU,因此EAP-AKA的任何扩展都不应超过1020字节的EAP MTU。

EAP-AKA packets do not include a version field. However, should there be a reason to revise this protocol in the future, new non-skippable or skippable attributes could be specified in order to implement revised EAP-AKA versions in a backward-compatible manner. It is possible to introduce version negotiation in the EAP-Request/AKA-Identity and EAP-Response/AKA-Identity messages by specifying new skippable attributes.

EAP-AKA数据包不包括版本字段。但是,如果将来有理由修改该协议,可以指定新的不可跳过或可跳过属性,以便以向后兼容的方式实现修改后的EAP-AKA版本。通过指定新的可跳过属性,可以在EAP请求/AKA标识和EAP响应/AKA标识消息中引入版本协商。

9. Messages
9. 信息

This section specifies the messages used in EAP-AKA. It specifies when a message may be transmitted or accepted, which attributes are allowed in a message, which attributes are required in a message, and other message-specific details. Message format is specified in Section 8.1.

本节规定了EAP-AKA中使用的消息。它指定何时可以传输或接受消息、消息中允许哪些属性、消息中需要哪些属性以及其他特定于消息的详细信息。第8.1节规定了消息格式。

9.1. EAP-Request/AKA-Identity
9.1. EAP请求/AKA标识

The EAP/AKA-Identity roundtrip MAY be used for obtaining the peer identity from the server. As discussed in Section 4.1, several AKA-Identity rounds may be required in order to obtain a valid peer identity.

EAP/AKA身份往返可用于从服务器获取对等身份。如第4.1节所述,为了获得有效的对等身份,可能需要几轮AKA身份验证。

The server MUST include one of the following identity requesting attributes: AT_PERMANENT_ID_REQ, AT_FULLAUTH_ID_REQ, AT_ANY_ID_REQ. These three attributes are mutually exclusive, so the server MUST NOT include more than one of the attributes.

服务器必须包括以下身份请求属性之一:AT_PERMANENT_ID_REQ、AT_FULLAUTH_ID_REQ、AT_ANY_ID_REQ。这三个属性是互斥的,因此服务器不能包含多个属性。

If the server has previously issued an EAP-Request/AKA-Identity message with the AT_PERMANENT_ID_REQ attribute, and if the server has received a response from the peer, then the server MUST NOT issue a new EAP-Request/AKA-Identity packet.

如果服务器先前已发出带有AT_PERMANENT_ID_REQ属性的EAP Request/AKA Identity消息,并且如果服务器已收到来自对等方的响应,则服务器不得发出新的EAP Request/AKA Identity数据包。

If the server has previously issued an EAP-Request/AKA-Identity message with the AT_FULLAUTH_ID_REQ attribute, and if the server has received a response from the peer, then the server MUST NOT issue a new EAP-Request/AKA-Identity packet with the AT_ANY_ID_REQ or AT_FULLAUTH_ID_REQ attributes.

如果服务器先前已发出带有AT_FULLAUTH_ID_REQ属性的EAP请求/AKA标识消息,并且如果服务器已收到来自对等方的响应,则服务器不得发出带有AT_ANY_ID_REQ或AT_FULLAUTH_ID_REQ属性的新EAP请求/AKA标识包。

If the server has previously issued an EAP-Request/AKA-Identity message with the AT_ANY_ID_REQ attribute, and if the server has received a response from the peer, then the server MUST NOT issue a new EAP-Request/AKA-Identity packet with the AT_ANY_ID_REQ.

如果服务器先前已发出带有AT_ANY_ID_REQ属性的EAP请求/AKA标识消息,并且如果服务器已收到来自对等方的响应,则服务器不得发出带有AT_ANY_ID_REQ的新EAP请求/AKA标识包。

This message MUST NOT include AT_MAC, AT_IV, or AT_ENCR_DATA.

此消息不得包含AT_MAC、AT_IV或AT_ENCR_数据。

9.2. EAP-Response/AKA-Identity
9.2. EAP响应/AKA标识

The peer sends EAP-Response/AKA-Identity in response to a valid EAP-Request/AKA-Identity from the server.

对等方发送EAP响应/AKA标识以响应来自服务器的有效EAP请求/AKA标识。

The peer MUST include the AT_IDENTITY attribute. The usage of AT_IDENTITY is defined in Section 4.1.

对等方必须包含AT_标识属性。第4.1节定义了AT_标识的使用。

This message MUST NOT include AT_MAC, AT_IV, or AT_ENCR_DATA.

此消息不得包含AT_MAC、AT_IV或AT_ENCR_数据。

9.3. EAP-Request/AKA-Challenge
9.3. EAP请求/AKA质询

The server sends the EAP-Request/AKA-Challenge on full authentication after successfully obtaining the subscriber identity.

服务器在成功获取订户身份后,在完全身份验证时发送EAP请求/AKA质询。

The AT_RAND attribute MUST be included.

必须包括AT_RAND属性。

AT_MAC MUST be included. In EAP-Request/AKA-Challenge, there is no message-specific data covered by the MAC, see Section 10.15.

必须包括AT_MAC。在EAP请求/AKA质询中,MAC没有覆盖任何消息特定数据,请参阅第10.15节。

The AT_RESULT_IND attribute MAY be included. The usage of this attribute is discussed in Section 6.2.

可以包括AT_RESULT_IND属性。第6.2节讨论了该属性的用法。

The AT_CHECKCODE attribute MAY be included, and in certain cases specified in Section 10.13, it MUST be included.

可包括AT_CHECKCODE属性,在第10.13节规定的某些情况下,必须包括该属性。

The EAP-Request/AKA-Challenge packet MAY include encrypted attributes for identity privacy and for communicating the next re-authentication identity. In this case, the AT_IV and AT_ENCR_DATA attributes are included (Section 10.12).

EAP请求/AKA质询分组可以包括用于身份隐私和用于传送下一个重新认证身份的加密属性。在这种情况下,包括AT_IV和AT_ENCR_数据属性(第10.12节)。

The plaintext of the AT_ENCR_DATA value field consists of nested attributes. The nested attributes MAY include AT_PADDING (as specified in Section 10.12). If the server supports identity privacy and wants to communicate a pseudonym to the peer for the next full authentication, then the nested encrypted attributes include the AT_NEXT_PSEUDONYM attribute. If the server supports re-authentication and wants to communicate a fast re-authentication identity to the peer, then the nested encrypted attributes include the AT_NEXT_REAUTH_ID attribute. Later versions of this protocol MAY specify additional attributes to be included within the encrypted data.

AT_ENCR_数据值字段的纯文本由嵌套属性组成。嵌套属性可能包括AT_填充(如第10.12节所述)。如果服务器支持身份隐私,并希望为下一次完全身份验证向对等方传递假名,则嵌套的加密属性包括AT_next_假名属性。如果服务器支持重新身份验证并希望向对等方传递快速重新身份验证标识,则嵌套的加密属性包括AT_NEXT_REAUTH_ID属性。此协议的更高版本可能会指定加密数据中包含的其他属性。

When processing this message, the peer MUST process AT_RAND and AT_AUTN before processing other attributes. Only if these attributes are verified to be valid, the peer derives keys and verifies AT_MAC. The operation in case an error occurs is specified in Section 6.3.1.

在处理此消息时,对等方必须在处理其他属性之前在\u RAND和\u AUTN处进行处理。只有当这些属性被验证为有效时,对等方才能派生密钥并在\u MAC上进行验证。第6.3.1节规定了发生错误时的操作。

9.4. EAP-Response/AKA-Challenge
9.4. EAP响应/AKA挑战

The peer sends EAP-Response/AKA-Challenge in response to a valid EAP-Request/AKA-Challenge.

对等方发送EAP响应/AKA质询以响应有效的EAP请求/AKA质询。

Sending this packet indicates that the peer has successfully authenticated the server and that the EAP exchange will be accepted by the peer's local policy. Hence, if these conditions are not met, then the peer MUST NOT send EAP-Response/AKA-Challenge, but the peer MUST send EAP-Response/AKA-Client-Error.

发送此数据包表示对等方已成功对服务器进行身份验证,并且对等方的本地策略将接受EAP交换。因此,如果不满足这些条件,则对等方不得发送EAP响应/AKA质询,但对等方必须发送EAP响应/AKA客户端错误。

The AT_MAC attribute MUST be included. In EAP-Response/AKA-Challenge, there is no message-specific data covered by the MAC, see Section 10.15.

必须包括AT_MAC属性。在EAP响应/AKA质询中,MAC没有覆盖任何消息特定数据,请参阅第10.15节。

The AT_RES attribute MUST be included.

必须包括AT_RES属性。

The AT_CHECKCODE attribute MAY be included, and in certain cases specified in Section 10.13, it MUST be included.

可包括AT_CHECKCODE属性,在第10.13节规定的某些情况下,必须包括该属性。

The AT_RESULT_IND attribute MAY be included, if it was included in EAP-Request/AKA-Challenge. The usage of this attribute is discussed in Section 6.2.

如果EAP请求/AKA质询中包含AT_RESULT_IND属性,则可以包含该属性。第6.2节讨论了该属性的用法。

Later versions of this protocol MAY make use of the AT_ENCR_DATA and AT_IV attributes in this message to include encrypted (skippable) attributes. The EAP server MUST process EAP-Response/AKA-Challenge messages that include these attributes even if the server did not implement these optional attributes.

此协议的更高版本可能会使用此消息中的AT_ENCR_数据和AT_IV属性来包括加密(可跳过)属性。EAP服务器必须处理包含这些属性的EAP响应/AKA质询消息,即使服务器未实现这些可选属性。

9.5. EAP-Response/AKA-Authentication-Reject
9.5. EAP响应/AKA身份验证拒绝

The peer sends the EAP-Response/AKA-Authentication-Reject packet if it does not accept the AUTN parameter. This version of the protocol does not specify any attributes for this message. Future versions of the protocol MAY specify attributes for this message.

如果对等方不接受AUTN参数,则发送EAP响应/AKA身份验证拒绝数据包。此版本的协议未为此消息指定任何属性。协议的未来版本可能会为此消息指定属性。

The AT_MAC, AT_ENCR_DATA, or AT_IV attributes MUST NOT be used in this message.

此消息中不得使用AT_MAC、AT_ENCR_数据或AT_IV属性。

9.6. EAP-Response/AKA-Synchronization-Failure
9.6. EAP响应/AKA同步失败

The peer sends the EAP-Response/AKA-Synchronization-Failure, when the sequence number in the AUTN parameter is incorrect.

当AUTN参数中的序列号不正确时,对等方发送EAP响应/AKA同步失败。

The peer MUST include the AT_AUTS attribute. Future versions of the protocol MAY specify other additional attributes for this message.

对等方必须包含AT_AUTS属性。协议的未来版本可能会为此消息指定其他附加属性。

The AT_MAC, AT_ENCR_DATA, or AT_IV attributes MUST NOT be used in this message.

此消息中不得使用AT_MAC、AT_ENCR_数据或AT_IV属性。

9.7. EAP-Request/AKA-Reauthentication
9.7. EAP请求/AKA重新验证

The server sends the EAP-Request/AKA-Reauthentication message if it wants to use fast re-authentication, and if it has received a valid fast re-authentication identity in EAP-Response/Identity or EAP-Response/AKA-Identity.

如果服务器希望使用快速重新身份验证,并且在EAP响应/标识或EAP响应/AKA标识中收到有效的快速重新身份验证标识,则服务器将发送EAP请求/AKA重新身份验证消息。

The AT_MAC attribute MUST be included. No message-specific data is included in the MAC calculation, see Section 10.15.

必须包括AT_MAC属性。MAC计算中不包括特定于消息的数据,见第10.15节。

The AT_RESULT_IND attribute MAY be included. The usage of this attribute is discussed in Section 6.2.

可以包括AT_RESULT_IND属性。第6.2节讨论了该属性的用法。

The AT_CHECKCODE attribute MAY be included, and in certain cases specified in Section 10.13, it MUST be included.

可包括AT_CHECKCODE属性,在第10.13节规定的某些情况下,必须包括该属性。

The AT_IV and AT_ENCR_DATA attributes MUST be included. The plaintext consists of the following nested encrypted attributes, which MUST be included: AT_COUNTER and AT_NONCE_S. In addition, the nested encrypted attributes MAY include the following attributes: AT_NEXT_REAUTH_ID and AT_PADDING.

必须包括AT_IV和AT_ENCR_数据属性。明文由以下嵌套的加密属性组成,这些属性必须包括:AT_COUNTER和AT_NONCE。此外,嵌套的加密属性可能包括以下属性:AT_NEXT_REAUTH_ID和AT_PADDING。

9.8. EAP-Response/AKA-Reauthentication
9.8. EAP响应/AKA重新验证

The client sends the EAP-Response/AKA-Reauthentication packet in response to a valid EAP-Request/AKA-Reauthentication.

客户端发送EAP响应/AKA重新验证数据包以响应有效的EAP请求/AKA重新验证。

The AT_MAC attribute MUST be included. For EAP-Response/AKA-Reauthentication, the MAC code is calculated over the following data: EAP packet| NONCE_S. The EAP packet is represented as specified in Section 8.1. It is followed by the 16-byte NONCE_S value from the server's AT_NONCE_S attribute.

必须包括AT_MAC属性。对于EAP响应/AKA重新认证,MAC代码通过以下数据计算:EAP数据包| NONCE_S。EAP数据包的表示如第8.1节所述。它后面是服务器的AT_NONCE_S属性中的16字节NONCE_S值。

The AT_CHECKCODE attribute MAY be included, and in certain cases specified in Section 10.13, it MUST be included.

可包括AT_CHECKCODE属性,在第10.13节规定的某些情况下,必须包括该属性。

The AT_IV and AT_ENCR_DATA attributes MUST be included. The nested encrypted attributes MUST include the AT_COUNTER attribute. The AT_COUNTER_TOO_SMALL attribute MAY be included in the nested encrypted attributes, and it is included in cases specified in Section 5. The AT_PADDING attribute MAY be included.

必须包括AT_IV和AT_ENCR_数据属性。嵌套的加密属性必须包括AT_计数器属性。AT_COUNTER_TOO_SMALL属性可以包含在嵌套的加密属性中,并且在第5节指定的情况下也可以包含该属性。可以包括AT_PADDING属性。

The AT_RESULT_IND attribute MAY be included, if it was included in EAP-Request/AKA-Reauthentication. The usage of this attribute is discussed in Section 6.2.

如果EAP请求/AKA重新验证中包含AT_RESULT_IND属性,则可以包含该属性。第6.2节讨论了该属性的用法。

Sending this packet without AT_COUNTER_TOO_SMALL indicates that the peer has successfully authenticated the server and that the EAP exchange will be accepted by the peer's local policy. Hence, if these conditions are not met, then the peer MUST NOT send EAP-Response/AKA-Reauthentication, but the peer MUST send EAP-Response/ AKA-Client-Error.

如果发送此数据包时AT_计数器_太小,则表示对等方已成功验证服务器,并且对等方的本地策略将接受EAP交换。因此,如果不满足这些条件,则对等方不得发送EAP响应/AKA重新验证,但对等方必须发送EAP响应/AKA客户端错误。

9.9. EAP-Response/AKA-Client-Error
9.9. EAP响应/AKA客户端错误

The peer sends EAP-Response/AKA-Client-Error in error cases, as specified in Section 6.3.1.

按照第6.3.1节的规定,对等方在错误情况下发送EAP响应/AKA客户端错误。

The AT_CLIENT_ERROR_CODE attribute MUST be included. The AT_MAC, AT_IV, or AT_ENCR_DATA attributes MUST NOT be used with this packet.

必须包括AT_客户端错误代码属性。AT_MAC、AT_IV或AT_ENCR_数据属性不得与此数据包一起使用。

9.10. EAP-Request/AKA-Notification
9.10. EAP请求/AKA通知

The usage of this message is specified in Section 6.

第6节规定了此消息的用法。

The AT_NOTIFICATION attribute MUST be included.

必须包括AT_通知属性。

The AT_MAC attribute MUST be included if the P bit of the AT_NOTIFICATION code is set to zero, and MUST NOT be included if the P bit is set to one. The P bit is discussed in Section 6.

如果AT_通知代码的P位设置为零,则必须包括AT_MAC属性;如果P位设置为1,则不得包括AT_MAC属性。第6节讨论了P位。

No message-specific data is included in the MAC calculation. See Section 10.15.

MAC计算中不包括特定于消息的数据。见第10.15节。

If EAP-Request/AKA-Notification is used on a fast re-authentication exchange, and if the P bit in AT_NOTIFICATION is set to zero, then AT_COUNTER is used for replay protection. In this case, the AT_ENCR_DATA and AT_IV attributes MUST be included, and the encapsulated plaintext attributes MUST include the AT_COUNTER attribute. The counter value included in AT_COUNTER MUST be the same as in the EAP-Request/AKA-Reauthentication packet on the same fast re-authentication exchange.

如果EAP请求/AKA通知用于快速重新身份验证交换,并且如果AT_通知中的P位设置为零,则AT_计数器用于重播保护。在这种情况下,必须包括AT_ENCR_数据和AT_IV属性,并且封装的明文属性必须包括AT_计数器属性。AT_计数器中包含的计数器值必须与同一快速重新身份验证交换上的EAP请求/AKA重新身份验证数据包中的计数器值相同。

9.11. EAP-Response/AKA-Notification
9.11. EAP响应/AKA通知

The usage of this message is specified in Section 6. This packet is an acknowledgement of EAP-Request/AKA-Notification.

第6节规定了此消息的用法。此数据包是EAP请求/AKA通知的确认。

The AT_MAC attribute MUST be included in cases when the P bit of the notification code in AT_NOTIFICATION of EAP-Request/AKA-Notification is set to zero, and MUST NOT be included in cases when the P bit is set to one. The P bit is discussed in Section 6.

当EAP请求/AKA通知的AT_通知中的通知代码的P位设置为零时,必须包括AT_MAC属性,并且当P位设置为1时,不得包括AT_MAC属性。第6节讨论了P位。

If EAP-Request/AKA-Notification is used on a fast re-authentication exchange, and if the P bit in AT_NOTIFICATION is set to zero, then AT_COUNTER is used for replay protection. In this case, the AT_ENCR_DATA and AT_IV attributes MUST be included, and the encapsulated plaintext attributes MUST include the AT_COUNTER attribute. The counter value included in AT_COUNTER MUST be the same as in the EAP-Request/AKA-Reauthentication packet on the same fast re-authentication exchange.

如果EAP请求/AKA通知用于快速重新身份验证交换,并且如果AT_通知中的P位设置为零,则AT_计数器用于重播保护。在这种情况下,必须包括AT_ENCR_数据和AT_IV属性,并且封装的明文属性必须包括AT_计数器属性。AT_计数器中包含的计数器值必须与同一快速重新身份验证交换上的EAP请求/AKA重新身份验证数据包中的计数器值相同。

10. Attributes
10. 属性

This section specifies the format of message attributes. The attribute type numbers are specified in Section 11.

本节指定消息属性的格式。第11节规定了属性类型编号。

10.1. Table of Attributes
10.1. 属性表

The following table provides a guide to which attributes may be found in which kinds of messages, and in what quantity. Messages are denoted with numbers in parentheses as follows: (1) EAP-Request/ AKA-Identity, (2) EAP-Response/AKA-Identity, (3) EAP-Request/ AKA-Challenge, (4) EAP-Response/AKA-Challenge, (5) EAP-Request/ AKA-Notification, (6) EAP-Response/AKA-Notification, (7) EAP-Response/AKA-Client-Error (8) EAP-Request/AKA-Reauthentication, (9) EAP-Response/AKA-Reauthentication, (10) EAP-Response/AKA-Authentication-Reject, and (11) EAP-Response/AKA-Synchronization-Failure. The column denoted with "E" indicates whether the attribute is a nested attribute that MUST be included within AT_ENCR_DATA.

下表提供了在哪些类型的消息中可以找到哪些属性以及数量的指南。消息用括号中的数字表示如下:(1)EAP请求/AKA标识,(2)EAP响应/AKA标识,(3)EAP请求/AKA质询,(4)EAP响应/AKA质询,(5)EAP请求/AKA通知,(6)EAP响应/AKA通知,(7)EAP响应/AKA客户端错误(8)EAP请求/AKA重新验证,(9)EAP响应/AKA重新身份验证,(10)EAP响应/AKA身份验证拒绝,(11)EAP响应/AKA同步失败。用“E”表示的列表示该属性是否为必须包含在AT_ENCR_数据中的嵌套属性。

"0" indicates that the attribute MUST NOT be included in the message, "1" indicates that the attribute MUST be included in the message, "0-1" indicates that the attribute is sometimes included in the message, and "0*" indicates that the attribute is not included in the message in cases specified in this document, but MAY be included in the future versions of the protocol.

“0”表示该属性不得包含在消息中,“1”表示该属性必须包含在消息中,“0-1”表示该属性有时包含在消息中,“0*”表示在本文档中指定的情况下该属性不包含在消息中,但可能包含在未来版本的协议中。

Attribute (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)(11) E AT_PERMANENT_ID_REQ 0-1 0 0 0 0 0 0 0 0 0 0 N AT_ANY_ID_REQ 0-1 0 0 0 0 0 0 0 0 0 0 N AT_FULLAUTH_ID_REQ 0-1 0 0 0 0 0 0 0 0 0 0 N AT_IDENTITY 0 0-1 0 0 0 0 0 0 0 0 0 N AT_RAND 0 0 1 0 0 0 0 0 0 0 0 N AT_AUTN 0 0 1 0 0 0 0 0 0 0 0 N AT_RES 0 0 0 1 0 0 0 0 0 0 0 N AT_AUTS 0 0 0 0 0 0 0 0 0 0 1 N AT_NEXT_PSEUDONYM 0 0 0-1 0 0 0 0 0 0 0 0 Y AT_NEXT_REAUTH_ID 0 0 0-1 0 0 0 0 0-1 0 0 0 Y AT_IV 0 0 0-1 0* 0-1 0-1 0 1 1 0 0 N AT_ENCR_DATA 0 0 0-1 0* 0-1 0-1 0 1 1 0 0 N AT_PADDING 0 0 0-1 0* 0-1 0-1 0 0-1 0-1 0 0 Y AT_CHECKCODE 0 0 0-1 0-1 0 0 0 0-1 0-1 0 0 N AT_RESULT_IND 0 0 0-1 0-1 0 0 0 0-1 0-1 0 0 N AT_MAC 0 0 1 1 0-1 0-1 0 1 1 0 0 N AT_COUNTER 0 0 0 0 0-1 0-1 0 1 1 0 0 Y AT_COUNTER_TOO_SMALL 0 0 0 0 0 0 0 0 0-1 0 0 Y AT_NONCE_S 0 0 0 0 0 0 0 1 0 0 0 Y AT_NOTIFICATION 0 0 0 0 1 0 0 0 0 0 0 N AT_CLIENT_ERROR_CODE 0 0 0 0 0 0 1 0 0 0 0 N

属性(1)(2)(3)(4)(5)(6)(7)(8)(9)(10)(11)在永久性身份认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证认证0-0-1 0 0-1 0-1 0 0-1 0-1 0 0-0 0 0 0-1 0-1 1 0 0 1 1 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 101100Y在0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0在0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 N在0 0 0 0 0 0 0客户端错误代码0 0 0 0 0 0 0 0 0 0 0 N

It should be noted that attributes AT_PERMANENT_ID_REQ, AT_ANY_ID_REQ, and AT_FULLAUTH_ID_REQ are mutually exclusive, so that only one of them can be included at the same time. If one of the attributes AT_IV or AT_ENCR_DATA is included, then both of the attributes MUST be included.

应该注意的是,永久性ID请求、任意ID请求和完全授权ID请求的属性是互斥的,因此只能同时包含其中一个。如果包含四级或四级数据的一个属性,则必须同时包含这两个属性。

10.2. AT_PERMANENT_ID_REQ
10.2. AT_永久性_ID_要求

The format of the AT_PERMANENT_ID_REQ attribute is shown below.

AT_PERMANENT_ID_REQ属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_PERM..._REQ | Length = 1    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_PERM..._REQ | Length = 1    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The use of the AT_PERMANENT_ID_REQ is defined in Section 4.1. The value field only contains two reserved bytes, which are set to zero on sending and ignored on reception.

第4.1节定义了AT_永久性_ID_需求的使用。值字段仅包含两个保留字节,发送时设置为零,接收时忽略。

10.3. AT_ANY_ID_REQ
10.3. 在任何需要的情况下

The format of the AT_ANY_ID_REQ attribute is shown below.

AT_ANY_ID_REQ属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_ANY_ID_REQ  | Length = 1    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_ANY_ID_REQ  | Length = 1    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The use of the AT_ANY_ID_REQ is defined in Section 4.1. The value field only contains two reserved bytes, which are set to zero on sending and ignored on reception.

第4.1节定义了AT_ANY_ID_REQ的使用。值字段仅包含两个保留字节,发送时设置为零,接收时忽略。

10.4. AT_FULLAUTH_ID_REQ
10.4. AT_FULLAUTH_ID_REQ

The format of the AT_FULLAUTH_ID_REQ attribute is shown below.

AT_FULLAUTH_ID_REQ属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_FULLAUTH_...| Length = 1    |           Reserved            |
   +---------------+---------------+-------------------------------+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_FULLAUTH_...| Length = 1    |           Reserved            |
   +---------------+---------------+-------------------------------+
        

The use of the AT_FULLAUTH_ID_REQ is defined in Section 4.1. The value field only contains two reserved bytes, which are set to zero on sending and ignored on reception.

第4.1节定义了AT_FULLAUTH_ID_REQ的使用。值字段仅包含两个保留字节,发送时设置为零,接收时忽略。

10.5. AT_IDENTITY
10.5. AT_身份

The format of the AT_IDENTITY attribute is shown below.

AT_标识属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_IDENTITY   | Length        | Actual Identity Length        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                       Identity                                .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_IDENTITY   | Length        | Actual Identity Length        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                       Identity                                .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The use of the AT_IDENTITY is defined in Section 4.1. The value field of this attribute begins with 2-byte actual identity length, which specifies the length of the identity in bytes. This field is followed by the subscriber identity of the indicated actual length. The identity is the permanent identity, a pseudonym identity or a fast re-authentication identity. The identity format is specified in Section 4.1.1. The same identity format is used in the AT_IDENTITY attribute and the EAP-Response/Identity packet, with the exception that the peer MUST NOT decorate the identity it includes in AT_IDENTITY. The identity does not include any terminating null characters. Because the length of the attribute must be a multiple of 4 bytes, the sender pads the identity with zero bytes when necessary.

第4.1节定义了AT_标识的使用。此属性的值字段以2字节的实际标识长度开始,该长度以字节为单位指定标识的长度。此字段后面是指示实际长度的订户标识。身份是永久身份、假名身份或快速重新身份验证身份。第4.1.1节规定了标识格式。AT_标识属性和EAP响应/标识数据包中使用相同的标识格式,但对等方不得修饰AT_标识中包含的标识。标识不包括任何终止的空字符。因为属性的长度必须是4字节的倍数,所以发送方在必要时用零字节填充标识。

10.6. AT_RAND
10.6. 阿特兰

The format of the AT_RAND attribute is shown below.

AT_RAND属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    AT_RAND    | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                             RAND                              |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    AT_RAND    | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                             RAND                              |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute contains two reserved bytes followed by the AKA RAND parameter, 16 bytes (128 bits). The reserved bytes are set to zero when sending and ignored on reception.

此属性的值字段包含两个保留字节,后跟AKA RAND参数16字节(128位)。发送时保留字节设置为零,接收时忽略。

10.7. AT_AUTN
10.7. AT_AUTN

The format of the AT_AUTN attribute is shown below.

AT_AUTN属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    AT_AUTN    | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                        AUTN                                   |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    AT_AUTN    | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                        AUTN                                   |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute contains two reserved bytes followed by the AKA AUTN parameter, 16 bytes (128 bits). The reserved bytes are set to zero when sending and ignored on reception.

此属性的值字段包含两个保留字节,后跟AKA AUTN参数16字节(128位)。发送时保留字节设置为零,接收时忽略。

10.8. AT_RES
10.8. 在

The format of the AT_RES attribute is shown below.

AT_RES属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     AT_RES    |    Length     |          RES Length           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
   |                                                               |
   |                             RES                               |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     AT_RES    |    Length     |          RES Length           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
   |                                                               |
   |                             RES                               |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute begins with the 2-byte RES Length, which identifies the exact length of the RES in bits. The RES length is followed by the AKA RES parameter. According to [TS33.105], the length of the AKA RES can vary between 32 and 128 bits. Because the length of the AT_RES attribute must be a multiple of 4 bytes, the sender pads the RES with zero bits where necessary.

该属性的值字段以2字节的RES长度开始,它以位表示RES的确切长度。RES长度后面跟着AKA RES参数。根据[TS33.105],AKA RES的长度可以在32到128位之间变化。因为AT_RES属性的长度必须是4字节的倍数,所以发送方在必要时用零位填充RES。

10.9. AT_AUTS
10.9. 至少

The format of the AT_AUTS attribute is shown below.

AT_AUTS属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|
   |    AT_AUTS    | Length = 4    |                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
   |                                                               |
   |                             AUTS                              |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|
   |    AT_AUTS    | Length = 4    |                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
   |                                                               |
   |                             AUTS                              |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute contains the AKA AUTS parameter, 112 bits (14 bytes).

此属性的值字段包含AKA AUTS参数,112位(14字节)。

10.10. AT_NEXT_PSEUDONYM
10.10. AT_NEXT_笔名

The format of the AT_NEXT_PSEUDONYM attribute is shown below.

AT_NEXT_假名属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_NEXT_PSEU..| Length        | Actual Pseudonym Length       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                          Next Pseudonym                       .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_NEXT_PSEU..| Length        | Actual Pseudonym Length       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                          Next Pseudonym                       .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute begins with a 2-byte actual pseudonym length, which specifies the length of the following pseudonym in bytes. This field is followed by a pseudonym username that the peer can use in the next authentication. The username MUST NOT include any realm portion. The username does not include any terminating null characters. Because the length of the attribute must be a multiple of 4 bytes, the sender pads the pseudonym with zero bytes when necessary. The username encoding MUST follow the UTF-8 transformation format [RFC3629]. This attribute MUST always be encrypted by encapsulating it within the AT_ENCR_DATA attribute.

此属性的值字段以2字节的实际假名长度开始,该长度以字节为单位指定以下假名的长度。此字段后面是对等方可在下次身份验证中使用的假名用户名。用户名不得包含任何领域部分。用户名不包含任何终止的空字符。因为属性的长度必须是4字节的倍数,所以发送方在必要时用零字节填充假名。用户名编码必须遵循UTF-8转换格式[RFC3629]。必须始终通过将该属性封装在AT_ENCR_DATA属性中来加密该属性。

10.11. AT_NEXT_REAUTH_ID
10.11. 在下一次授权时

The format of the AT_NEXT_REAUTH_ID attribute is shown below.

AT_NEXT_REAUTH_ID属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_NEXT_REAU..| Length        | Actual Re-Auth Identity Length|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .              Next Fast Re-Authentication Username             .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_NEXT_REAU..| Length        | Actual Re-Auth Identity Length|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .              Next Fast Re-Authentication Username             .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute begins with a 2-byte actual re-authentication identity length which specifies the length of the following fast re-authentication identity in bytes. This field is followed by a fast re-authentication identity that the peer can use in the next fast re-authentication, as described in Section 5. In environments where a realm portion is required, the fast re-authentication identity includes both a username portion and a realm name portion. The fast re-authentication identity does not include any terminating null characters. Because the length of the attribute must be a multiple of 4 bytes, the sender pads the fast re-authentication identity with zero bytes when necessary. The identity encoding MUST follow the UTF-8 transformation format [RFC3629]. This attribute MUST always be encrypted by encapsulating it within the AT_ENCR_DATA attribute.

此属性的值字段以2字节的实际重新身份验证标识长度开始,该长度以字节为单位指定以下快速重新身份验证标识的长度。如第5节所述,该字段后面是对等方可在下一次快速重新认证中使用的快速重新认证标识。在需要领域部分的环境中,快速重新身份验证标识包括用户名部分和领域名称部分。快速重新身份验证标识不包括任何终止的空字符。因为属性的长度必须是4字节的倍数,所以发送方在必要时将快速重新身份验证标识填充为零字节。标识编码必须遵循UTF-8转换格式[RFC3629]。必须始终通过将该属性封装在AT_ENCR_DATA属性中来加密该属性。

10.12. AT_IV, AT_ENCR_DATA, and AT_PADDING
10.12. AT_IV、AT_ENCR_数据和AT_填充

AT_IV and AT_ENCR_DATA attributes can be used to transmit encrypted information between the EAP-AKA peer and server.

AT_IV和AT_ENCR_数据属性可用于在EAP-AKA对等机和服务器之间传输加密信息。

The value field of AT_IV contains two reserved bytes followed by a 16-byte initialization vector required by the AT_ENCR_DATA attribute. The reserved bytes are set to zero when sending and ignored on reception. The AT_IV attribute MUST be included if and only if the AT_ENCR_DATA is included. Section 6.3 specifies the operation if a packet that does not meet this condition is encountered.

AT_IV的值字段包含两个保留字节,后跟AT_ENCR_数据属性所需的16字节初始化向量。发送时保留字节设置为零,接收时忽略。当且仅当包含AT_ENCR_数据时,必须包含AT_IV属性。第6.3节规定了遇到不符合此条件的数据包时的操作。

The sender of the AT_IV attribute chooses the initialization vector at random. The sender MUST NOT reuse the initialization vector value from previous EAP-AKA packets. The sender SHOULD use a good source of randomness to generate the initialization vector. Please see [RFC4086] for more information about generating random numbers for security applications. The format of AT_IV is shown below.

AT_IV属性的发送方随机选择初始化向量。发送方不得重用以前EAP-AKA数据包中的初始化向量值。发送方应使用良好的随机性源来生成初始化向量。有关为安全应用程序生成随机数的更多信息,请参阅[RFC4086]。AT_IV的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     AT_IV     | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                 Initialization Vector                         |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     AT_IV     | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                 Initialization Vector                         |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of the AT_ENCR_DATA attribute consists of two reserved bytes followed by cipher text bytes. The cipher text bytes are encrypted using the Advanced Encryption Standard (AES) [AES] with a 128-bit key in the Cipher Block Chaining (CBC) mode of operation, which uses the initialization vector from the AT_IV attribute. The reserved bytes are set to zero when sending and ignored on reception. Please see [CBC] for a description of the CBC mode. The format of the AT_ENCR_DATA attribute is shown below.

AT_ENCR_数据属性的值字段由两个保留字节和密码文本字节组成。密码文本字节使用高级加密标准(AES)[AES]在密码块链接(CBC)操作模式下使用128位密钥进行加密,该模式使用AT_IV属性中的初始化向量。发送时保留字节设置为零,接收时忽略。有关CBC模式的说明,请参见[CBC]。AT_ENCR_数据属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_ENCR_DATA  | Length        |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                    Encrypted Data                             .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_ENCR_DATA  | Length        |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                    Encrypted Data                             .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The derivation of the encryption key (K_encr) is specified in Section 7.

第7节规定了加密密钥(K_encr)的推导。

The plaintext consists of nested EAP-AKA attributes.

明文由嵌套的EAP-AKA属性组成。

The encryption algorithm requires the length of the plaintext to be a multiple of 16 bytes. The sender may need to include the AT_PADDING attribute as the last attribute within AT_ENCR_DATA. The AT_PADDING attribute is not included if the total length of other nested attributes within the AT_ENCR_DATA attribute is a multiple of 16 bytes. As usual, the Length of the Padding attribute includes the Attribute Type and Attribute Length fields. The length of the Padding attribute is 4, 8, or 12 bytes. It is chosen so that the length of the value field of the AT_ENCR_DATA attribute becomes a multiple of 16 bytes. The actual pad bytes in the value field are set to zero (00 hexadecimal) on sending. The recipient of the message MUST verify that the pad bytes are set to zero. If this

加密算法要求明文的长度为16字节的倍数。发送方可能需要将AT_PADDING属性作为AT_ENCR_数据中的最后一个属性。如果AT_ENCR_数据属性中其他嵌套属性的总长度是16字节的倍数,则不包括AT_PADDING属性。通常,Padding属性的长度包括属性类型和属性长度字段。Padding属性的长度为4、8或12字节。选择它时,AT_ENCR_数据属性的值字段的长度将变为16字节的倍数。值字段中的实际pad字节在发送时设置为零(00十六进制)。邮件收件人必须验证pad字节是否设置为零。如果这

verification fails on the peer, then it MUST send the EAP-Response/AKA-Client-Error packet with the error code "unable to process packet" to terminate the authentication exchange. If this verification fails on the server, then the server sends the EAP-Response/AKA-Notification packet with an AT_NOTIFICATION code that implies failure to terminate the authentication exchange. The format of the AT_PADDING attribute is shown below.

对等方验证失败,则必须发送错误代码为“无法处理数据包”的EAP响应/AKA客户端错误数据包以终止身份验证交换。如果此验证在服务器上失败,则服务器将发送EAP响应/AKA通知数据包,其中包含AT_通知代码,这意味着无法终止身份验证交换。AT_PADDING属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  AT_PADDING   | Length        | Padding...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  AT_PADDING   | Length        | Padding...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
10.13. AT_CHECKCODE
10.13. AT_校验码

The AT_MAC attribute is not used in the very first EAP-AKA messages during the AKA-Identity round, because keying material has not been derived yet. The peer and the server may exchange one or more pairs of EAP-AKA messages of the Subtype AKA-Identity before keys are derived and before the AT_MAC attribute can be applied. The EAP/- AKA-Identity messages may also be used upon fast re-authentication.

在AKA身份轮次期间,AT_MAC属性未在第一个EAP-AKA消息中使用,因为尚未导出密钥材料。对等方和服务器可以在派生密钥和应用AT_MAC属性之前交换子类型AKA Identity的一对或多对EAP-AKA消息。EAP/-AKA标识消息也可在快速重新认证时使用。

The AT_CHECKCODE attribute MAY be used to protect the EAP/ AKA-Identity messages. In full authentication, the server MAY include the AT_CHECKCODE in EAP-Request/AKA-Challenge, and the peer MAY include AT_CHECKCODE in EAP-Response/AKA-Challenge. In fast re-authentication, the server MAY include AT_CHECKCODE in EAP-Request/ AKA-Reauthentication, and the peer MAY include AT_CHECKCODE in EAP-Response/AKA-Reauthentication. The fact that the peer receives an EAP-Request with AT_CHECKCODE does not imply that the peer would have to include AT_CHECKCODE in the corresponding response. The peer MAY include AT_CHECKCODE even if the server did not include AT_CHECKCODE in the EAP request. Because the AT_MAC attribute is used in these messages, AT_CHECKCODE will be integrity protected with AT_MAC. The format of the AT_CHECKCODE attribute is shown below.

AT_CHECKCODE属性可用于保护EAP/AKA标识消息。在完全认证中,服务器可以在EAP请求/AKA质询中包括AT_检查码,对等方可以在EAP响应/AKA质询中包括AT_检查码。在快速重新认证中,服务器可以在EAP请求/AKA重新认证中包括AT_检查码,对等方可以在EAP响应/AKA重新认证中包括AT_检查码。对等方收到带有AT_CHECKCODE的EAP请求并不意味着对等方必须在相应的响应中包含AT_CHECKCODE。即使服务器在EAP请求中未包含AT_检查码,对等方也可能包含AT_检查码。由于在这些消息中使用了AT_MAC属性,因此AT_CHECKCODE将使用AT_MAC进行完整性保护。AT_CHECKCODE属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_CHECKCODE  | Length        |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                     Checkcode (0 or 20 bytes)                 |
   |                                                               |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_CHECKCODE  | Length        |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                     Checkcode (0 or 20 bytes)                 |
   |                                                               |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of AT_CHECKCODE begins with two reserved bytes, which may be followed by a 20-byte checkcode. If the checkcode is not included in AT_CHECKCODE, then the attribute indicates that no EAP/- AKA-Identity messages were exchanged. This may occur in both full authentication and fast re-authentication. The reserved bytes are set to zero when sending and ignored on reception.

AT_校验码的值字段以两个保留字节开始,后面可能是一个20字节的校验码。如果AT_checkcode中未包含checkcode,则该属性表示未交换EAP/-AKA标识消息。这可能发生在完全身份验证和快速重新身份验证中。发送时保留字节设置为零,接收时忽略。

The checkcode is a hash value, calculated with SHA1 [SHA-1], over all EAP-Request/AKA-Identity and EAP-Response/AKA-Identity packets exchanged in this authentication exchange. The packets are included in the order that they were transmitted, that is, starting with the first EAP-Request/AKA-Identity message, followed by the corresponding EAP-Response/AKA-Identity, followed by the second EAP-Request/AKA-Identity (if used), etc.

校验码是一个散列值,使用SHA1[SHA-1]计算,覆盖在此身份验证交换中交换的所有EAP请求/AKA标识和EAP响应/AKA标识数据包。分组按照其被发送的顺序被包括,即,从第一个EAP请求/AKA标识消息开始,接着是相应的EAP响应/AKA标识,接着是第二个EAP请求/AKA标识(如果使用),等等。

EAP packets are included in the hash calculation "as-is" (as they were transmitted or received). All reserved bytes, padding bytes, etc., that are specified for various attributes are included as such, and the receiver must not reset them to zero. No delimiter bytes, padding, or any other framing are included between the EAP packets when calculating the checkcode.

EAP数据包“按原样”(在传输或接收时)包含在散列计算中。为各种属性指定的所有保留字节、填充字节等都包含在内,接收方不得将其重置为零。计算校验码时,EAP数据包之间不包括分隔符字节、填充或任何其他帧。

Messages are included in request/response pairs; in other words, only full "round trips" are included. Packets that are silently discarded are not included, and retransmitted packets (that have the same Identifier value) are only included once. (The base EAP protocol [RFC3748] ensures that requests and responses "match".) The EAP server must only include an EAP-Request/AKA-Identity in the calculation after it has received a corresponding response with the same Identifier value.

消息包含在请求/响应对中;换句话说,只包括完整的“往返行程”。不包括以静默方式丢弃的数据包,并且仅包括一次重新传输的数据包(具有相同的标识符值)。(基本EAP协议[RFC3748]确保请求和响应“匹配”。)EAP服务器在收到具有相同标识符值的相应响应后,必须仅在计算中包含EAP请求/AKA标识。

The peer must include the EAP-Request/AKA-Identity and the corresponding response in the calculation only if the peer receives a subsequent EAP-Request/AKA-Challenge or a follow-up EAP-Request/ AKA-Identity with a different Identifier value than in the first EAP-Request/AKA-Identity.

仅当对等方接收到后续EAP请求/AKA质询或后续EAP请求/AKA标识,且标识值与第一个EAP请求/AKA标识中的标识值不同时,对等方必须在计算中包括EAP请求/AKA标识和相应的响应。

The AT_CHECKCODE attribute is optional to implement. It is specified in order to allow protection of the EAP/AKA-Identity messages and any future extensions to them. The implementation of AT_CHECKCODE is RECOMMENDED.

AT_CHECKCODE属性是可选的。它的指定是为了保护EAP/AKA标识消息及其任何未来扩展。建议使用AT_校验码。

If the receiver of AT_CHECKCODE implements this attribute, then the receiver MUST check that the checkcode is correct. If the checkcode is invalid, the receiver must operate as specified in Section 6.3.

如果AT_CHECKCODE的接收者实现了此属性,则接收者必须检查CHECKCODE是否正确。如果检查码无效,接收器必须按照第6.3节的规定操作。

If the EAP/AKA-Identity messages are extended with new attributes, then AT_CHECKCODE MUST be implemented and used. More specifically, if the server includes any attributes other than AT_PERMANENT_ID_REQ, AT_FULLAUTH_ID_REQ, or AT_ANY_ID_REQ in the EAP-Request/AKA-Identity packet, then the server MUST include AT_CHECKCODE in EAP-Request/ AKA-Challenge or EAP-Request/AKA-Reauthentication. If the peer includes any attributes other than AT_IDENTITY in the EAP-Response/ AKA-Identity message, then the peer MUST include AT_CHECKCODE in EAP-Response/AKA-Challenge or EAP-Response/AKA-Reauthentication.

如果EAP/AKA标识消息扩展了新属性,则必须实现并使用AT_检查码。更具体地说,如果服务器在EAP请求/AKA标识包中包括除AT_PERMANENT_ID_REQ、AT_FULLAUTH_ID_REQ或AT_any_ID_REQ以外的任何属性,则服务器必须在EAP请求/AKA质询或EAP请求/AKA重新验证中包括AT_检查码。如果对等方在EAP响应/AKA标识消息中包含除AT_标识以外的任何属性,则对等方必须在EAP响应/AKA质询或EAP响应/AKA重新验证中包含AT_检查码。

If the server implements the processing of any other attribute than AT_IDENTITY for the EAP-Response/AKA-Identity message, then the server MUST implement AT_CHECKCODE. In this case, if the server receives any attribute other than AT_IDENTITY in the EAP-Response/AKA-Identity message, then the server MUST check that AT_CHECKCODE is present in EAP-Response/AKA-Challenge or EAP-Response/ AKA-Reauthentication. The operation when a mandatory attribute is missing is specified in Section 6.3.

如果服务器实现EAP响应/AKA标识消息的AT_标识以外的任何其他属性的处理,则服务器必须实现AT_校验码。在这种情况下,如果服务器在EAP响应/AKA标识消息中接收到除AT_标识之外的任何属性,则服务器必须检查EAP响应/AKA质询或EAP响应/AKA重新验证中是否存在AT_检查码。第6.3节规定了缺少强制属性时的操作。

Similarly, if the peer implements the processing of any attribute other than AT_PERMANENT_ID_REQ, AT_FULLAUTH_ID_REQ, or AT_ANY_ID_REQ for the EAP-Request/AKA-Identity packet, then the peer MUST implement AT_CHECKCODE. In this case, if the peer receives any attribute other than AT_PERMANENT_ID_REQ, AT_FULLAUTH_ID_REQ, or AT_ANY_ID_REQ in the EAP-Request/AKA-Identity packet, then the peer MUST check that AT_CHECKCODE is present in EAP-Request/AKA-Challenge or EAP-Request/AKA-Reauthentication. The operation when a mandatory attribute is missing is specified in Section 6.3.

类似地,如果对等方对EAP请求/AKA标识数据包执行除AT_PERMANENT_ID_REQ、AT_FULLAUTH_ID_REQ或AT_any_ID_REQ之外的任何属性的处理,则对等方必须执行AT_检查码。在这种情况下,如果对等方在EAP请求/AKA标识包中接收到除AT_PERMANENT_ID_REQ、AT_FULLAUTH_ID_REQ或AT_any_ID_REQ之外的任何属性,则对等方必须检查AT_CHECKCODE是否存在于EAP请求/AKA质询或EAP请求/AKA重新验证中。第6.3节规定了缺少强制属性时的操作。

10.14. AT_RESULT_IND
10.14. 结果显示

The format of the AT_RESULT_IND attribute is shown below.

AT_RESULT_IND属性的格式如下所示。

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  AT_RESULT_...| Length = 1    |           Reserved            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  AT_RESULT_...| Length = 1    |           Reserved            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute consists of two reserved bytes, which are set to zero upon sending and ignored upon reception. This attribute is always sent unencrypted, so it MUST NOT be encapsulated within the AT_ENCR_DATA attribute.

此属性的值字段由两个保留字节组成,在发送时设置为零,在接收时忽略。此属性始终未加密发送,因此不能封装在AT_ENCR_DATA属性中。

10.15. AT_MAC
10.15. 在苹果

The AT_MAC attribute is used for EAP-AKA message authentication. Section 9 specifies in which messages AT_MAC MUST be included.

AT_MAC属性用于EAP-AKA消息身份验证。第9节规定了必须包含在\u MAC上的消息。

The value field of the AT_MAC attribute contains two reserved bytes followed by a keyed message authentication code (MAC). The MAC is calculated over the whole EAP packet and concatenated with optional message-specific data, with the exception that the value field of the MAC attribute is set to zero when calculating the MAC. The EAP packet includes the EAP header that begins with the Code field, the EAP-AKA header that begins with the Subtype field, and all the attributes, as specified in Section 8.1. The reserved bytes in AT_MAC are set to zero when sending and ignored on reception. The contents of the message-specific data that may be included in the MAC calculation are specified separately for each EAP-AKA message in Section 9.

AT_MAC属性的值字段包含两个保留字节,后跟密钥消息身份验证码(MAC)。MAC在整个EAP分组上计算,并与可选的消息特定数据连接,但MAC属性的值字段在计算MAC时设置为零的情况除外。EAP数据包包括以代码字段开头的EAP报头、以子类型字段开头的EAP-AKA报头以及第8.1节中规定的所有属性。AT_MAC中的保留字节在发送时设置为零,在接收时忽略。可包括在MAC计算中的消息特定数据的内容在第9节中针对每个EAP-AKA消息单独指定。

The format of the AT_MAC attribute is shown below.

AT_MAC属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     AT_MAC    | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                           MAC                                 |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     AT_MAC    | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                           MAC                                 |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The MAC algorithm is HMAC-SHA1-128 [RFC2104] keyed hash value. (The HMAC-SHA1-128 value is obtained from the 20-byte HMAC-SHA1 value by truncating the output to 16 bytes. Hence, the length of the MAC is 16 bytes.) The derivation of the authentication key (K_aut) used in the calculation of the MAC is specified in Section 7.

MAC算法是HMAC-SHA1-128[RFC2104]键控哈希值。(HMAC-SHA1-128值是通过将输出截断为16字节从20字节的HMAC-SHA1值中获得的。因此,MAC的长度为16字节。)第7节规定了MAC计算中使用的认证密钥(K_aut)的推导。

When the AT_MAC attribute is included in an EAP-AKA message, the recipient MUST process the AT_MAC attribute before looking at any other attributes, except when processing EAP-Request/AKA-Challenge. The processing of EAP-Request/AKA-Challenge is specified in

当EAP-AKA消息中包含AT_MAC属性时,收件人必须先处理AT_MAC属性,然后再查看任何其他属性,处理EAP请求/AKA质询时除外。EAP请求/AKA质询的处理在

Section 9.3. If the message authentication code is invalid, then the recipient MUST ignore all other attributes in the message and operate as specified in Section 6.3.

第9.3节。如果邮件验证码无效,则收件人必须忽略邮件中的所有其他属性,并按照第6.3节的规定操作。

10.16. AT_COUNTER
10.16. 柜台

The format of the AT_COUNTER attribute is shown below.

AT_计数器属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  AT_COUNTER   | Length = 1    |           Counter             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  AT_COUNTER   | Length = 1    |           Counter             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of the AT_COUNTER attribute consists of a 16-bit unsigned integer counter value, represented in network byte order. This attribute MUST always be encrypted by encapsulating it within the AT_ENCR_DATA attribute.

AT_计数器属性的值字段由16位无符号整数计数器值组成,以网络字节顺序表示。必须始终通过将该属性封装在AT_ENCR_DATA属性中来加密该属性。

10.17. AT_COUNTER_TOO_SMALL
10.17. 柜台太小

The format of the AT_COUNTER_TOO_SMALL attribute is shown below.

AT_COUNTER_TOO_SMALL属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  AT_COUNTER...| Length = 1    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  AT_COUNTER...| Length = 1    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute consists of two reserved bytes, which are set to zero upon sending and ignored upon reception. This attribute MUST always be encrypted by encapsulating it within the AT_ENCR_DATA attribute.

此属性的值字段由两个保留字节组成,在发送时设置为零,在接收时忽略。必须始终通过将该属性封装在AT_ENCR_DATA属性中来加密该属性。

10.18. AT_NONCE_S
10.18. 现在

The format of the AT_NONCE_S attribute is shown below.

当前属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_NONCE_S    | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                                                               |
   |                            NONCE_S                            |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | AT_NONCE_S    | Length = 5    |           Reserved            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                                                               |
   |                            NONCE_S                            |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of the AT_NONCE_S attribute contains two reserved bytes followed by a random number (16 bytes) that is freshly generated by the server for this EAP-AKA fast re-authentication. The random number is used as challenge for the peer and also as a seed value for the new keying material. The reserved bytes are set to zero upon sending and ignored upon reception. This attribute MUST always be encrypted by encapsulating it within the AT_ENCR_DATA attribute.

AT_NONCE_S属性的值字段包含两个保留字节,后跟一个随机数(16字节),该随机数是服务器为此EAP-AKA快速重新身份验证新生成的。随机数用作对等方的质询,也用作新键控材质的种子值。保留字节在发送时设置为零,在接收时忽略。必须始终通过将该属性封装在AT_ENCR_DATA属性中来加密该属性。

The server MUST NOT reuse the NONCE_S value from a previous EAP-AKA fast re-authentication exchange. The server SHOULD use a good source of randomness to generate NONCE_S. Please see [RFC4086] for more information about generating random numbers for security applications.

服务器不得重用先前EAP-AKA快速重新身份验证交换中的NONCE_S值。服务器应使用良好的随机性源来生成NONCE_。有关为安全应用程序生成随机数的更多信息,请参阅[RFC4086]。

10.19. AT_NOTIFICATION
10.19. AT_通知

The format of the AT_NOTIFICATION attribute is shown below.

AT_通知属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_NOTIFICATION| Length = 1    |S|P|  Notification Code        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_NOTIFICATION| Length = 1    |S|P|  Notification Code        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute contains a two-byte notification code. The first and second bit (S and P) of the notification code are interpreted as described in Section 6.

此属性的值字段包含一个两字节的通知代码。通知代码的第一位和第二位(S和P)如第6节所述进行解释。

The notification code values listed below have been reserved. The descriptions below illustrate the semantics of the notifications. The peer implementation MAY use different wordings when presenting the notifications to the user. The "requested service" depends on the environment where EAP-AKA is applied.

下面列出的通知代码值已保留。下面的描述说明了通知的语义。对等实现在向用户呈现通知时可以使用不同的措辞。“请求的服务”取决于应用EAP-AKA的环境。

0 - General failure after authentication. (Implies failure, used after successful authentication.)

0-身份验证后发生常规故障。(表示失败,在成功身份验证后使用。)

16384 - General failure. (Implies failure, used before authentication.)

16384-一般故障。(表示失败,在身份验证之前使用。)

32768 - Success. User has been successfully authenticated. (Does not imply failure, used after successful authentication.) The usage of this code is discussed in Section 6.2.

32768-成功。用户已成功通过身份验证。(不意味着失败,在成功认证后使用。)第6.2节讨论了此代码的使用。

1026 - User has been temporarily denied access to the requested service. (Implies failure, used after successful authentication.)

1026-用户暂时被拒绝访问请求的服务。(表示失败,在成功身份验证后使用。)

1031 - User has not subscribed to the requested service. (Implies failure, used after successful authentication.)

1031-用户尚未订阅请求的服务。(表示失败,在成功身份验证后使用。)

10.20. AT_CLIENT_ERROR_CODE
10.20. AT\u客户端\u错误\u代码

The format of the AT_CLIENT_ERROR_CODE attribute is shown below.

AT_CLIENT_ERROR_CODE属性的格式如下所示。

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_CLIENT_ERR..| Length = 1    |     Client Error Code         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |AT_CLIENT_ERR..| Length = 1    |     Client Error Code         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The value field of this attribute contains a two-byte client error code. The following error code values have been reserved.

此属性的值字段包含一个两字节的客户端错误代码。已保留以下错误代码值。

0 "unable to process packet": a general error code

0“无法处理数据包”:一般错误代码

11. IANA and Protocol Numbering Considerations
11. IANA和协议编号注意事项

IANA has assigned the EAP type number 23 for EAP-AKA authentication.

IANA已为EAP-AKA身份验证分配了EAP类型编号23。

EAP-AKA shares most of the protocol design, such as attributes and message Subtypes, with EAP-SIM [EAP-SIM]. EAP-AKA protocol numbers should be administered in the same IANA registry with EAP-SIM. This document establishes the registries and lists the initial protocol numbers for both protocols.

EAP-AKA与EAP-SIM[EAP-SIM]共享大部分协议设计,如属性和消息子类型。EAP-AKA协议编号应与EAP-SIM在同一IANA注册表中管理。本文件建立了两个协议的注册中心并列出了初始协议编号。

EAP-AKA and EAP-SIM messages include a Subtype field. The Subtype is a new numbering space for which IANA administration is required. The Subtype is an 8-bit integer. The following Subtypes are specified in this document and in [EAP-SIM]:

EAP-AKA和EAP-SIM消息包含子类型字段。子类型是一个新的编号空间,需要IANA管理。子类型是8位整数。本文件和[EAP-SIM]中规定了以下子类型:

        AKA-Challenge...................................1
        AKA-Authentication-Reject.......................2
        AKA-Synchronization-Failure.....................4
        AKA-Identity....................................5
        SIM-Start......................................10
        SIM-Challenge..................................11
        AKA-Notification and SIM-Notification..........12
        AKA-Reauthentication and SIM-Reauthentication..13
        AKA-Client-Error and SIM-Client-Error..........14
        
        AKA-Challenge...................................1
        AKA-Authentication-Reject.......................2
        AKA-Synchronization-Failure.....................4
        AKA-Identity....................................5
        SIM-Start......................................10
        SIM-Challenge..................................11
        AKA-Notification and SIM-Notification..........12
        AKA-Reauthentication and SIM-Reauthentication..13
        AKA-Client-Error and SIM-Client-Error..........14
        

The messages are composed of attributes, which have 8-bit attribute type numbers. Attributes numbered within the range 0 through 127 are called non-skippable attributes, and attributes within the range of 128 through 255 are called skippable attributes. The EAP-AKA and EAP-SIM attribute type number is a new numbering space for which IANA administration is required. The following attribute types are specified in this document in [EAP-SIM]:

消息由具有8位属性类型号的属性组成。编号在0到127范围内的属性称为不可跳过属性,编号在128到255范围内的属性称为可跳过属性。EAP-AKA和EAP-SIM属性类型号是一个新的编号空间,需要IANA管理。本文档在[EAP-SIM]中指定了以下属性类型:

        AT_RAND.........................................1
        AT_AUTN.........................................2
        AT_RES..........................................3
        AT_AUTS.........................................4
        AT_PADDING......................................6
        AT_NONCE_MT.....................................7
        AT_PERMANENT_ID_REQ............................10
        AT_MAC.........................................11
        AT_NOTIFICATION................................12
        AT_ANY_ID_REQ..................................13
        AT_IDENTITY....................................14
        AT_VERSION_LIST................................15
        AT_SELECTED_VERSION............................16
        AT_FULLAUTH_ID_REQ.............................17
        AT_COUNTER.....................................19
        AT_COUNTER_TOO_SMALL...........................20
        AT_NONCE_S.....................................21
        AT_CLIENT_ERROR_CODE...........................22
        AT_IV.........................................129
        AT_ENCR_DATA..................................130
        AT_NEXT_PSEUDONYM.............................132
        AT_NEXT_REAUTH_ID.............................133
        AT_CHECKCODE..................................134
        AT_RESULT_IND.................................135
        
        AT_RAND.........................................1
        AT_AUTN.........................................2
        AT_RES..........................................3
        AT_AUTS.........................................4
        AT_PADDING......................................6
        AT_NONCE_MT.....................................7
        AT_PERMANENT_ID_REQ............................10
        AT_MAC.........................................11
        AT_NOTIFICATION................................12
        AT_ANY_ID_REQ..................................13
        AT_IDENTITY....................................14
        AT_VERSION_LIST................................15
        AT_SELECTED_VERSION............................16
        AT_FULLAUTH_ID_REQ.............................17
        AT_COUNTER.....................................19
        AT_COUNTER_TOO_SMALL...........................20
        AT_NONCE_S.....................................21
        AT_CLIENT_ERROR_CODE...........................22
        AT_IV.........................................129
        AT_ENCR_DATA..................................130
        AT_NEXT_PSEUDONYM.............................132
        AT_NEXT_REAUTH_ID.............................133
        AT_CHECKCODE..................................134
        AT_RESULT_IND.................................135
        

The AT_NOTIFICATION attribute contains a 16-bit notification code value. The most significant bit of the notification code is called the S bit (success) and the second most significant bit is called the P bit (phase). If the S bit is set to zero, then the notification code indicates failure; notification codes with the S bit set to one do not indicate failure. If the P bit is set to zero, then the notification code can only be used before authentication has occurred. If the P bit is set to one, then the notification code can only be used after authentication. The notification code is a new numbering space for which IANA administration is required. The following values have been specified in this document and in [EAP-SIM].

AT_通知属性包含一个16位通知代码值。通知代码的最高有效位称为S位(成功),第二高有效位称为P位(阶段)。如果S位设置为零,则通知代码表示失败;S位设置为1的通知代码不表示故障。如果P位设置为零,则只能在进行身份验证之前使用通知代码。如果P位设置为1,则通知代码只能在身份验证后使用。通知代码是一个新的编号空间,需要IANA管理。本文件和[EAP-SIM]中规定了以下值。

        General failure after authentication......................0
        User has been temporarily denied access................1026
        User has not subscribed to the requested service.......1031
        General failure.......................................16384
        Success...............................................32768
        
        General failure after authentication......................0
        User has been temporarily denied access................1026
        User has not subscribed to the requested service.......1031
        General failure.......................................16384
        Success...............................................32768
        

The AT_VERSION_LIST and AT_SELECTED_VERSION attributes, specified in [EAP-SIM], contain 16-bit EAP method version numbers. The EAP method version number is a new numbering space for which IANA administration is required. Value 1 for "EAP-SIM Version 1" has been specified in [EAP-SIM]. Version numbers are not currently used in EAP-AKA.

[EAP-SIM]中指定的AT_VERSION_列表和AT_SELECTED_VERSION属性包含16位EAP方法版本号。EAP方法版本号是一个新的编号空间,需要IANA管理。[EAP-SIM]中已指定“EAP-SIM版本1”的值1。EAP-AKA中当前未使用版本号。

The AT_CLIENT_ERROR_CODE attribute contains a 16-bit client error code. The client error code is a new numbering space for which IANA administration is required. Values 0, 1, 2, and 3 have been specified in this document and in [EAP-SIM].

AT_客户端错误代码属性包含16位客户端错误代码。客户端错误代码是一个新的编号空间,需要IANA管理。值0、1、2和3已在本文档和[EAP-SIM]中指定。

All requests for value assignment from the various number spaces described in this document require proper documentation, according to the "Specification Required" policy described in [RFC2434]. Requests must be specified in sufficient detail so that interoperability between independent implementations is possible. Possible forms of documentation include, but are not limited to, RFCs, the products of another standards body (e.g., 3GPP), or permanently and readily available vendor design notes.

根据[RFC2434]中描述的“所需规范”政策,本文件中描述的各种数字空间的所有赋值请求都需要适当的文档。必须详细指定请求,以便独立实现之间的互操作性成为可能。可能的文件形式包括但不限于RFC、其他标准机构(如3GPP)的产品,或永久且随时可用的供应商设计说明。

12. Security Considerations
12. 安全考虑

The EAP specification [RFC3748] describes the security vulnerabilities of EAP, which does not include its own security mechanisms. This section discusses the claimed security properties of EAP-AKA as well as vulnerabilities and security recommendations.

EAP规范[RFC3748]描述了EAP的安全漏洞,其中不包括其自身的安全机制。本节讨论EAP-AKA声称的安全属性以及漏洞和安全建议。

12.1. Identity Protection
12.1. 身份保护

EAP-AKA includes optional Identity privacy support that protects the privacy of the subscriber identity against passive eavesdropping. This document only specifies a mechanism to deliver pseudonyms from the server to the peer as part of an EAP-AKA exchange. Hence, a peer that has not yet performed any EAP-AKA exchanges does not typically have a pseudonym available. If the peer does not have a pseudonym available, then the privacy mechanism cannot be used, and the permanent identity will have to be sent in the clear. The terminal SHOULD store the pseudonym in non-volatile memory so that it can be maintained across reboots. An active attacker that impersonates the network may use the AT_PERMANENT_ID_REQ attribute (Section 4.1.2) to learn the subscriber's IMSI. However, as discussed in Section 4.1.2, the terminal can refuse to send the cleartext IMSI if it believes that the network should be able to recognize the pseudonym.

EAP-AKA包括可选的身份隐私支持,可保护订户身份的隐私免受被动窃听。本文档仅指定了作为EAP-AKA交换的一部分从服务器向对等方传递假名的机制。因此,尚未执行任何EAP-AKA交换的对等方通常没有可用的假名。如果对等方没有可用的笔名,则不能使用隐私机制,必须以明文形式发送永久身份。终端应将笔名存储在非易失性存储器中,以便在重新启动期间保持该笔名。模拟网络的主动攻击者可使用AT_PERMANENT_ID_REQ属性(第4.1.2节)了解订户的IMSI。然而,如第4.1.2节所述,如果终端认为网络应该能够识别笔名,则可以拒绝发送明文IMSI。

If the peer and server cannot guarantee that the pseudonym will be maintained reliably, and Identity privacy is required then additional protection from an external security mechanism (such as Protected Extensible Authentication Protocol (PEAP) [PEAP]) may be used. The benefits and the security considerations of using an external security mechanism with EAP-AKA are beyond the scope of this document.

如果对等方和服务器不能保证将可靠地维护笔名,并且需要身份隐私,那么可以使用来自外部安全机制的额外保护(例如受保护的可扩展认证协议(PEAP)[PEAP])。在EAP-AKA中使用外部安全机制的好处和安全注意事项超出了本文档的范围。

12.2. Mutual Authentication
12.2. 相互认证

EAP-AKA provides mutual authentication via the 3rd generation AKA mechanisms [TS33.102] and [S.S0055-A].

EAP-AKA通过第三代AKA机制[TS33.102]和[S.S0055-A]提供相互认证。

Note that this mutual authentication is with the EAP server. In general, EAP methods do not authenticate the identity or services provided by the EAP authenticator (if distinct from the EAP server) unless they provide the so-called channel bindings property. The vulnerabilities related to this have been discussed in [RFC3748], [EAPKeying], [ServiceIdentity].

请注意,这种相互身份验证是通过EAP服务器进行的。通常,EAP方法不会对EAP验证器提供的身份或服务进行身份验证(如果与EAP服务器不同),除非它们提供所谓的通道绑定属性。与此相关的漏洞已在[RFC3748]、[EAPKeying]、[ServiceIdentity]中讨论过。

EAP-AKA does not provide the channel bindings property, so it only authenticates the EAP server. However, ongoing work such as [ServiceIdentity] may provide such support as an extension to popular EAP methods such as EAP-TLS, EAP-SIM, or EAP-AKA.

EAP-AKA不提供通道绑定属性,因此它仅对EAP服务器进行身份验证。然而,诸如[ServiceIdentity]之类的正在进行的工作可以提供这种支持,作为流行EAP方法(如EAP-TLS、EAP-SIM或EAP-AKA)的扩展。

12.3. Flooding the Authentication Centre
12.3. 泛滥的认证中心

The EAP-AKA server typically obtains authentication vectors from the Authentication Centre (AuC). EAP-AKA introduces a new usage for the AuC. The protocols between the EAP-AKA server and the AuC are out of the scope of this document. However, it should be noted that a

EAP-AKA服务器通常从认证中心(AuC)获取认证向量。EAP-AKA为AuC引入了一种新用法。EAP-AKA服务器和AuC之间的协议不在本文档范围内。然而,应当指出的是

malicious EAP-AKA peer may generate a lot of protocol requests to mount a denial-of-service attack. The EAP-AKA server implementation SHOULD take this into account and SHOULD take steps to limit the traffic that it generates towards the AuC, preventing the attacker from flooding the AuC and from extending the denial-of-service attack from EAP-AKA to other users of the AuC.

恶意EAP-AKA对等方可能会生成大量协议请求以发起拒绝服务攻击。EAP-AKA服务器实施应考虑到这一点,并应采取措施限制其向AuC产生的流量,防止攻击者淹没AuC并将拒绝服务攻击从EAP-AKA扩展到AuC的其他用户。

12.4. Key Derivation
12.4. 密钥派生

EAP-AKA supports key derivation with 128-bit effective key strength. The key hierarchy is specified in Section 7.

EAP-AKA支持128位有效密钥强度的密钥派生。第7节规定了密钥层次结构。

The Transient EAP Keys used to protect EAP-AKA packets (K_encr, K_aut), the Master Session Keys, and the Extended Master Session Keys are cryptographically separate. An attacker cannot derive any non-trivial information about any of these keys based on the other keys. An attacker also cannot calculate the pre-shared secret from AKA IK, AKA CK, EAP-AKA K_encr, EAP-AKA K_aut, the Master Session Key, or the Extended Master Session Key.

用于保护EAP-AKA数据包(K_encr、K_aut)的瞬态EAP密钥、主会话密钥和扩展主会话密钥以加密方式分开。攻击者无法基于其他密钥获取有关这些密钥的任何非平凡信息。攻击者也无法从AKA IK、AKA CK、EAP-AKA K_encr、EAP-AKA K_aut、主会话密钥或扩展主会话密钥计算预共享秘密。

12.5. Brute-Force and Dictionary Attacks
12.5. 暴力和字典攻击

The effective strength of EAP-AKA values is 128 bits, and there are no known, computationally feasible brute-force attacks. Because AKA is not a password protocol (the pre-shared secret is not a passphrase, or derived from a passphrase), EAP-AKA is not vulnerable to dictionary attacks.

EAP-AKA值的有效强度为128位,并且没有已知的、计算上可行的暴力攻击。由于AKA不是密码协议(预共享秘密不是密码短语,或源自密码短语),EAP-AKA不易受到字典攻击。

12.6. Protection, Replay Protection, and Confidentiality
12.6. 保护、重播保护和机密性

AT_MAC, AT_IV, AT_ENCR_DATA, and AT_COUNTER attributes are used to provide integrity, replay, and confidentiality protection for EAP-AKA Requests and Responses. Integrity protection with AT_MAC includes the EAP header. Integrity protection (AT_MAC) is based on a keyed message authentication code. Confidentiality (AT_ENCR_DATA and AT_IV) is based on a block cipher.

AT_MAC、AT_IV、AT_ENCR_数据和AT_计数器属性用于为EAP-AKA请求和响应提供完整性、重播和保密保护。AT_MAC的完整性保护包括EAP头。完整性保护(AT_MAC)基于密钥消息身份验证代码。机密性(AT_ENCR_数据和AT_IV)基于分组密码。

Because keys are not available in the beginning of the EAP methods, the AT_MAC attribute cannot be used for protecting EAP/AKA-Identity messages. However, the AT_CHECKCODE attribute can optionally be used to protect the integrity of the EAP/AKA-Identity roundtrip.

由于密钥在EAP方法的开头不可用,因此AT_MAC属性不能用于保护EAP/AKA标识消息。但是,AT_CHECKCODE属性可以选择性地用于保护EAP/AKA身份往返的完整性。

Confidentiality protection is applied only to a part of the protocol fields. The table of attributes in Section 10.1 summarizes which fields are confidentiality protected. It should be noted that the error and notification code attributes AT_CLIENT_ERROR_CODE and AT_NOTIFICATION are not confidential, but they are transmitted in the clear. Identity protection is discussed in Section 12.1.

保密保护仅应用于协议字段的一部分。第10.1节中的属性表总结了受保密保护的字段。需要注意的是,客户端错误代码和通知代码的错误和通知代码属性不是机密的,但它们是以明文形式传输的。第12.1节讨论了身份保护。

On full authentication, replay protection of the EAP exchange is provided by RAND and AUTN values from the underlying AKA scheme. Protection against replays of EAP-AKA messages is also based on the fact that messages that can include AT_MAC can only be sent once with a certain EAP-AKA Subtype, and on the fact that a different K_aut key will be used for calculating AT_MAC in each full authentication exchange.

在完全身份验证时,EAP交换的重播保护由基础AKA方案的RAND和AUTN值提供。针对EAP-AKA消息重播的保护还基于这样一个事实,即可以包括AT_MAC的消息只能使用某个EAP-AKA子类型发送一次,并且在每个完整身份验证交换中,将使用不同的K_aut密钥来计算AT_MAC。

On fast re-authentication, a counter included in AT_COUNTER and a server random nonce is used to provide replay protection. The AT_COUNTER attribute is also included in EAP-AKA notifications, if they are used after successful authentication in order to provide replay protection between re-authentication exchanges.

在快速重新身份验证中,AT_计数器中包含的计数器和服务器随机nonce用于提供重播保护。EAP-AKA通知中还包括AT_计数器属性,前提是在成功身份验证后使用它们,以便在重新身份验证交换之间提供重播保护。

The contents of the user identity string are implicitly integrity protected by including them in key derivation.

用户标识字符串的内容通过包含在密钥派生中而受到隐式完整性保护。

Because EAP-AKA is not a tunneling method, EAP-Request/Notification, EAP-Response/Notification, EAP-Success, or EAP-Failure packets are not confidential, integrity protected, or replay protected. On physically insecure networks, this may enable an attacker to mount denial-of-service attacks by spoofing these packets. As discussed in Section 6.3, the peer will only accept EAP-Success after the peer successfully authenticates the server. Hence, the attacker cannot force the peer to believe successful mutual authentication has occurred before the peer successfully authenticates the server or after the peer failed to authenticate the server.

由于EAP-AKA不是隧道方法,因此EAP请求/通知、EAP响应/通知、EAP成功或EAP失败数据包不受保密、完整性保护或重播保护。在物理上不安全的网络上,这可能使攻击者能够通过欺骗这些数据包来发起拒绝服务攻击。如第6.3节所述,只有在对等方成功验证服务器后,对等方才会接受EAP成功。因此,攻击者无法强迫对等方相信在对等方成功验证服务器之前或在对等方未能验证服务器之后已成功进行相互身份验证。

The security considerations of EAP-AKA result indications are covered in Section 12.8

第12.8节介绍了EAP-AKA结果指示的安全注意事项

An eavesdropper will see the EAP Notification, EAP_Success and EAP-Failure packets sent in the clear. With EAP-AKA, confidential information MUST NOT be transmitted in EAP Notification packets.

窃听者将看到EAP通知、EAP_成功和EAP失败数据包以明文形式发送。使用EAP-AKA,机密信息不得在EAP通知包中传输。

12.7. Negotiation Attacks
12.7. 谈判攻击

EAP-AKA does not protect the EAP-Response/Nak packet. Because EAP-AKA does not protect the EAP method negotiation, EAP method downgrading attacks may be possible, especially if the user uses the same identity with EAP-AKA and other EAP methods.

EAP-AKA不保护EAP响应/Nak数据包。由于EAP-AKA不保护EAP方法协商,因此可能会发生EAP方法降级攻击,尤其是当用户使用与EAP-AKA和其他EAP方法相同的身份时。

As described in Section 8, EAP-AKA allows the protocol to be extended by defining new attribute types. When defining such attributes, it should be noted that any extra attributes included in EAP-Request/AKA-Identity or EAP-Response/AKA-Identity packets are not

如第8节所述,EAP-AKA允许通过定义新的属性类型来扩展协议。在定义此类属性时,应注意,EAP请求/AKA标识或EAP响应/AKA标识数据包中包含的任何额外属性均不可用

included in the MACs later on, and thus some other precautions must be taken to avoid modifications to them.

包括在以后的MAC中,因此必须采取一些其他预防措施以避免对其进行修改。

EAP-AKA does not support ciphersuite negotiation or EAP-AKA protocol version negotiation.

EAP-AKA不支持密码套件协商或EAP-AKA协议版本协商。

12.8. Protected Result Indications
12.8. 保护结果指示

EAP-AKA supports optional protected success indications, and acknowledged failure indications. If a failure occurs after successful authentication, then the EAP-AKA failure indication is integrity and replay protected.

EAP-AKA支持可选的受保护成功指示和已确认的故障指示。如果认证成功后出现故障,则EAP-AKA故障指示为完整性和重播保护。

Even if an EAP-Failure packet is lost when using EAP-AKA over an unreliable medium, then the EAP-AKA failure indications will help ensure that the peer and EAP server will know the other party's authentication decision. If protected success indications are used, then the loss of Success packet will also be addressed by the acknowledged, integrity, and replay protected EAP-AKA success indication. If the optional success indications are not used, then the peer may end up believing the server completed successful authentication, when actually it failed. Because access will not be granted in this case, protected result indications are not needed unless the client is not able to realize it does not have access for an extended period of time.

即使在通过不可靠介质使用EAP-AKA时EAP故障数据包丢失,EAP-AKA故障指示也将有助于确保对等方和EAP服务器了解另一方的认证决定。如果使用受保护的成功指示,则成功数据包的丢失也将通过确认、完整性和重播受保护的EAP-AKA成功指示来解决。如果未使用可选的成功指示,则对等方可能最终认为服务器完成了成功的身份验证,而实际上它失败了。由于在这种情况下不会授予访问权限,因此不需要受保护的结果指示,除非客户机无法意识到其在较长时间内没有访问权限。

12.9. Man-in-the-Middle Attacks
12.9. 中间人攻击

In order to avoid man-in-the-middle attacks and session hijacking, user data SHOULD be integrity protected on physically insecure networks. The EAP-AKA Master Session Key or keys derived from it MAY be used as the integrity protection keys, or, if an external security mechanism such as PEAP is used, then the link integrity protection keys MAY be derived by the external security mechanism.

为了避免中间人攻击和会话劫持,应该在物理上不安全的网络上保护用户数据的完整性。EAP-AKA主会话密钥或从其派生的密钥可用作完整性保护密钥,或者,如果使用诸如PEAP的外部安全机制,则链路完整性保护密钥可由外部安全机制派生。

There are man-in-the-middle attacks associated with the use of any EAP method within a tunneled protocol. For instance, an early version of PEAP [PEAP-02] was vulnerable to this attack. This specification does not address these attacks. If EAP-AKA is used with a tunneling protocol, there should be cryptographic binding provided between the protocol and EAP-AKA to prevent man-in-the-middle attacks through rogue authenticators being able to setup one-way authenticated tunnels. For example, newer versions of PEAP include such cryptographic binding. The EAP-AKA Master Session Key MAY be used to provide the cryptographic binding. However, the mechanism that provides the binding depends on the tunneling protocol and is beyond the scope of this document.

在隧道协议中,存在与使用任何EAP方法相关的中间人攻击。例如,早期版本的PEAP[PEAP-02]易受此攻击。本规范不涉及这些攻击。如果EAP-AKA与隧道协议一起使用,则协议和EAP-AKA之间应提供加密绑定,以通过能够设置单向认证隧道的流氓身份验证器防止中间人攻击。例如,PEAP的较新版本包括这种加密绑定。EAP-AKA主会话密钥可用于提供加密绑定。但是,提供绑定的机制取决于隧道协议,超出了本文档的范围。

12.10. Generating Random Numbers
12.10. 生成随机数

An EAP-AKA implementation SHOULD use a good source of randomness to generate the random numbers required in the protocol. Please see [RFC4086] for more information on generating random numbers for security applications.

EAP-AKA实现应使用良好的随机性源来生成协议中所需的随机数。有关为安全应用程序生成随机数的更多信息,请参阅[RFC4086]。

13. Security Claims
13. 担保债权

This section provides the security claims required by [RFC3748].

本节提供了[RFC3748]要求的担保索赔。

Auth. Mechanism: EAP-AKA is based on the AKA mechanism, which is an authentication and key agreement mechanism based on a symmetric 128-bit pre-shared secret.

Auth。机制:EAP-AKA基于AKA机制,这是一种基于对称128位预共享秘密的身份验证和密钥协商机制。

Ciphersuite negotiation: No

Ciphersuite协商:否

Mutual authentication: Yes (Section 12.2)

相互认证:是(第12.2节)

Integrity protection: Yes (Section 12.6)

完整性保护:是(第12.6节)

Replay protection: Yes (Section 12.6)

重播保护:是(第12.6节)

Confidentiality: Yes, except method-specific success and failure indications (Section 12.1, Section 12.6)

保密性:是,方法特定成功和失败指示除外(第12.1节,第12.6节)

Key derivation: Yes

关键词:是的

Key strength: EAP-AKA supports key derivation with 128-bit effective key strength.

密钥强度:EAP-AKA支持128位有效密钥强度的密钥派生。

Description of key hierarchy: Please see Section 7.

密钥层次结构描述:请参见第7节。

Dictionary attack protection: N/A (Section 12.5)

字典攻击保护:不适用(第12.5节)

Fast reconnect: Yes

快速重新连接:是的

Cryptographic binding: N/A

加密绑定:不适用

Session independence: Yes (Section 12.4)

会话独立性:是(第12.4节)

Fragmentation: No

碎片:没有

Channel binding: No

通道绑定:否

Indication of vulnerabilities. Vulnerabilities are discussed in Section 12.

漏洞指示。第12节讨论了漏洞。

14. Acknowledgements and Contributions
14. 感谢和贡献

The authors wish to thank Rolf Blom of Ericsson, Bernard Aboba of Microsoft, Arne Norefors of Ericsson, N.Asokan of Nokia, Valtteri Niemi of Nokia, Kaisa Nyberg of Nokia, Jukka-Pekka Honkanen of Nokia, Pasi Eronen of Nokia, Olivier Paridaens of Alcatel, and Ilkka Uusitalo of Ericsson for interesting discussions in this problem space.

作者希望感谢爱立信的Rolf Blom、微软的Bernard Aboba、爱立信的Arne Norefors、诺基亚的N.Asokan、诺基亚的Valtteri Niemi、诺基亚的Kaisa Nyberg、诺基亚的Jukka Pekka Honkanen、诺基亚的Pasi Eronen、阿尔卡特的Olivier Paridaens和爱立信的Ilkka Uusitalo,感谢他们在这个问题空间进行了有趣的讨论。

Many thanks to Yoshihiro Ohba for reviewing the document.

非常感谢大叶吉弘审阅该文件。

This protocol has been partly developed in parallel with EAP-SIM [EAP-SIM], and hence this specification incorporates many ideas from EAP-SIM, and many contributions from the reviewer's of EAP-SIM.

本协议部分是与EAP-SIM[EAP-SIM]并行开发的,因此本规范包含了EAP-SIM的许多想法,以及EAP-SIM评审员的许多贡献。

The attribute format is based on the extension format of Mobile IPv4 [RFC3344].

属性格式基于移动IPv4[RFC3344]的扩展格式。

15. References
15. 工具书类
15.1. Normative References
15.1. 规范性引用文件

[TS33.102] 3rd Generation Partnership Project, "3GPP Technical Specification 3GPP TS 33.102 V5.1.0: "Technical Specification Group Services and System Aspects; 3G Security; Security Architecture (Release 5)"", December 2002.

[TS33.102]第三代合作伙伴项目,“3GPP技术规范3GPP TS 33.102 V5.1.0:“技术规范组服务和系统方面”;3G安全;安全体系结构(第5版)”,2002年12月。

[S.S0055-A] 3rd Generation Partnership Project 2, "3GPP2 Enhanced Cryptographic Algorithms", September 2003.

[S.S0055-A]第三代合作项目2,“3GPP2增强加密算法”,2003年9月。

[RFC4282] Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The Network Access Identifier", RFC 4282, December 2005.

[RFC4282]Aboba,B.,Beadles,M.,Arkko,J.,和P.Erenen,“网络访问标识符”,RFC 42822005年12月。

[RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. Levkowetz, "Extensible Authentication Protocol (EAP)", RFC 3748, June 2004.

[RFC3748]Aboba,B.,Blunk,L.,Vollbrecht,J.,Carlson,J.,和H.Levkowetz,“可扩展身份验证协议(EAP)”,RFC 3748,2004年6月。

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[TS23.003] 3rd Generation Partnership Project, "3GPP Technical Specification 3GPP TS 23.003 V6.8.0: "3rd Generation Parnership Project; Technical Specification Group Core Network; Numbering, addressing and identification (Release 6)"", December 2005.

[TS23.003]第三代合作伙伴项目,“3GPP技术规范3GPP TS 23.003 V6.8.0:”第三代合作伙伴项目;技术规范组核心网;编号、地址和标识(第6版)”,2005年12月。

[RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.

[RFC2104]Krawczyk,H.,Bellare,M.和R.Canetti,“HMAC:用于消息认证的键控哈希”,RFC 2104,1997年2月。

[AES] National Institute of Standards and Technology, "Federal Information Processing Standards (FIPS) Publication 197, "Advanced Encryption Standard (AES)"", November 2001, http://csrc.nist.gov/publications/fips/fips197/ fips-197.pdf.

[AES]国家标准与技术研究所,“联邦信息处理标准(FIPS)出版物197,“高级加密标准(AES)”,2001年11月,http://csrc.nist.gov/publications/fips/fips197/ fips-197.pdf。

[CBC] National Institute of Standards and Technology, "NIST Special Publication 800-38A, "Recommendation for Block Cipher Modes of Operation - Methods and Techniques"", December 2001, http://csrc.nist.gov/publications/ nistpubs/800-38a/sp800-38a.pdf.

[CBC]国家标准与技术研究所,“NIST特别出版物800-38A,“分组密码操作模式建议-方法和技术”,2001年12月,http://csrc.nist.gov/publications/ nistpubs/800-38a/sp800-38a.pdf。

[SHA-1] National Institute of Standards and Technology, U.S. Department of Commerce, "Federal Information Processing Standard (FIPS) Publication 180-1, "Secure Hash Standard"", April 1995.

[SHA-1]美国商务部国家标准与技术研究所,“联邦信息处理标准(FIPS)出版物180-1,“安全哈希标准”,1995年4月。

[PRF] National Institute of Standards and Technology, "Federal Information Processing Standards (FIPS) Publication 186-2 (with change notice); Digital Signature Standard (DSS)", January 2000, http://csrc.nist.gov/publications/ fips/fips186-2/fips186-2-change1.pdf.

[PRF]国家标准与技术研究所,“联邦信息处理标准(FIPS)出版物186-2(附变更通知);数字签名标准(DSS)”,2000年1月,http://csrc.nist.gov/publications/ fips/fips186-2/fips186-2-change1.pdf。

[TS33.105] 3rd Generation Partnership Project, "3GPP Technical Specification 3GPP TS 33.105 4.1.0: "Technical Specification Group Services and System Aspects; 3G Security; Cryptographic Algorithm Requirements (Release 4)"", June 2001.

[TS33.105]第三代合作伙伴项目,“3GPP技术规范3GPP TS 33.105 4.1.0:“技术规范组服务和系统方面”;3G安全;加密算法要求(第4版)”,2001年6月。

[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003.

[RFC3629]Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,2003年11月。

[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.

[RFC2434]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 2434,1998年10月。

15.2. Informative References
15.2. 资料性引用

[RFC2548] Zorn, G., "Microsoft Vendor-specific RADIUS Attributes", RFC 2548, March 1999.

[RFC2548]Zorn,G.,“微软特定于供应商的半径属性”,RFC 2548,1999年3月。

[PEAP] Palekar, A., Simon, D., Zorn, G., Salowey, J., Zhou, H., and S. Josefsson, "Protected EAP Protocol (PEAP) Version 2", work in progress, October 2004.

[PEAP]Palekar,A.,Simon,D.,Zorn,G.,Salowey,J.,Zhou,H.,和S.Josefsson,“受保护的EAP协议(PEAP)版本2”,正在进行的工作,2004年10月。

[PEAP-02] Anderson, H., Josefsson, S., Zorn, G., Simon, D., and A. Palekar, "Protected EAP Protocol (PEAP)", work in progress, February 2002.

[PEAP-02]Anderson,H.,Josefsson,S.,Zorn,G.,Simon,D.,和A.Palekar,“受保护的EAP协议(PEAP)”,正在进行的工作,2002年2月。

[EAPKeying] Aboba, B., Simon, D., Arkko, J., Eronen, P., and H. Levkowetz, "Extensible Authentication Protocol (EAP) Key Management Framework", work in progress, October 2005.

[EAPKeying]Aboba,B.,Simon,D.,Arkko,J.,Eronen,P.,和H.Levkowetz,“可扩展认证协议(EAP)密钥管理框架”,正在进行的工作,2005年10月。

[ServiceIdentity] Arkko, J. and P. Eronen, "Authenticated Service Information for the Extensible Authentication Protocol (EAP)", Work in Progress, October 2004.

[ServiceIdentity]Arkko,J.和P.Eronen,“可扩展认证协议(EAP)的认证服务信息”,正在进行的工作,2004年10月。

[RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness Requirements for Security", BCP 106, RFC 4086, June 2005.

[RFC4086]Eastlake,D.,Schiller,J.,和S.Crocker,“安全的随机性要求”,BCP 106,RFC 4086,2005年6月。

[RFC3344] Perkins, C., "IP Mobility Support for IPv4", RFC 3344, August 2002.

[RFC3344]Perkins,C.,“IPv4的IP移动支持”,RFC 3344,2002年8月。

[EAP-SIM] Haverinen, H., Ed. and J. Salowey, Ed., "Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)", RFC 4186, January 2006.

[EAP-SIM]Haverinen,H.,Ed.和J.Salowey,Ed.,“全球移动通信系统(GSM)用户识别模块(EAP-SIM)的可扩展认证协议方法”,RFC 4186,2006年1月。

Appendix A. Pseudo-Random Number Generator
附录A.伪随机数发生器

The "|" character denotes concatenation, and "^" denotes exponentiation.

“|”字符表示串联,“^”表示幂运算。

Step 1: Choose a new, secret value for the seed-key, XKEY

步骤1:为种子密钥选择一个新的秘密值XKEY

Step 2: In hexadecimal notation let t = 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0 This is the initial value for H0|H1|H2|H3|H4 in the FIPS SHS [SHA-1]

步骤2:以十六进制表示法,让t=67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0这是FIPS SHS[SHA-1]中H0 | H1 | H2 | H3 | H4的初始值

   Step 3: For j = 0 to m - 1 do
         3.1.  XSEED_j = 0 /* no optional user input */
         3.2.  For i = 0 to 1 do
               a.  XVAL = (XKEY + XSEED_j) mod 2^b
               b.  w_i = G(t, XVAL)
               c.  XKEY = (1 + XKEY + w_i) mod 2^b
         3.3.  x_j = w_0|w_1
        
   Step 3: For j = 0 to m - 1 do
         3.1.  XSEED_j = 0 /* no optional user input */
         3.2.  For i = 0 to 1 do
               a.  XVAL = (XKEY + XSEED_j) mod 2^b
               b.  w_i = G(t, XVAL)
               c.  XKEY = (1 + XKEY + w_i) mod 2^b
         3.3.  x_j = w_0|w_1
        

Authors' Addresses

作者地址

Jari Arkko Ericsson FIN-02420 Jorvas Finland

Jari Arkko Ericsson FIN-02420 Jorvas芬兰公司

   EMail: jari.Arkko@ericsson.com
        
   EMail: jari.Arkko@ericsson.com
        

Henry Haverinen Nokia Enterprise Solutions P.O. Box 12 FIN-40101 Jyvaskyla Finland

Henry Haverinen诺基亚企业解决方案邮政信箱12 FIN-40101芬兰Jyvaskyla

   EMail: henry.haverinen@nokia.com
        
   EMail: henry.haverinen@nokia.com
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2006).

版权所有(C)互联网协会(2006年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).

RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。