Credential Provisioning and Peer Configuration with Extensible Authentication Protocol

Name
Sébastien René Baptistin Boire
Abstract
The Internet of Things (IoT) contains an increasing number of diverse objects, rangingfrom simple sensors to smart speakers and industrial appliances. The continuing growthin the number and the diversity of connected devices within enterprises and homescomplicates their management. Vendor-specific protocols cannot solve this problem.The Extensible Authentication Protocol (EAP) is a framework to negotiate and run EAPmethods, i.e. authentication protocols between client and server. Tens of different EAPmethods exist, and EAP is widely-adopted in WiFi and cellular networks. In some EAPmethods the server can invoke another, “inner” EAP method for additional authenticationinside the same EAP session.In this thesis we investigate how to apply EAP for managing devices in wireless networks.Our approach is to add the possibility to send short client tokens from server to client inEAP session. After successful authentication and completion of the EAP session, theclient uses these tokens to access the management servers.We have designed several options for transferring client tokens inside an EAP session.These options were then implemented by extending open-source software componentsand evaluated experimentally, using Raspberry Pi as a platform.Based on our analysis and experiments, the most flexible option for sending client tokensin EAP is by combination of an outer EAP method (EAP-oPROV) that sequentiallyruns two inner EAP methods. The first inner method does peer authentication, and thetokens are sent to the client in the second inner EAP method (EAP-iPROV). Since thefirst inner EAP method is not fixed (it is chosen by the authentication server), there aremany compatible EAP methods for peer authentication in this option. The two new EAPmethods (EAP-oPROV and EAP-iPROV) could be standardized in the future.
Graduation Thesis language
English
Graduation Thesis type
Master - Computer Science
Supervisor(s)
Tuomas Aura, Dominique Unruh
Defence year
2021
 
PDF