Content deleted Content added
Citation bot (talk | contribs) Alter: template type. | You can use this bot yourself. Report bugs here. | Suggested by Ost316 | Category:CS1 errors: chapter ignored | via #UCB_Category |
→{{anchor|EAP-NOOB}}Nimble out-of-band authentication for EAP (EAP-NOOB): Link to IETF (draft). |
||
Line 10:
==={{anchor|EAP-NOOB}}Nimble out-of-band authentication for EAP (EAP-NOOB)===
Nimble out-of-band authentication for EAP<ref>{{cite web | url = https://tools.ietf.org/html/draft-ietf-emu-eap-noob | title = Nimble out-of-band authentication for EAP (EAP-NOOB) Draft | first1 = Tuomas | last1 = Aura | first2 = Mohit | last2 = Sethi | publisher = IETF Trust | date = 2020-07-21}}</ref> (EAP-NOOB) is a generic bootstrapping solution for devices which have no pre-configured authentication credentials and which are not yet registered on any server. It is especially useful for Internet-of-Things (IoT) gadgets and toys that come with no information about any owner, network or server. Authentication for this EAP method is based on a user-assisted out-of-band (OOB) channel between the server and peer. EAP-NOOB supports many types of OOB channels such as QR codes, NFC tags, audio etc. and unlike other EAP methods, the protocol security has been verified by formal modeling of the specification with [[ProVerif]] and [[MCRL2]] tools.<ref>[https://github.com/tuomaura/eap-noob/tree/master/protocolmodel EAP-NOOB Model on GitHub]</ref>
EAP-NOOB performs an Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) over the in-band EAP channel. The user then confirms this exchange by transferring the OOB message. Users can transfer the OOB message from the peer to the server, when for example, the device is a smart TV that can show a QR code. Alternatively, users can transfer the OOB message from the server to the peer, when for example, the device being bootstrapped is a camera that can only read a QR code.
| |||