Content deleted Content added
→EAP Transport Layer Security (EAP-TLS): added "mutual authentication using" to the description for added clarity. |
clarify standard status of EAP-NOOB |
||
Line 10:
==={{anchor|EAP-NOOB}}Nimble out-of-band authentication for EAP (EAP-NOOB)===
Nimble out-of-band authentication for EAP<ref>{{cite web | url = https://tools.ietf.org/html/draft-ietf-emu-eap-noob | title = Nimble out-of-band authentication for EAP (EAP-NOOB) Draft | first1 = Tuomas | last1 = Aura | first2 = Mohit | last2 = Sethi | publisher = IETF Trust | date = 2020-07-21}}</ref> (EAP-NOOB) is a proposed (work in progress, not RFC) generic bootstrapping solution for devices which have no pre-configured authentication credentials and which are not yet registered on any server. It is especially useful for Internet-of-Things (IoT) gadgets and toys that come with no information about any owner, network or server. Authentication for this EAP method is based on a user-assisted out-of-band (OOB) channel between the server and peer. EAP-NOOB supports many types of OOB channels such as QR codes, NFC tags, audio etc. and unlike other EAP methods, the protocol security has been verified by formal modeling of the specification with [[ProVerif]] and [[MCRL2]] tools.<ref>[https://github.com/tuomaura/eap-noob/tree/master/protocolmodel EAP-NOOB Model on GitHub]</ref>
EAP-NOOB performs an Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) over the in-band EAP channel. The user then confirms this exchange by transferring the OOB message. Users can transfer the OOB message from the peer to the server, when for example, the device is a smart TV that can show a QR code. Alternatively, users can transfer the OOB message from the server to the peer, when for example, the device being bootstrapped is a camera that can only read a QR code.
| |||