UMTS - Extensible Authentication Protocol


It is a generic framework developed by the IETF (RFC 3748). The basic signaling mechanism supports different authentication methods on top.

The EAP specific use for interworking with a 3GPP system is defined by the EAP-AKA method EAP-AKA is already used in I-WLAN.

The principal steps for EAP authentication are given below −

  • EAP authenticator sends an authentication request to the target device/EU (L2); it receives the response from the target device/EU and transmits it to the AAA infrastructure.

  • AAA server performs the EAP method, resulting in a challenge to the target device, which is sent by the authenticator.

  • The target device must meet the challenge; the answer is relayed to the AAA server via the authenticator.

  • AAA server compares the response to challenge with that expected and decides to successful authentication. An indication of success or failure is returned to the target device.

Optionally, the notifications can be used to transfer additional information; this is used for the IP mobility mode selection indication. During the design there was a major decision to separate areas of the safety of non-3GPP access networks in the field of security 3GPP, and also to the other domain.

The practical consequence is that the identifier of non 3GPP access network enters the security algorithm, which requires the specification of a variant of EAP-AKA, EAP-AKA (premium).