Learning Centre

Credential Provisioning and Peer Configuration with Extensible Authentication Protocol

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Ginzboorg, Philip
dc.contributor.author Boire, Sébastien
dc.date.accessioned 2021-06-20T17:05:24Z
dc.date.available 2021-06-20T17:05:24Z
dc.date.issued 2021-06-14
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/108221
dc.description.abstract The Internet of Things (IoT) contains an increasing number of diverse objects, ranging from simple sensors to smart speakers and industrial appliances. The continuing growth in the number and the diversity of connected devices within enterprises and homes complicates their management. Vendor-specific protocols cannot solve this problem.The Extensible Authentication Protocol (EAP) is a framework to negotiate and run EAP methods, i.e. authentication protocols between client and server. Tens of different EAP methods exist, and EAP is widely-adopted in WiFi and cellular networks. In some EAP methods the server can invoke another, “inner” EAP method for additional authentication inside the same EAP session.In this thesis we investigate how to apply EAP for managing devices in wireless networks.Our approach is to add the possibility to send short client tokens from server to client in EAP session. After successful authentication and completion of the EAP session, the client uses these tokens to access the management servers.We have designed several options for transferring client tokens inside an EAP session.These options were then implemented by extending open-source software components and evaluated experimentally, using Raspberry Pi as a platform.Based on our analysis and experiments, the most flexible option for sending client tokens in EAP is by combination of an outer EAP method (EAP-oPROV) that sequentially runs two inner EAP methods. The first inner method does peer authentication, and the tokens are sent to the client in the second inner EAP method (EAP-iPROV). Since the first inner EAP method is not fixed (it is chosen by the authentication server), there are many compatible EAP methods for peer authentication in this option. The two new EAP methods(EAP-oPROV and EAP-iPROV) could be standardized in the future. en
dc.format.extent 61+5
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.title Credential Provisioning and Peer Configuration with Extensible Authentication Protocol en
dc.type G2 Pro gradu, diplomityö fi
dc.contributor.school Perustieteiden korkeakoulu fi
dc.subject.keyword IoT en
dc.subject.keyword EAP en
dc.subject.keyword authentication en
dc.subject.keyword credential en
dc.subject.keyword certificate en
dc.identifier.urn URN:NBN:fi:aalto-202106207479
dc.programme.major Security and Cloud Computing fi
dc.programme.mcode SCI3084 fi
dc.type.ontasot Master's thesis en
dc.type.ontasot Diplomityö fi
dc.contributor.supervisor Aura, Tuomas
dc.programme Master’s Programme in Security and Cloud Computing (SECCLO) fi
local.aalto.electroniconly yes
local.aalto.openaccess yes

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication