Credential Provisioning and Peer Configuration with Extensible Authentication Protocol

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorGinzboorg, Philip
dc.contributor.authorBoire, Sébastien
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorAura, Tuomas
dc.date.accessioned2021-06-20T17:05:24Z
dc.date.available2021-06-20T17:05:24Z
dc.date.issued2021-06-14
dc.description.abstractThe Internet of Things (IoT) contains an increasing number of diverse objects, ranging from simple sensors to smart speakers and industrial appliances. The continuing growth in the number and the diversity of connected devices within enterprises and homes complicates their management. Vendor-specific protocols cannot solve this problem.The Extensible Authentication Protocol (EAP) is a framework to negotiate and run EAP methods, i.e. authentication protocols between client and server. Tens of different EAP methods exist, and EAP is widely-adopted in WiFi and cellular networks. In some EAP methods the server can invoke another, “inner” EAP method for additional authentication inside the same EAP session.In this thesis we investigate how to apply EAP for managing devices in wireless networks.Our approach is to add the possibility to send short client tokens from server to client in EAP session. After successful authentication and completion of the EAP session, the client uses these tokens to access the management servers.We have designed several options for transferring client tokens inside an EAP session.These options were then implemented by extending open-source software components and evaluated experimentally, using Raspberry Pi as a platform.Based on our analysis and experiments, the most flexible option for sending client tokens in EAP is by combination of an outer EAP method (EAP-oPROV) that sequentially runs two inner EAP methods. The first inner method does peer authentication, and the tokens are sent to the client in the second inner EAP method (EAP-iPROV). Since the first inner EAP method is not fixed (it is chosen by the authentication server), there are many compatible EAP methods for peer authentication in this option. The two new EAP methods(EAP-oPROV and EAP-iPROV) could be standardized in the future.en
dc.format.extent61+5
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/108221
dc.identifier.urnURN:NBN:fi:aalto-202106207479
dc.language.isoenen
dc.programmeMaster’s Programme in Security and Cloud Computing (SECCLO)fi
dc.programme.majorSecurity and Cloud Computingfi
dc.programme.mcodeSCI3084fi
dc.subject.keywordIoTen
dc.subject.keywordEAPen
dc.subject.keywordauthenticationen
dc.subject.keywordcredentialen
dc.subject.keywordcertificateen
dc.titleCredential Provisioning and Peer Configuration with Extensible Authentication Protocolen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Boire_Sébastien_2021.pdf
Size:
1.24 MB
Format:
Adobe Portable Document Format