Credential Provisioning and Device Configuration with EAP

Sebastien Boire; Tolgahan Akgün; Philip Ginzboorg; Pekka Laitinen; Sandeep Tamrakar; Tuomas Aura

doi:10.1145/3479241.3486705

Credential Provisioning and Device Configuration with EAP

Sebastien Boire, Tolgahan Akgün, Philip Ginzboorg, Pekka Laitinen, Sandeep Tamrakar, Tuomas Aura

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

1 Citation (Scopus)

68 Downloads (Pure)

Abstract

The Extensible Authentication Protocol (EAP) is used for authenticating client devices to WiFi networks, and it is designed to be extensible with new authentication methods. We look at ways to extend the protocol to support credential provisioning and configuration of new client devices. As large numbers of IoT devices are deployed, the task will be simplified by combining the network connectivity, identity and certificate provisioning, and application-layer connectivity to one process. The solution will also allow the use of a one-time credential for the initial authentication, so that the long-term device certificate is issued automatically after the first connection to the network. The paper analyzes the requirements and architectural design options that implement such a user experience. We consider solutions that transfer short bootstrapping data inside the EAP session and then implement the provisioning and configuration with web APIs over HTTPS. This allows future flexibility and speed of development in the provisioning and configuration steps. We designed and implemented several architecturally different solutions and present the comparison results and also compare with previous proposals that have similar goals.

Original language	English
Title of host publication	MobiWac '21: Proceedings of the 19th ACM International Symposium on Mobility Management and Wireless Access
Place of Publication	New York, NY, USA
Publisher	ACM
Pages	87–96
Number of pages	10
ISBN (Electronic)	9781450390798
DOIs	https://doi.org/10.1145/3479241.3486705
Publication status	Published - 22 Nov 2021
MoE publication type	A4 Article in a conference publication
Event	ACM International Symposium on Mobility Management and Wireless Access - Alicante, Spain Duration: 22 Nov 2021 → 26 Nov 2021 Conference number: 19

Conference

Conference	ACM International Symposium on Mobility Management and Wireless Access
Abbreviated title	MobiWac
Country/Territory	Spain
City	Alicante
Period	22/11/2021 → 26/11/2021

Keywords

wireless network
configuration
EAP
device management
security
certificate provisioning

Access to Document

10.1145/3479241.3486705

Credential Provisioning and Device Configuration with EAPFinal published version, 943 KB

OpenUrl availability

Full text

Cite this

@inproceedings{4f1c25123aa74da2b67cd54c14e4499a,

title = "Credential Provisioning and Device Configuration with EAP",

abstract = "The Extensible Authentication Protocol (EAP) is used for authenticating client devices to WiFi networks, and it is designed to be extensible with new authentication methods. We look at ways to extend the protocol to support credential provisioning and configuration of new client devices. As large numbers of IoT devices are deployed, the task will be simplified by combining the network connectivity, identity and certificate provisioning, and application-layer connectivity to one process. The solution will also allow the use of a one-time credential for the initial authentication, so that the long-term device certificate is issued automatically after the first connection to the network. The paper analyzes the requirements and architectural design options that implement such a user experience. We consider solutions that transfer short bootstrapping data inside the EAP session and then implement the provisioning and configuration with web APIs over HTTPS. This allows future flexibility and speed of development in the provisioning and configuration steps. We designed and implemented several architecturally different solutions and present the comparison results and also compare with previous proposals that have similar goals.",

keywords = "wireless network, configuration, EAP, device management, security, certificate provisioning",

author = "Sebastien Boire and Tolgahan Akg{\"u}n and Philip Ginzboorg and Pekka Laitinen and Sandeep Tamrakar and Tuomas Aura",

year = "2021",

month = nov,

day = "22",

doi = "10.1145/3479241.3486705",

language = "English",

pages = "87–96",

booktitle = "MobiWac '21: Proceedings of the 19th ACM International Symposium on Mobility Management and Wireless Access",

publisher = "ACM",

address = "United States",

note = "ACM International Symposium on Mobility Management and Wireless Access, MobiWac ; Conference date: 22-11-2021 Through 26-11-2021",

}

Boire, S, Akgün, T, Ginzboorg, P, Laitinen, P, Tamrakar, S & Aura, T 2021, Credential Provisioning and Device Configuration with EAP. in MobiWac '21: Proceedings of the 19th ACM International Symposium on Mobility Management and Wireless Access. ACM, New York, NY, USA, pp. 87–96, ACM International Symposium on Mobility Management and Wireless Access, Alicante, Spain, 22/11/2021. https://doi.org/10.1145/3479241.3486705

Credential Provisioning and Device Configuration with EAP. / Boire, Sebastien; Akgün, Tolgahan; Ginzboorg, Philip et al.

MobiWac '21: Proceedings of the 19th ACM International Symposium on Mobility Management and Wireless Access. New York, NY, USA : ACM, 2021. p. 87–96.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Credential Provisioning and Device Configuration with EAP

AU - Boire, Sebastien

AU - Akgün, Tolgahan

AU - Ginzboorg, Philip

AU - Laitinen, Pekka

AU - Tamrakar, Sandeep

AU - Aura, Tuomas

N1 - Conference code: 19

PY - 2021/11/22

Y1 - 2021/11/22

N2 - The Extensible Authentication Protocol (EAP) is used for authenticating client devices to WiFi networks, and it is designed to be extensible with new authentication methods. We look at ways to extend the protocol to support credential provisioning and configuration of new client devices. As large numbers of IoT devices are deployed, the task will be simplified by combining the network connectivity, identity and certificate provisioning, and application-layer connectivity to one process. The solution will also allow the use of a one-time credential for the initial authentication, so that the long-term device certificate is issued automatically after the first connection to the network. The paper analyzes the requirements and architectural design options that implement such a user experience. We consider solutions that transfer short bootstrapping data inside the EAP session and then implement the provisioning and configuration with web APIs over HTTPS. This allows future flexibility and speed of development in the provisioning and configuration steps. We designed and implemented several architecturally different solutions and present the comparison results and also compare with previous proposals that have similar goals.

AB - The Extensible Authentication Protocol (EAP) is used for authenticating client devices to WiFi networks, and it is designed to be extensible with new authentication methods. We look at ways to extend the protocol to support credential provisioning and configuration of new client devices. As large numbers of IoT devices are deployed, the task will be simplified by combining the network connectivity, identity and certificate provisioning, and application-layer connectivity to one process. The solution will also allow the use of a one-time credential for the initial authentication, so that the long-term device certificate is issued automatically after the first connection to the network. The paper analyzes the requirements and architectural design options that implement such a user experience. We consider solutions that transfer short bootstrapping data inside the EAP session and then implement the provisioning and configuration with web APIs over HTTPS. This allows future flexibility and speed of development in the provisioning and configuration steps. We designed and implemented several architecturally different solutions and present the comparison results and also compare with previous proposals that have similar goals.

KW - wireless network

KW - configuration

KW - EAP

KW - device management

KW - security

KW - certificate provisioning

UR - http://www.scopus.com/inward/record.url?scp=85121427784&partnerID=8YFLogxK

U2 - 10.1145/3479241.3486705

DO - 10.1145/3479241.3486705

M3 - Conference contribution

SP - 87

EP - 96

BT - MobiWac '21: Proceedings of the 19th ACM International Symposium on Mobility Management and Wireless Access

PB - ACM

CY - New York, NY, USA

T2 - ACM International Symposium on Mobility Management and Wireless Access

Y2 - 22 November 2021 through 26 November 2021

ER -

Credential Provisioning and Device Configuration with EAP

Abstract

Conference

Keywords

Access to Document

OpenUrl availability

Other files and links

Fingerprint

Cite this