IETF RFC 9678
[ACTIVE]
Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)
Metadata
- Publisher
- IETF
- Doc Type
- Standard
- Abstract
- This document updates RFC 9048, "Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA')", and its predecessor RFC 5448 with an optional extension providing ephemeral key exchange. The extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated, provides forward secrecy for the session keys generated as a part of the authentication run in EAP-AKA'. This prevents an attacker who has gained access to the long-term key from obtaining session keys established in the past. In addition, EAP-AKA' FS mitigates passive attacks (e.g., large-scale pervasive monitoring) against future sessions. This forces attackers to use active attacks instead.
- Publication Date
- 2025-03-01
- Status Note
- Proposed Standard
- DOI
10.17487/RFC9678- Link
- https://doi.org/10.17487/RFC9678
- Author(s)
- Jari Arkko, Karl Norrman, John Preuß Mattsson
- Keyword(s)
- EAP, AKA, AKA', EAP-AKA', EAP-AKA' FS, 3GPP
Latest version of IETF RFC 9678
Document Versions — IETF RFC 9678
-
▶ IETF RFC 9678 (2025-03-01)THIS DOC [ACTIVE] [LATEST VERSION]
Normative Reference(s)
- NIST.SP.800-186 NOT IN REGISTRY
- NIST.SP.800-56Ar3 NOT IN REGISTRY
- IETF RFC 2119 [Active*]
- RFC3748 NOT IN REGISTRY
- IETF RFC 4187 [Superseded]
- IETF RFC 5448 [Superseded]
- RFC7624 NOT IN REGISTRY
- RFC7748 NOT IN REGISTRY
- RFC8126 NOT IN REGISTRY
- RFC8174 NOT IN REGISTRY
- IETF RFC 9048 [Active*]
- SECG.SEC1.v2.2009-05 NOT IN REGISTRY
- SECG.SEC2.v2.2010-01 NOT IN REGISTRY
Bibliographic Reference(s)
- 10.1007-BF00124891 NOT IN REGISTRY
- 10.1109-Trustcom.2015.506 NOT IN REGISTRY
- 3GPP.TS-33.501.202409 NOT IN REGISTRY
- INTERCEPT.great-sim-heist.2015-02 NOT IN REGISTRY
- NIST.SP.1800-35pd4.2024 NOT IN REGISTRY
- NSA.UOO115131-21.20210225 NOT IN REGISTRY
- RFC4186 NOT IN REGISTRY
- RFC5216 NOT IN REGISTRY
- RFC7258 NOT IN REGISTRY
- RFC7296 NOT IN REGISTRY
- IETF RFC 9190 [Active*]
Source Data (JSON)
Full registry record with provenance metadata. Open directly: /api/doc/RFC9678.json
Reference Tree
Explore all references and references to this document, as a navigable tree.
Open Reference TreeReference this Doc
Plain text (ISO 690 compliant)
Preview:
IETF RFC 9678, Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS). Available at https://doi.org/10.17487/RFC9678
Snippet:
IETF RFC 9678, Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS). Available at https://doi.org/10.17487/RFC9678
HTML (ISO 690 compliant)
Preview:
IETF RFC 9678, Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS). Available at https://doi.org/10.17487/RFC9678
Snippet:
<span class="citation"><cite>IETF RFC 9678</cite>, Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS). Available at <a href="https://doi.org/10.17487/RFC9678" target="_blank" rel="noopener">https://doi.org/10.17487/RFC9678</a></span>
SMPTE's HTML Pub
Preview:
IETF RFC 9678, Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)
doi: 10.17487/RFC9678
url: https://doi.org/10.17487/RFC9678
doi: 10.17487/RFC9678
url: https://doi.org/10.17487/RFC9678
Snippet:
<li> <cite id="bib-rfc9678">IETF RFC 9678</cite>, Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS) <span class="doi">10.17487/RFC9678</span> </li>