希望大家与我完善他
Network Working Group A. Niemi
Request for Comments: 3310 Nokia
Category: Informational J. Arkko
V. Torvinen
Ericsson
September 2002
Hypertext Transfer Protocol (HTTP) Digest Authentication
Using Authentication and Key Agreement (AKA)
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This memo specifies an Authentication and Key Agreement (AKA) based
one-time password generation mechanism for Hypertext Transfer
Protocol (HTTP) Digest access authentication. The HTTP
Authentication Framework includes two authentication schemes: Basic
and Digest. Both schemes employ a shared secret based mechanism for
access authentication. The AKA mechanism performs user
authentication and session key distribution in Universal Mobile
Telecommunications System (UMTS) networks. AKA is a challenge-
response based mechanism that uses symmetric cryptography.
Niemi, et. al. Informational [Page 1]
RFC 3310 HTTP Digest Authentication Using AKA September 2002
Table of Contents
1. Introduction and Motivation . . . . . . . . . . . . . . . . . 2
1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. AKA Mechanism Overview . . . . . . . . . . . . . . . . . . . . 4
3. Specification of Digest AKA . . . . . . . . . . . . . . . . . 5
3.1 Algorithm Directive . . . . . . . . . . . . . . . . . . . . . 5
3.2 Creating a Challenge . . . . . . . . . . . . . . . . . . . . . 6
3.3 Client Authentication . . . . . . . . . . . . . . . . . . . . 7
3.4 Synchronization Failure . . . . . . . . . . . . . . . . . . . 7
3.5 Server Authentication . . . . . . . . . . . . . . . . . . . . 8
4. Example Digest AKA Operation . . . . . . . . . . . . . . . . . 8
5. Security Considerations . . . . . . . . . . . . . . . . . . . 12
5.1 Authentication of Clients using Digest AKA . . . . . . . . . . 13
5.2 Limited Use of Nonce Values . . . . . . . . . . . . . . . . . 13
5.3 Multiple Authentication Schemes and Algorithms . . . . . . . . 14
5.4 Online Dictionary Attacks . . . . . . . . . . . . . . . . . . 14
5.5 Session Protection . . . . . . . . . . . . . . . . . . . . . . 14
5.6 Replay Protection . . . . . . . . . . . . . . . . . . . . . . 15
5.7 Improvements to AKA Security . . . . . . . . . . . . . . . . . 15
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
6.1 Registration Template . . . . . . . . . . . . . . . . . . . . 16
Normative References . . . . . . . . . . . . . . . . . . . . . 16
Informative References . . . . . . . . . . . . . . . . . . . . 16
A. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 17
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 18
1. Introduction and Motivation
The Hypertext Transfer Protocol (HTTP) Authentication Framework,
described in RFC 2617 [2], includes two authentication schemes: Basic
and Digest. Both schemes employ a shared secret based mechanism for
access authentication. The Basic scheme is inherently insecure in
that it transmits user credentials in plain text. The Digest scheme
improves security by hiding user credentials with cryptographic
hashes, and additionally by providing limited message integrity.
The Authentication and Key Agreement (AKA) [6] mechanism performs
authentication and session key distribution in Universal Mobile
Telecommunications System (UMTS) networks. AKA is a challenge-
response based mechanism that uses symmetric cryptography. AKA is
typically run in a UMTS IM Services Identity Module (ISIM), which
resides on a smart card like device that also provides tamper
resistant storage of shared secrets.
Niemi, et. al. Informational [Page 2]
RFC 3310 HTTP Digest Authentication Using AKA September 2002
This document specifies a mapping of AKA parameters onto HTTP Digest
authentication. In essence, this mapping enables the usage of AKA as
a one-time password generation mechanism for Digest authentication.
As the Session Initiation Protocol (SIP) [3] Authentication Framework
closely follows the HTTP Authentication Framework, Digest AKA is
directly applicable to SIP as well as any other embodiment of HTTP
Digest.
1.1 Terminology
This chapter explains the terminology(术语) used in this document.
AKA
Authentication and Key Agreement.
认证与键协议。
AuC
Authentication Center. The network element in mobile networks
that can authorize users either in GSM or in UMTS networks.
认证中心,在GSM和UMTS网络中用于验证用户。
AUTN
Authentication Token. A 128 bit value generated by the AuC, which
together with the RAND parameter authenticates the server to the
client.
网络认证令牌。由认证中心产生的128位数值,并从服务器传输给客户的;认证令牌携带着RAND.
AUTS
Authentication Token. A 112 bit value generated by the client
upon experiencing an SQN synchronization failure.
认证令牌。由客户生成的112位数值。
CK
Cipher Key. An AKA session key for encryption.
密钥。
IK
Integrity Key. An AKA session key for integrity check.
完整性校验密钥。
ISIM
IP Multimedia Services Identity Module.
PIN
Personal Identification Number. Commonly assigned passcodes for
use with automatic cash machines, smart cards, etc.
个人识别号。
RAND
Random Challenge. Generated by the AuC using the SQN.
随机口令。认证中心根据SQN产生。
RES
Authentication Response. Generated by the ISIM.
认证响应。客户端产生的。
Niemi, et. al. Informational [Page 3]
RFC 3310 HTTP Digest Authentication Using AKA September 2002
SIM
Subscriber Identity Module. GSM counter part for ISIM.
用户ID
SQN
Sequence Number. Both AuC and ISIM maintain the value of the SQN.
UMTS
Universal Mobile Telecommunications System.
通用移动电信系统
XRES
Expected Authentication Response. In a successful authentication
this is equal to RES.
期望认证响应。期望认证响应是保存在服务其端的。如果期望认证响应等于认证响应,则成功认证。
1.2 Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119 [1].
2. AKA Mechanism Overview
This chapter describes the AKA operation in detail:
1. A shared secret K is established beforehand between the ISIM and
the Authentication Center (AuC). The secret is stored in the
ISIM, which resides on a smart card like, tamper resistant device.
共享密钥K是根据ISIM和AUC预先定义的。他存储于ISIM中,ISIM保存在智能卡中。
2. The AuC of the home network produces an authentication vector AV,
based on the shared secret K and a sequence number SQN. The
authentication vector contains a random challenge RAND, network
authentication token AUTN, expected authentication result XRES, a
session key for integrity check IK, and a session key for
encryption CK.
认证中心根据共享密钥K和序列号产生认证矢量(AV)。认证矢量包含一下信息:
随机口令(RAND)、网络认证令牌(AUTN)、期望认证响应(XRES)、密钥(CK)和完整性密钥(IK)。
3. The authentication vector is downloaded to a server. Optionally,
the server can also download a batch of