{"draft":"draft-ietf-emu-aka-pfs-12","doc_id":"RFC9678","title":"Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)","authors":["J. Arkko","K. Norrman","J. Preu\u00df Mattsson"],"format":["HTML","TEXT","PDF","XML"],"page_count":"25","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"EAP Method Update","abstract":"This document updates RFC 9048, \"Improved Extensible Authentication\r\nProtocol Method for 3GPP Mobile Network Authentication and Key\r\nAgreement (EAP-AKA')\", and its predecessor RFC 5448 with an optional\r\nextension providing ephemeral key exchange. The extension EAP-AKA'\r\nForward Secrecy (EAP-AKA' FS), when negotiated, provides forward\r\nsecrecy for the session keys generated as a part of the\r\nauthentication run in EAP-AKA'. This prevents an attacker who has\r\ngained access to the long-term key from obtaining session keys\r\nestablished in the past. In addition, EAP-AKA' FS mitigates passive\r\nattacks (e.g., large-scale pervasive monitoring) against future\r\nsessions. This forces attackers to use active attacks instead.","pub_date":"March 2025","keywords":["EAP","AKA","AKA'","EAP-AKA'","EAP-AKA' FS","3GPP"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC5448","RFC9048"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9678","errata_url":null}