1. Introduction
1.1. Scope
This document describes an Extensible Authentication Protocol (EAP)
[1] method suitable for use with One-Time Password (OTP) tokens, and
offers particular advantages for tokens that are electronically
connected to a user's computer, e.g., through a USB interface. The
method can be used to provide unilateral or mutual authentication,
and key material, in protocols utilizing EAP, such as PPP [10], IEEE
802.1X [11], and IKEv2 [12].
1.2. Background
A One-Time Password (OTP) token may be a handheld hardware device, a
hardware device connected to a personal computer through an
electronic interface such as USB, or a software module resident on a
personal computer, which generates one-time passwords that may be
used to authenticate a user towards some service. This document
describes an EAP method intended to meet the needs of organizations
wishing to use OTP tokens in an interoperable manner to authenticate
users over EAP. The method is designed to be independent of
particular OTP algorithms and to meet the requirements on modern EAP
methods (see [13]).
The basic variant of this method provides client authentication only.
This mode is only to be used within a secured tunnel. A more
advanced variant provides mutual authentication, integrity protection
of the exchange, protection against eavesdroppers, and establishment
of authenticated keying material. Both variants allow for fast
session resumption.
While this document also includes a profile of the general method for
the RSA SecurID(TM) mechanism, it is described in terms of general
constructions. It is therefore intended that the document will also
serve as a framework for use with other OTP algorithms.
Note: The term "OTP" as used herein shall not be confused with the
EAP OTP method defined in [1].
1.3. Rationale behind the Design
EAP-POTP has been designed with the intent that its messages and data
elements be easily parsed by EAP implementations. This makes it
easier to programmatically use the EAP method in the peer and the
authenticator, reducing the need for user interactions and allowing
for local generation of user prompts, when needed. In contrast, the
Generic Token Card (GTC) method from [1], which uses text strings
generated by the EAP server, is intended to be interpreted and acted
upon by humans. Furthermore, EAP-POTP allows for mutual
authentication and establishment of keying material, which GTC does
not. To retain the generic nature of GTC, the EAP-POTP method has
been designed to support a wide range of OTP algorithms, with
profiling expected for specific such algorithms. This document
provides a profile of EAP-POTP for RSA SecurID tokens.
1.4. Relationship with EAP Methods in RFC 3748prop
The EAP OTP method defined in [1], which builds on [14], is an
example of a particular OTP algorithm and is not related to the EAP
method defined in this document, other than that a profile of EAP-
POTP may be created for the OTP algorithm from [14].
The Generic Token Card EAP method defined in [1] is intended to work
with a variety of OTP algorithms. The same is true for EAP-POTP, the
EAP method defined herein. Advantages of profiling a particular OTP
algorithm for use with EAP-POTP, compared to using EAP GTC, are
described in Section 1.3.
