Towards a new standard for network access authentication: EAP-EDHOC

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2025-07-12 DOI:10.1016/j.csi.2025.104037

Francisco Lopez-Gomez , Rafael Marin-Lopez , Gabriel Lopez-Millan , Dan Garcia-Carrillo , John Preuß Mattsson , Göran Selander

{"title":"Towards a new standard for network access authentication: EAP-EDHOC","authors":"Francisco Lopez-Gomez , Rafael Marin-Lopez , Gabriel Lopez-Millan , Dan Garcia-Carrillo , John Preuß Mattsson , Göran Selander","doi":"10.1016/j.csi.2025.104037","DOIUrl":null,"url":null,"abstract":"<div><div>The Extensible Authentication Protocol (EAP) has been a cornerstone of secure authentication in both wired and wireless networks, as well as enterprise systems, enabling integration with a wide range of authentication mechanisms. Recently, the IETF EAP Method Update (EMU) Working Group has adopted EAP-EDHOC, a method that combines EAP’s extensibility with the recent standard Ephemeral Diffie–Hellman Over COSE (EDHOC). EDHOC is a lightweight authentication and key exchange protocol designed to be supported in resource-constrained environments. This enhances EAP-EDHOC as a high-performance authentication method for EAP-based networks. This paper presents a comprehensive analysis of the standardization efforts surrounding EAP-EDHOC, including a first proof-of-concept implementation and performance evaluation conducted over Wi-Fi networks. Additionally, a new design that optimizes the existing protocol by reversing the roles of the communication parties is proposed. The original and optimized versions are evaluated and compared with each other, as well as with EAP-TLS 1.3 and EAP-PSK. The results demonstrate that EAP-EDHOC achieves more efficient authentication than EAP-TLS 1.3 in terms of execution time, number of messages, and data transmitted. Meanwhile, EAP-PSK, which is based on symmetric cryptography, serves as a performance baseline.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104037"},"PeriodicalIF":4.1000,"publicationDate":"2025-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548925000662","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The Extensible Authentication Protocol (EAP) has been a cornerstone of secure authentication in both wired and wireless networks, as well as enterprise systems, enabling integration with a wide range of authentication mechanisms. Recently, the IETF EAP Method Update (EMU) Working Group has adopted EAP-EDHOC, a method that combines EAP’s extensibility with the recent standard Ephemeral Diffie–Hellman Over COSE (EDHOC). EDHOC is a lightweight authentication and key exchange protocol designed to be supported in resource-constrained environments. This enhances EAP-EDHOC as a high-performance authentication method for EAP-based networks. This paper presents a comprehensive analysis of the standardization efforts surrounding EAP-EDHOC, including a first proof-of-concept implementation and performance evaluation conducted over Wi-Fi networks. Additionally, a new design that optimizes the existing protocol by reversing the roles of the communication parties is proposed. The original and optimized versions are evaluated and compared with each other, as well as with EAP-TLS 1.3 and EAP-PSK. The results demonstrate that EAP-EDHOC achieves more efficient authentication than EAP-TLS 1.3 in terms of execution time, number of messages, and data transmitted. Meanwhile, EAP-PSK, which is based on symmetric cryptography, serves as a performance baseline.

查看原文本刊更多论文

迈向新的网络接入认证标准：EAP-EDHOC

可扩展身份验证协议（Extensible Authentication Protocol， EAP）已经成为有线和无线网络以及企业系统中安全身份验证的基石，它支持与各种身份验证机制的集成。最近，IETF EAP方法更新（EMU）工作组采用了EAP-EDHOC，这是一种将EAP的可扩展性与最近的标准Ephemeral Diffie-Hellman Over COSE （EDHOC）相结合的方法。EDHOC是一种轻量级身份验证和密钥交换协议，旨在支持资源受限的环境。这增强了EAP-EDHOC作为基于eap的网络的高性能认证方法。本文对围绕EAP-EDHOC的标准化工作进行了全面分析，包括在Wi-Fi网络上进行的首次概念验证实施和性能评估。此外，还提出了一种新的设计，通过反转通信各方的角色来优化现有协议。对原始版本和优化版本进行了评估和比较，并与EAP-TLS 1.3和EAP-PSK进行了比较。结果表明，EAP-EDHOC在执行时间、消息数量和传输数据方面都比EAP-TLS 1.3更有效。同时，基于对称加密的EAP-PSK作为性能基准。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.