Evaluation of EAP Usage for Authenticating Eduroam Users in 5G Networks

Leonardo Azalim de Oliveira,Edelberto Franco Silva
2024-02-17
Abstract:The fifth generation of the telecommunication networks (5G) established the service-oriented paradigm on the mobile networks. In this new context, the 5G Core component has become extremely flexible so, in addition to serving mobile networks, it can also be used to connect devices from the so-called non-3GPP networks, which contains technologies such as WiFi. The implementation of this connectivity requires specific protocols to ensure authentication and reliability. Given these characteristics and the possibility of convergence, it is necessary to carefully choose the encryption algorithms and authentication methods used by non-3GPP user equipment. In light of the above, this paper highlights key findings resulting from an analysis on the subject conducted through a test environment which could be used in the context of the Eduroam federation.
Cryptography and Security
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is: in 5G networks, how to authenticate Eduroam users through the EAP (Extensible Authentication Protocol) method to ensure its security and reliability. Specifically, the paper focuses on: 1. **Characteristics and Challenges of 5G Networks**: - The 5G network has introduced the service - oriented paradigm and service - based architecture, making the network more flexible, but it also brings new integration challenges, especially the integration of WiFi networks and 5G infrastructure. - It is necessary to select appropriate encryption algorithms and authentication methods to ensure the security of non - 3GPP user equipment (such as WiFi equipment) in 5G networks. 2. **Requirements of the Eduroam Federation**: - Eduroam is a global initiative aiming to provide secure wireless Internet access for the academic community. With the support of Hotspot 2.0 and Passpoint technologies, Eduroam needs to evaluate how to achieve seamless roaming and automatic connection in the 5G environment. - The Brazilian Eduroam Federation (managed by RNP) has shown interest in joining the OpenRoaming alliance, but it needs to meet specific security requirements. 3. **Application of the EAP - AKA' Protocol**: - EAP - AKA' is an authentication method specifically designed for 5G networks, which can generate and verify anchor keys, thereby ensuring the security of communication between user equipment (UE) and base stations (gNodeB). - The paper analyzes in detail the working principle of the EAP - AKA' protocol and explores its application potential in the integration of WiFi and 5G networks. 4. **Construction and Verification of the Test Environment**: - A 5G test environment based on open - source projects (using free5gc) was constructed, and multiple tests were carried out to verify the effectiveness of different EAP methods. - The possible integration architectures between WiFi and 5G networks were explored, especially in the application in the Eduroam federation. In summary, this paper aims to propose a feasible solution through in - depth research and experiments to ensure the secure authentication of Eduroam users in 5G networks and promote the seamless integration of WiFi and 5G networks.