Implementation of EAP-TTLS for Network Access Authentication based on Diameter EAP Application

Abstract

Diameter Base Protocol is a protocol for AAA (Authentication, Authorization, and Accounting), which was designed as a successor of RADIUS. For specific AAA purposes, several Diameter Applications are defined on Diameter Base Protocol. Diameter EAP Application is one of Diameter Applications that aims at network access control. EAP (Extensible Authentication Protocol) is a generic authentication protocol that supports several authentication methods called EAP methods. EAP-TTLS is one of EAP methods. EAP-TTLS is a superior authentication method that achieves strong security and is easy to deploy. This paper implements the first open source of EAP-TTLS server that runs on Diameter EAP Application. Our implementation supports four main authentication methods (PAP, CHAP, MS-CHAP, and MS-CHAPv2). As a result of working test, it was made sure that our EAP-TTLS server could authenticate several terminals using Windows, Linux, iOS (iPad), and Android. The measurement results show that the authentication time is short enough for practical operation. In addition, this paper describes the details how to implement EAP-TTLS on Diameter EAP Application as one of EAP methods. It also describes the details how to implement authentication methods in EAP-TTLS server. One of the purposes of this paper is that this paper becomes a guide for those who implement another EAP method on Diameter EAP application and those who implement another authentication method on EAP-TTLS.