EAP-SKE authentication and key exchange protocol
This note describes EAP Shared Key Exchange (SKE), a method for authentication of Mobile Nodes (MN) and generation of a per session, per node EAP Master Secret. The method applies to scenarios where a Mobile Node (MN) is in a foreign network such as a public 802.11 or 802.3 network that uses Home-AAA and Foreign-AAA services. The method requires presence of a pre-deployed cryptographically secure shared key on the MN and its Home-AAA server, and use of the 802.1x standard [1], Extensible Authentication Protocol (EAP) [2] messages, and RADIUS [3] authentication servers. The protocol can easily be extended to support the migration from RADIUS to DIAMETER [4].