Evaluation of EAP Usage for Authenticating Eduroam Users in 5G Networks
Leonardo Azalim de Oliveira, Edelberto Franco Silva
TL;DR
This work addresses securing Eduroam authentication over converged 5G and WiFi networks by analyzing EAP methods, 3GPP releases, and the EAP-AKA' protocol, then validating a practical testbed based on free5gc and UERANSIM to explore WiFi/5G convergence via DN-AAA. It provides a comparative view of EAP-AKA' and 5G-AKA, details a convergence architecture leveraging ATSSS, and documents open-source artifacts to enable reproducibility. Key technical aspects include anchor-key derivation and subsequent keys ($K_{ausf}$, $XRES$, $K_{seaf}$) within the EAP-AKA' flow, and the role of DN-AAA in enabling RADIUS-based device authentication for Eduroam. The findings offer a practical baseline for expanding Eduroam into 5G-enabled environments and guide future work on roaming, alternative EAP methods, and integrated WiFi-5G-RADIUS deployments, with attention to identity mapping and privacy concerns in cross-domain credentials.
Abstract
The fifth generation of the telecommunication networks (5G) established the service-oriented paradigm on the mobile networks. In this new context, the 5G Core component has become extremely flexible so, in addition to serving mobile networks, it can also be used to connect devices from the so-called non-3GPP networks, which contains technologies such as WiFi. The implementation of this connectivity requires specific protocols to ensure authentication and reliability. Given these characteristics and the possibility of convergence, it is necessary to carefully choose the encryption algorithms and authentication methods used by non-3GPP user equipment. In light of the above, this paper highlights key findings resulting from an analysis on the subject conducted through a test environment which could be used in the context of the Eduroam federation.