@misc{rfc9678,
    series =    {Request for Comments},
    number =    9678,
    howpublished =  {RFC 9678},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC9678},
    url =       {https://www.rfc-editor.org/info/rfc9678},
    author =    {Jari Arkko and Karl Norrman and John Preuß Mattsson},
    title =     {{Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)}},
    pagetotal = 25,
    year =      2025,
    month =     mar,
    abstract =  {This document updates RFC 9048, "Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA')", and its predecessor RFC 5448 with an optional extension providing ephemeral key exchange. The extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated, provides forward secrecy for the session keys generated as a part of the authentication run in EAP-AKA'. This prevents an attacker who has gained access to the long-term key from obtaining session keys established in the past. In addition, EAP-AKA' FS mitigates passive attacks (e.g., large-scale pervasive monitoring) against future sessions. This forces attackers to use active attacks instead.},
}