RFC Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM), January . RFC (part 1 of 5): Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM ). EAP-SIM RFC is a newly emerged EAP authentication The standard for EAP-SIM authentication is still in draft form with the IETF .
|Published (Last):||5 April 2012|
|PDF File Size:||11.51 Mb|
|ePub File Size:||14.35 Mb|
|Price:||Free* [*Free Regsitration Required]|
Network Working Group H. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. The IETF has also not reviewed the security of the cryptographic ezp-sim. GSM is a second generation mobile network standard. The EAP-SIM mechanism specifies enhancements to GSM authentication and key eap-skm whereby multiple authentication triplets can be combined to create authentication responses and session keys of greater strength than the individual GSM triplets.
The mechanism also includes network authentication, user anonymity support, result indications, and a fast re-authentication procedure. Table of Contents 1. Format, Generation and Usage of Peer Identities Communicating the Peer Identity to the Server Attacks Against Identity Privacy Message Sequence Examples Informative Fall Back to Full Authentication Requesting the Permanent Identity Message Format and Protocol Extensibility A3 and A8 Algorithms Mutual Authentication and Triplet Exposure Flooding the Authentication Centre Cryptographic Separation of Keys and Session Independence Integrity and Replay Protection, and Confidentiality Second generation mobile networks and eap-smi generation mobile networks use different authentication and key agreement mechanisms.
GSM authentication is based on a challenge-response mechanism. The Kc key is originally intended to be used as an encryption key over the air interface, but in this protocol, it is used for deriving keying material and is not directly used.
Hence, esp-sim secrecy of Kc is eap–sim to the security of this protocol.
EAP-AKA and EAP-SIM Parameters
The lack of mutual authentication is a weakness in GSM authentication. The derived bit cipher key Kc is not strong enough for data networks in which stronger and longer keys are required. EAP-SIM also extends the combined RAND challenges and other messages with a message authentication code in order to provide message integrity protection along with mutual authentication.
It also specifies an optional fast re-authentication procedure. Implementers and users of EAP-SIM are advised to carefully study the security considerations in Section 11 in order to determine whether the security properties are sufficient for the environment in question, especially as the secrecy of Kc keys is essential to the security of EAP-SIM.
The 3rd generation AKA mechanism includes mutual authentication, replay protection, and derivation of longer session keys. This document frequently uses the ea-sim terms and abbreviations: The GSM network element that provides the authentication triplets for authenticating the subscriber. Authentication vector GSM triplets can be alternatively called authentication vectors. The GSM authentication and key exchange algorithms are not used 41886 the fast re-authentication procedure.
Fast Re-authentication Identity A fast re-authentication identity of the peer, including an NAI realm portion in environments where a realm is used. Used on fast re-authentication only. Fast Re-authentication Username The username portion of fast re-authentication identity, i. In general, a nonce can be predictable e. Since some cryptographic properties may depend on the randomness of the nonce, attention should be paid to whether a nonce is required to be random or not.
In this document, the term nonce is only used to denote random nonces, and it is not used to denote counters. Permanent Identity The permanent identity of the peer, including an NAI realm portion in environments where a realm rcc used.
The permanent identity is usually based on the IMSI. Used on full authentication only.
Permanent Username The username portion of permanent identity, i. Pseudonym Identity A pseudonym identity of the peer, including an NAI realm portion in environments where a realm is used.
EAP-SIM, GSM Subscriber Identity Modules
Pseudonym Username The username portion of pseudonym identity, i. Overview Figure 1 shows an overview of the EAP-SIM full authentication procedure, wherein optional protected success indications are not used.
The authenticator typically communicates with an EAP server that is located on a backend authentication server using an AAA protocol. On full authentication, the peer’s response includes either the user’s International Mobile Subscriber Identity IMSI or a temporary identity pseudonym if identity privacy is in effect, as specified in Section 4.
The packet format and the use of attributes are specified in Section 8. This packet may also include attributes for requesting the subscriber identity, as specified in Section 4.
The version negotiation is protected by including the version list and the selected version in the calculation of keying material Section 7. From the triplets, the EAP server derives the keying material, as specified in Section 7.
If the MAC’s do not match, rrfc the peer. Because protected success indications are not used in this example, the EAP server sends the EAP-Success packet, indicating that ewp-sim authentication was successful.
Protected success indications are discussed in Section 6.
The EAP server may also include derived keying material in the message it sends to the authenticator. The peer has derived the same keying material, so the authenticator does not forward the keying material to the peer along with EAP-Success. Fast re-authentication is based on keys derived on full authentication. If the peer has maintained state information for fast re-authentication and wants to use fast re-authentication, then the peer indicates this by using a specific fast re-authentication identity instead of the permanent identity or a pseudonym identity.
The fast re-authentication procedure is described in Section 5.