EAP-SIM authentication in WLAN
The main idea of EAP-SIM authentication in WLAN (802.1X) networks is the use of authentication parameters and SIM card algorithms for user authentication and traffic encryption in WLAN networks. At the same time, the user does not have to enter a login and password, all authentication is "transparent".
1) EAP-SIM authentication scheme
Legend:
EAP - Enhanced Authentication Protocol (Extended Authentication Protocol)
SIM Subscriber Identity Module (GSM Subscriber Identity Module)
MAC - Message Authentication Code
IMSI - International Mobile Subscriber Identifier
Nonce - Random value generated by client side
GSM triplet - RAND and Kc and SRES values calculated on the basis of this RAND using A3 / A8 algorithms
AuC - GSM operator authentication center. One of the tasks is the calculation of a GSM triplet.
')
The basic authentication scheme using EAP-SIM is shown below.
EAP-SIM authentication with this scheme requires the following components:
- Client device (Terminal) with support for a conventional GSM SIM card and corresponding software. You can use a specific SIM card, in this case, security will be higher
- 802.1X compatible WLAN access point with EAP-SIM support
- Access Controller / Gateway with DHCP (Dynamic Host Configuration Protocol) and EAP-SIM protocol on the WLAN side of the network to allocate dynamic IP addresses to network users and interact with the AAA RADIUS server of the WLAN network via the EAP protocol
- AAA RADIUS server used to authenticate the user of a WLAN network using EAP-SIM / AKA algorithms (in traditional WLAN networks this is an authentication server that, in the simplest case, checks the entered login & password and charges the subscriber)
- SS7 gateway for interworking AAA RADIUS server's WLAN network with HLR (Home Location Register) / Authentication Center (AuC) operator. The diagram, for simplicity, is not indicated.
- HLR / AuC - home register of GSM subscribers
2) The principle of operation of EAP-SIM authentication
A timing diagram explaining the principle of EAP-SIM authentication is given below.
If the PIN code is entered correctly (or the request is turned off) and the subscriber has chosen the appropriate WLAN network, EAP-SIM authentication starts at his terminal. The authentication process takes the following steps:
a) from the WLAN side of the access point (in the Access Point diagram), the EAP Identity Request message is sent to the user terminal via the EAPOL protocol
b) the user terminal in the EAP Identity Response message transmits the MSISDN (in the form of an NAI, for example 250097000000001@eapsim.mobile_carrier.ru) of the SIM card used or pseudonym. Pseudonym (temporary identity), which is analogous to the temporary IMSI and is designed to increase security by hiding the real IMSI.
c) The WLAN access point in the EAP SIM Start Request message informs the user terminal of the supported versions of the EAP-SIM authentication, and also requests the parameters of the terminal equipment.
d) the user terminal selects one of the supported authentication algorithms, which is reported to the access point in the EAP SIM Start response message. This message also contains the value of the required number of GSM triplets per session (see clause 3.1).
e) The WLAN access point translates 802.1X protocols into RADIUS compliant protocols and forwards the MSISDN + parameters from the EAP SIM Start response to the AAA RADIUS server. In turn, the AAA RADIUS server, via the SS7 gateway (via MAP), transmits the MSISDN of the terminal to AuC and requests standard GSM triplets (RAND, Kc, SRES).
d) Two or three RAND values and Kc & SRES values received from AuC are used by the WLAN AAA RADIUS server to calculate EAP-SIM authentication keys (K_aut), EAP-SIM encryption keys (K_encr), MSK & EMSK session keys and EAP-SIM additional authentication parameters. Next, an EAP packet is generated, containing: RAND values (in open form), encrypted additional authentication parameters (AT_ENCR_DATA). Then, the EAP packet and the packet hash sum (AT_MAC value = SHA1 (EAP packet, NONCE_MT)) are transmitted to the terminal in the EAP SIM Challenge Request message.
e) the RAND values obtained by the terminal are transmitted to the SIM card for calculating SRES and Kc values by the A3 / A8 algorithms, which are then used by the terminal to decrypt additional authentication parameters obtained in the previous step “EAP-SIM”. Further, if the decryption on the terminal side is successful and the “EAP-SIM advanced authentication parameters” are correct, the terminal sends the network in the EAP SIM Challenge Response message a sign of successful “terminal authentication” and the hash sum of the calculated SRES value (AT_MAC = SHA1 (SRES) ). Otherwise, the hash amount of SRES is not sent.
d) if the WLAN AAA RADIUS server acknowledges receipt of a successful authentication flag and if the SRES hash sum from the terminal matches the calculated one, the access point starts providing the service, and a successful "server authentication" message is sent to the terminal. Service provisioning is possible using standard WPA / WPA2 (WLAN Access Protection) encryption.
The protocols used in each of the sections are shown in the figure below.
It should be noted that for the EAP mode there are two main methods of authentication in WLAN networks: EAP-AKA and EAP-SIM. The first one is more reliable, but requires a USIM card with Milenage support, besides Milenage support must be present on the AuC / HLR operator’s side. The second method indicated is less reliable, requires 2G SIM cards (COMP128v1-4) and standard 2G authentication on the AuC / HLR operator’s side. It should also be noted that authentication via EAP-SIM / AKA is reciprocal, and is performed by analyzing the AT_MAC values received from the access point from the terminal side - if the parameters in AT_MAC do not match the parameters of the SIM card, then the authentication is terminated and the hash amount SRES to the access point .
Also, when setting up a WLAN network, you need to set the user reauthentication mode if the data transfer session is broken. Here two options are possible:
- re-EAP-SIM / AKA authentication
- use the client access parameters (MSISDN, MAC) stored in the AAA RADIUS server and do not re-request the triplets from the AuC server of the operator. The second method will reduce the load on the operator’s network, but this method is less secure in the matter of illegal access under the client’s name
The advantage of EAP-SIM / AKA authentication is transparent to the subscriber authentication while maintaining data confidentiality, since the secret key Ki is not transmitted to the IP network. As stated in RFC 4186, the reliability of EAP-SIM / AKA authentication is no worse than in GSM.
3) GSM network security when using EAP-SIM authentication
Due to the fact that a SIM card is involved in EAP-SIM authentication, it is necessary to carefully analyze the confidentiality of secret data in various schemes for using EAP-SIM. For now, let's turn to RFC 4186, from which two observations follow:
3.1. As stated in RFC 4186: “The cipher key (Kc) is no longer a key.” The length of Kc is not enough to securely encrypt user data in a WLAN network. To eliminate this, an algorithm for obtaining 2-3 Kc can be applied, followed by merging on the client side and the AAA RADIUS server of the WLAN network. When using the algorithm of using 2-3 Kc keys, the reliability of data channel encryption increases.
3.2. The second question is the transfer of the SRES hash from the terminal to the AAA RADIUS server via the WLAN IP network. In the standard case, SRES is not transmitted explicitly and cannot be obtained by an attacker. However, there is a possibility of the presence on the side of the terminal / PC "Trojans" in order to illegally obtain SRES and Kc. After receiving a sufficiently large number of triplets, it is possible to calculate the key i and further clone the GSM SIM card. This method allows you to get triplets without physical access to the SIM card, which increases the risk of cloning SIM cards. It should also be noted that the algorithm for calculating the SRES hash sum via SHA1 is unreliable and has already been cracked (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html). Thus, by listening to a Wi-Fi network, attackers can get real SRES and RAND values. Kc, however, is not transmitted and cannot be obtained by listening to the network.
4) EAP-SIM authentication solutions analysis
Depending on the requirements for the coverage of the terminal base and the level of security, there are three options for the introduction of EAP-SIM at the cellular operator.
a) Calculating the MAC and MAC2 values inside the SIM card. Formation of EAP packets inside the SIM card.
Advantages of the solution:
- High degree of security when calculating GSM triplets
- Work on various WLAN terminals, including PCs with different operating systems, but on condition that third-party software is also developed. WLAN requirements are minimal, since all calculations go on the SIM card side.
Solution Minuses:
- It is necessary to create a new SIM card profile, finance the development of an applet on the SIM card
- It is necessary to create third-party software for various operating systems of the phone and PC. Given that the OS is constantly updated, it will be necessary to periodically release new software versions or updates.
- The need to configure software in a WLAN device
- If the subscriber wants to take advantage of the EAP-SIM he will need to change the SIM card
b) Calculating the MAC and MAC2 values inside the SIM card. Formation of EAP on the WLAN side of the terminal.
Advantages of the solution:
- High degree of security when calculating GSM triplets
- Work on various WLAN terminals, including PCs with different operating systems, but on condition that third-party software is also developed.
Solution Minuses:
- Since EAP packets will be formed and decrypted on the terminal side, there are some performance requirements, but given the modern terminal hardware, these risks are minimized.
- It is necessary to create a new SIM card profile, finance the development of an applet on the SIM card
- It is necessary to create third-party software for various operating systems of the phone and PC. Given that the OS is constantly updated, it will be necessary to periodically release new software versions or updates.
- The need to configure software in a WLAN device
- If the subscriber wants to take advantage of the EAP-SIM he will need to change the SIM card
c) Calculation of MAC & MAC2 & EAP packet values on the WLAN side of the terminal.
Advantages of the solution:
- There are no specific requirements for the SIM card, existing SIM cards will do.
- There is no need to install additional software on the terminal.
- Before connecting to the WLAN network, the subscriber does not need to configure anything on the terminal side (except for iphone).
Solution Minuses:
- The average degree of security when calculating GSM triplets. It should be noted that it is easy for a hacker to get GSM triplets without EAP-SIM technology, but simply by writing software with the RUN GSM Algorithm function. Therefore, the main risks are associated with the possible penetration of Trojans to the WLAN terminal, which will intercept data for an already authorized session and use them in a relatively short period of time and on the same access point.
- EAP-SIM support is required on the terminal side. At the beginning of 2012, of the major vendors, EAP-SIM is supported only by some Nokia, iPhone, blackberry phones.
5) Equipment requirements for the operation and development of EAP-SIM authentication
With the successful implementation of EAP-SIM authentication, users get the advantage of transparent and reliable authentication (without entering a login and password) and the ability to use corporate resources (without organizing a VPN channel). Below are the requirements necessary for the operation of EAP-SIM / AKA authentication and conditions for rapid development:
a) The need to use specific software on a computer and WLAN communicators that do not support EAP-SIM / AKA at the software and hardware level.
b) Although there are several WLAN modems with EAP-SIM support at the hardware / software level (see section below), their number is very limited. For WLAN modems with built-in EAP-SIM support, the need to use specific software is eliminated.
c) For WLAN terminals that do not support EAP-SIM / AKA technology, you will have to use additional equipment in the form of a SIM reader, which greatly affects the usability of the service.
d) A limiting factor in using WLAN networks on equipment that does not support EAP-SIM / AKA authentication is the need to remove the SIM card from a standard GSM phone. The telephone connection, however, will be unavailable for the subscriber. When using 2 SIM cards, this is not a limiting factor.
e) AAA RADIUS of the guest WLAN server and home networks must support EAP-SIM / AKA authentication (in accordance with the recommendations of RFC 4186 and RFC 4187) and International Roaming Access Protocols (IRAP) protocols, which are not always guaranteed. In the absence of this functionality, EAP-SIM / AKA roaming is not possible.
f) With a large number of WLAN users, the load on the operator Auc / HLR will increase
g) With each EAP-SIM authentication on the Auc / HLR server, two or three standard GSM authentication is performed, which increases the load on the GSM network equipment (see RFC 4686 chapter 10)
h) The operator Auc / HLR must be able to connect (via SS7 / MAP) to the AAA RADUIS WLAN server of the home provider
i) The controller / access gateway of the WLAN provider must support EAP-SIM / AKA (in accordance with the recommendations of RFC 4186 and RFC 4187)
j) EAP-SIM / AKA protocol support is required on the operator AUC / HLR side, in accordance with RFC 4186. This issue needs to be further developed.
k) For the organization of inter-network roaming, i.e. in order for a business WLAN network to serve any subscriber it is necessary that roaming agreements be concluded between business providers and a home WLAN provider
l) Since the terminal uses the standard RUN GSM ALGORITHM request when working with a SIM / USIM card by WLAN, there are no specific requirements for a SIM / USIM card to implement EAP-SIM and EAP-AKA. But when using the perspective method of EAP-SIM inside and EAP-SmartCard, the EAP-SIM protocol and associated cryptographic primitives will be executed in a protected area, therefore a special SIM card will be required.
6) Standards
- RFC 4186 EAP mechanism for GSM
ftp.isi.edu/in-notes/rfc4186.txt (Recommendations)
- RFC 4187 EAP mechanism for 3rd generation
ftp.isi.edu/in-notes/rfc4187.txt (Recommendations)
- RFC 2284: PPP Extensible Authentication Protocol (EAP)
- WLAN-SIM Specification V 1.0 was released in 2004, however, is currently not available for reading on the site
- WBA: Wireless Broadband Alliance
www.wballiance.net
- FMCA: Fixed-Mobile Convergence Alliance
www.thefmca.com
- Wireless-Link French Hot Spots Operators industry body
www.w-link.org/public/wlink/html/fr/home/home.php
- WLAN Alliance
www.WLAN.org
findings
1. The main limiting factor in the development of EAP-SIM / AKA authentication is a very small base of user terminals supporting EAP-SIM / AKA protocols. It requires pressure from international alliances for vendors to implement EAP-SIM / AKA functionality in WLAN devices.
2. Subscriber operation in roaming is not guaranteed and depends on AAA RADIUS server support of the business WLAN IRAP network of protocols and EAP-SIM / AKA authentication. An additional condition for subscriber work in roaming is roaming agreements.
3. Specifications are very limited quantity. At the same time, readily available specifications for the implementation of EAP-SIM / AKA exist as recommendations (RFC). Other types of documents are either not available outside alliances or do not exist.
4. At the network levels, for the implementation of EAP-SIM / AKA functionality, additional settings or installations are required on the WLAN AAA RADUIS server and AuC / HLR side.
5. In terms of security, there are two ways to authenticate using SIM: EAP-SIM inside and EAP-SIM. For EAP-SIM inside, EAP packets are generated inside the SIM card, which is safer, but requires special SIM cards and special terminals. For EAP-SIM, the formation of EAP packets during authentication is performed on the terminal side; therefore, triplets of GSM triplets may leak, but standard SIM cards and any WLAN terminal with EAP-installed software can be used for this method.
6. As stated in the RFC, the reliability of authentication when using EAP-SIM is no worse than in GSM.
7. GSM network security when using EAP-SIM is quite high, since Kc values in EAP-SIM are not transmitted to the network. SRES is transmitted to the network in encrypted form. If there is a hacker software on the WLAN terminal, there may be isolated cases of leakage of confidential authentication data. Also, due to the presence of the final counter of authentication on the SIM card, in the presence of hacker software, there may be cases of blocking the SIM card.
8. The successful launch of EAP-SIM authentication with the operator Swiss Mobile allows you to talk about the emergence of interest in this technology.
1) EAP-SIM authentication scheme
Legend:
EAP - Enhanced Authentication Protocol (Extended Authentication Protocol)
SIM Subscriber Identity Module (GSM Subscriber Identity Module)
MAC - Message Authentication Code
IMSI - International Mobile Subscriber Identifier
Nonce - Random value generated by client side
GSM triplet - RAND and Kc and SRES values calculated on the basis of this RAND using A3 / A8 algorithms
AuC - GSM operator authentication center. One of the tasks is the calculation of a GSM triplet.
')
The basic authentication scheme using EAP-SIM is shown below.
EAP-SIM authentication with this scheme requires the following components:
- Client device (Terminal) with support for a conventional GSM SIM card and corresponding software. You can use a specific SIM card, in this case, security will be higher
- 802.1X compatible WLAN access point with EAP-SIM support
- Access Controller / Gateway with DHCP (Dynamic Host Configuration Protocol) and EAP-SIM protocol on the WLAN side of the network to allocate dynamic IP addresses to network users and interact with the AAA RADIUS server of the WLAN network via the EAP protocol
- AAA RADIUS server used to authenticate the user of a WLAN network using EAP-SIM / AKA algorithms (in traditional WLAN networks this is an authentication server that, in the simplest case, checks the entered login & password and charges the subscriber)
- SS7 gateway for interworking AAA RADIUS server's WLAN network with HLR (Home Location Register) / Authentication Center (AuC) operator. The diagram, for simplicity, is not indicated.
- HLR / AuC - home register of GSM subscribers
2) The principle of operation of EAP-SIM authentication
A timing diagram explaining the principle of EAP-SIM authentication is given below.
If the PIN code is entered correctly (or the request is turned off) and the subscriber has chosen the appropriate WLAN network, EAP-SIM authentication starts at his terminal. The authentication process takes the following steps:
a) from the WLAN side of the access point (in the Access Point diagram), the EAP Identity Request message is sent to the user terminal via the EAPOL protocol
b) the user terminal in the EAP Identity Response message transmits the MSISDN (in the form of an NAI, for example 250097000000001@eapsim.mobile_carrier.ru) of the SIM card used or pseudonym. Pseudonym (temporary identity), which is analogous to the temporary IMSI and is designed to increase security by hiding the real IMSI.
c) The WLAN access point in the EAP SIM Start Request message informs the user terminal of the supported versions of the EAP-SIM authentication, and also requests the parameters of the terminal equipment.
d) the user terminal selects one of the supported authentication algorithms, which is reported to the access point in the EAP SIM Start response message. This message also contains the value of the required number of GSM triplets per session (see clause 3.1).
e) The WLAN access point translates 802.1X protocols into RADIUS compliant protocols and forwards the MSISDN + parameters from the EAP SIM Start response to the AAA RADIUS server. In turn, the AAA RADIUS server, via the SS7 gateway (via MAP), transmits the MSISDN of the terminal to AuC and requests standard GSM triplets (RAND, Kc, SRES).
d) Two or three RAND values and Kc & SRES values received from AuC are used by the WLAN AAA RADIUS server to calculate EAP-SIM authentication keys (K_aut), EAP-SIM encryption keys (K_encr), MSK & EMSK session keys and EAP-SIM additional authentication parameters. Next, an EAP packet is generated, containing: RAND values (in open form), encrypted additional authentication parameters (AT_ENCR_DATA). Then, the EAP packet and the packet hash sum (AT_MAC value = SHA1 (EAP packet, NONCE_MT)) are transmitted to the terminal in the EAP SIM Challenge Request message.
e) the RAND values obtained by the terminal are transmitted to the SIM card for calculating SRES and Kc values by the A3 / A8 algorithms, which are then used by the terminal to decrypt additional authentication parameters obtained in the previous step “EAP-SIM”. Further, if the decryption on the terminal side is successful and the “EAP-SIM advanced authentication parameters” are correct, the terminal sends the network in the EAP SIM Challenge Response message a sign of successful “terminal authentication” and the hash sum of the calculated SRES value (AT_MAC = SHA1 (SRES) ). Otherwise, the hash amount of SRES is not sent.
d) if the WLAN AAA RADIUS server acknowledges receipt of a successful authentication flag and if the SRES hash sum from the terminal matches the calculated one, the access point starts providing the service, and a successful "server authentication" message is sent to the terminal. Service provisioning is possible using standard WPA / WPA2 (WLAN Access Protection) encryption.
The protocols used in each of the sections are shown in the figure below.
It should be noted that for the EAP mode there are two main methods of authentication in WLAN networks: EAP-AKA and EAP-SIM. The first one is more reliable, but requires a USIM card with Milenage support, besides Milenage support must be present on the AuC / HLR operator’s side. The second method indicated is less reliable, requires 2G SIM cards (COMP128v1-4) and standard 2G authentication on the AuC / HLR operator’s side. It should also be noted that authentication via EAP-SIM / AKA is reciprocal, and is performed by analyzing the AT_MAC values received from the access point from the terminal side - if the parameters in AT_MAC do not match the parameters of the SIM card, then the authentication is terminated and the hash amount SRES to the access point .
Also, when setting up a WLAN network, you need to set the user reauthentication mode if the data transfer session is broken. Here two options are possible:
- re-EAP-SIM / AKA authentication
- use the client access parameters (MSISDN, MAC) stored in the AAA RADIUS server and do not re-request the triplets from the AuC server of the operator. The second method will reduce the load on the operator’s network, but this method is less secure in the matter of illegal access under the client’s name
The advantage of EAP-SIM / AKA authentication is transparent to the subscriber authentication while maintaining data confidentiality, since the secret key Ki is not transmitted to the IP network. As stated in RFC 4186, the reliability of EAP-SIM / AKA authentication is no worse than in GSM.
3) GSM network security when using EAP-SIM authentication
Due to the fact that a SIM card is involved in EAP-SIM authentication, it is necessary to carefully analyze the confidentiality of secret data in various schemes for using EAP-SIM. For now, let's turn to RFC 4186, from which two observations follow:
3.1. As stated in RFC 4186: “The cipher key (Kc) is no longer a key.” The length of Kc is not enough to securely encrypt user data in a WLAN network. To eliminate this, an algorithm for obtaining 2-3 Kc can be applied, followed by merging on the client side and the AAA RADIUS server of the WLAN network. When using the algorithm of using 2-3 Kc keys, the reliability of data channel encryption increases.
3.2. The second question is the transfer of the SRES hash from the terminal to the AAA RADIUS server via the WLAN IP network. In the standard case, SRES is not transmitted explicitly and cannot be obtained by an attacker. However, there is a possibility of the presence on the side of the terminal / PC "Trojans" in order to illegally obtain SRES and Kc. After receiving a sufficiently large number of triplets, it is possible to calculate the key i and further clone the GSM SIM card. This method allows you to get triplets without physical access to the SIM card, which increases the risk of cloning SIM cards. It should also be noted that the algorithm for calculating the SRES hash sum via SHA1 is unreliable and has already been cracked (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html). Thus, by listening to a Wi-Fi network, attackers can get real SRES and RAND values. Kc, however, is not transmitted and cannot be obtained by listening to the network.
4) EAP-SIM authentication solutions analysis
Depending on the requirements for the coverage of the terminal base and the level of security, there are three options for the introduction of EAP-SIM at the cellular operator.
a) Calculating the MAC and MAC2 values inside the SIM card. Formation of EAP packets inside the SIM card.
Advantages of the solution:
- High degree of security when calculating GSM triplets
- Work on various WLAN terminals, including PCs with different operating systems, but on condition that third-party software is also developed. WLAN requirements are minimal, since all calculations go on the SIM card side.
Solution Minuses:
- It is necessary to create a new SIM card profile, finance the development of an applet on the SIM card
- It is necessary to create third-party software for various operating systems of the phone and PC. Given that the OS is constantly updated, it will be necessary to periodically release new software versions or updates.
- The need to configure software in a WLAN device
- If the subscriber wants to take advantage of the EAP-SIM he will need to change the SIM card
b) Calculating the MAC and MAC2 values inside the SIM card. Formation of EAP on the WLAN side of the terminal.
Advantages of the solution:
- High degree of security when calculating GSM triplets
- Work on various WLAN terminals, including PCs with different operating systems, but on condition that third-party software is also developed.
Solution Minuses:
- Since EAP packets will be formed and decrypted on the terminal side, there are some performance requirements, but given the modern terminal hardware, these risks are minimized.
- It is necessary to create a new SIM card profile, finance the development of an applet on the SIM card
- It is necessary to create third-party software for various operating systems of the phone and PC. Given that the OS is constantly updated, it will be necessary to periodically release new software versions or updates.
- The need to configure software in a WLAN device
- If the subscriber wants to take advantage of the EAP-SIM he will need to change the SIM card
c) Calculation of MAC & MAC2 & EAP packet values on the WLAN side of the terminal.
Advantages of the solution:
- There are no specific requirements for the SIM card, existing SIM cards will do.
- There is no need to install additional software on the terminal.
- Before connecting to the WLAN network, the subscriber does not need to configure anything on the terminal side (except for iphone).
Solution Minuses:
- The average degree of security when calculating GSM triplets. It should be noted that it is easy for a hacker to get GSM triplets without EAP-SIM technology, but simply by writing software with the RUN GSM Algorithm function. Therefore, the main risks are associated with the possible penetration of Trojans to the WLAN terminal, which will intercept data for an already authorized session and use them in a relatively short period of time and on the same access point.
- EAP-SIM support is required on the terminal side. At the beginning of 2012, of the major vendors, EAP-SIM is supported only by some Nokia, iPhone, blackberry phones.
5) Equipment requirements for the operation and development of EAP-SIM authentication
With the successful implementation of EAP-SIM authentication, users get the advantage of transparent and reliable authentication (without entering a login and password) and the ability to use corporate resources (without organizing a VPN channel). Below are the requirements necessary for the operation of EAP-SIM / AKA authentication and conditions for rapid development:
a) The need to use specific software on a computer and WLAN communicators that do not support EAP-SIM / AKA at the software and hardware level.
b) Although there are several WLAN modems with EAP-SIM support at the hardware / software level (see section below), their number is very limited. For WLAN modems with built-in EAP-SIM support, the need to use specific software is eliminated.
c) For WLAN terminals that do not support EAP-SIM / AKA technology, you will have to use additional equipment in the form of a SIM reader, which greatly affects the usability of the service.
d) A limiting factor in using WLAN networks on equipment that does not support EAP-SIM / AKA authentication is the need to remove the SIM card from a standard GSM phone. The telephone connection, however, will be unavailable for the subscriber. When using 2 SIM cards, this is not a limiting factor.
e) AAA RADIUS of the guest WLAN server and home networks must support EAP-SIM / AKA authentication (in accordance with the recommendations of RFC 4186 and RFC 4187) and International Roaming Access Protocols (IRAP) protocols, which are not always guaranteed. In the absence of this functionality, EAP-SIM / AKA roaming is not possible.
f) With a large number of WLAN users, the load on the operator Auc / HLR will increase
g) With each EAP-SIM authentication on the Auc / HLR server, two or three standard GSM authentication is performed, which increases the load on the GSM network equipment (see RFC 4686 chapter 10)
h) The operator Auc / HLR must be able to connect (via SS7 / MAP) to the AAA RADUIS WLAN server of the home provider
i) The controller / access gateway of the WLAN provider must support EAP-SIM / AKA (in accordance with the recommendations of RFC 4186 and RFC 4187)
j) EAP-SIM / AKA protocol support is required on the operator AUC / HLR side, in accordance with RFC 4186. This issue needs to be further developed.
k) For the organization of inter-network roaming, i.e. in order for a business WLAN network to serve any subscriber it is necessary that roaming agreements be concluded between business providers and a home WLAN provider
l) Since the terminal uses the standard RUN GSM ALGORITHM request when working with a SIM / USIM card by WLAN, there are no specific requirements for a SIM / USIM card to implement EAP-SIM and EAP-AKA. But when using the perspective method of EAP-SIM inside and EAP-SmartCard, the EAP-SIM protocol and associated cryptographic primitives will be executed in a protected area, therefore a special SIM card will be required.
6) Standards
- RFC 4186 EAP mechanism for GSM
ftp.isi.edu/in-notes/rfc4186.txt (Recommendations)
- RFC 4187 EAP mechanism for 3rd generation
ftp.isi.edu/in-notes/rfc4187.txt (Recommendations)
- RFC 2284: PPP Extensible Authentication Protocol (EAP)
- WLAN-SIM Specification V 1.0 was released in 2004, however, is currently not available for reading on the site
- WBA: Wireless Broadband Alliance
www.wballiance.net
- FMCA: Fixed-Mobile Convergence Alliance
www.thefmca.com
- Wireless-Link French Hot Spots Operators industry body
www.w-link.org/public/wlink/html/fr/home/home.php
- WLAN Alliance
www.WLAN.org
findings
1. The main limiting factor in the development of EAP-SIM / AKA authentication is a very small base of user terminals supporting EAP-SIM / AKA protocols. It requires pressure from international alliances for vendors to implement EAP-SIM / AKA functionality in WLAN devices.
2. Subscriber operation in roaming is not guaranteed and depends on AAA RADIUS server support of the business WLAN IRAP network of protocols and EAP-SIM / AKA authentication. An additional condition for subscriber work in roaming is roaming agreements.
3. Specifications are very limited quantity. At the same time, readily available specifications for the implementation of EAP-SIM / AKA exist as recommendations (RFC). Other types of documents are either not available outside alliances or do not exist.
4. At the network levels, for the implementation of EAP-SIM / AKA functionality, additional settings or installations are required on the WLAN AAA RADUIS server and AuC / HLR side.
5. In terms of security, there are two ways to authenticate using SIM: EAP-SIM inside and EAP-SIM. For EAP-SIM inside, EAP packets are generated inside the SIM card, which is safer, but requires special SIM cards and special terminals. For EAP-SIM, the formation of EAP packets during authentication is performed on the terminal side; therefore, triplets of GSM triplets may leak, but standard SIM cards and any WLAN terminal with EAP-installed software can be used for this method.
6. As stated in the RFC, the reliability of authentication when using EAP-SIM is no worse than in GSM.
7. GSM network security when using EAP-SIM is quite high, since Kc values in EAP-SIM are not transmitted to the network. SRES is transmitted to the network in encrypted form. If there is a hacker software on the WLAN terminal, there may be isolated cases of leakage of confidential authentication data. Also, due to the presence of the final counter of authentication on the SIM card, in the presence of hacker software, there may be cases of blocking the SIM card.
8. The successful launch of EAP-SIM authentication with the operator Swiss Mobile allows you to talk about the emergence of interest in this technology.
Source: https://habr.com/ru/post/142795/
All Articles