WiMAX / LTE EPS-AKA Key Generation

Benjamin Thompson b.thompson at latera.ru
Sun Oct 4 17:38:37 CEST 2020

On Sat, 3 Oct 2020 at 02:55, Alan DeKok <aland at deployingradius.com> wrote:

> On Oct 2, 2020, at 4:47 PM, Benjamin Thompson <b.thompson at latera.ru>
> wrote:
> > I am writing to ask whether anyone has any advice or scripts etc. to
> > generate the Authentication Vector (AUTN, RAND, XRES, and KASME) for LTE
> > authentication.
>   As with most 3G specs, they're fairly complex.  And not easy to
> understand.
>   It's probably fairly easy to update the WiMAX dictionaries with the
> latest WiMAX attributes.
>   My $0.02 would be to put the relevant calculations into rlm_wimax.  Once
> you understand the specs, the code shouldn't be *too* bad.
>   We're happy to help answer questions about FreeRADIUS.  But I can't
> promise to spend days reading through 3G specs.  If you can supply patches,
> we're more than happy to add them to the server.

Hi Alan

Thanks for your advice. Regarding the WiMAX dictionary will create a pull
request soon. As for the rest I have done a bit of research and come up
with the following:


IMSI = International mobile subscriber identity
Ki = Authentication key
AMF = Authentication management field
OPc = Network operators key
AK = Anonymity key
CK = Cipher key
IK = Integrity key
XRES = Expected response
ICCID = Integrated circuit card identifier
PLMN = Public land mobile network ID (Mobile Country Code + Mobile Network

Steps required by FreeRADIUS:

1) Grab IMSI (User-Name) and PLMN (WiMAX attr 146) from Access-Request
2) Lookup SIM in DB by IMSI and retrieve Ki, OPc, AMF
3) Generate SQN (I am not sure whether this should be reset for each
authentication or cached somewhere and incremented)
4) Generate a 16 byte random value and store it in RAND
5) Feed AMF, Ki, SQN and RAND into Milenage algorithm (f1, f2, f3, f4, f5)
which returns AUTN, AK, CK, IK, XRES.
6) Generate KASME from AK, CK, IK, PLMN, SQN using the following algorithm:
    a) Generate key k = CK || IK
    b) Initialise a 14 byte buffer s
    c) Assign the first byte of s as 0x10
    d) Copy the 3 bytes of PLMN into s
    e) Assign 5th and 6th byte as 0x00 and 0x03
    f) Assign the next 6 bytes as SQN ⊕ AK
    g) Assign the last two bytes as 0x00 and 0x06
    h) Perform an HMAC-SHA256 using Key k from step 1 and s as the message.
(ref. https://medium.com/uw-ictd/lte-authentication-2d0810a061ecSudheesh
7) Return AUTN, RAND, XRES, and KASME (WiMAX attr 145 tlvs) in Access-Accept

I noticed that the Milenage algorithm is implemented in
src/lib/sim/milenage.c in v4. So if this could be cherry picked into
/src/lib/ in v3 then as I understand it what would remain is:

1) Create a function for KASME generation. (not sure if this should go in
rlm_wimax or e.g lib/kasme.c)
2) In rlm_wimax:
    a) Get input values from request:User-Name, request:WiMAX-146 and
control:xxx attributes (including SQN)
    b) Generate RAND
    c) Call the various Milenage functions from milenage.c and store AUTN,
RAND, XRES in the relevant WiMAX reply attributes (and in variables save
AK, CK and IK)
    c) Call the KASME generation function and save the result in to the
WiMAX reply attribute

More information about the Freeradius-Users mailing list