On 3 Feb 2016, at 20:02, Michael Martinez <mwtzzz@gmail.com> wrote:
On Tue, Feb 2, 2016 at 8:15 PM, Alan DeKok <aland@deployingradius.com> wrote:
You don't extra the information from the device. You track the SIMs which you provision. Then, you use that information to authenticate the user.
You can't just authenticate random SIMs. You have to know the credentials which were provisioned for that SIM.
What is the procedure for getting these credentials? how do I go about doing that?
You invent one. There is no standard RADIUS interface for the AuC (Authentication Centre) AFAIK. You can also generate your own triplets locally if the sim card uses Comp128 v1/v2/v3 algorithms for A3 and A8 and you have the Ki (the master key for the SIM card). If you're working for a telco and can get access to the specification for Comp128 v4 we could implement that too. That'd cover the most common SIM algorithms. SRAND is a random challenge sent to the SIM card, SRES and KC (the other components of the triplet) are the expected responses. The EAP-SIM RFC isn't that opaque, I read through it pretty recently along with the EAP-AKA and EAP-AKA' standards. The weirdest bit for me was all the identity privacy stuff. I actually disagree with Alan, you do need to read the entire EAP-SIM RFC to be able to use EAP-SIM. You should also read up on GSM authentication in general to give you some background. There's no standard way of hooking EAP-SIM up for wifi offload, so you really need to understand the moving parts to be able to integrate it successfully. Understand that no other project provides a free EAP-SIM implementation. Radiator even charges extra for the license. That's because it's only useful to a) telcos, b) students. If you're working for a) then consider buying support, or sponsoring development of the documentation around EAP-SIM. If you're b) RTFS/RTFC :). -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2