moving ahead with eap-sim under 3.0.11
I've done some research and now I understand how eap-sim works: in theory the server generates a random number (RAND) and gives this to the client. The client uses it along with some secret key Ki to generate response values RES and Kc. It gives these back to the server. If the server also knows what Ki is, then it can generate those response values itself and check to make sure they match. But in practice the only two places where Ki is known is on the SIM card and the mobile network operator. The mobile network operator will probably never give out those values (and if they did it would probably be a bureaucratic nightmare to get them). So the next best thing is the following workaround: obtain a SIM card reader and some reader software, feed some different RAND numbers to it to get the RES and Kc values and hard code these into the Radius server. The radius server will then know what the expected RES and Kc values are for said RANDs. The drawback is that it is not truly randomizing the numbers,it's picking from a small set of hardcoded values every time. But it's the only thing we can do. That's my understanding to this point; hopefully I am understanding correctly. Here's where I'm stuck. It appears there is a scarcity of SIM card readers. I found one at my local electronics store: a Sunpak 72-in-1 high speed card reader - a $10 piece of junk (i guess USB 2.0 is "high speed" to these folks) that not only fails to read any sort of card I put into it, but also rather consistently locks up both my Window 8 laptop and my Windows 7 PC. Online doesn't look any better. There's a couple cheap SIM card readers in the $5 range. Of course I have doubts about these. So my first question is: can anyone recommend a reliable, quality Sim reader? -- --- Michael Martinez http://www.michael--martinez.com
I have made progress with the Sunpak card reader. I couldn't get it to work at all under Windows 8, but was able to get it to work with an iphone SIM card by downloading 'SIM-Manager" software from Depak which includes drivers. I guess these are the correct drivers because it was able to recognize and read the card. Then i downloaded agsm software from here: http://agsm.sourceforge.net/download.html Under the "Misc" tab there is a button for generating a random number, and then it queries the card for the SRES and Kc values. so, next step is to hard code these values into Radius. ---------- Forwarded message ---------- From: Michael Martinez <mwtzzz@gmail.com> Date: Fri, Mar 4, 2016 at 7:09 AM Subject: moving ahead with eap-sim under 3.0.11 To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
On Mar 4, 2016, at 12:22 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
I have made progress with the Sunpak card reader. I couldn't get it to work at all under Windows 8, but was able to get it to work with an iphone SIM card by downloading 'SIM-Manager" software from Depak which includes drivers. I guess these are the correct drivers because it was able to recognize and read the card. Then i downloaded agsm software from here: http://agsm.sourceforge.net/download.html Under the "Misc" tab there is a button for generating a random number, and then it queries the card for the SRES and Kc values.
so, next step is to hard code these values into Radius.
Trying to authenticate third-party SIM cards is a hack. It will always be a hack. You MUST have the SIM keys in order to do proper, secure, authentication. Sure, you can try the SIM with some random numbers, and record the responses. But you need to do this for ALL POSSIBLE random numbers and response. Or, you will end up re-using the random numbers... and an attacker can re-use them, too. At this point, I have to say that hacking SIM cards is not a subject for this list. If you have questions or comments about FreeRADIUS and it's use of EAP-SIM, that's fine. But a history of what software you use to poke at the SIM cards is just not useful. Worse, it's misleading. People will search the net, find this discussion, and then ask questions about how they can do it, too. You just cannot have FreeRADIUS authenticate random third-party SIM cards. You MUST have the SIM keys. If the SIM card provider won't give you the SIM keys, then what you want to do is *IMPOSSIBLE*. Stop trying. It's a waste of time. Alan DeKok.
On Fri, Mar 4, 2016 at 10:48 AM, Alan DeKok <aland@deployingradius.com> wrote:
Trying to authenticate third-party SIM cards is a hack. It will always be a hack. You MUST have the SIM keys in order to do proper, secure, authentication.
I understand and agree. Do you have any practical advice on how to get the SIM key? People who are implementing EAP-SIM/Freeradius in production environments, what are they doing to get them? -- --- Michael Martinez http://www.michael--martinez.com
On Mar 4, 2016, at 2:45 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
On Fri, Mar 4, 2016 at 10:48 AM, Alan DeKok <aland@deployingradius.com> wrote:
Trying to authenticate third-party SIM cards is a hack. It will always be a hack. You MUST have the SIM keys in order to do proper, secure, authentication.
I understand and agree. Do you have any practical advice on how to get the SIM key? People who are implementing EAP-SIM/Freeradius in production environments, what are they doing to get them?
The people who use EAP-SIM are typically Telcos who buy SIM cards directly from the manufacturers, and who therefore can control the keys. As a third-party person trying to authenticate random SIM cards... it's impossible. Alan DeKok.
On Fri, Mar 4, 2016 at 11:49 AM, Alan DeKok <aland@deployingradius.com> wrote:
The people who use EAP-SIM are typically Telcos who buy SIM cards directly from the manufacturers, and who therefore can control the keys.
As a third-party person trying to authenticate random SIM cards... it's impossible.
Ok. Makes sense. So EAP-SIM is a niche market. The majority of users who are not Telcos are not doing it..
The people who use EAP-SIM are typically Telcos who buy SIM cards directly from the manufacturers, and who therefore can control the keys.
As a third-party person trying to authenticate random SIM cards... it's impossible.
Ok. Makes sense. So EAP-SIM is a niche market. The majority of users who are not Telcos are not doing it..
Now that I think about it, the other option is through SS7. If you're big enough to get SS7 access, then you could actually query for auth tuples on-demand. Cheers, Sylvain
Thanks for the all the info, everyone. Now it all makes sense. I'm going to recommend to my boss that we use certificates instead.
Hi,
Trying to authenticate third-party SIM cards is a hack. It will always be a hack. You MUST have the SIM keys in order to do proper, secure, authentication.
I understand and agree. Do you have any practical advice on how to get the SIM key? People who are implementing EAP-SIM/Freeradius in production environments, what are they doing to get them?
Issue your own SIMs. Operators will never give out Ki. If they're properly equipped, the keys are locked in a HSM in their AuC ... Also, they might not even implement any "known" algorithm at all, an operator is free to select whatever they want since all that matters is that the same algo is in the SIM and in their AuC. Also, fyi some modern SIMs have protections and can "self destruct" if they receive too many auth queries (so you can submit like 10k+ request to build a large DB of challenges -> SRES / Kc). Cheers, Sylvain
On Mar 4, 2016, at 2:45 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
On Fri, Mar 4, 2016 at 10:48 AM, Alan DeKok <aland@deployingradius.com> wrote:
Trying to authenticate third-party SIM cards is a hack. It will always be a hack. You MUST have the SIM keys in order to do proper, secure, authentication.
I understand and agree. Do you have any practical advice on how to get the SIM key? People who are implementing EAP-SIM/Freeradius in production environments, what are they doing to get them?
You don't necessarily have to own the SIM cards, but you do need to have a communication path with the entity that does, which means you probably need to be a Telco. I'd imagine in most environments there'd be a gateway device that bridges RADIUS to SS7, or at least exposes an API which allows the RADIUS server to retrieve GSM triplets from the user's HLR (Home Location Register). If you're doing this for a private organisation like a University, my advice would be don't. You should look at using EAP-TLS and certificates instead. EAP-SIM wasn't designed to be used in this way, using static GSM triplets is a hack that should only be used for testing. -Arran
On Mar 4, 2016, at 10:09 AM, Michael Martinez <mwtzzz@gmail.com> wrote:
I've done some research and now I understand how eap-sim works: in theory the server generates a random number (RAND) and gives this to the client. The client uses it along with some secret key Ki to generate response values RES and Kc. It gives these back to the server. If the server also knows what Ki is, then it can generate those response values itself and check to make sure they match. But in practice the only two places where Ki is known is on the SIM card and the mobile network operator.
The Mobile Operator's AuC (Authentication Centre). The 3GPP/GSM standard probably prohibit it, but some AuCs will probably have an export interface for the Ki. I found the example code for Milenage when browsing the 3GPP specs, so we could implement that as well.
The mobile network operator will probably never give out those values (and if they did it would probably be a bureaucratic nightmare to get them).
Yes, if you're not the mobile operator...
So the next best thing is the following workaround: obtain a SIM card reader and some reader software, feed some different RAND numbers to it to get the RES and Kc values and hard code these into the Radius server.
Sure but you'd never do this for an actual commercial setup, or if you did you'd probably want to read a few thousand GSM Triplets from the SIM as part of an onboarding process. Both EAP-SIM and EAP-AKA expressly prohibit the re-use of SIM triplets.
The radius server will then know what the expected RES and Kc values are for said RANDs. The drawback is that it is not truly randomizing the numbers,it's picking from a small set of hardcoded values every time. But it's the only thing we can do. That's my understanding to this point; hopefully I am understanding correctly.
You could automate the extraction so long as there was no kind of rate limiting thing on the card.
Here's where I'm stuck. It appears there is a scarcity of SIM card readers. I found one at my local electronics store: a Sunpak 72-in-1 high speed card reader - a $10 piece of junk (i guess USB 2.0 is "high speed" to these folks) that not only fails to read any sort of card I put into it, but also rather consistently locks up both my Window 8 laptop and my Windows 7 PC.
You definitely get what you pay for with this stuff. There's a circuit diagram for a serial (RS232) one here: http://www.circuitsarchive.org/index.php/SmartCard_PC_Serial_Reader_/_Writer... Looks fairly simple, and could probably be built on a breadboard. Apparently compatible with Magic SIM: http://openbsc.osmocom.org/trac/wiki/MagicSIM Which could be used to get the results of A3 and A8. Actually, looking at what that's doing, you may even be able to get away with just using something like a Bus Pirate, I know that supports RS232 to TTL and you could one of the GPIO pins for RST. -Arran
participants (4)
-
Alan DeKok -
Arran Cudbard-Bell -
Michael Martinez -
Sylvain Munaut