EAP-SIM on 2.2.0

Francois Gaudreault fgaudreault at inverse.ca
Thu Sep 13 17:40:19 CEST 2012

>> Well you are probably right, but when providers will start pushing 3G/4G
>> offload for real (if they ever do), there are not many ways of doing
>> it... I think :P  The reason of those tests on our side is to support
>> WISPr and/or NewGen hotspots with our product.
> That's a big "if", IMO.
> EAP-SIM would in theory be quite nice for a number of reasons right now,
> even without offload. It's a built-in, secure credential.
Yup indeed!

> Unfortunately, as our off-list emails suggests, you can't get easy
> access to SIM secrets in the general case (for obvious reasons). So
> unless someone (i.e. the mobile phone providers) starts running a radius
> server you can proxy *.3gppnetwork.org to, I can't see EAP-SIM being
> part of the solution.
Well the way it should work is that RADIUS needs to proxy to a 3GPP 
compliant AAA server or proxy to an ITP (MAP proxy) to speak to the HLR 
using SS7 so the RAND comes from the HLR/AuC, and SRES/Kc is sent back 
to the HLR to perform the authorization check :)

The only way to test it without having that kind of infra is to 
pre-compute stuff to simulate the HLR calculations (offlist message).


Francois Gaudreault, ing. jr
fgaudreault at inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 

More information about the Freeradius-Users mailing list