Eap - Sim Server

Greg Jetter gjetter at gci.com
Tue Dec 17 22:54:37 CET 2013 

Hello :

I'm new to freeradius , still learning the basics , what i'm trying to do is  set up an freeradius eap-sim server for a telco that  has  both access to sim's as well as access to a HLR and HHS .

I've been lurking on the list a wile so here goes with a few questions. Hopeful not to  stupid ....

Are there any "How to's" that  show  in detail how to set this up ?

I've found lots of info on the different forms of EAP but not much on EAP-SIM.

The end result of the whole thing is to let a user's phone get authorized and authenticated  using the SIM card in the phone.
doing so with freeradius .


from the modules/Rlm_eap docs:

"To configure EAP-SIM authentication, the following attributes must be set in the server. This can be done in the users file, but in many cases will be taken from a database server, via one of the SQL interface.

If one has SIM cards that one controls (i.e. whose share secret you know), one should be able to write a module to generate these attributes (the triplets) in the server.

If one has access to the SS7 based settlement network, then a module to fetch appropriate triplets could be written. This module would act as an authorization only module.

The attributes are:

 	EAP-Sim-Rand1 		16 bytes
 	EAP-Sim-SRES1 		 4 bytes
 	EAP-Sim-KC1 		 8 bytes
 	EAP-Sim-Rand2 		16 bytes
 	EAP-Sim-SRES2 		 4 bytes
 	EAP-Sim-KC2 		 8 bytes
 	EAP-Sim-Rand3 		16 bytes
 	EAP-Sim-SRES3 		 4 bytes
 	EAP-Sim-KC3 		 8 bytes
EAP-SIM will send WEP attributes to the resquestor."


Some questions ,

if I know the shared secret , how is that used to generate  the attributes ? any guides out there for this ?

I also have  access  to a SS7 network , any examples on how to  write a module to fetch the  attributes from there ?

As I stated before I'm "NEW" at this , I've been working with radius for a few weeks , mainly using  it in conjunction with  a learning book called FreeRadius Beginners guide.

I'm trying to do this project with Open Source Free Software to show the company it's possible .  Sure we could just buy a canned solution  but I'm a  supporter  of Open source  and I believe it can be done.

any help would be appreciated ,  just some pointers to resources if you know of any , or  if you have successfully done this how did you accomplish it ?

Thanks for your time

Greg

More information about the Freeradius-Users mailing list