request for a simple set of instructions for EAP-SIM

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Feb 4 03:58:25 CET 2016


> On 3 Feb 2016, at 20:02, Michael Martinez <mwtzzz at gmail.com> wrote:
> 
> On Tue, Feb 2, 2016 at 8:15 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
> 
>> 
>>  You don't extra the information from the device.  You track the SIMs
>> which you provision.  Then, you use that information to authenticate the
>> user.
>> 
>>  You can't just authenticate random SIMs.  You have to know the
>> credentials which were provisioned for that SIM.
>> 
>> 
> 
> What is the procedure for getting these credentials? how do I go about
> doing that?

You invent one.

There is no standard RADIUS interface for the AuC (Authentication Centre) AFAIK.

You can also generate your own triplets locally if the sim card uses Comp128 v1/v2/v3 algorithms for A3 and A8 and you have the Ki (the master key for the SIM card).  If you're working for a telco and can get access to the specification for Comp128 v4 we could implement that too.  That'd cover the most common SIM algorithms.

SRAND is a random challenge sent to the SIM card, SRES and KC (the other components of the triplet) are the expected responses.

The EAP-SIM RFC isn't that opaque, I read through it pretty recently along with the EAP-AKA and EAP-AKA' standards.  The weirdest bit for me was all the identity privacy stuff.

I actually disagree with Alan, you do need to read the entire EAP-SIM RFC to be able to use EAP-SIM.  You should also read up on GSM authentication in general to give you some background.

There's no standard way of hooking EAP-SIM up for wifi offload, so you really need to understand the moving parts to be able to integrate it successfully.

Understand that no other project provides a free EAP-SIM implementation.  Radiator even charges extra for the license.  That's because it's only useful to a) telcos, b) students.  If you're working for a) then consider buying support, or sponsoring development of the documentation around EAP-SIM. If you're b) RTFS/RTFC :).

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160203/a0d75bdd/attachment-0001.sig>


More information about the Freeradius-Users mailing list