request for a simple set of instructions for EAP-SIM

Michael Martinez mwtzzz at gmail.com
Thu Feb 4 05:06:38 CET 2016


I do appreciate the responses, but I still feel like I'm only getting bits
and pieces of an understanding, rather than a full explanation. I still
don't understand what information from the SIM card is needed and how to
get it into radius for example. I'd like a ground-up explanation of what it
is, how it works, what's expected, but not a dry theoretical one, rather a
practical one from the perspective of someone who's actually gotten it to
work. A little context: I'm doing some contracting for a university and
have been asked to see if I can get EAP-SIM working with iPad clients. I
don't know anything whatsoever about EAP-SIM. Some sort of basic, practical
overview would be great, and a set of steps of what needs to be done to get
it to work would be awesome.

On Wed, Feb 3, 2016 at 6:58 PM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

>
> > On 3 Feb 2016, at 20:02, Michael Martinez <mwtzzz at gmail.com> wrote:
> >
> > On Tue, Feb 2, 2016 at 8:15 PM, Alan DeKok <aland at deployingradius.com>
> > wrote:
> >
> >>
> >>  You don't extra the information from the device.  You track the SIMs
> >> which you provision.  Then, you use that information to authenticate the
> >> user.
> >>
> >>  You can't just authenticate random SIMs.  You have to know the
> >> credentials which were provisioned for that SIM.
> >>
> >>
> >
> > What is the procedure for getting these credentials? how do I go about
> > doing that?
>
> You invent one.
>
> There is no standard RADIUS interface for the AuC (Authentication Centre)
> AFAIK.
>
> You can also generate your own triplets locally if the sim card uses
> Comp128 v1/v2/v3 algorithms for A3 and A8 and you have the Ki (the master
> key for the SIM card).  If you're working for a telco and can get access to
> the specification for Comp128 v4 we could implement that too.  That'd cover
> the most common SIM algorithms.
>
> SRAND is a random challenge sent to the SIM card, SRES and KC (the other
> components of the triplet) are the expected responses.
>
> The EAP-SIM RFC isn't that opaque, I read through it pretty recently along
> with the EAP-AKA and EAP-AKA' standards.  The weirdest bit for me was all
> the identity privacy stuff.
>
> I actually disagree with Alan, you do need to read the entire EAP-SIM RFC
> to be able to use EAP-SIM.  You should also read up on GSM authentication
> in general to give you some background.
>
> There's no standard way of hooking EAP-SIM up for wifi offload, so you
> really need to understand the moving parts to be able to integrate it
> successfully.
>
> Understand that no other project provides a free EAP-SIM implementation.
> Radiator even charges extra for the license.  That's because it's only
> useful to a) telcos, b) students.  If you're working for a) then consider
> buying support, or sponsoring development of the documentation around
> EAP-SIM. If you're b) RTFS/RTFC :).
>
> -Arran
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS development team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
---


More information about the Freeradius-Users mailing list