[ANN] EAP-AKA' and FreeRADIUS as an AuC in v4.0.x

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Dec 12 21:18:39 CET 2017 

> On Dec 12, 2017, at 7:08 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> 
> EAP-AKA' is now available in FreeRADIUS v4.0.x HEAD.  All optional components are supported except fast re-authentication which'll be added soon.
> 
> In addition to EAP-AKA' FreeRADIUS can now perform the duties of an AuC, generating AKA quintuplets and SIM triplets using a subscriber key (Ki) and a derived operator code (OPc).
> 
> The AuC SIM algorithms available for EAP-SIM are:
> 
> - COMP128v1
> - COMP128v2
> - COMP128v3
> - COMP128v4 (Milenage)
> 
> The AuC SIM algorithms available for EAP-AKA are:
> 
> - Milenage
> 
> In most cases this functionality should only be used for testing, and the rlm_sigtran module, rlm_rest module or a diameter proxy should be used to acquire triplets or quintuplets.
> 
> If anyone knows of any other extensions to EAP-SIM, EAP-AKA or EAP-AKA['], or additional SIM algorithms they'd like implemented, let me know and i'll see if I can add them in.

eapol_test (and likely wpa_supplicant) lets you use a virtual usim too, so you can plug in
the Ki and OPc and it all just works.

The key lines in the eapol_test/wpa_supplicant compilation .config are

# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
CONFIG_EAP_SIM=y

# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
CONFIG_EAP_AKA=y

# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
CONFIG_EAP_AKA_PRIME=y

# Enable USIM simulator (Milenage) for EAP-AKA
CONFIG_USIM_SIMULATOR=y

# Enable SIM simulator (Milenage) for EAP-SIM
CONFIG_SIM_SIMULATOR=y

If you just want something that works you can use the build script here:

- https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/scripts/travis/eapol_test-build.sh

and then to actually use the emulated sim:

- https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/src/tests/eapol_test/sim.conf
- https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/src/tests/eapol_test/aka.conf
- https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/src/tests/eapol_test/aka-prime.conf

You can also buy physical programmable SIM/USIMs here: http://shop.sysmocom.de/t/sim-card-related/sim-cards

-Arran


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171212/448e58b0/attachment.sig>

More information about the Freeradius-Users mailing list