Network Working Group H. Haverinen (editor)
Internet Draft Nokia
J. Salowey (editor)
Cisco
Expires: 27 April, 2004 27 October, 2003
EAP SIM Authentication
draft-haverinen-pppext-eap-sim-12.txt
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet- Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
Comments should be submitted to the eap@frascone.com mailing list.
Distribution of this memo is unlimited.
Abstract
This document specifies an Extensible Authentication Protocol (EAP)
mechanism for authentication and session key distribution using the
GSM Subscriber Identity Module (SIM). The mechanism specifies
enhancements to GSM authentication and key agreement whereby
multiple authentication triplets can be combined to create
authentication responses and session keys of greater strength than
the individual GSM triplets. The mechanism also includes network
authentication, user anonymity support and a re-authentication
procedure.
Haverinen and Salowey [Page 1]
Internet Draft EAP SIM Authentication 27 October, 2003
Table of Contents
Status of this Memo.........................................1
Abstract....................................................1
Table of Contents...........................................2
1. Introduction.............................................3
2. Terms....................................................4
3. Overview.................................................6
4. Operation................................................8
4.1. Version Negotiation....................................8
4.2. Identity Management....................................9
4.3. Re-Authentication.....................................25
4.4. EAP/SIM Notifications.................................30
4.5. Error Cases...........................................31
4.6. Key Generation........................................33
5. Message Format and Protocol Extensibility...............35
5.1. Message Format........................................35
5.2. Protocol Extensibility................................37
6. Messages................................................37
6.1. EAP-Request/SIM/Start.................................37
6.2. EAP-Response/SIM/Start................................38
6.3. EAP-Request/SIM/Challenge.............................38
6.4. EAP-Response/SIM/Challenge............................39
6.5. EAP-Request/SIM/Re-authentication.....................40
6.6. EAP-Response/SIM/Re-authentication....................40
6.7. EAP-Response/SIM/Client-Error.........................40
6.8. EAP-Request/SIM/Notification..........................40
6.9. EAP-Response/SIM/Notification.........................41
7. Attributes..............................................41
7.1. Table of Attributes...................................41
7.2. AT_MAC................................................42
7.3. AT_IV, AT_ENCR_DATA and AT_PADDING....................43
7.4. AT_VERSION_LIST.......................................45
7.5. AT_SELECTED_VERSION...................................46
7.6. AT_NONCE_MT...........................................46
7.7. AT_PERMANENT_ID_REQ...................................46
7.8. AT_ANY_ID_REQ.........................................47
7.9. AT_FULLAUTH_ID_REQ....................................47
7.10. AT_IDENTITY..........................................47
7.11. AT_RAND..............................................48
7.12. AT_NEXT_PSEUDONYM....................................49
7.13. AT_NEXT_REAUTH_ID....................................49
7.14. AT_COUNTER...........................................50
7.15. AT_COUNTER_TOO_SMALL.................................50
7.16. AT_NONCE_S...........................................50
7.17. AT_NOTIFICATION......................................51
7.18. AT_CLIENT_ERROR_CODE.................................52
8. IANA Considerations.....................................52
9. Security Considerations.................................54
9.1. Identity Protection...................................54
9.2. Mutual Authentication and Triplet Exposure............54
9.3. Key Derivation........................................55
Haverinen and Salowey Expires: 27 April, 2004 [Page 2]
Internet Draft EAP SIM Authentication 27 October, 2003
9.4. Dictionary Attacks....................................56
9.5. Credentials Reuse.....................................56
9.6. Integrity and Replay Protection, and Confidentiality..57
9.7. Negotiation Attacks...................................57
9.8. Fast Reconnect........................................58
9.9. Acknowledged Result Indications.......................58
9.10. Man-in-the-middle Attacks............................58
9.11. Generating Random Numbers............................59
10. Security Claims........................................59
11. Intellectual Property Right Notice.....................59
12. Acknowledgements and Contributions.....................59
12.1. Contributors.........................................59
12.2. Acknowledgements.....................................60
Normative References.......................................60
Informative References.....................................61
Editors' and Contributors' Contact Information.............63
Annex A. Test Vectors......................................64
Annex B. Pseudo-Random Number Generator....................72
1. Introduction
This document specifies an Extensible Authentication Protocol (EAP)
[EAP] mechanism for authentication and session key distribution
using the GSM Subscriber Identity Module (SIM).
GSM authentication is based on a challenge-response mechanism. The
A3/A8 authentication algorithms that run on the SIM can be given a
128-bit random number (RAND) as a challenge. The SIM runs an
operator-specific algorithm, which takes the RAND and a secret key
Ki stored on the SIM as input, and produces a 32-bit response (SRES)
and a 64-bit long key Kc as output. The Kc key is originally
intended to be used as an encryption key over the air interface, but
in this protocol it is used for deriving keying material and not
directly used. Hence the secrecy of Kc is critical to the security
of this protocol. Please find more information about GSM
authentication in [GSM 03.20].
The lack of mutual authentication is a weakness in GSM
authentication. The 64 bit cipher key (Kc) that is derived is not
strong enough for data net
没有合适的资源?快使用搜索试试~ 我知道了~
freeradius-1.1.7.tar.gz
5星 · 超过95%的资源 需积分: 10 48 下载量 79 浏览量
2009-11-16
12:16:18
上传
评论
收藏 3.01MB GZ 举报
温馨提示
共969个文件
c:143个
in:99个
txt:75个
freeradius-1.1.7.tar.gz
资源详情
资源评论
资源推荐
收起资源包目录
freeradius-1.1.7.tar.gz (969个子文件)
00list 0B
radclient.1 4KB
radwho.1 3KB
radzap.1 2KB
radtest.1 1KB
radeapclient.1 1KB
radlast.1 660B
dictionary.3com 938B
dictionary.3gpp 1KB
dictionary.3gpp2 4KB
users.5 7KB
rlm_pap.5 5KB
dictionary.5 5KB
rlm_sql.5 5KB
rlm_passwd.5 4KB
rlm_sql_log.5 3KB
rlm_mschap.5 3KB
rlm_attr_filter.5 3KB
radiusd.conf.5 3KB
rlm_counter.5 3KB
clients.conf.5 2KB
rlm_realm.5 2KB
rlm_unix.5 2KB
rlm_expr.5 2KB
rlm_acct_unique.5 2KB
rlm_detail.5 2KB
rlm_files.5 1KB
rlm_attr_rewrite.5 1KB
rlm_always.5 1KB
naslist.5 938B
clients.5 933B
rlm_chap.5 794B
acct_users.5 704B
radiusd.8 10KB
rlm_ippool_tool.8 7KB
radrelay.8 2KB
radsqlrelay.8 2KB
radwatch.8 827B
configure.ac 2KB
dictionary.acc 11KB
Acct-Type 2KB
acct_users 422B
dictionary.airespace 623B
dictionary.alcatel 4KB
CA.all 3KB
dictionary.alteon 913B
dictionary.altiga 6KB
dictionary.alvarion 12KB
Makefile.am 763B
dictionary.aptis 8KB
dictionary.aruba 418B
dictionary.ascend 58KB
ascend 2KB
dictionary.asn 3KB
ldap.attrmap 2KB
sql.attrmap 2KB
user_edit.attrs 6KB
attrs 4KB
sql.attrs 951B
accounting.attrs 639B
AUTHORS 624B
Autz-Type 2KB
dictionary.avaya 882B
dictionary.bay 11KB
bay 486B
dictionary.cisco.bbsm 356B
dictionary.bintec 2KB
dictionary.bristol 434B
Makefile.BSD 286B
bugs 4KB
ltdl.c 96KB
rlm_ldap.c 85KB
radius.c 57KB
radiusd.c 49KB
rlm_sql.c 41KB
rlm_mschap.c 38KB
mainconfig.c 37KB
request_list.c 35KB
eap.c 31KB
modcall.c 30KB
rlm_perl.c 30KB
dict.c 30KB
filters.c 30KB
ttls.c 29KB
sql_sybase.c 28KB
radeapclient.c 28KB
threads.c 28KB
valuepair.c 27KB
auth.c 27KB
smux.c 26KB
radrelay.c 26KB
rlm_ippool.c 26KB
rlm_counter.c 26KB
rlm_sqlhpwippool.c 25KB
rlm_sqlippool.c 25KB
radclient.c 24KB
modules.c 24KB
eap_tls.c 23KB
conffile.c 23KB
peap.c 23KB
共 969 条
- 1
- 2
- 3
- 4
- 5
- 6
- 10
ldj0304
- 粉丝: 0
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论4