Network Working Group H. Haverinen (editor)
Internet Draft Nokia
J. Salowey (editor)
Cisco
Expires: 27 April, 2004 27 October, 2003
EAP SIM Authentication
draft-haverinen-pppext-eap-sim-12.txt
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet- Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
Comments should be submitted to the eap@frascone.com mailing list.
Distribution of this memo is unlimited.
Abstract
This document specifies an Extensible Authentication Protocol (EAP)
mechanism for authentication and session key distribution using the
GSM Subscriber Identity Module (SIM). The mechanism specifies
enhancements to GSM authentication and key agreement whereby
multiple authentication triplets can be combined to create
authentication responses and session keys of greater strength than
the individual GSM triplets. The mechanism also includes network
authentication, user anonymity support and a re-authentication
procedure.
Haverinen and Salowey [Page 1]
Internet Draft EAP SIM Authentication 27 October, 2003
Table of Contents
Status of this Memo.........................................1
Abstract....................................................1
Table of Contents...........................................2
1. Introduction.............................................3
2. Terms....................................................4
3. Overview.................................................6
4. Operation................................................8
4.1. Version Negotiation....................................8
4.2. Identity Management....................................9
4.3. Re-Authentication.....................................25
4.4. EAP/SIM Notifications.................................30
4.5. Error Cases...........................................31
4.6. Key Generation........................................33
5. Message Format and Protocol Extensibility...............35
5.1. Message Format........................................35
5.2. Protocol Extensibility................................37
6. Messages................................................37
6.1. EAP-Request/SIM/Start.................................37
6.2. EAP-Response/SIM/Start................................38
6.3. EAP-Request/SIM/Challenge.............................38
6.4. EAP-Response/SIM/Challenge............................39
6.5. EAP-Request/SIM/Re-authentication.....................40
6.6. EAP-Response/SIM/Re-authentication....................40
6.7. EAP-Response/SIM/Client-Error.........................40
6.8. EAP-Request/SIM/Notification..........................40
6.9. EAP-Response/SIM/Notification.........................41
7. Attributes..............................................41
7.1. Table of Attributes...................................41
7.2. AT_MAC................................................42
7.3. AT_IV, AT_ENCR_DATA and AT_PADDING....................43
7.4. AT_VERSION_LIST.......................................45
7.5. AT_SELECTED_VERSION...................................46
7.6. AT_NONCE_MT...........................................46
7.7. AT_PERMANENT_ID_REQ...................................46
7.8. AT_ANY_ID_REQ.........................................47
7.9. AT_FULLAUTH_ID_REQ....................................47
7.10. AT_IDENTITY..........................................47
7.11. AT_RAND..............................................48
7.12. AT_NEXT_PSEUDONYM....................................49
7.13. AT_NEXT_REAUTH_ID....................................49
7.14. AT_COUNTER...........................................50
7.15. AT_COUNTER_TOO_SMALL.................................50
7.16. AT_NONCE_S...........................................50
7.17. AT_NOTIFICATION......................................51
7.18. AT_CLIENT_ERROR_CODE.................................52
8. IANA Considerations.....................................52
9. Security Considerations.................................54
9.1. Identity Protection...................................54
9.2. Mutual Authentication and Triplet Exposure............54
9.3. Key Derivation........................................55
Haverinen and Salowey Expires: 27 April, 2004 [Page 2]
Internet Draft EAP SIM Authentication 27 October, 2003
9.4. Dictionary Attacks....................................56
9.5. Credentials Reuse.....................................56
9.6. Integrity and Replay Protection, and Confidentiality..57
9.7. Negotiation Attacks...................................57
9.8. Fast Reconnect........................................58
9.9. Acknowledged Result Indications.......................58
9.10. Man-in-the-middle Attacks............................58
9.11. Generating Random Numbers............................59
10. Security Claims........................................59
11. Intellectual Property Right Notice.....................59
12. Acknowledgements and Contributions.....................59
12.1. Contributors.........................................59
12.2. Acknowledgements.....................................60
Normative References.......................................60
Informative References.....................................61
Editors' and Contributors' Contact Information.............63
Annex A. Test Vectors......................................64
Annex B. Pseudo-Random Number Generator....................72
1. Introduction
This document specifies an Extensible Authentication Protocol (EAP)
[EAP] mechanism for authentication and session key distribution
using the GSM Subscriber Identity Module (SIM).
GSM authentication is based on a challenge-response mechanism. The
A3/A8 authentication algorithms that run on the SIM can be given a
128-bit random number (RAND) as a challenge. The SIM runs an
operator-specific algorithm, which takes the RAND and a secret key
Ki stored on the SIM as input, and produces a 32-bit response (SRES)
and a 64-bit long key Kc as output. The Kc key is originally
intended to be used as an encryption key over the air interface, but
in this protocol it is used for deriving keying material and not
directly used. Hence the secrecy of Kc is critical to the security
of this protocol. Please find more information about GSM
authentication in [GSM 03.20].
The lack of mutual authentication is a weakness in GSM
authentication. The 64 bit cipher key (Kc) that is derived is not
strong enough for data net
freeradius-1.1.7.tar.gz
5星 · 超过95%的资源 需积分: 10 79 浏览量
2009-11-16
12:16:18
上传
评论
收藏 3.01MB GZ 举报 
freeradius-1.1.7.tar.gz (969个子文件) 
00list 0B radclient.1 4KB radwho.1 3KB radzap.1 2KB radtest.1 1KB radeapclient.1 1KB radlast.1 660B dictionary.3com 938B dictionary.3gpp 1KB dictionary.3gpp2 4KB users.5 7KB rlm_pap.5 5KB dictionary.5 5KB rlm_sql.5 5KB rlm_passwd.5 4KB rlm_sql_log.5 3KB rlm_mschap.5 3KB rlm_attr_filter.5 3KB radiusd.conf.5 3KB rlm_counter.5 3KB clients.conf.5 2KB rlm_realm.5 2KB rlm_unix.5 2KB rlm_expr.5 2KB rlm_acct_unique.5 2KB rlm_detail.5 2KB rlm_files.5 1KB rlm_attr_rewrite.5 1KB rlm_always.5 1KB naslist.5 938B clients.5 933B rlm_chap.5 794B acct_users.5 704B radiusd.8 10KB rlm_ippool_tool.8 7KB radrelay.8 2KB radsqlrelay.8 2KB radwatch.8 827B configure.ac 2KB dictionary.acc 11KB Acct-Type 2KB acct_users 422B dictionary.airespace 623B dictionary.alcatel 4KB CA.all 3KB dictionary.alteon 913B dictionary.altiga 6KB dictionary.alvarion 12KB Makefile.am 763B dictionary.aptis 8KB dictionary.aruba 418B dictionary.ascend 58KB ascend 2KB dictionary.asn 3KB ldap.attrmap 2KB sql.attrmap 2KB user_edit.attrs 6KB attrs 4KB sql.attrs 951B accounting.attrs 639B AUTHORS 624B Autz-Type 2KB dictionary.avaya 882B dictionary.bay 11KB bay 486B dictionary.cisco.bbsm 356B dictionary.bintec 2KB dictionary.bristol 434B Makefile.BSD 286B bugs 4KB ltdl.c 96KB rlm_ldap.c 85KB radius.c 57KB radiusd.c 49KB rlm_sql.c 41KB rlm_mschap.c 38KB mainconfig.c 37KB request_list.c 35KB eap.c 31KB modcall.c 30KB rlm_perl.c 30KB dict.c 30KB filters.c 30KB ttls.c 29KB sql_sybase.c 28KB radeapclient.c 28KB threads.c 28KB valuepair.c 27KB auth.c 27KB smux.c 26KB radrelay.c 26KB rlm_ippool.c 26KB rlm_counter.c 26KB rlm_sqlhpwippool.c 25KB rlm_sqlippool.c 25KB radclient.c 24KB modules.c 24KB eap_tls.c 23KB conffile.c 23KB peap.c 23KB共 969 条
- 1
- 2
- 3
- 4
- 5
- 6
- 10
评论4