Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
211212213214215216217218219220
17 Configuring EAP-SIM and EAP-AKA Authentication
Methods
This chapter introduces you to Extensible Authentication Protocol (EAP) for Global
System for Communications (GSM) Subscriber Identity Module (SIM) and EAP for
Universal Mobile Telecommunications System (UMTS) Authentication and Key
Agreement (AKA) authentication methods.
The chapter discusses the following topics:
“EAP-SIM” (page 219)
“EAP-AKA” (page 231)
“Fast Re-Authentication” (page 243)
“Pseudonym Identities” (page 251)
“Generating Authentication Vectors Using A3, A8, and AKA Algorithms” (page 263)
EAP-SIM
This section discusses the EAP-SIM authentication method and its configurations. This
section addresses the following topics:
“Overview” (page 219)
“EAP-SIM Authentication Using HP-UX AAA Server” (page 220)
“Features” (page 222)
“Benefits” (page 223)
“Configuring EAP SIM” (page 223)
Overview
EAP-SIM is an authentication method capable of operating in wireless networks.
EAP-SIM is used for authentication and session key distribution using the GSM SIM.
GSM mobile network standard authentication builds on the challenge-response
mechanism. Based on the algorithms specified by the operators, the SIM uses the 128-bit
challenge and the secret key (subscriber key), Ki, to generate a 32-bit response and a
64-bit long cipher key, Kc, as output. Kc is used to derive the keying material. The Ki,
which is also known as the authentication key, is a 128-bit value used to authenticate
SIMs in the network. Each SIM is associated with a unique Ki, which is assigned by
the operator. Therefore, the security of the protocol depends on Kc. However, for data
networks that require stronger and longer keys, Kc is not very secure. To enhance
security, the EAP-SIM mechanism combines multiple challenges to generate several
64-bit Kc long cipher keys. Collectively, these keys form stronger keying material.
The security of EAP-SIM builds on the GSM mechanism. If the SIM credentials are
used only for EAP-SIM, and are not re-used from GSM/GPRS, EAP-SIM is a more
secure method than the underlying GSM mechanisms.
EAP-SIM 219