HP-UX AAA Server A.08.00.01 Administrator's Guide
because it is impossible to reverse engineer the permanent identity. However, a database
to store and retrieve the mapping of pseudonym to permanent identity is required.
Algorithm-Based Pseudonyms
The HP-UX AAA Server generates a pseudonym by encrypting the real user name
using an algorithm and the SIMAKA-PseudonymDecrypt AATV that decrypts a
pseudonym to reproduce the real user name. Following are the features and benefits
of the algorithmic approach as specified by Ericsson1, and submitted to the 3GPP TSG
SA WG3 working group:
• No external database is required to store all the assigned pseudonyms.
• A pseudonym generated on one RADIUS server can be processed by a second
RADIUS server.
• No user state is kept in the RADIUS server between WLAN sessions.
• Pseudonyms are not stored in the Home Subscriber Server (HSS) or Home Location
Register (HLR).
• Any secret keys used in the RADIUS server for the generation of pseudonyms
cannot be recovered even if a number of matching permanent identities and
pseudonyms are available.
• For any given pseudonym or a number of correlated pseudonyms, it is impossible
to recover the corresponding permanent identity.
• It is impossible to determine whether two pseudonyms correspond to the same
permanent identity.
• It is impossible to generate a valid pseudonym irrespective of the underlying
permanent identity, thereby avoiding random forgery.
• It is impossible to generate a valid pseudonym corresponding to a given permanent
identity, thereby avoiding targeted forgery.
To use algorithm-based pseudonyms, the global configuration in the aatv.SIMAKA{}
block must specify one or more Pseudonym-Algorithm-Key-n parameters. The key
number specified in the Pseudonym-Algorithm-Current-Key field is used to
encrypt new pseudonyms. The other keys are used for decryption of pseudonyms
generated earlier by them, but are not used for generation of new pseudonyms. With
the algorithm-based pseudonyms, there is no lifetime applied to the pseudonym. A
lifetime can be approximated by defining a new key and making the new key current.
After the desired lifetime, the old key can be removed and the pseudonyms generated
with it are disabled.
While generating a pseudonym based on a permanent identity, an IMSI, the server
uses a minor modification of an algorithm developed by Ericsson2 and submitted to
the 3GPP TSG SA WG3 working group. In this case, the pseudonym user name is 24
characters long.
While generating a pseudonym based on a permanent identity, which is a generic user
name, for example, fred, the server uses an algorithm derived from the same Ericsson
252 Configuring EAP-SIM and EAP-AKA Authentication Methods