HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

191

192

193

194

195

196

197

198

199

200

information on how to modify the examples or create your own A3, A8, AKA algorithm plug-ins,

see “Creating Plug-ins for AATVs” (page 334).

3GPP Milenage A3, A8, and AKA Algorithm

An implementation of the 3GPP Milenage A3 and A8 algorithm functions for EAP-SIM authentication

and the AKA algorithm for EAP-AKA are included in the server. The 3GPP Milenage A3, A8, and

AKA algorithm plug-in module includes configuration parameters that allow it to be customized

for a specific operator. The A3, A8, and AKA algorithm names in this plug-in are 3GPP-Milenage.

For more information on 3GPP Milenage f1, f1*, f2, f3, f4, f5, f5* algorithms, see the following

3GPP documents:

• 3GPP TS 35.205 v6.0.0 - General Information

• 3GPP TS 35.206 v6.0.0 - Algorithm Specification

• 3GPP TS 35.207 v6.0.0 - Implementors' Test Data

• 3GPP TS.35.208 v6.0.0 - Design Conformance Test Data

• 3GPP TS.35.909 v6.0.0 - Summary and results of design and evaluation

• 3GPP TS.55.205 v6.2.0 - Authentication and Key Generation functions for A3 and A8

The 3GPP Milenage A3/A8/AKA algorithms are based on the following 3GPP Milenage functions:

f1(), f1*(), f2(), f3(), f4(), f5(), f5*()

A total of 12 parameters are required to fully specify the function set. Table 17–5 lists the 3GPP

Milenage parameters.

Table 58 3GPP Milenage Parameters

DescriptionParameter

128-bit kernel functionEk

128-bit operator specific valueOP

128-bit values used to compute f1, f1*, f2, f3,

f4, f5, f5*

C1-C5

Integer rotation constants used to compute f1, f1*, f2,

f3, f4, f5, f5*

R1-R5

The Ek kernel function specified by 3GPP Milenage is 128-bit AES (Rijndeal).

The 3GPP Milenage A3 algorithm has two variants corresponding to recommended SRES derivation

function #1 and recommended SRES derivation function #2. The A3 function is affected by the

choice, while the A8 function is unaffected. The selection of A3 variant #1 or #2 constitutes another

parameter, A3-Variant. The AKA algorithm is unaffected by this parameter.

The selection of parameter values must match the characteristics of the client devices to be

authenticated.

Table 17–6 lists the configuration parameters available in aatv.3GPP-Milenage{} block in

aaa.config file.

Table 59 Configuration Parameters of aatv.3GPP-Milenage{} Block

DescriptionParameter

128-bit operator-specific constant. The OP value must be

specified by each operator. Milenage specifies no default

value.

194 Configuring EAP-SIM and EAP-AKA Authentication Methods