RFC Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM), January . RFC (part 1 of 5): Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM ). EAP-SIM RFC is a newly emerged EAP authentication The standard for EAP-SIM authentication is still in draft form with the IETF .
|Published (Last):||25 February 2014|
|PDF File Size:||8.78 Mb|
|ePub File Size:||15.25 Mb|
|Price:||Free* [*Free Regsitration Required]|
The Kc key is originally intended to be used as an encryption key over the air interface, but in this protocol, it is used for deriving keying material and is not directly used. This would allow for situations much like HTTPS, where a wireless hotspot allows free access and does not authenticate station clients but station clients wish to use encryption IEEE Wireless networking Computer access control protocols.
Fast re-authentication is based on keys derived on full authentication. Archived from the original on February 9, This phase is independent of other phases; hence, any other scheme in-band or out-of-band can exp-sim used in the future.
The alternative is to use device passwords instead, but then the device is validated on the network not the user.
Extensible Authentication Protocolor EAPis an authentication framework frequently used in wireless networks and point-to-point connections. A pseudonym identity of the peer, including an NAI realm portion in environments where a realm is used. Permanent Identity The permanent identity of the peer, eap-xim an NAI realm portion in environments where a realm is used. The peer has rff the same keying material, so the authenticator does not forward the keying material to the peer along with EAP-Success.
EAP-AKA and EAP-SIM Parameters
This document frequently uses the following terms and abbreviations: There have also been proposals to use IEEE EAP is not a wire protocol ; instead it only defines message formats. It also specifies an optional fast re-authentication procedure. The EAP-POTP method provides two-factor user authentication, meaning that a user needs both physical access to a token and knowledge of a personal identification number PIN to perform authentication. A fast re-authentication identity of the peer, including an NAI realm portion in environments where a realm is used.
The protocol only specifies chaining multiple EAP mechanisms and not any specific method. This is a requirement in RFC sec 7. The username portion of permanent identity, i. Flooding the Authentication Centre Permanent Username The username portion of permanent identity, i.
EAP Types – Extensible Authentication Protocol Types information
In-band provisioning—provide the peer with a shared secret to be used in secure phase 1 conversation. Authentication vector GSM triplets can be alternatively called authentication vectors.
The underlying key exchange is resistant to active attack, passive attack, and dictionary attack. Format, Generation and Usage of Peer Identities Fast Re-authentication Username The username portion of fast re-authentication identity, i. Note that the user’s name is never transmitted in unencrypted clear text, improving privacy.
Archived from the original on Mutual Authentication and Triplet Exposure Hence, the secrecy of Kc is critical to the security of this protocol.
The fast re-authentication procedure is described in Section 5. Implementers and users of EAP-SIM are advised to carefully study the security considerations in Section 11 in order to determine whether the security properties are sufficient for the environment in question, especially as the secrecy of Kc keys is essential to the security of EAP-SIM. The username portion of fast re-authentication identity, i. Microsoft Exchange Server Unleashed.