RFC (part 1 of 5): Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM ). EAP-SIM RFC is a newly emerged EAP authentication The standard for EAP-SIM authentication is still in draft form with the IETF . but are not limited to, RFCs, the products of another standards body (e.g. 3GPP ), EAP-AKA’ AT_KDF Key Derivation Function values; Trusted Non-3GPP 12, AKA-Notification and SIM-Notification, [RFC][RFC].

Author: Nikolar Nasho
Country: Czech Republic
Language: English (Spanish)
Genre: Literature
Published (Last): 2 July 2013
Pages: 439
PDF File Size: 4.53 Mb
ePub File Size: 10.91 Mb
ISBN: 197-3-83997-899-7
Downloads: 21855
Price: Free* [*Free Regsitration Required]
Uploader: Gull

Showing of 67 extracted citations. This phase is independent of other phases; hence, any other scheme in-band or out-of-band can be used in the future. This page was last edited on 21 Decemberat In general, a nonce can be predictable e.

From the triplets, the EAP server derives the keying material, as specified in Section 7. Network Working Group H. PANA allows dynamic service provider selection, supports various authentication methods, is suitable for roaming users, and is independent from the link layer mechanisms.

GSM cellular networks use a subscriber identity module card to carry out user authentication. Integrity and Replay Protection, and Confidentiality Archived from the original PDF on 12 December The IETF has also not reviewed the security of the cryptographic algorithms.

EAP-AKA and EAP-SIM Parameters

Sjm the server is securely authenticated to the client via its CA certificate and optionally the client to the server, the server can then use the established secure connection “tunnel” to authenticate the client. The fast re-authentication procedure is described in Section 5. EAP-SIM also extends the combined RAND challenges and other messages with a message authentication code in order to provide message integrity protection along with mutual authentication.


This vulnerability is mitigated by manual PAC provisioning or by using server certificates for the PAC provisioning phase. Webarchive template wayback links Pages using RFC magic links All articles with specifically marked weasel-worded phrases Articles with specifically marked weasel-worded phrases from January All articles with unsourced statements Articles with unsourced statements from April Wikipedia articles with GND identifiers.

The client can, but does not have to be rgc via a CA -signed PKI certificate to the server. EAP is an authentication framework, not a specific authentication mechanism. Sung Ya-ChinY. In-band provisioning—provide the peer with a shared secret to be used in secure phase 1 conversation.

Information on RFC » RFC Editor

It is possible to use a different authentication credential and thereby technique in each direction. Protocol for Carrying Authentication for Network Access.

Overview Figure 1 shows an overview of the EAP-SIM full authentication procedure, wherein optional protected success indications are not used. Fall Back to Full Authentication With a client-side certificate, a compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side certificate; indeed, a password is not even needed, as it is only used to encrypt the client-side certificate for storage.

Attacks Against Identity Privacy Note that the user’s name is never transmitted in unencrypted clear text, improving privacy. The EAP-POTP method provides two-factor user authentication, meaning that a user needs both physical access to a token and knowledge of a personal identification number PIN to perform authentication.

References Publications referenced by this paper. EAP-TLS is still considered slm of the most secure EAP standards available, although TLS provides strong security only as long as the user understands potential warnings about false credentials, and is universally supported by all manufacturers of wireless LAN hardware and software.


It is worth noting that the PAC file is issued on a per-user basis. Message Sequence Examples Informative The protocol only specifies chaining multiple EAP mechanisms and not any specific method. Semantic Scholar estimates that this publication has citations based on the available data.

The standard rvc describes the conditions under which the AAA key management requirements described in RFC can be satisfied. EAP is not a wire protocol ; instead xim only defines message formats. Microsoft Exchange Server Unleashed. The Kc key is originally intended to be used as an encryption key over the air interface, but in this protocol, it is used for deriving keying material and is not directly used. It was co-developed by Funk Software and Certicom and is widely supported across platforms.

By clicking accept frc continuing to use the site, you agree to the terms outlined in our Privacy PolicyTerms of Serviceand Dataset License. See our FAQ for additional information. This is a requirement in RFC sec 7. By using this site, you agree rgc the Terms of Use and Privacy Policy.

Randomness Requirements for Security Donald E. Requesting the Permanent Identity