draft-haverinen-pppext-eap-sim-11.txt
来自「linux 下通过802.1认证的安装包」· 文本 代码 · 共 1,303 行 · 第 1/5 页
TXT
1,303 行
Point-to-Point Extensions Working Group H. Haverinen (editor)
Internet Draft Nokia
J. Salowey (editor)
Cisco
June 2003
EAP SIM Authentication
draft-haverinen-pppext-eap-sim-11.txt
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documentsat any time. It is inappropriate to use Internet- Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
This document is an individual submission for the Point-to-Point
Extensions Working Group of the Internet Engineering Task Force
(IETF). Comments should be submitted to the ietf-ppp@merit.edu
mailing list.
Distribution of this memo is unlimited.
Abstract
This document specifies an Extensible Authentication Protocol (EAP)
mechanism for authentication and session key distribution using the
GSM Subscriber Identity Module (SIM). The mechanism specifies
enhancements to GSM authentication and key agreement whereby
multiple authentication triplets can be combined to create
authentication responses and session keys of greater strength than
the individual GSM triplets. The mechanism also includes network
authentication, user anonymity support and a re-authentication
procedure.
Haverinen and Salowey Expires in six months [Page 1]
Internet Draft EAP SIM Authentication June 2003
Table of Contents
Status of this Memo.........................................1
Abstract....................................................1
Table of Contents...........................................2
1. Introduction.............................................3
2. Terms....................................................4
3. Overview.................................................5
4. Version Negotiation......................................7
5. Identity Management......................................8
5.1. User identity in EAP-Response/Identity.................8
5.2. Obtaining Subscriber Identity via EAP/SIM Messages....10
5.3. Identity Privacy Support..............................13
6. Re-Authentication.......................................20
7. Message Format..........................................25
8. Message Authentication and Encryption...................26
8.1. AT_MAC Attribute......................................26
8.2. AT_CHECKCODE Attribute................................27
8.3. AT_IV, AT_ENCR_DATA and AT_PADDING Attributes.........29
9. EAP-Request/SIM/Start...................................30
10. EAP-Response/SIM/Start.................................32
11. EAP-Request/SIM/Challenge..............................34
12. EAP-Response/SIM/Challenge.............................38
13. EAP-Request/SIM/Re-authentication......................39
14. EAP-Response/SIM/Re-authentication.....................43
15. Error Cases and the Usage of EAP-Failure and EAP-Success45
15.1. Processing Erroneous Packets.........................45
15.2. EAP-Failure..........................................46
15.3. EAP-Success..........................................46
16. EAP/SIM Notifications..................................46
17. Key Generation.........................................50
18. IANA Considerations....................................52
19. Security Considerations................................53
19.1. Identity Protection..................................53
19.2. Mutual Authentication and Triplet Exposure...........53
19.3. Key Derivation.......................................54
19.4. Dictionary Attacks...................................56
19.5. Credentials Reuse....................................56
19.6. Integrity Protection, Replay Protection and Confidentiality
56
19.7. Negotiation Attacks..................................57
19.8. Fast Reconnect.......................................57
19.9. Acknowledged Result Indications......................58
19.10. Man-in-the-middle Attacks...........................58
19.11. Generating Random Numbers...........................58
20. Security Claims........................................58
21. Intellectual Property Right Notice.....................59
22. Acknowledgements and Contributions.....................59
References.................................................60
Editors' and Contributors' Contact Information.............62
Annex A. Test Vectors......................................63
Annex B. Pseudo-Random Number Generator....................64
Haverinen and Salowey Expires in six months [Page 2]
Internet Draft EAP SIM Authentication June 2003
1. Introduction
This document specifies an Extensible Authentication Protocol (EAP)
[1] mechanism for authentication and session key distribution using
the GSM Subscriber Identity Module (SIM).
GSM authentication is based on a challenge-response mechanism. The
A3/A8 authentication algorithms that run on the SIM can be given a
128-bit random number (RAND) as a challenge. The SIM runs an
operator-specific algorithm, which takes the RAND and a secret key
Ki stored on the SIM as input, and produces a 32-bit response (SRES)
and a 64-bit long key Kc as output. The Kc key is originally
intended to be used as an encryption key over the air interface, but
in this protocol it is used for deriving keying material and not
directly used. Please find more information about GSM authentication
in [2].
In EAP/SIM, several RAND challenges are used for generating several
64-bit Kc keys, which are combined to constitute stronger keying
material. EAP/SIM also enhances the basic GSM authentication
mechanism by accompanying the RAND challenges and other messages
with a message authentication code in order to provide mutual
authentication.
EAP/SIM specifies optional support for protecting the privacy of
subscriber identity and an optional re-authentication procedure.
The security of EAP/SIM builds on underlying GSM mechanisms. The
security properties of EAP/SIM are documented in Section 19 of this
document. Implementers and users of EAP/SIM are advised to carefully
study the security considerations in Section 19 in order to
determine whether the security properties are sufficient for the
environment in question. In brief, EAP/SIM is in no sense weaker
than the GSM mechanisms. In some cases EAP/SIM provides better
security properties than the underlying GSM mechanisms, particularly
if the SIM credentials are only used for EAP/SIM and not re-used
from GSM/GPRS. In any case, if the GSM authentication mechanisms are
considered to be sufficient for use on the cellular networks, then
EAP/SIM is expected to be sufficiently secure for other networks.
The 3rd Generation Partnership Project (3GPP) has specified an
enhanced Authentication and Key Exchange (AKA) architecture for the
Universal Mobile Telecommunications System (UMTS). The UMTS AKA
mechanism includes mutual authentication, replay protection and
derivation of longer session keys. EAP AKA [21] specifies an EAP
method that is based on UMTS AKA. EAP AKA may be used instead of
EAP/SIM if the security properties of EAP/SIM are not considered
sufficient.
Haverinen and Salowey Expires in six months [Page 3]
Internet Draft EAP SIM Authentication June 2003
2. Terms
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3].
This document frequently uses the following terms and abbreviations:
AAA protocol
Authentication, Authorization and Accounting protocol
AAA server
In this document, AAA server refers to the network element that
resides on the border of Internet AAA network and GSM network.
Cf. EAP server
AuC
Authentication Centre. The GSM network element that provides the
authentication triplets for authenticating the subscriber.
Authentication vector
GSM triplets can be alternatively called authentication vectors.
Client
The entity that processes the EAP protocol on the supplicant.
Typically, it is the end that needs to be authenticated by the
authenticator. The Client includes a SIM that provides the
subscriber credentials and securely executes sensible
cryptographic calculations.
EAP
Extensible Authentication Protocol.
EAP Server
The network element that terminates the EAP protocol and performs
the authentication of the EAP/SIM client. In this document, we
assume that the EAP server functionality is implemented in a AAA
server.
GSM
Global System for Mobile communications.
Haverinen and Salowey Expires in six months [Page 4]
Internet Draft EAP SIM Authentication June 2003
GSM Triplet
The tuple formed by the three GSM authentication values RAND, Kc
and SRES
IMSI
International Mobile Subscriber Identifier, used in GSM to
identify subscribers.
MAC
Message Authentication Code
NAI
Network Access Identifier
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?