📄 rcf4186.txt
字号:
AT_VERSION_LIST includes the EAP-SIM versions supported by the
server. If AT_VERSION_LIST does not include a version that is
implemented by the peer and allowed in the peer's security policy,
then the peer MUST send the EAP-Response/SIM/Client-Error packet
(Section 9.7) to the server with the error code "unsupported
version". If a suitable version is included, then the peer includes
Haverinen & Salowey Informational [Page 10]
RFC 4186 EAP-SIM Authentication January 2006
the AT_SELECTED_VERSION attribute, containing the selected version in
the EAP-Response/SIM/Start packet. The peer MUST only indicate a
version that is included in the AT_VERSION_LIST. If several versions
are acceptable, then the peer SHOULD choose the version that occurs
first in the version list.
The version number list of AT_VERSION_LIST and the selected version
of AT_SELECTED_VERSION are included in the key derivation procedure
(Section 7). If an attacker modifies either one of these attributes,
then the peer and the server derive different keying material.
Because K_aut keys are different, the server and peer calculate
different AT_MAC values. Hence, the peer detects that AT_MAC,
included in EAP-Request/SIM/Challenge, is incorrect and sends the
EAP-Response/SIM/Client-Error packet. The authentication procedure
terminates.
4.2. Identity Management
4.2.1. Format, Generation and Usage of Peer Identities
4.2.1.1. General
In the beginning of EAP authentication, the Authenticator or the EAP
server usually issues the EAP-Request/Identity packet to the peer.
The peer responds with the EAP-Response/Identity, which contains the
user's identity. The formats of these packets are specified in
[RFC3748].
GSM subscribers are identified with the International Mobile
Subscriber Identity (IMSI) [GSM-03.03]. The IMSI is a string of not
more than 15 digits. It is composed of a three digit Mobile Country
Code (MCC), a two or three digit Mobile Network Code (MNC), and a
Mobile Subscriber Identification Number (MSIN) of no more than 10
digits. MCC and MNC uniquely identify the GSM operator and help
identify the AuC from which the authentication vectors need to be
retrieved for this subscriber.
Internet AAA protocols identify users with the Network Access
Identifier (NAI) [RFC4282]. When used in a roaming environment, the
NAI is composed of a username and a realm, separated with "@"
(username@realm). The username portion identifies the subscriber
within the realm.
This section specifies the peer identity format used in EAP-SIM. In
this document, the term "identity" or "peer identity" refers to the
whole identity string that is used to identify the peer. The peer
Haverinen & Salowey Informational [Page 11]
RFC 4186 EAP-SIM Authentication January 2006
identity may include a realm portion. "Username" refers to the
portion of the peer identity that identifies the user, i.e., the
username does not include the realm portion.
4.2.1.2. Identity Privacy Support
EAP-SIM includes optional identity privacy (anonymity) support that
can be used to hide the cleartext permanent identity and thereby make
the subscriber's EAP exchanges untraceable to eavesdroppers. Because
the permanent identity never changes, revealing it would help
observers to track the user. The permanent identity is usually based
on the IMSI, which may further help the tracking, because the same
identifier may be used in other contexts as well. Identity privacy
is based on temporary identities, or pseudonyms, which are equivalent
to but separate from the Temporary Mobile Subscriber Identities
(TMSI) that are used on cellular networks. Please see Section 12.2
for security considerations regarding identity privacy.
4.2.1.3. Username Types in EAP-SIM identities
There are three types of usernames in EAP-SIM peer identities:
(1) Permanent usernames. For example,
1123456789098765@myoperator.com might be a valid permanent identity.
In this example, 1123456789098765 is the permanent username.
(2) Pseudonym usernames. For example, 3s7ah6n9q@myoperator.com might
be a valid pseudonym identity. In this example, 3s7ah6n9q is the
pseudonym username.
(3) Fast re-authentication usernames. For example,
53953754@myoperator.com might be a valid fast re-authentication
identity. In this case, 53953754 is the fast re-authentication
username. Unlike permanent usernames and pseudonym usernames, fast
re-authentication usernames are one-time identifiers, which are not
re-used across EAP exchanges.
The first two types of identities are used only on full
authentication and the last one only on fast re-authentication. When
the optional identity privacy support is not used, the non-pseudonym
permanent identity is used on full authentication. The fast
re-authentication exchange is specified in Section 5.
4.2.1.4. Username Decoration
In some environments, the peer may need to decorate the identity by
prepending or appending the username with a string, in order to
indicate supplementary AAA routing information in addition to the NAI
Haverinen & Salowey Informational [Page 12]
RFC 4186 EAP-SIM Authentication January 2006
realm. (The usage of an NAI realm portion is not considered
decoration.) Username decoration is out of the scope of this
document. However, it should be noted that username decoration might
prevent the server from recognizing a valid username. Hence,
although the peer MAY use username decoration in the identities that
the peer includes in EAP-Response/Identity, and although the EAP
server MAY accept a decorated peer username in this message, the peer
or the EAP server MUST NOT decorate any other peer identities that
are used in various EAP-SIM attributes. Only the identity used in
the EAP-Response/Identity may be decorated.
4.2.1.5. NAI Realm Portion
The peer MAY include a realm portion in the peer identity, as per the
NAI format. The use of a realm portion is not mandatory.
If a realm is used, the realm MAY be chosen by the subscriber's home
operator and it MAY be a configurable parameter in the EAP-SIM peer
implementation. In this case, the peer is typically configured with
the NAI realm of the home operator. Operators MAY reserve a specific
realm name for EAP-SIM users. This convention makes it easy to
recognize that the NAI identifies a GSM subscriber. Such a reserved
NAI realm may be a useful hint as to the first authentication method
to use during method negotiation. When the peer is using a pseudonym
username instead of the permanent username, the peer selects the
realm name portion similarly as it select the realm portion when
using the permanent username.
If no configured realm name is available, the peer MAY derive the
realm name from the MCC and MNC portions of the IMSI. A RECOMMENDED
way to derive the realm from the IMSI using the realm 3gppnetwork.org
is specified in [3GPP-TS-23.003].
Some old implementations derive the realm name from the IMSI by
concatenating "mnc", the MNC digits of IMSI, ".mcc", the MCC digits
of IMSI, and ".owlan.org". For example, if the IMSI is
123456789098765, and the MNC is three digits long, then the derived
realm name is "mnc456.mcc123.owlan.org". As there are no DNS servers
running at owlan.org, these realm names can only be used with
manually configured AAA routing. New implementations SHOULD use the
mechanism specified in [3GPP-TS-23.003] instead of owlan.org.
The IMSI is a string of digits without any explicit structure, so the
peer may not be able to determine the length of the MNC portion. If
the peer is not able to determine whether the MNC is two or three
digits long, the peer MAY use a 3-digit MNC. If the correct length
of the MNC is two, then the MNC used in the realm name includes the
first digit of the MSIN. Hence, when configuring AAA networks for
Haverinen & Salowey Informational [Page 13]
RFC 4186 EAP-SIM Authentication January 2006
operators that have 2-digit MNCs, the network SHOULD also be prepared
for realm names with incorrect, 3-digit MNCs.
4.2.1.6. Format of the Permanent Username
The non-pseudonym permanent username SHOULD be derived from the IMSI.
In this case, the permanent username MUST be of the format "1" |
IMSI, where the character "|" denotes concatenation. In other words,
the first character of the username is the digit one (ASCII value 31
hexadecimal), followed by the IMSI. The IMSI is encoded as an ASCII
string that consists of not more than 15 decimal digits (ASCII values
between 30 and 39 hexadecimal), one character per IMSI digit, in the
order specified in [GSM-03.03]. For example, a permanent username
derived from the IMSI 295023820005424 would be encoded as the ASCII
string "1295023820005424" (byte values in hexadecimal notation: 31 32
39 35 30 32 33 38 32 30 30 30 35 34 32 34).
The EAP server MAY use the leading "1" as a hint to try EAP-SIM as
the first authentication method during method negotiation, rather
than, for example EAP/AKA. The EAP-SIM server MAY propose EAP-SIM,
even if the leading character was not "1".
Alternatively, an implementation MAY choose a permanent username that
is not based on the IMSI. In this case, the selection of the
username, its format, and its processing is out of the scope of this
document. In this case, the peer implementation MUST NOT prepend any
leading characters to the username.
4.2.1.7. Generating Pseudonyms and Fast Re-authentication Identities by
the Server
Pseudonym usernames and fast re-authentication identities are
generated by the EAP server. The EAP server produces pseudonym
usernames and fast re-authentication identities in an
implementation-dependent manner. Only the EAP server needs to be
able to map the pseudonym username to the permanent identity, or to
recognize a fast re-authentication identity.
EAP-SIM includes no provisions to ensure that the same EAP server
that generated a pseudonym username will be used on the
authentication exchange when the pseudonym username is used. It is
recommended that the EAP servers implement some centralized mechanism
to allow all EAP servers of the home operator to map pseudonyms
generated by other severs to the permanent identity. If no such
mechanism is available, then the EAP server failing to understand a
pseudonym issued by another server can request the that peer send the
permanent identity.
Haverinen & Salowey Informational [Page 14]
RFC 4186 EAP-SIM Authentication January 2006
When issuing a fast re-authentication identity, the EAP server may
include a realm name in the identity to make the fast
re-authentication request be forwarded to the same EAP server.
When generating fast re-authentication identities, the server SHOULD
choose a fresh, new fast re-authentication identity that is different
from the previous ones that were used after the same full
authentication exchange. A full authentication exchange and the
associated fast re-authentication exchanges are referred to here as
the same "full authentication context". The fast re-authentication
identity SHOULD include a random component. This random component
works as a full authentication context identifier. A
context-specific fast re-authentication identity can help the server
to detect whether its fast re-authentication state information
matches that of its peer (in other words, whether the state
information is from the same full authentication exchange). The
random component also makes the fast re-authentication identities
unpredictable, so an attacker cannot initiate a fast
re-authentication exchange to get the server's EAP-Request/SIM/
Re-authentication packet.
Transmitting pseudonyms and fast re-authentication identities from
the server to the peer is discussed in Section 4.2.1.8. The
pseudonym is transmitted as a username, without an NAI realm, and the
fast re-authentication identity is transmitted as a complete NAI,
including a realm portion if a realm is required. The realm is
included in the fast re-authentication identity to allow the server
to include a server-specific realm.
Regardless of the construction method, the pseudonym username MUST
conform to the grammar specified for the username portion of an NAI.
The fast re-authentication identity also MUST conform to the NAI
grammar. The EAP servers that the subscribers of an operator can use
MUST ensure that the pseudonym usernames and the username portions
used in fast re-authentication identities they generate are unique.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -