Using EAP-SIM for WLAN Authentication - PowerPoint PPT Presentation

About This Presentation
Title:

Using EAP-SIM for WLAN Authentication

Description:

EAP-SIM Using EAP-SIM for WLAN Authentication yliqiang_at_gmail.com 2005-9-13 Definition( ) EAP-SIM is an Extensible Authentication Protocol (EAP) [RFC3748 ... – PowerPoint PPT presentation

Number of Views:524
Avg rating:3.0/5.0
Slides: 29
Provided by: agsmSourc
Category:

less

Transcript and Presenter's Notes

Title: Using EAP-SIM for WLAN Authentication


1
EAP-SIM
  • Using EAP-SIM for WLAN Authentication
  • yliqiang_at_gmail.com
  • 2005-9-13

2
Definition(??)
  • EAP-SIM is an Extensible Authentication
    Protocol (EAP) RFC3748 mechanism for
    authentication and session key distribution
    using the Global System for Mobile
    communications (GSM) Subscriber Identity
    Module (SIM).
  • ?GSM-SIM???EAP??????????

3
EAP Introduction (??)
  • EAP is an authentication framework which
    supports multiple authentication methods.
  • ??????????????
  • EAP typically runs directly over data link layers
    such as Point-to-Point Protocol (PPP) or IEEE 802
  • EAP ????????????? PPP?IEEE 802

4
EAP Introduction (??)
  • EAP permits the use of a backend authentication
    server,with the authenticator acting as a
    pass-through for some or all methods and peers.
  • EAP ???????????,????????????????????
  • Conceptually, EAP implementations consist of the
    following components
  • ?????,EAP?????????????

5
IEEE 802.1X EAPOL
Lower Layer
Peer(????)
Authenticator (???)
6
IEEE 802.1X EAPOL
Lower Layer
Peer(????)
Pass-through Authenticator (???)
Radius Protocol
Authentication Server (?????)
AAAAuthentication(??), Authorization (??), and
Accounting (??)
7
GSM authentication(??)
  • RAND is a 128-bit random challenge issued from
    the base station to the mobile.
  • RAND ????????(??)?128???????
  • SRES is a 32-bit response generated by A3 issued
    from the mobile to the base station
  • SRES ????(??)?????32?????,?A3???

8
GSM authentication(??)
  • Kc is a 64-bit Cipher Key, used for A5.
  • Kc?64?????,?A8????????(A5)?
  • Ki is the SIMs 128-bit individual subscriber
    key.
  • Ki?128???SIM????(????)?
  • A3/A8 are specified by each operator rather than
    being fully standardized,but usually implemented
    together as COMP128.
  • A3/A8??????????,?????????,?????????COMP128,???
    ???A3,A8?

9
EAP-SIM Introduction(??)
  • builds on underlying GSM mechanisms
  • ???GSM???????

10
EAP-SIM Introduction(??)
  • Provides mutual authentication
  • ???????
  • several RAND challenges are used for generating
    several 64-bit Kc keys, which are combined to
    constitute stronger keying material.
  • ????????Kc,??????????????

11
EAP-SIM Introduction(??)
  • EAP-SIM specifies optional support for protecting
    the privacy of subscriber identity using the same
    concept as GSM, which is using pseudonyms/temporar
    y identifiers.
  • EAP-SIM????????(??)?
  • It also specifies an optional fast
    re-authentication procedure.
  • ????????(??)

12
Peer
Authenticator
EAP-Request/Identity
lt------------------------------------------------
---------

EAP-Response/Identity
---------------------------------
------------------------gt

EAP-Request/SIM/Start
(AT_VERSION_LIST) lt---------------------
------------------------------------

EAP-Response/SIM/Start
(AT_NONCE_MT, AT_SELECTED_VERSION)
-------------------------------------------------
--------gt

EAP-Request/SIM/Challenge (AT_RAND, AT_MAC)
lt------------------------------------------
--------------- -----------------------------
-------- Peer runs
GSM algorithms, verifies
AT_MAC and derives session keys
-------------------------
------------
EAP-Response/SIM/Challenge (AT_MAC)
---------------------------------
------------------------gt


EAP-Success lt--------------------------
-------------------------------
  • EAP-SIM Full Authentication Procedure(??????)

13
Key Generation
  • MK SHA1(IdentitynKc NONCE_MT Version List
    Selected Version)
  • K_aut , K_encr , MSK and EMSK are derived from
    MK using Pseudo-Random number Function (PRF)
  • Request AT_MAC HMAC-SHA1-128(K_aut, EAP packet
    NONCE_MT)
  • Response AT_MAC HMAC-SHA1-128(K_aut,EAP packet
    nSRES)
  • In the formula above, the "" character
    denotes concatenation.
  • Nonce
  • A value that is used at most once or that
    is never repeated within the same cryptographic
    context.
  • MAC
  • Message Authentication Code

14
Indication of vulnerabilities(??)
  • The security of the A3 and A8 algorithms is
    important to the security of EAP-SIM.
  • Some A3/A8 algorithms have been compromised
    see for example GSM Cloning for discussion
    about the security of COMP-128 version 1. Note
    that several revised versions of the COMP-128
    A3/A8 algorithm have been devised after the
    publication of these weaknesses and that the
    publicly specified GSM-MILENAGE 3GPP TS 55.205
    algorithm is not vulnerable to any known
    attacks.
  • A3/A8???????EAP-SIM???????COMP128-v1?????(??
    ??????SIM????COMP128-v1),????COMP128
    v2,v3???????GSM-MILENAGE,??????????

15
Indication of vulnerabilities(??)
  • Mutual Authentication and Triplet Exposure
  • EAP-SIM provides mutual authentication. The
    peer believes that the network is authentic
    because the network can calculate a correct
    AT_MAC value in the EAP-Request/SIM/Challenge
    packet. To calculate the AT_MAC it is sufficient
    to know the RAND and Kc values from the GSM
    triplets (RAND, SRES, Kc) used in the
    authentication. Because the network selects the
    RAND challenges and the triplets, an attacker
    that knows n (2 or 3) GSM triplets for the
    subscriber is able to impersonate a valid network
    to the peer.
  • EAP-SIM?????????????????????????????AT_MAC,?
    ??AT_MAC??RAND?Kc?????????????RAND,?????????(2-3)K
    c???????????????

16
Security Claims(????)
  • Auth. mechanism EAP-SIM is based on the GSM SIM
    mechanism, which is a challenge/response
    authentication and key agreement mechanism based
    on a symmetric 128-bit pre-shared secret.
    EAP-SIM also makes use of a peer challenge to
    provide mutual authentication.
  • ????EAP-SIM??GSM-SIM?????,????????/????????????
    ,?????????128???????(Ki)?EAP-SIM?????????(NONCE_MT
    )???????

17
Security Claims(????)
  • Ciphersuite negotiation No
  • Mutual authentication Yes
  • Integrity protection Yes
  • Replay protection Yes
  • Confidentiality Yes, except method specific
    success and failure indications
  • Key derivation Yes
  • Description of key hierarchy(page 13)
  • Dictionary attack protection N/A
  • Fast reconnect Yes
  • Cryptographic binding N/A
  • Session independence Yes
  • Fragmentation No
  • Channel binding No
  • Indication of vulnerabilities(page 14,15)

18
Example
  • Using EAP-SIM for WLAN Authentication

19
Requirements(????)
  • Windows XP built-in supplicant
  • EAP-SIM plug-in for the Windows XP built-in
    802.1x Supplicant (http//weap.sf.net)
  • PC/SC compatible smart card reader
    (QWY LowSpeed CCID smart card reader)
  • Wireless Access Point support RADIUS
    (TP-LINK TL-WR541G)
  • RADIUS server support EAP-SIM
    (FreeRadius 1.0.4)

20
Network topological diagram (?????)
simtriplets.dat
21
SIM Reader Installation
  • Download the driver from http//agsm.sf.net
  • Insert the USB smart card reader in a USB
    port,specify the location of the driver.
  • Insert your sim-card into smart card reader,run
    agsm2.exe to make sure you can access the
    sim-card.

22
Configure freeradius
  • Download freeradius-1.0.4 from http//www.freeradi
    us.org
  • cd freeradius-1.0.4 Configuremake install cd
    src\modules\rlm_sim_files make install.
  • Add the following to radiusd.conf
  • In modules , add
  • sim_files
  • simtriplets " raddbdir/simtriplets.
    dat "
  • in eap add sim
  • In authorized , add sim_files before eap.
  • Add the following to clients.conf
  • client 192.168.1.0/24 secret eap-sim
    shortname eap-sim

23
  • Generate simtriplets.dat
  • Run agsm2.exe.
  • Copy IMSI,RAND,SRES,Kc to simtriplets.dat, at
    least 5 entries.
  • simtriplets.dat
  • IMSI RAND
    SRES Kc
  • 1460001551807128,52632FE305874545AC9936926D796256,
    8184a227,5F05b4a2CE884400
  • 1460001551807128,ECEB1577E275414e9DD9EF98B277E54A,
    00fb682e,B6c0de73256c0400

Make sure insert 1
24
Configure AP
25
EAP-SIM plug-in installation
  • Download wEAP-SIM from http//weap.sf.net
  • Install.
  • Enable tracing.
  • EnableConsoleTracing
  • set HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRAC
    ING\ EnableConsoleTracing to nozero
  • set HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRA
    CING\ wEAP-SIM\ EnableConsoleTracing to nozero
  • EnableFileTracing
  • set HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRA
    CING\ wEAP-SIM\ EnableFileTracing to nozero

26
Authenticate the client
27
References
  • http//www.intel.com/technology/itj/2005/volume09i
    ssue01/art07_next_generation/p05_simpl_network.htm
  • draft-haverinen-pppext-eap-sim-16.txt
  • RFC3748 Extensible Authentication Protocol
    (EAP)
  • S5.Brumley-comp128.pdf
  • GSM Cloning http//www.isaac.cs.berkeley.edu/isa
    ac/gsm.html

28
?? ??
Write a Comment
User Comments (0)
About PowerShow.com