Whitepaper

EAP-SIM Authentication in WLAN Networks

Copyright 2006: Garderos Software Innovations GmbH

Page 1 of 11

This document contains information, which is proprietary to Garderos Software Innovations GmbH. No part of its contents may be used, copied, disclosed, or conveyed to any party in any manner whatsoever without prior written permission from Garderos Software Innovations GmbH.

Copyright 2006: Garderos Software Innovations GmbH

Page 2 of 11

Glossary AAA AuC DHCP EAP EAP-SIM GSM GSM Triplets HLR IMSI ITU LAN MCC MNC MSIN PIN PPPoE PUK RADIUS SIM SS7 TIMSI UAM WEP WPA Wi-Fi WLAN Authentication, Authorization, Accounting Authentication Center Dynamic Host Configuration Protocol Extensible Authentication Protocol Extensible Authentication Protocol combined with the Subscriber Identity Module Global System for mobile Communications Formed by three GSM authentication values Home Location Register International Mobile Subscriber Identifier International Telecommunication Union Local Area Network Mobile Country Code Mobile Network Code Mobile Subscriber Identification Number Personal Identification Number Point-to-Point Protocol Over Ethernet Personal Unblocking Key Remote Authentication Dial-in User Subscriber Identity Module Signaling System No. 7 is a global standard for telecommunications defined by ITU Temporary International Mobile Subscriber Identifier Universal Access Method Wired Equivalent Privacy Wi-Fi Access Protection Wireless Fidelity Wireless LAN

Document History
Version 1.0 1.0 State First Draft Review Date 2006-01-19 2006-01-20 Person Christian Markwart Susanne Bckl

Copyright 2006: Garderos Software Innovations GmbH

Page 3 of 11

Table of Contents

1 2 3

Introduction............................................................................................................... 5 Universal access method ......................................................................................... 6 Fundamentals of EAP-SIM ....................................................................................... 7 3.1 3.2 Subscriber identity module ................................................................................ 7 One-time SMS password authentication ........................................................... 7

EAP-SIM authentication ........................................................................................... 8 4.1 4.2 User anonymity support .................................................................................... 9 Periodic re-authentication and fast re-authentication ........................................ 9

Conclusion.............................................................................................................. 11

Copyright 2006: Garderos Software Innovations GmbH

Page 4 of 11

Introduction

The Internet is a well established service and nearly all users are familiar with different login procedures. There are several technical methods how user credentials can be sent to access servers, e.g. Point-to-Point Protocol Over Ethernet (PPPoE), Dial-up network or Extensible Authentication Protocol (EAP). This Paper describes the most important authentication methods that are used in Public Wireless Local Area Network (WLAN) environments. Particular attention is drawn to EAP-SIM (Extensible Authentication Protocol Subscriber Identity Module) authentication where WLAN users can be authenticated using their SIM (Subscriber Identity Module) card.

Copyright 2006: Garderos Software Innovations GmbH

Page 5 of 11

Universal access method

When users want to get access to the Internet in public WLAN environments the most common authentication procedure used is the universal access method (UAM). Here, the users simply provide username and password on a portal page. WLAN network operators use UAM to offer Internet access to anonymous users, e.g. in a conference center. Users just need to buy Internet session, e.g. time or volume-based vouchers. These vouchers can be printed out or sent to them electronically and contain username and/or password. Electronic vouchers have some great advantages compared to the physical vouchers: Lower production costs Higher convenience for users Due to the fact that a radio links do not offer any level of physical security it is very important that security measures are taken to ensure the privacy of the user and to prevent unauthorized use of the WLAN services.

Copyright 2006: Garderos Software Innovations GmbH

Page 6 of 11

3
3.1

Fundamentals of EAP-SIM
Subscriber identity module

The Subscriber Identity Module (SIM) is a small smart card which contains specific identification information. One of the most important information stored on the SIM is the IMSI (International Mobile Subscriber Identity). The IMSI is a unique number for every user (subscriber). It contains a subscriber number as well as information about the home network and the country of issue. The most important advantage of using SIM for authentication is that they may be used with different devices without losing the information stored on them.

3.2

One-time SMS password authentication

One-time SMS password authentication can meet the security requirement of UAM. On a portal page, the user provides his mobile number as user identity. The portal server verifies if this mobile number is allowed to be used for the requested WLAN service, generates a one-time password and sends it to the mobile number via SMS. The user enters this password of the SMS in the dedicated field on the portal page. The WLAN authentication server checks if the password is correct or not. If it is correct, the user can access the requested WLAN service. The main idea behind the one-time authentication method is to use an easy but secure authentication method to verify a user. The user who has the mobile phone in his hand and who receives the SMS is assumed to be the legitimate user and can easily be authenticated. While the one-time password authentication method via SMS uses the SIM indirectly, it is also possible to use the SIM directly. This method is called EAP-SIM authentication and will be introduced in the following chapter.

Copyright 2006: Garderos Software Innovations GmbH

Page 7 of 11

EAP-SIM authentication

EAP-SIM authentication requires a certain set of network components: Client device, e.g. user terminal with SIM card 802.1X compatible WLAN access point Access controller with DHCP (Dynamic Host Configuration Protocol) server, quality of service and accounting functions (may be separated into several devices) AAA RADIUS server used for authentication SS7 Gateway (Signaling System No. 7 is a global standard for telecommunications) to connect the AAA RADIUS server to the HLR (Home Location Register)/Authentication Center (AuC) HLR/AuC Prerequisite for EAP-SIM authentication is that the client device is configured with at least the following: WLAN network interface card or a terminal with integrated WLAN support SIM card reader with an inserted SIM card The EAP client software (supplicant) Before EAP-SIM authentication can begin the user usually has to perform a local PIN (Personal Identification Number) verification. It is possible to disable this PIN verification, but for security reasons the disabling is not recommended. The PIN is entered on the user terminal and automatically sent to the SIM for verification. If the code does not match the PIN stored on the SIM, the SIM sends a message to the user informing him that the code is invalid and refuses to perform authentication functions until the correct PIN is entered. To further enhance security, the SIM normally locks out a PIN after a certain amount of invalid user attempts to enter the correct PIN (usually 3 attempts). After this lockout a PUK (PIN Unlock) code is required. This PUK can be obtained from the mobile operator. If the PUK is entered incorrectly a certain amount of times, the SIM permanently refuses authentication. If the PIN is entered correctly, the actual EAP-SIM authentication starts and the user's authentication request is verified by the WLAN access point. The WLAN access point performs protocol transformation from 802.1X (EAP) into the RADIUS protocol and sends the request to the AAA RADIUS server. The AAA server requests so-called GSM (Global System for mobile Communications) triplets (three pieces of data) via an SS7 Gateway from the AuC. This is sent to the client terminal, which performs a mathematical operation with it. The result of this operation is sent back to the AAA server. If the result matches the value expected by the AAA server an authentication accept message is sent to the access point and the user is logged in. The GSM triplets are also used to create dynamic keys for WPA (Wi-Fi Access Protection) encryption on the WLAN air interface. The dynamic WPA encryption has
Copyright 2006: Garderos Software Innovations GmbH Page 8 of 11

several advantages compared to the well-known basic WEP encryption, e.g. the dynamic WEP key is specific for every user and is also changing during a user session. Because the keys are only valid for a very limited amount of times when using WPA encryption, it is made impossible to break a key by brute force. Breaking the key takes much longer than it is used between the WLAN access point and client device. EAP-SIM also provides further security features, e.g. it guarantees user anonymity and a fast re-authentication procedure, which reduces the load on the HLR.

4.1

User anonymity support

During EAP-SIM authentication the user is identified via his International Mobile Subscriber Identity (IMSI). The IMSI is a string of not more than 15 digits. It consists of a 3-digit Mobile Country Code (MCC), a 2 or 3-digit Mobile Network Code (MNC) and a max. 9 digit Mobile Subscriber Identification Number (MSIN). MCC and MNC uniquely identify the mobile operator, the MSIN identifies the user. User anonymity is a configurable option for EAP-SIM authentication. When his option is enabled on the AAA server it will generate so-called pseudonyms. These pseudonym user names are processed by the AAA server and the supplicant software and the AAA server can map these temporary identities (pseudonyms) to the associated IMSI. A very common way to realize this is by using TIMSI (Temporary IMSI) as pseudonym. The TIMSI is a pseudo-random number generated from the IMSI. With the TIMSI the need to transmit the IMSI over the network becomes unnecessary.

4.2

Periodic re-authentication and fast re-authentication

Another access method that allows remote control of the user sessions and enhances security is to initiate EAP-SIM authentication periodically without terminating the user session. This feature is called re-authentication. There are two general options to configure the re-authentication: 1. Static configuration of time intervals on the access points 2. Dynamic configuration of time intervals via RADIUS between the AAA server and the access point The complete authentication procedure for EAP-SIM makes use of the GSM SIM A3/A8 algorithms. For each re-authentication the AAA server requires new triplets from the AuC. Since these are complex authentication procedures for EAP-SIM the complete reauthentication is not recommended for frequent use. A solution to this is the so-called fast re-authentication procedure. Fast re-authentication is based on the keys derived on the preceding complete authentication. The same keys as in complete authentication are used to protect EAP-SIM packets and attributes. The
Copyright 2006: Garderos Software Innovations GmbH Page 9 of 11

original master key from complete authentication is used to generate a fresh master session key, i.e. new triplets from the AuC are not necessary. Thereby, the fast reauthentication procedure makes use of separate re-authentication user identities. Pseudonyms and the permanent identity are reserved for complete authentication only.

Copyright 2006: Garderos Software Innovations GmbH

Page 10 of 11

Conclusion

EAP-SIM has many advantages compared to other authentication methods, since confidential information is never just sent through the air. What make it particularly favorable is, that EAP authentication can change encryption keys during a user session and that secure algorithms are only known by the HLR/AuC and the SIM card.

Copyright 2006: Garderos Software Innovations GmbH

Page 11 of 11