40 likes | 191 Views
EAP/AKA, EAP/SIM, EAP/SIM6 Three EAP Method Proposals. Authors: Jari Arkko (AKA) Henry Haverinen (SIM TJ Kniveton (SIM6) Presented by TJ Kniveton, NOKIA IETF53. Name of the method: EAP/AKA. Filename: draft-arkko-pppext-eap-aka
E N D
EAP/AKA, EAP/SIM, EAP/SIM6Three EAP Method Proposals Authors: Jari Arkko (AKA) Henry Haverinen (SIM TJ Kniveton (SIM6) Presented by TJ Kniveton, NOKIA IETF53
Name of the method: EAP/AKA • Filename: draft-arkko-pppext-eap-aka • Justification: UMTS and GSM Authentication and Key Agreement. Possibility to use UMTS/GSM roaming and USIM/SIM cards. • Usage scenario: WLAN access authentication. Any type of devices (mobile phone, PDA, PC card) • EAP Type # assigned: 23 • Mutual authentication in UMTS mode, one-way authentication in GSM mode • Support for "fast reconnect“: not in the current draft version • Dictionary attack vulnerability: no • Key derivation: a 128-bit cipher key and a 128-bit integrity key in UMTS mode. A 56-bit encryption key in GSM mode. • Algorithms: UMTS algorithms, GSM algorithms. Identity privacy with pseudonyms. • Standards group dependencies: potential 3GPP, IEEE 802.11i usage
Name of the method: EAP/SIM • Filename: draft-haverinen-pppext-eap-sim (-03) • Justification: Enhanced GSM authentication. Possibility to use existing GSM SIM cards and GSM roaming infrastructure. • Usage scenario: WLAN access authentication. Any type of devices (mobile phone, PDA, PC card) • EAP Type # assigned: 18 • Mutual authentication • Support for "fast reconnect“: not in the current draft version • Dictionary attack vulnerability: no • Key derivation: yes, any kind of keys • Algorithms: GSM algorithms with new enhancements for mutual authentication and stronger key derivation. Identity privacy with pseudonyms. • Standards group dependencies: Potential 3GPP, IEEE 802.11i usage
Name of the method: EAP/SIM6 • Filename: draft-kniveton-sim6 (-00; -01 near completion) • Justification: Enhanced GSM authentication in IPv6. Possibility to use existing GSM SIM cards and GSM roaming infrastructure in IPv6 networks. • Usage scenario: WLAN access authentication. Any type of devices (mobile phone, PDA, PC card) • Uses existing EAP messages encapsulated in AAAv6 (MN->Att), Diameter(Att->AAAh) • Initial EAP-Request/Identity comes from Att./AR, as with 802.1x; all other messages are MN->AAAh/AS and the Att. Will handle outer encapsulation as above • Inherits security and authentication characteristics of EAP/SIM • Draft specifies complete message bits (assembled from ~4 protocol layers), message flow, and state machine • Algorithms: GSM algorithms with new enhancements for mutual authentication and stronger key derivation, as EAP/SIM. Identity privacy is not currently supported. • Standards group dependencies: Potential 3GPP, IEEE 802.11i usage • IANA Considerations: mostly covered by draft-haverinen-pppext-eap-sim, but additional considerations for route adv. option for Identity Request • May be too specific to be included in draft-aboba-pppext-iana