1 / 4

EAP/AKA, EAP/SIM, EAP/SIM6 Three EAP Method Proposals

EAP/AKA, EAP/SIM, EAP/SIM6 Three EAP Method Proposals. Authors: Jari Arkko (AKA) Henry Haverinen (SIM TJ Kniveton (SIM6) Presented by TJ Kniveton, NOKIA IETF53. Name of the method: EAP/AKA. Filename: draft-arkko-pppext-eap-aka

amal
Télécharger la présentation

EAP/AKA, EAP/SIM, EAP/SIM6 Three EAP Method Proposals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EAP/AKA, EAP/SIM, EAP/SIM6Three EAP Method Proposals Authors: Jari Arkko (AKA) Henry Haverinen (SIM TJ Kniveton (SIM6) Presented by TJ Kniveton, NOKIA IETF53

  2. Name of the method: EAP/AKA • Filename: draft-arkko-pppext-eap-aka • Justification: UMTS and GSM Authentication and Key Agreement. Possibility to use UMTS/GSM roaming and USIM/SIM cards. • Usage scenario: WLAN access authentication. Any type of devices (mobile phone, PDA, PC card) • EAP Type # assigned: 23 • Mutual authentication in UMTS mode, one-way authentication in GSM mode • Support for "fast reconnect“: not in the current draft version • Dictionary attack vulnerability: no • Key derivation: a 128-bit cipher key and a 128-bit integrity key in UMTS mode. A 56-bit encryption key in GSM mode. • Algorithms: UMTS algorithms, GSM algorithms. Identity privacy with pseudonyms. • Standards group dependencies: potential 3GPP, IEEE 802.11i usage

  3. Name of the method: EAP/SIM • Filename: draft-haverinen-pppext-eap-sim (-03) • Justification: Enhanced GSM authentication. Possibility to use existing GSM SIM cards and GSM roaming infrastructure. • Usage scenario: WLAN access authentication. Any type of devices (mobile phone, PDA, PC card) • EAP Type # assigned: 18 • Mutual authentication • Support for "fast reconnect“: not in the current draft version • Dictionary attack vulnerability: no • Key derivation: yes, any kind of keys • Algorithms: GSM algorithms with new enhancements for mutual authentication and stronger key derivation. Identity privacy with pseudonyms. • Standards group dependencies: Potential 3GPP, IEEE 802.11i usage

  4. Name of the method: EAP/SIM6 • Filename: draft-kniveton-sim6 (-00; -01 near completion) • Justification: Enhanced GSM authentication in IPv6. Possibility to use existing GSM SIM cards and GSM roaming infrastructure in IPv6 networks. • Usage scenario: WLAN access authentication. Any type of devices (mobile phone, PDA, PC card) • Uses existing EAP messages encapsulated in AAAv6 (MN->Att), Diameter(Att->AAAh) • Initial EAP-Request/Identity comes from Att./AR, as with 802.1x; all other messages are MN->AAAh/AS and the Att. Will handle outer encapsulation as above • Inherits security and authentication characteristics of EAP/SIM • Draft specifies complete message bits (assembled from ~4 protocol layers), message flow, and state machine • Algorithms: GSM algorithms with new enhancements for mutual authentication and stronger key derivation, as EAP/SIM. Identity privacy is not currently supported. • Standards group dependencies: Potential 3GPP, IEEE 802.11i usage • IANA Considerations: mostly covered by draft-haverinen-pppext-eap-sim, but additional considerations for route adv. option for Identity Request • May be too specific to be included in draft-aboba-pppext-iana

More Related