Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Similar presentations


Presentation on theme: "Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11."— Presentation transcript:

1 doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11 TGe January 2001 H. Haverinen, J.P. Edney, Nokia

2 doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 2 Use of GSM SIM Authentication in IEEE 802.11 System - Submission to Task Group e Focus of 802.11 has been mostly private ownership of WLAN networks (e.g. Corporate or home use) –New business opportunities can be created by enabling secure public access systems with deployment by nationwide operators. Existing cellular phone systems form the legacy for public access authentication and security solutions –authorization infrastructure for cellular telecommunications (e.g., GSM, 3G) is standardized and widely deployed –Today, there is no simple way for IEEE 802.11 to leverage this infrastructure in public access applications This submission proposes how to fit cellular authentication within TGe baseline –Note: the current baseline already is very well in line with this target

3 doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 3 GSM SIM Card Authentication (as used in mobile phone) Mobile Terminal A3 A8 A5 Ax = Encryption / Digest Algorithm Network A3 A8 A5 SIM Random Challenge Identity SSK Response Session Key Generated Internally Encrypted Data SSK = SIM Secret Key (changes for each SIM)

4 doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 4 GSM SIM Card Authentication Comments Note A3 / A8 algorithms are implemented inside the SIM card and vary between operators A3 / A8 algorithm implementation method highly secret A5 is open method supported by all phones When roaming, challenge response validation done by home network. Mobile A3 A8 A5 Network A3 A8 A5 SIM Random Challenge Identity Response

5 doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 5 GSMSIM used in WLAN (Nokia Approach) IP Network User Terminal Access Point Access Zone Router Authentication Gateway EXISTING GSM Authentication / Billing GSM Authentication Exchange

6 doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 6 Integration to TGe Baseline GSM SIM authentication can be transmitted as an EAP authentication type (EAP/GSMSIM) –EAP Request/Response : Identity –EAP Request/Response : GSMSIM/Start –EAP Request/Response : GSMSIM/Challenge –EAP Success / Fail EAP/GSMSIM supports mutual authentication –Client sends a nonce to network –Network accompanies challenge with an authenticator EAP/GSMSIM will be published as an Internet-Draft

7 doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 7 Key-Generating EAP types As part of the authentication procedure, EAP/GSMSIM securely distributes a session key to the client – EAP/GSMSIM is equivalent to EAP/TLS (RFC 2716) Use several GSM challenges to generate long keys Baseline should allow negotiation of key-generating EAP as an alternative to the default mechanism (EAP/GSS- API/IAKERB) –The EAP authentication type makes no difference to the access point, as long as a key is generated Key distribution between access points needs to be agreed upon

8 doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 8 Initial Contact Example Associate EAP Identity Request EAP Identity Response EAP-GSMSIM Response EAP-GSMSIM Request EAP-Success STA AP RADIUS Server 802.1X, 802.11 is Unblocked Probe Request/Response EAP-Success + Session Key Repeat EAP Identity Response Negotiate EAP/GSMSIM This applies to any key- generating EAP …….

9 doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 9 Summary Baseline should include any EAP authentication type that generates a key –EAP/TLS, EAP/GSMSIM and others Need to determine a method to negotiate key-generating EAP type Need to agree on a key distribution mechanism


Download ppt "Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11."

Similar presentations


Ads by Google