Presentation is loading. Please wait.

Presentation is loading. Please wait.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

Similar presentations


Presentation on theme: "EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia."— Presentation transcript:

1 EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia

2 EAP AKA Basic Information draft-arkko-pppext-eap-aka-06.txt The USIM authentication solution for 3GPP WLAN interworking in the current 3GPP WLAN Interworking draft TS (TS ) –Deadline June 2003 Intended media: and other WLAN standards Requested track: Informational (?)

3 EAP AKA UMTS Mode Security Claims Mechanism: symmetric secret keys distributed on UICC cards with USIM application, UMTS f1…f5 algorithms Mutual authentication Key derivation supported –128-bit keys –Key hierarchy described in the draft Not vulnerable to dictionary attacks Identity privacy with pseudonyms, identity string integrity protected Because EAP AKA is not a tunnelling method, it does not protect EAP method negotiation, EAP notifications, EAP success, EAP failure No ciphersuite negotiation EAP AKA packets integrity protected, some parts are encrypted Fast reconnect supported (called “re-authentication” in EAP AKA)

4 EAP SIM Henry Haverinen, Nokia Joe Salowey, Cisco

5 EAP SIM Basic Information draft-haverinen-pppext-eap-sim-07.txt EAP authentication and key distribution with GSM SIM (enhanced SIM authentication) The GSM SIM authentication solution for 3GPP WLAN interworking in the current 3GPP WLAN Interworking draft TS (TS ) –Deadline June 2003 Intended media: and other WLAN standards Requested track: Informational (?)

6 EAP SIM Security Claims Mechanism: symmetric secret keys distributed on GSM SIM cards, GSM A3 and A8 algorithms Mutual authentication Key derivation supported –128-bit keys –If the same SIM is used in GSM and GPRS, then effective key length may be reduced to 64 bits with attacks over GSM/GPRS –Key hierarchy described in the draft Not vulnerable to dictionary attacks Identity privacy with pseudonyms, identity string integrity protected Because EAP SIM is not a tunnelling method, it does not protect EAP method negotiation, EAP notifications, EAP success, EAP failure No ciphersuite negotiation EAP SIM packets integrity protected, some parts are encrypted Fast reconnect supported (called “re-authentication” in EAP SIM)

7 IPR Issues Please see the IETF IPR pages –Nokia patent claim pertaining to EAP SIM

8 Back-up

9 SIM and USIM Algorithms GSM and UMTS authentication is based on cryptographic primitives on SIM/USIM and Authentication Centre (AuC) –A3, A8 algorithms in GSM –f1, f2, f3, f4, f5 algorithms in UMTS Requirements for the algorithms have been publicly specified in ETSI and 3GPP recommendations Smart card interface publicly specified Protocols to retrieve authentication vectors from HLR/HSS/AuC publicly specified –Currently Message Authentication Part (MAP) A public example implementation MILENAGE exists –3GPP for UMTS f1…f5 –Public ETSI/SAGE specification for using MILENAGE for A3/A8 –MILENAGE is an example, it is not mandated


Download ppt "EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia."

Similar presentations


Ads by Google