Eap sim l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 28

EAP-SIM PowerPoint PPT Presentation


  • 1119 Views
  • Updated On :
  • Presentation posted in: General

EAP-SIM. Using EAP-SIM for WLAN Authentication [email protected] 2005-9-13. Definition( 定义 ).

Download Presentation

EAP-SIM

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Eap sim l.jpg

EAP-SIM

Using EAP-SIM for WLAN Authentication

[email protected]

2005-9-13

EAP-SIM


Definition l.jpg

Definition(定义)

  • EAP-SIM is an Extensible Authentication Protocol (EAP) [RFC3748] mechanism for authentication and session key distribution using the Global System for Mobile communications (GSM) Subscriber Identity Module (SIM).

    用GSM-SIM卡作为EAP的认证和密匙分发机制

EAP-SIM


Eap introduction l.jpg

EAP Introduction (简介)

  • EAP is an authentication framework which supports multiple authentication methods.

    支持多种认证机制的认证框架。

  • EAP typically runs directly over data link layers such as Point-to-Point Protocol (PPP) or IEEE 802

    EAP 通常直接运行在数据链路层如 PPP或IEEE 802

EAP-SIM


Eap introduction4 l.jpg

EAP Introduction (简介)

  • EAP permits the use of a backend authentication server,with the authenticator acting as a pass-through for some or all methods and peers.

    EAP 允许使用后台认证服务器,把认证端作为一些或全部认证机制的转发者。

  • Conceptually, EAP implementations consist of the following components:

    从概念上讲,EAP的实现有下面这些组件构成。

EAP-SIM


Slide5 l.jpg

IEEE 802.1X EAPOL

Lower Layer

Peer(被认证者)

Authenticator (认证者)

EAP-SIM


Slide6 l.jpg

IEEE 802.1X EAPOL

Lower Layer

Peer(被认证者)

Pass-through Authenticator (认证者)

Radius Protocol

Authentication Server

(认证服务器)

AAA:Authentication(认证), Authorization (授权), and Accounting (记帐)

EAP-SIM


Gsm authentication l.jpg

GSM authentication(认证)

  • RAND is a 128-bit random challenge issued from the base station to the mobile.

    RAND 是基站发给移动台(手机)的128比特长随机数。

  • SRES is a 32-bit response generated by A3 issued from the mobile to the base station

    SRES 是移动台(手机)发给基站的32比特长响应,由A3生成。

EAP-SIM


Gsm authentication8 l.jpg

GSM authentication(认证)

  • Kc is a 64-bit Cipher Key, used for A5.

    Kc是64比特长密匙,由A8生成用于数据加密(A5)。

  • Ki is the SIM’s 128-bit individual subscriber key.

    Ki是128比特长SIM卡的密匙(拥有标识)。

  • A3/A8 are specified by each operator rather than being fully standardized,but usually implemented together as COMP128.

    A3/A8定义了算法的输入输出,具体实现由厂商决定,实际上厂商都采用了COMP128,它同时实现了A3,A8。

EAP-SIM


Eap sim introduction l.jpg

Peer

Authenticator

AAA/RADIUS

SIM

Card

SS7 Network

GSM/MAP/SS7

Gateway

GSM Authentication

Center

EAP-SIM Introduction(简介)

  • builds on underlying GSM mechanisms

    构建在GSM认证机制之上。

EAP-SIM


Eap sim introduction10 l.jpg

EAP-SIM Introduction(简介)

  • Provides mutual authentication

    支持相互认证。

  • several RAND challenges are used for generating several 64-bit Kc keys, which are combined to constitute stronger keying material.

    多次挑战生成多个Kc,组合起来生成更强的相关密匙。

EAP-SIM


Eap sim introduction11 l.jpg

EAP-SIM Introduction(简介)

  • EAP-SIM specifies optional support for protecting the privacy of subscriber identity using the same concept as GSM, which is using pseudonyms/temporary identifiers.

    EAP-SIM支持用户身份保密(可选)。

  • It also specifies an optional fast re-authentication procedure.

    支持快速重复认证(可选)

EAP-SIM


Eap sim full authentication procedure l.jpg

Peer Authenticator

| EAP-Request/Identity |

|<---------------------------------------------------------|

| |

| EAP-Response/Identity |

|--------------------------------------------------------->|

| |

| EAP-Request/SIM/Start (AT_VERSION_LIST) |

|<---------------------------------------------------------|

| |

| EAP-Response/SIM/Start (AT_NONCE_MT, AT_SELECTED_VERSION)|

|--------------------------------------------------------->|

| |

| EAP-Request/SIM/Challenge (AT_RAND, AT_MAC) |

|<---------------------------------------------------------|

+-------------------------------------+ |

| Peer runs GSM algorithms, verifies | |

| AT_MAC and derives session keys | |

+-------------------------------------+ |

| EAP-Response/SIM/Challenge (AT_MAC) |

|--------------------------------------------------------->|

| |

| EAP-Success |

|<---------------------------------------------------------|

| |

EAP-SIM Full Authentication Procedure(完全认证过程)

EAP-SIM


Key generation l.jpg

Key Generation

  • MK = SHA1(Identity|n*Kc| NONCE_MT| Version List| Selected Version)

  • K_aut , K_encr , MSK and EMSK are derived from MK using Pseudo-Random number Function (PRF)

  • Request AT_MAC = HMAC-SHA1-128(K_aut, EAP packet| NONCE_MT)

  • Response AT_MAC = HMAC-SHA1-128(K_aut,EAP packet| n*SRES)

    In the formula above, the "|" character denotes concatenation.

    Nonce

    A value that is used at most once or that is never repeated within the same cryptographic context.

    MAC

    Message Authentication Code

EAP-SIM


Indication of vulnerabilities l.jpg

Indication of vulnerabilities(弱点)

  • The security of the A3 and A8 algorithms is important to the security of EAP-SIM.

    Some A3/A8 algorithms have been compromised; see for example [GSM Cloning] for discussion about the security of COMP-128 version 1. Note that several revised versions of the COMP-128 A3/A8 algorithm have been devised after the publication of these weaknesses and that the publicly specified GSM-MILENAGE [3GPP TS 55.205] algorithm is not vulnerable to any known attacks.

    A3/A8算法的安全性对EAP-SIM是至关重要的。COMP128-v1已经被破解(当前市面上大部分SIM卡用的是COMP128-v1),修订过的COMP128 v2,v3以及公开标准的GSM-MILENAGE,当前还没有方法攻破。

EAP-SIM


Indication of vulnerabilities15 l.jpg

Indication of vulnerabilities(弱点)

  • Mutual Authentication and Triplet Exposure

    EAP-SIM provides mutual authentication. The peer believes that the network is authentic because the network can calculate a correct AT_MAC value in the EAP-Request/SIM/Challenge packet. To calculate the AT_MAC it is sufficient to know the RAND and Kc values from the GSM triplets (RAND, SRES, Kc) used in the authentication. Because the network selects the RAND challenges and the triplets, an attacker that knows n (2 or 3) GSM triplets for the subscriber is able to impersonate a valid network to the peer.

    EAP-SIM支持双向认证。被认证者相信认证者是因为认证者能计算出正确的AT_MAC,要计算AT_MAC知道RAND和Kc就足够了。因为是认证者选择RAND,攻击者只需知道几个(2-3)Kc就可以假装是一个有效的认证者。

EAP-SIM


Security claims l.jpg

Security Claims(安全声明)

  • Auth. mechanism: EAP-SIM is based on the GSM SIM mechanism, which is a challenge/response authentication and key agreement mechanism based on a symmetric 128-bit pre-shared secret. EAP-SIM also makes use of a peer challenge to provide mutual authentication.

    认证机理:EAP-SIM基于GSM-SIM的认证机理,它是一种基于挑战/响应的认证和密匙分发机制,需要一个预先共享的128比特长对称密匙(Ki)。EAP-SIM通过被认证者发挑战(NONCE_MT)支持双向认证。

EAP-SIM


Security claims17 l.jpg

Security Claims(安全声明)

  • Ciphersuite negotiation: No

  • Mutual authentication: Yes

  • Integrity protection: Yes

  • Replay protection: Yes

  • Confidentiality: Yes, except method specific success and failure indications

  • Key derivation: Yes

  • Description of key hierarchy:(page 13)

  • Dictionary attack protection: N/A

  • Fast reconnect: Yes

  • Cryptographic binding: N/A

  • Session independence: Yes

  • Fragmentation: No

  • Channel binding: No

  • Indication of vulnerabilities:(page 14,15)

EAP-SIM


Example l.jpg

Example

Using EAP-SIM for WLAN Authentication

EAP-SIM


Requirements l.jpg

Requirements(需求清单)

  • Windows XP built-in supplicant

  • EAP-SIM plug-in for the Windows XP built-in 802.1x Supplicant (http://weap.sf.net)

  • PC/SC compatible smart card reader (QWY LowSpeed CCID smart card reader)

  • Wireless Access Point support RADIUS (TP-LINK TL-WR541G)

  • RADIUS server support EAP-SIM (FreeRadius 1.0.4)

EAP-SIM


Network topological diagram l.jpg

Network topological diagram (网络拓扑图)

simtriplets.dat

EAP-SIM


Sim reader installation l.jpg

SIM Reader Installation

  • Download the driver from http://agsm.sf.net

  • Insert the USB smart card reader in a USB port,specify the location of the driver.

  • Insert your sim-card into smart card reader,run agsm2.exe to make sure you can access the sim-card.

EAP-SIM


Configure freeradius l.jpg

Configure freeradius

  • Download freeradius-1.0.4 from http://www.freeradius.org

  • cd freeradius-1.0.4; Configure;make install; cd src\modules\rlm_sim_files; make install.

  • Add the following to radiusd.conf:

    In modules {}, add:

    sim_files {

    simtriplets = " ${raddbdir}/simtriplets.dat "

    }

    in eap{} add sim{}

    In authorized {}, add: sim_files before eap.

  • Add the following to clients.conf

    client 192.168.1.0/24 {secret= eap-sim shortname= eap-sim}

EAP-SIM


Generate simtriplets dat l.jpg

  • Run agsm2.exe.

  • Copy IMSI,RAND,SRES,Kc to simtriplets.dat, at least 5 entries.

  • simtriplets.dat

  • #IMSI RAND SRES Kc

  • 1460001551807128,52632FE305874545AC9936926D796256,8184a227,5F05b4a2CE884400

  • 1460001551807128,ECEB1577E275414e9DD9EF98B277E54A,00fb682e,B6c0de73256c0400

  • …………

Generate simtriplets.dat

Make sure insert 1

EAP-SIM


Configure ap l.jpg

Configure AP

EAP-SIM


Eap sim plug in installation l.jpg

EAP-SIM plug-in installation

  • Download wEAP-SIM from http://weap.sf.net

  • Install.

  • Enable tracing.

    EnableConsoleTracing :

    set HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\ EnableConsoleTracing to nozero

    set HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\ wEAP-SIM\ EnableConsoleTracing to nozero

    EnableFileTracing:

    set HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\ wEAP-SIM\ EnableFileTracing to nozero

EAP-SIM


Authenticate the client l.jpg

Authenticate the client

EAP-SIM


References l.jpg

References

  • http://www.intel.com/technology/itj/2005/volume09issue01/art07_next_generation/p05_simpl_network.htm

  • draft-haverinen-pppext-eap-sim-16.txt

  • [RFC3748] Extensible Authentication Protocol (EAP)

  • S5.Brumley-comp128.pdf

  • [GSM Cloning] http://www.isaac.cs.berkeley.edu/isaac/gsm.html

EAP-SIM


Slide28 l.jpg

问题 & 讨论

EAP-SIM


  • Login