Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)
RFC 4186
Document | Type |
RFC - Informational
(January 2006; Errata)
Was draft-haverinen-pppext-eap-sim (individual in int area)
|
|
---|---|---|---|
Authors | Joseph Salowey , Henry Haverinen | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4186 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Thomas Narten | ||
Send notices to | stephen.hayes@ericsson.com |
Network Working Group H. Haverinen, Ed. Request for Comments: 4186 Nokia Category: Informational J. Salowey, Ed. Cisco Systems January 2006 Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). IESG Note The EAP-SIM protocol was developed by 3GPP. The documentation of EAP-SIM is provided as information to the Internet community. While the EAP WG has verified that EAP-SIM is compatible with EAP, as defined in RFC 3748, no other review has been done, including validation of the security claims. The IETF has also not reviewed the security of the cryptographic algorithms. Abstract This document specifies an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution using the Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM). GSM is a second generation mobile network standard. The EAP-SIM mechanism specifies enhancements to GSM authentication and key agreement whereby multiple authentication triplets can be combined to create authentication responses and session keys of greater strength than the individual GSM triplets. The mechanism also includes network authentication, user anonymity support, result indications, and a fast re-authentication procedure. Haverinen & Salowey Informational [Page 1] RFC 4186 EAP-SIM Authentication January 2006 Table of Contents 1. Introduction ....................................................4 2. Terms ...........................................................5 3. Overview ........................................................8 4. Operation ......................................................10 4.1. Version Negotiation .......................................10 4.2. Identity Management .......................................11 4.2.1. Format, Generation and Usage of Peer Identities ....11 4.2.2. Communicating the Peer Identity to the Server ......17 4.2.3. Choice of Identity for the EAP-Response/Identity ...19 4.2.4. Server Operation in the Beginning of EAP-SIM Exchange ...................................19 4.2.5. Processing of EAP-Request/SIM/Start by the Peer ....20 4.2.6. Attacks Against Identity Privacy ...................21 4.2.7. Processing of AT_IDENTITY by the Server ............22 4.3. Message Sequence Examples (Informative) ...................23 4.3.1. Full Authentication ................................24 4.3.2. Fast Re-authentication .............................25 4.3.3. Fall Back to Full Authentication ...................26 4.3.4. Requesting the Permanent Identity 1 ................27 4.3.5. Requesting the Permanent Identity 2 ................28 4.3.6. Three EAP-SIM/Start Roundtrips .....................28 5. Fast Re-Authentication .........................................30 5.1. General ...................................................30 5.2. Comparison to UMTS AKA ....................................31 5.3. Fast Re-authentication Identity ...........................31 5.4. Fast Re-authentication Procedure ..........................33 5.5. Fast Re-authentication Procedure when Counter Is Too Small .................................................36 6. EAP-SIM Notifications ..........................................37 6.1. General ...................................................37 6.2. Result Indications ........................................39 6.3. Error Cases ...............................................40 6.3.1. Peer Operation .....................................40 6.3.2. Server Operation ...................................41 6.3.3. EAP-Failure ........................................42 6.3.4. EAP-Success ........................................42 7. Key Generation .................................................43 8. Message Format and Protocol Extensibility ......................45 8.1. Message Format ............................................45 8.2. Protocol Extensibility ....................................47 9. Messages .......................................................48Show full document text