Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)
RFC 4186
Document Type RFC - Informational (January 2006; Errata)
Was draft-haverinen-pppext-eap-sim (individual in int area)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf htmlized with errata bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4186 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Thomas Narten
Send notices to stephen.hayes@ericsson.com
Email authors IPR 4 References Referenced by Nits 
Network Working Group                                  H. Haverinen, Ed.
Request for Comments: 4186                                         Nokia
Category: Informational                                  J. Salowey, Ed.
                                                           Cisco Systems
                                                            January 2006

             Extensible Authentication Protocol Method for
             Global System for Mobile Communications (GSM)
                 Subscriber Identity Modules (EAP-SIM)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

IESG Note

   The EAP-SIM protocol was developed by 3GPP.  The documentation of
   EAP-SIM is provided as information to the Internet community.  While
   the EAP WG has verified that EAP-SIM is compatible with EAP, as
   defined in RFC 3748, no other review has been done, including
   validation of the security claims.  The IETF has also not reviewed
   the security of the cryptographic algorithms.

Abstract

   This document specifies an Extensible Authentication Protocol (EAP)
   mechanism for authentication and session key distribution using the
   Global System for Mobile Communications (GSM) Subscriber Identity
   Module (SIM).  GSM is a second generation mobile network standard.
   The EAP-SIM mechanism specifies enhancements to GSM authentication
   and key agreement whereby multiple authentication triplets can be
   combined to create authentication responses and session keys of
   greater strength than the individual GSM triplets.  The mechanism
   also includes network authentication, user anonymity support, result
   indications, and a fast re-authentication procedure.

Haverinen & Salowey          Informational                      [Page 1]
RFC 4186                 EAP-SIM Authentication             January 2006

Table of Contents

   1. Introduction ....................................................4
   2. Terms ...........................................................5
   3. Overview ........................................................8
   4. Operation ......................................................10
      4.1. Version Negotiation .......................................10
      4.2. Identity Management .......................................11
           4.2.1. Format, Generation and Usage of Peer Identities ....11
           4.2.2. Communicating the Peer Identity to the Server ......17
           4.2.3. Choice of Identity for the EAP-Response/Identity ...19
           4.2.4. Server Operation in the Beginning of
                  EAP-SIM Exchange ...................................19
           4.2.5. Processing of EAP-Request/SIM/Start by the Peer ....20
           4.2.6. Attacks Against Identity Privacy ...................21
           4.2.7. Processing of AT_IDENTITY by the Server ............22
      4.3. Message Sequence Examples (Informative) ...................23
           4.3.1. Full Authentication ................................24
           4.3.2. Fast Re-authentication .............................25
           4.3.3. Fall Back to Full Authentication ...................26
           4.3.4. Requesting the Permanent Identity 1 ................27
           4.3.5. Requesting the Permanent Identity 2 ................28
           4.3.6. Three EAP-SIM/Start Roundtrips .....................28
   5. Fast Re-Authentication .........................................30
      5.1. General ...................................................30
      5.2. Comparison to UMTS AKA ....................................31
      5.3. Fast Re-authentication Identity ...........................31
      5.4. Fast Re-authentication Procedure ..........................33
      5.5. Fast Re-authentication Procedure when Counter Is
           Too Small .................................................36
   6. EAP-SIM Notifications ..........................................37
      6.1. General ...................................................37
      6.2. Result Indications ........................................39
      6.3. Error Cases ...............................................40
           6.3.1. Peer Operation .....................................40
           6.3.2. Server Operation ...................................41
           6.3.3. EAP-Failure ........................................42
           6.3.4. EAP-Success ........................................42
   7. Key Generation .................................................43
   8. Message Format and Protocol Extensibility ......................45
      8.1. Message Format ............................................45
      8.2. Protocol Extensibility ....................................47
   9. Messages .......................................................48
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools