EAP-AKA

Jouni Malinen j
Thu May 31 18:44:07 PDT 2007


On Thu, May 31, 2007 at 02:44:05PM -0700, Jagan Mohan Reddy wrote:

>           Does any one know how to configure SIM details in the database
> to test EAP-AKA authentication? Is there a tool out there to extract 3G SIM
> details?

EAP-AKA uses AKA and USIM, so "SIM details" is bit misleading here.
Furthermore, AKA design include replay protection at the USIM which
means that one cannot just extract authentication data from a USIM and
then replay it for a test (which is something that can be done with GSM
authentication and EAP-SIM). The USIM will just reject such attempts as
replays.

In other to test EAP-AKA, one would need to know enough details of the
USIM used at the client to produce suitable authentication parameters.
I've been using hostapd and the included hlr_auc_gw as the
authentication server for EAP-AKA when testing EAP-AKA with a USIM. Some
of the USIM cards I have implement the example algorithm, Milenage,
defined by 3GPP and hlr_auc_gw has an implementation for it, too. Since
I happen to know the private key for the USIM, I can configure
hlr_auc_gw to generate authentication values that work with the card.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list