Questions on using EAP-AKA
Tue Dec 24 12:01:26 PST 2013
On 12/24/2013 08:43 AM, Jouni Malinen wrote:
> On Tue, Dec 24, 2013 at 05:40:09AM -0800, Ben Greear wrote:
>> As per our understanding, the station required 'k' : 'OPc' : 'SQN' in its configuration. Right ?
>> Question is why do we need to configure SQN at UE side ? Shouldn't UE extract it from Received challenge (AUTN) ?
> SQN is used for replay protection, i.e., it needs to be configured so
> that the value received from the server can be verified.
It seems that the SQN is expected to start at some known value, and increment
for each connection attempt (from brief reading of RFC 4187).
There is a protocol (AUTS) to re-sync if UE is out of sync.
Do you know if this is properly handled in wpa_supplicant?
If so, does it really matter much what the SQN is initially configured to be?
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Hostap