EAP-AKA and EAP-SIM authentication using real SIM and USIM card in linux

Jouni Malinen j
Tue Mar 4 00:20:08 PST 2014


On Tue, Mar 04, 2014 at 01:22:05PM +0530, samiran saha wrote:
>         Does hostapd library support EAP-AKA and EAP-SIM authentication
> using real USIM and SIM card in Linux? I am seeing something like
> winscard.h file which are not present...

hostapd? As in using the SIM/USIM on the EAP server side? No, that is
not supported directly and cannot even be supported for EAP-AKA due to
the authentication design (replay protection on the client side). Or do
you mean whether hostapd can be used to authenticate a real SIM/USIM
card on the client side? If so, yes, this could be done with hlr_auc_gw
if you have access to the private key used on the SIM/USIM and Milenage
is used to generate authentication values (i.e., this depends on how the
SIM/USIM was provisioned).

(wpa_supplicant on the other hand does support doing this on the client,
i.e., EAP peer, side with pcsc-lite which is where that winscard.h
comes from.)

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list