EAP-AKA and EAP-SIM authentication using real SIM and USIM card in linux

samiran saha samiran.linux
Tue Mar 4 01:16:24 PST 2014


I am talking about hostapd as EAP Server side. For real SIM and USIM we
have to know its IMSI, Kc(Shared Key) and OPc(Operator variant algorithm
configuration field). If I include these in hostapad database. Then should
it work or not?


On Tue, Mar 4, 2014 at 1:50 PM, Jouni Malinen <j at w1.fi> wrote:

> On Tue, Mar 04, 2014 at 01:22:05PM +0530, samiran saha wrote:
> >         Does hostapd library support EAP-AKA and EAP-SIM authentication
> > using real USIM and SIM card in Linux? I am seeing something like
> > winscard.h file which are not present...
>
> hostapd? As in using the SIM/USIM on the EAP server side? No, that is
> not supported directly and cannot even be supported for EAP-AKA due to
> the authentication design (replay protection on the client side). Or do
> you mean whether hostapd can be used to authenticate a real SIM/USIM
> card on the client side? If so, yes, this could be done with hlr_auc_gw
> if you have access to the private key used on the SIM/USIM and Milenage
> is used to generate authentication values (i.e., this depends on how the
> SIM/USIM was provisioned).
>
> (wpa_supplicant on the other hand does support doing this on the client,
> i.e., EAP peer, side with pcsc-lite which is where that winscard.h
> comes from.)
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20140304/a61904a1/attachment.htm>



More information about the Hostap mailing list