Published on February 4, 2008
WLAN AUTHENTICATION USING EAP-SIM: WLAN AUTHENTICATION USING EAP-SIM TCN Research Team By Chetan Thakker Introduction: Introduction Cellular service providers apart from providing the basic digital cellular services want to take advantage of the increasing demand for wireless LAN(WLAN) and provide data services to their customers. For this they need not build a completely new infrastructure, rather they can utilize the existing infrastructure for digital cellular service and provide data services at high Data Rates. Introduction : Introduction EAP-SIM is the latest standard for authenticating a user for WLAN access via the SIM card using the GSM Network. By combining the GSM and EAP authentication techniques, a mobile user can be authenticated to the network via the SIM card GSM: GSM GSM which stands for “Global System for Mobile communication” is an accepted standard for digital cellular services. GSM first started as an accepted standard in Europe, but now its accepted all over the world. Now even in the US most of the cellular service providers provide GSM service. Security features like authentication and encryption have been integrated into GSM with the help of a smart card called the SIM card. SIM stands for Subscriber Identity Module and it basically identifies a subscriber GSM Authentication: GSM Authentication In order to understand the GSM system better lets define some of the terms that are used in authenticating a client. A3: It is the authentication algorithm used in GSM systems. COMP128 is widely used by GSM service providers. A5: This is the encryption algorithm. There are different versions of this algorithm with A5/1 being the strongest for over the air privacy. A5/x, A5/2 are weaker versions of this algorithm. There is also another version that uses no encryption at all; it is the A5/0 algorithm. A8: It is the key generation algorithm. Most of the service providers just like the A3 algorithm use COMP128. GSM Authentication: GSM Authentication AuC: This is the authentication center and it provides the parameters for authentication and encryption MSC: Mobile Switching Center. Provides switching functions to the network. HLR: Home location register. Part of the AuC, it provides the MSC with triplets. VLR: Visitor location register. SIM: Includes subscriber information. The SIM card contains IMSI (International Mobile Subscriber Identity) which is unique for every SIM. It also includes the secret key Ki and the A3 and A8 algorithms GSM Authentication: GSM Authentication The HLR and the user’s SIM share a secret key Ki which form the basis of the GSM security model. The secret key Ki is 128 bits long and is used for two things. Generate the secret response (SRES) to a Random challenge Generate the 64 bit session key Kc, used for over the air encryption. Authentication Process: Authentication Process Authentication Process: Authentication Process Mobile Subscriber in its HLR If the Mobile Subscriber is in the HLR then the Mobile Switching Center requests triplets from the HLR. The HLR then sends the triplets to the Mobile Switching center. These triplets include the Random Challenge (RAND), the Secret Response (SRES) to the Random Challenge and Kc (over the air encryption key) The Mobile Switching Center then sends the Random Challenge to the Mobile subscriber. The Mobile Subscriber calculates the SRES with the A3 algorithm using its secret key Ki which is present in the SIM of the subscriber. It then sends the SRES to the Mobile Switching Center. If the SRES sent by the Mobile Subscriber matches the one sent by the HLR, the Mobile Subscriber authenticates itself to the Mobile Switching Center. Authentication Process: Authentication Process Authentication Process: Authentication Process MS is in the VLR Once the Mobile Subscriber powers on, the MSC at the Base Station detects that the Mobile Subscriber is present in the VLR. This is again done from the IMSI which is present in the SIM. Through the SS7 network which is used as a signaling protocol in most of the intelligent networks, the VLR establishes connection with the HLR of the Mobile Subscriber. This is done using the Mobile Application Part protocol called MAP. The VLR requests triplets from the HLR. The HLR sends the triplets to the VLR. These triplets include the Random Challenge (RAND), SRES, and the session key Kc. The VLR challenges the SIM with the Random Challenge. The SIM calculates the SRES with its Ki, and sends it to the VLR. The VLR then compares the SRES from the HLR with that of the Mobile Subscriber. If they are equal then the Mobile Subscriber is authenticated. Authentication Algorithm: Authentication Algorithm The A3 authentication algorithm takes the RAND which is the random challenge received by the SIM as one of the inputs. The other input is the secret key Ki residing in the SIM. From these two inputs the A3 algorithm generates the secret response (SRES). The Mobile Subscriber generates the session key Kc from the secret key Ki and the Random Challenge (RAND) using the A8 algorithm. Authentication Algorithm: Authentication Algorithm COMP128 is the default algorithm used by GSM network operators for authentication and key exchange. COMP128 generates the SRES using A3 algorithm and Kc using the A8 algorithm in one run. It takes in the Ki and RAND as input and produces the 128 bit output. Out of which the first 32 bits form the SRES and the last 54 bits form the secret key Kc. The last 10 bits of the Kc are zeroed out for padding. This is a common procedure for all A8 implementations. Authentication Algorithm: Authentication Algorithm Over the Air Encryption: Over the Air Encryption The Base Transceiver Station (BTS) receives the Kc from the MSC. The MSC had received the session key Kc from the HLR. This session key is used to encrypt all the communication between the Base Transceiver Station (BTS) and the Mobile Subscriber. A5 algorithm is used to encrypt the frames, the session key Kc (64 bit) and the frame number (22 bit) are the inputs of the A5 algorithm. The output of the A5 algorithm is a 114 bit ciphertext. Even though the Kc remains the same, but since the frame number will change for every frame transmitted, the keystream generated will be different for every frame. The BTS receives the keystream and decrypts it and then sends it as plaintext to the operators back bone network Over the Air Encryption: Over the Air Encryption 802.1X access control : 802.1X access control 802.1X is the IEEE standard for Network access control. 802.1X divides the network into three entities, the supplicant, authenticator and the authentication server. The supplicant is the user who wants to join the network, the authenticator controls the access, and the authentication server takes the decision whether to grant or deny access. 802.1X makes sure that only authenticated users are granted access to the network. 802.1X was basically formed for LAN connections but is now extended to WLAN connections Exhaustible Authentication Protocol: Exhaustible Authentication Protocol The authentication protocol used for access control is EAP known as Exhaustible Authentication Protocol. EAP is a very flexible protocol and can support different types of authentications, and many of them provide mutual authentication. This means that the server and user authenticate themselves with each other. Exhaustible Authentication Protocol: Exhaustible Authentication Protocol EAP-SIM: EAP-SIM Working of EAP-SIM : Working of EAP-SIM A user who wants to use the EAP-SIM to authenticate itself to the network should have a wireless card, a SIM reader and also the EAP-SIM software in the user’s laptop or PDA. The Radius server should be enabled for EAP-SIM authentication and should be equipped with a GSM/MAP/SS7 gateway. The user inserts the SIM in the WLAN card and connects it to a PDA or a Laptop. The SIM is issued by the service provider and could be used for voice as well as data Working of EAP-SIM: Working of EAP-SIM When the user is within the range of an access point, it setups a communication between the user, the access point and the Radius server through the IP network. After that the server based on the SIM card’s IMSI contacts the users HLR thru the SS7 network using the MAP protocol and requests the GSM triplets. The HLR provides the server with the triplets which include the session keys, the secret response and the Random Challenge. The server then challenges the SIM with the secret response. The SIM just like in GSM authentication generates the secret response from the Random Challenge with its secret key. This secret response is sent back to the server which then compares the secret response from the HLR and the SIM and if they are equal the server asks the access point to grant access to the user. Working of EAP-SIM: Working of EAP-SIM The access point connects the user to the WLAN and sends some accounting information to the server indicating that the user’s wireless connection is complete. This accounting information might include the time, date and location where the connection was established. The server based on that information from the access point inserts the data into its SQL database which can be used for billing. Till the user is connected to the WLAN the access point keeps on sending Alive messages indicating that the connection is still alive. Once the user disconnects or if he or she moves out of range then the access point sends an Accounting Stop message to the server. This indicates that the user has disconnected from the network. The server would enter this information in its database which would then be used for billing. Working of EAP-SIM: Working of EAP-SIM Where can a EAP SIM be used?: Where can a EAP SIM be used? Whenever the user comes across any hotspots which are operated by the airports, hotels, cafes, etc, the EAP SIM authentication can be used to gain access to the paid network. The billing is then included in the monthly phone bill. The user will be authenticated only if he or she has a valid provisioned SIM. Say if the user does not have a SIM and he wants to gain access, then also the user can gain access without the SIM, by paying the operator with his credit card. Say if the user enters an area where there is free access, then the access point can send a message to the Radius server saying that the connection is free. Else the user need not insert the SIM and just access via the WLAN card. Say for example in FAU if the user is a student and has free access then he need not insert the SIM, and instead just access the network with his or her FAU access id. Security: Security EAP SIM has been developed with high security need in mind. In this authentication system the secret keys are never transmitted over the internet. This authentication is based on these secret keys. The Radius server also does not have the secret keys in its possession. The secret keys are only embedded in the SIM and with the users HLR. The secret response is generated by an algorithm in the SIM based on its secret key. Only legitimate users can provide the correct response to the random challenge. Also the IMSI of every SIM is unique and no two SIM card’s can have the same IMSI. Security: Security SIM card cloning was a problem in GSM networks. The COMP128 discussed above was fatally flawed, it only required approximately 50000 challenges to the SIM to discover its secret key Ki. Based on the secret response from these challenges it was easy to find out the secret key. And since the whole authentication is based on the secret key, it would make it easier for the attacker to clone the SIM. But once again you need to have physical access to the SIM, the attacker cannot get much information over the air. Knowing the weakness of the COMP128, newer versions are out which make it even more difficult for the attacker to get the secret key. Even the operators after a few random challenges lock the phone so that now no information can be gathered. The only way to clone a SIM is to have physical access of the SIM so that all the information in the SIM can be gathered and a new SIM can be made. But this also can be avoided, since once the operator identifies two SIM cards with the same IMSI and it locks both of them. EAP-SIM Features: EAP-SIM Features The EAP SIM also mentions the use of dynamic Wireless Enhanced Privacy (WEP) Keys for encrypting the data, thus removing the threat posed by fixed WEP keys. The draft also supports the use of pseudonym Temporary Subscriber Mobile Identity which basically hides the SIM cards IMSI therefore protecting it from packet sniffers. EAP SIM also supports reauthentication, which permits the user for fast reauthentication without providing the secret response. Therefore the server does not request triplets from the HLR again. There is a session key between the EAP SIM client and the server, which if not expired the user can reauthenticate. Future Work: Future Work With the success of EAP SIM we can take another step forward. Instead of inserting the Wireless Card in the Laptop to catch signals, we can have a cell phone with Wireless capabilities. This means that a cell phone can catch the wireless signals and authenticate via EAP SIM with the network. The phone communicates with the access point and the Radius server providing it with the secret response. If this secret response matches we have a high speed connection thru our cell phones, then this cell phone can be attached to the laptop with some interface say for example USB cable and our laptop shall be on the network. Thus there will be no need to carry extra Wireless cards as in today’s world mostly everybody carrying a Wireless Card has a cell phone. We will be able to download games and applications at a very high speed and will not need to download these applications from our computers hard disk. Conclusion: Conclusion EAP-SIM makes a secure access possible by combining the 802.1X, EAP and GSM authentication protocol. It is beneficial for both the service providers and also the users, as the users will get high speed connection thru their SIM cards and the service providers can extend their services from voice to data without building a new infrastructure. Questions ???: Questions ??? Thanks..!!!