EAPSIM.pptVIP

EAP-SIM EAP-SIM Using EAP-SIM for WLAN Authentication yliqiang@ 2005-9-13 Definition(定义) EAP-SIM is an Extensible Authentication Protocol (EAP) [RFC3748] mechanism for authentication and session key distribution using the Global System for Mobile communications (GSM) Subscriber Identity Module (SIM). 用GSM-SIM卡作为EAP的认证和密匙分发机制 EAP Introduction (简介) EAP is an authentication framework which supports multiple authentication methods. 支持多种认证机制的认证框架。 EAP typically runs directly over data link layers such as Point-to-Point Protocol (PPP) or IEEE 802 EAP 通常直接运行在数据链路层如 PPP或IEEE 802 EAP Introduction (简介) EAP permits the use of a backend authentication server,with the authenticator acting as a pass-through for some or all methods and peers. EAP 允许使用后台认证服务器，把认证端作为一些或全部认证机制的转发者。 Conceptually, EAP implementations consist of the following components: 从概念上讲，EAP的实现有下面这些组件构成。 GSM authentication(认证) RAND is a 128-bit random challenge issued from the base station to the mobile. RAND 是基站发给移动台(手机)的128比特长随机数。 SRES is a 32-bit response generated by A3 issued from the mobile to the base station SRES 是移动台(手机)发给基站的32比特长响应,由A3生成。 GSM authentication(认证) Kc is a 64-bit Cipher Key, used for A5. Kc是64比特长密匙，由A8生成用于数据加密(A5)。 Ki is the SIM’s 128-bit individual subscriber key. Ki是128比特长SIM卡的密匙(拥有标识)。 A3/A8 are specified by each operator rather than being fully standardized,but usually implemented together as COMP128. A3/A8定义了算法的输入输出，具体实现由厂商决定，实际上厂商都采用了COMP128，它同时实现了A3,A8。 EAP-SIM Introduction(简介) builds on underlying GSM mechanisms 构建在GSM认证机制之上。 EAP-SIM Introduction(简介) Provides mutual authentication 支持相互认证。 several RAND challenges are used for generating several 64-bit Kc keys, which are combined to constitute stronger keying material. 多次挑战生成多个Kc,组合起来生成更强的相关密匙。 EAP-SIM Introduction(简介) EAP-SIM specifies optional support for protecting the privacy of subscriber identity using the same concept as GSM, which is using pseudonyms/t