WLAN AUTHENTICATION USING EAPSIM

1
WLAN AUTHENTICATION USING EAP-SIM

• TCN Research Team
• By
• Chetan Thakker

2
Introduction

• Cellular service providers apart from providing
  the basic digital cellular services want to take
  advantage of the increasing demand for wireless
  LAN(WLAN) and provide data services to their
  customers. For this they need not build a
  completely new infrastructure, rather they can
  utilize the existing infrastructure for digital
  cellular service and provide data services at
  high Data Rates.

3
Introduction

• EAP-SIM is the latest standard for authenticating
  a user for WLAN access via the SIM card using the
  GSM Network.
• By combining the GSM and EAP authentication
  techniques, a mobile user can be authenticated to
  the network via the SIM card

4
GSM

• GSM which stands for Global System for Mobile
  communication is an accepted standard for
  digital cellular services. GSM first started as
  an accepted standard in Europe, but now its
  accepted all over the world. Now even in the US
  most of the cellular service providers provide
  GSM service.
• Security features like authentication and
  encryption have been integrated into GSM with the
  help of a smart card called the SIM card. SIM
  stands for Subscriber Identity Module and it
  basically identifies a subscriber

5
GSM Authentication

• In order to understand the GSM system better lets
  define some of the terms that are used in
  authenticating a client.
• A3 It is the authentication algorithm used in
  GSM systems. COMP128 is widely used by GSM
  service providers.
• A5 This is the encryption algorithm. There are
  different versions of this algorithm with A5/1
  being the strongest for over the air privacy.
  A5/x, A5/2 are weaker versions of this algorithm.
  There is also another version that uses no
  encryption at all it is the A5/0 algorithm.
• A8 It is the key generation algorithm. Most of
  the service providers just like the A3 algorithm
  use COMP128.

6
GSM Authentication

• AuC This is the authentication center and it
  provides the parameters for authentication and
  encryption
• MSC Mobile Switching Center. Provides switching
  functions to the network.
• HLR Home location register. Part of the AuC, it
  provides the MSC with triplets.
• VLR Visitor location register.
• SIM Includes subscriber information. The SIM
  card contains IMSI (International Mobile
  Subscriber Identity) which is unique for every
  SIM. It also includes the secret key Ki and the
  A3 and A8 algorithms

7
GSM Authentication

• The HLR and the users SIM share a secret key Ki
  which form the basis of the GSM security model.
  The secret key Ki is 128 bits long and is used
  for two things.
• Generate the secret response (SRES) to a Random
  challenge
• Generate the 64 bit session key Kc, used for over
  the air encryption.

8
Authentication Process
9
Authentication Process

• Mobile Subscriber in its HLR
• If the Mobile Subscriber is in the HLR then the
  Mobile Switching Center requests triplets from
  the HLR. The HLR then sends the triplets to the
  Mobile Switching center. These triplets include
  the Random Challenge (RAND), the Secret Response
  (SRES) to the Random Challenge and Kc (over the
  air encryption key)
• The Mobile Switching Center then sends the Random
  Challenge to the Mobile subscriber. The Mobile
  Subscriber calculates the SRES with the A3
  algorithm using its secret key Ki which is
  present in the SIM of the subscriber. It then
  sends the SRES to the Mobile Switching Center. If
  the SRES sent by the Mobile Subscriber matches
  the one sent by the HLR, the Mobile Subscriber
  authenticates itself to the Mobile Switching
  Center.

10
Authentication Process
11
Authentication Process

• MS is in the VLR
• Once the Mobile Subscriber powers on, the MSC at
  the Base Station detects that the Mobile
  Subscriber is present in the VLR. This is again
  done from the IMSI which is present in the SIM.
  Through the SS7 network which is used as a
  signaling protocol in most of the intelligent
  networks, the VLR establishes connection with the
  HLR of the Mobile Subscriber. This is done using
  the Mobile Application Part protocol called MAP.
  The VLR requests triplets from the HLR. The HLR
  sends the triplets to the VLR. These triplets
  include the Random Challenge (RAND), SRES, and
  the session key Kc. The VLR challenges the SIM
  with the Random Challenge. The SIM calculates the
  SRES with its Ki, and sends it to the VLR. The
  VLR then compares the SRES from the HLR with that
  of the Mobile Subscriber. If they are equal then
  the Mobile Subscriber is authenticated.

12
Authentication Algorithm
The A3 authentication algorithm takes the RAND
which is the random challenge received by the SIM
as one of the inputs. The other input is the
secret key Ki residing in the SIM. From these
two inputs the A3 algorithm generates the secret
response (SRES).
The Mobile Subscriber generates the session key
Kc from the secret key Ki and the Random
Challenge (RAND) using the A8 algorithm.
13
Authentication Algorithm

• COMP128 is the default algorithm used by GSM
  network operators for authentication and key
  exchange.
• COMP128 generates the SRES using A3 algorithm and
  Kc using the A8 algorithm in one run. It takes in
  the Ki and RAND as input and produces the 128 bit
  output. Out of which the first 32 bits form the
  SRES and the last 54 bits form the secret key Kc.
  The last 10 bits of the Kc are zeroed out for
  padding. This is a common procedure for all A8
  implementations.

14
Authentication Algorithm
15
Over the Air Encryption

• The Base Transceiver Station (BTS) receives the
  Kc from the MSC. The MSC had received the session
  key Kc from the HLR. This session key is used to
  encrypt all the communication between the Base
  Transceiver Station (BTS) and the Mobile
  Subscriber. A5 algorithm is used to encrypt the
  frames, the session key Kc (64 bit) and the frame
  number (22 bit) are the inputs of the A5
  algorithm. The output of the A5 algorithm is a
  114 bit ciphertext. Even though the Kc remains
  the same, but since the frame number will change
  for every frame transmitted, the keystream
  generated will be different for every frame. The
  BTS receives the keystream and decrypts it and
  then sends it as plaintext to the operators back
  bone network

16
Over the Air Encryption
17
802.1X access control

• 802.1X is the IEEE standard for Network access
  control. 802.1X divides the network into three
  entities, the supplicant, authenticator and the
  authentication server. The supplicant is the user
  who wants to join the network, the authenticator
  controls the access, and the authentication
  server takes the decision whether to grant or
  deny access. 802.1X makes sure that only
  authenticated users are granted access to the
  network. 802.1X was basically formed for LAN
  connections but is now extended to WLAN
  connections

18
Exhaustible Authentication Protocol

• The authentication protocol used for access
  control is EAP known as Exhaustible
  Authentication Protocol. EAP is a very flexible
  protocol and can support different types of
  authentications, and many of them provide mutual
  authentication. This means that the server and
  user authenticate themselves with each other.

19
Exhaustible Authentication Protocol
20
EAP-SIM
21
Working of EAP-SIM

• A user who wants to use the EAP-SIM to
  authenticate itself to the network should have a
  wireless card, a SIM reader and also the EAP-SIM
  software in the users laptop or PDA. The Radius
  server should be enabled for EAP-SIM
  authentication and should be equipped with a
  GSM/MAP/SS7 gateway.
• The user inserts the SIM in the WLAN card and
  connects it to a PDA or a Laptop. The SIM is
  issued by the service provider and could be used
  for voice as well as data

22
Working of EAP-SIM

• When the user is within the range of an access
  point, it setups a communication between the
  user, the access point and the Radius server
  through the IP network.
• After that the server based on the SIM cards
  IMSI contacts the users HLR thru the SS7 network
  using the MAP protocol and requests the GSM
  triplets.
• The HLR provides the server with the triplets
  which include the session keys, the secret
  response and the Random Challenge.
• The server then challenges the SIM with the
  secret response. The SIM just like in GSM
  authentication generates the secret response from
  the Random Challenge with its secret key.
• This secret response is sent back to the server
  which then compares the secret response from the
  HLR and the SIM and if they are equal the server
  asks the access point to grant access to the
  user.

23
Working of EAP-SIM

• The access point connects the user to the WLAN
  and sends some accounting information to the
  server indicating that the users wireless
  connection is complete.
• This accounting information might include the
  time, date and location where the connection was
  established. The server based on that information
  from the access point inserts the data into its
  SQL database which can be used for billing.
• Till the user is connected to the WLAN the access
  point keeps on sending Alive messages indicating
  that the connection is still alive.
• Once the user disconnects or if he or she moves
  out of range then the access point sends an
  Accounting Stop message to the server. This
  indicates that the user has disconnected from the
  network. The server would enter this information
  in its database which would then be used for
  billing.

24
Working of EAP-SIM
25
Where can a EAP SIM be used?

• Whenever the user comes across any hotspots which
  are operated by the airports, hotels, cafes, etc,
  the EAP SIM authentication can be used to gain
  access to the paid network. The billing is then
  included in the monthly phone bill.
• The user will be authenticated only if he or she
  has a valid provisioned SIM.
• Say if the user does not have a SIM and he wants
  to gain access, then also the user can gain
  access without the SIM, by paying the operator
  with his credit card.
• Say if the user enters an area where there is
  free access, then the access point can send a
  message to the Radius server saying that the
  connection is free. Else the user need not insert
  the SIM and just access via the WLAN card. Say
  for example in FAU if the user is a student and
  has free access then he need not insert the SIM,
  and instead just access the network with his or
  her FAU access id.

26
Security

• EAP SIM has been developed with high security
  need in mind. In this authentication system the
  secret keys are never transmitted over the
  internet. This authentication is based on these
  secret keys. The Radius server also does not have
  the secret keys in its possession. The secret
  keys are only embedded in the SIM and with the
  users HLR. The secret response is generated by an
  algorithm in the SIM based on its secret key.
  Only legitimate users can provide the correct
  response to the random challenge. Also the IMSI
  of every SIM is unique and no two SIM cards can
  have the same IMSI.

27
Security

• SIM card cloning was a problem in GSM networks.
• The COMP128 discussed above was fatally flawed,
  it only required approximately 50000 challenges
  to the SIM to discover its secret key Ki. Based
  on the secret response from these challenges it
  was easy to find out the secret key. And since
  the whole authentication is based on the secret
  key, it would make it easier for the attacker to
  clone the SIM.
• But once again you need to have physical access
  to the SIM, the attacker cannot get much
  information over the air. Knowing the weakness of
  the COMP128, newer versions are out which make it
  even more difficult for the attacker to get the
  secret key.
• Even the operators after a few random challenges
  lock the phone so that now no information can be
  gathered.
• The only way to clone a SIM is to have physical
  access of the SIM so that all the information in
  the SIM can be gathered and a new SIM can be
  made. But this also can be avoided, since once
  the operator identifies two SIM cards with the
  same IMSI and it locks both of them.

28
EAP-SIM Features

• The EAP SIM also mentions the use of dynamic
  Wireless Enhanced Privacy (WEP) Keys for
  encrypting the data, thus removing the threat
  posed by fixed WEP keys.
• The draft also supports the use of pseudonym
  Temporary Subscriber Mobile Identity which
  basically hides the SIM cards IMSI therefore
  protecting it from packet sniffers.
• EAP SIM also supports reauthentication, which
  permits the user for fast reauthentication
  without providing the secret response. Therefore
  the server does not request triplets from the HLR
  again. There is a session key between the EAP SIM
  client and the server, which if not expired the
  user can reauthenticate.

29
Future Work

• With the success of EAP SIM we can take another
  step forward. Instead of inserting the Wireless
  Card in the Laptop to catch signals, we can have
  a cell phone with Wireless capabilities. This
  means that a cell phone can catch the wireless
  signals and authenticate via EAP SIM with the
  network.
• The phone communicates with the access point and
  the Radius server providing it with the secret
  response. If this secret response matches we have
  a high speed connection thru our cell phones,
  then this cell phone can be attached to the
  laptop with some interface say for example USB
  cable and our laptop shall be on the network.
  Thus there will be no need to carry extra
  Wireless cards as in todays world mostly
  everybody carrying a Wireless Card has a cell
  phone.
• We will be able to download games and
  applications at a very high speed and will not
  need to download these applications from our
  computers hard disk.

30
Conclusion

• EAP-SIM makes a secure access possible by
  combining the 802.1X, EAP and GSM authentication
  protocol. It is beneficial for both the service
  providers and also the users, as the users will
  get high speed connection thru their SIM cards
  and the service providers can extend their
  services from voice to data without building a
  new infrastructure.

31
Questions ???

• Thanks..!!!