Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)
RFC 4186

Document Type RFC - Informational (January 2006; Errata)
Was draft-haverinen-pppext-eap-sim (individual in int area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4186 (Informational)
Telechat date
Responsible AD Thomas Narten
Send notices to jsalowey@cisco.com, henry.haverinen@nokia.com, stephen.hayes@ericsson.com
Network Working Group                                  H. Haverinen, Ed.
Request for Comments: 4186                                         Nokia
Category: Informational                                  J. Salowey, Ed.
                                                           Cisco Systems
                                                            January 2006

             Extensible Authentication Protocol Method for
             Global System for Mobile Communications (GSM)
                 Subscriber Identity Modules (EAP-SIM)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

IESG Note

   The EAP-SIM protocol was developed by 3GPP.  The documentation of
   EAP-SIM is provided as information to the Internet community.  While
   the EAP WG has verified that EAP-SIM is compatible with EAP, as
   defined in RFC 3748, no other review has been done, including
   validation of the security claims.  The IETF has also not reviewed
   the security of the cryptographic algorithms.

Abstract

   This document specifies an Extensible Authentication Protocol (EAP)
   mechanism for authentication and session key distribution using the
   Global System for Mobile Communications (GSM) Subscriber Identity
   Module (SIM).  GSM is a second generation mobile network standard.
   The EAP-SIM mechanism specifies enhancements to GSM authentication
   and key agreement whereby multiple authentication triplets can be
   combined to create authentication responses and session keys of
   greater strength than the individual GSM triplets.  The mechanism
   also includes network authentication, user anonymity support, result
   indications, and a fast re-authentication procedure.

Haverinen & Salowey          Informational                      [Page 1]
RFC 4186                 EAP-SIM Authentication             January 2006

Table of Contents

   1. Introduction ....................................................4
   2. Terms ...........................................................5
   3. Overview ........................................................8
   4. Operation ......................................................10
      4.1. Version Negotiation .......................................10
      4.2. Identity Management .......................................11
           4.2.1. Format, Generation and Usage of Peer Identities ....11
           4.2.2. Communicating the Peer Identity to the Server ......17
           4.2.3. Choice of Identity for the EAP-Response/Identity ...19
           4.2.4. Server Operation in the Beginning of
                  EAP-SIM Exchange ...................................19
           4.2.5. Processing of EAP-Request/SIM/Start by the Peer ....20
           4.2.6. Attacks Against Identity Privacy ...................21
           4.2.7. Processing of AT_IDENTITY by the Server ............22
      4.3. Message Sequence Examples (Informative) ...................23
           4.3.1. Full Authentication ................................24
           4.3.2. Fast Re-authentication .............................25
           4.3.3. Fall Back to Full Authentication ...................26
           4.3.4. Requesting the Permanent Identity 1 ................27
           4.3.5. Requesting the Permanent Identity 2 ................28
           4.3.6. Three EAP-SIM/Start Roundtrips .....................28
   5. Fast Re-Authentication .........................................30
      5.1. General ...................................................30
      5.2. Comparison to UMTS AKA ....................................31
      5.3. Fast Re-authentication Identity ...........................31
      5.4. Fast Re-authentication Procedure ..........................33
      5.5. Fast Re-authentication Procedure when Counter Is
           Too Small .................................................36
   6. EAP-SIM Notifications ..........................................37
      6.1. General ...................................................37
      6.2. Result Indications ........................................39
      6.3. Error Cases ...............................................40
           6.3.1. Peer Operation .....................................40
           6.3.2. Server Operation ...................................41
           6.3.3. EAP-Failure ........................................42
           6.3.4. EAP-Success ........................................42
   7. Key Generation .................................................43
   8. Message Format and Protocol Extensibility ......................45
      8.1. Message Format ............................................45
Show full document text