EAP-SIM

What is Expansion of EAP-SIM?

EAP-SIM stands for Extensible Authentication Protocol – Subscriber Identity Module.

What is EAP-SIM?

EAP-SIM is an authentication method that uses credentials stored on a GSM SIM card to authenticate users to a network using the EAP framework. It enables integration between GSM networks and IP-based access networks like Wi-Fi.

Why is EAP-SIM useful?

• Enables seamless authentication using existing SIM credentials.

• Eliminates the need for passwords or digital certificates.

• Ideal for public Wi-Fi offloading and carrier-grade wireless access.

• Offers mutual authentication and key generation.

How it works?

• The server sends a set of GSM triplets (RAND, AUTN).

• The SIM card computes response (SRES) and encryption key (Kc).

• Authentication is achieved by comparing server and client responses.

• Session keys (MSK/EMSK) are derived after successful authentication.

Where is EAP-SIM used?

• Public Wi-Fi hotspots with SIM-based login.

• Carrier Wi-Fi offload systems.

• 3GPP I-WLAN environments.

• Enterprise WLANs integrating GSM authentication.

Which OSI layer does this protocol belong to?

• Application Layer (Layer 7) in the OSI model.

• EAP messages are transported over lower-layer protocols like EAPOL or RADIUS.

IS EAP-SIM Windows specific?

• No, EAP-SIM is not Windows-specific.

• Support depends on the supplicant and device hardware (e.g., SIM reader).

IS EAP-SIM Linux Specific?

• No, it is not Linux-specific.

• Commonly supported in Linux via wpa_supplicant and FreeRADIUS.

Which Transport Protocol is used by EAP-SIM?

• Backend protocols: * RADIUS (UDP) * Diameter (TCP/SCTP)

• EAP-SIM itself rides over EAP which can be transported via EAPOL or PPP.

Which Port is used by EAP-SIM?

• RADIUS (UDP): Port 1812 (Authentication)

• Diameter (TCP/SCTP): Port 3868

Is EAP-SIM using Client server model?

• Yes.

• Client: Mobile device with SIM

• Server: Authentication server (e.g., RADIUS) integrated with HLR/HSS

Whether EAP-SIM protocol uses certificates?

• No.

• It relies on GSM authentication using SIM triplets (RAND, SRES, Kc).

How many frame exchanges are seen during connection for EAP-SIM protocol?

• Typically involves 5 to 7 EAP message exchanges, depending on the flow and optional notifications.

Whether EAP-SIM Protocol uses client certificates?

• No, it uses the SIM card for authentication.

Whether EAP-SIM Protocol uses Server Certificates?

• No, server authentication is handled through MAC-based mutual authentication using SIM secrets.

IS EAP-SIM Protocol depends on TCP?

• Not directly.

• If Diameter is used as the backend, TCP or SCTP may be involved.

IS EAP-SIM Protocol depends on UDP?

• Yes, when RADIUS is used for backend communication, it depends on UDP.

What are the roles involved when testing EAP-SIM Protocol?

• Supplicant (e.g., mobile device with SIM)

• Authenticator (e.g., Access Point)

• Authentication Server (e.g., FreeRADIUS)

• SIM backend (e.g., HLR, HSS or GSM authentication simulator)

Does EAP-SIM Protocol work with free radius server on Linux?

• Yes, FreeRADIUS supports EAP-SIM.

• Configuration may require a GSM authentication plugin or proxy to HLR.

Does EAP-SIM Protocol work with Internal radius server of hostapd?

• No, the internal RADIUS server in hostapd does not support EAP-SIM.

What is the RFC version use for EAP-SIM Protocol?

• RFC 4186

During Connection Procedure which EPoL Packets are encrypted?

• EAPOL packets are not encrypted at Layer 2.

• Integrity is maintained through cryptographic MACs using session keys.

Can you Explain different stages of Connection Procedure for EAP-SIM Protocol?

• Stage 1: EAP Identity exchange.

• Stage 2: Server sends RAND challenges and identities.

• Stage 3: SIM computes SRES/Kc and replies with responses and MAC.

• Stage 4: Server validates responses using GSM triplets.

• Stage 5: Both sides derive session keys (MSK, EMSK).

• Stage 6: EAP Success message is sent.

What is the final output of Connection Procedure?

• Generation of MSK (Master Session Key) and EMSK for secure communication.

What is the format of the key generate after the connection procedure?

• MSK: 64 bytes (512 bits)

• EMSK: 64 bytes (512 bits), optional usage.

Where the use of PMK generated by the Connection Procedure?

• PMK is derived from MSK.

• It is used in the 4-way WPA2 handshake to generate PTK for encrypting wireless data.

Topics in this section,

• Learnings in this section

• Terminology

• Version Info

• EAP_SIM Version&IEEE Details

• EAP_SIM Basic Setup on Ubuntu

• EAP_SIM Protocol Packet Details

• EAP_SIM Usecases

• EAP_SIM Basic Features

• Reference links

Learnings in this section

• In this section, you are going to learn

Terminology

• Terminology

Version Info

• Version Info

EAP_SIM Version&RFC Details

• rfc details

EAP_SIM Basic Setup on Ubuntu

• setup

EAP_SIM Protocol Packet Details

• packet details

EAP_SIM Usecases

• usecases

EAP_SIM Basic Features

• features

Reference links

• Reference links