[strongSwan-dev] New plugin for eap-aka-3gpp (Soft-AKA with Rijndael/Milenage)

Dragos Vingarzan dragos at corenetdynamics.com
Mon Apr 14 17:22:19 CEST 2014

Hi guys,

so based on your eap-aka-3gpp2 plugin, I did one that implements the 
3GPP flavor, with Rijndael/Milenage instead of SHA-1. We're doing a bit 
of testing now with our HSS/SPR from OpenEPC, which works fine against 
real-life USIM cards and we'd like to contribute the module. I need a 
bit of help actually, as you know better how to integrate it in your 
build system, so should I just attach the patch? Or?

The work is based on 3GPP TS 35.205->208. The module also generate 
triplets, besides quintuplets. 3GPP specifies a derivation of SRES/Kc 
from AKA material, for example to do legacy authentication when you have 
a newer and safer USIM card only in your client device. The code is 
there, but I can only hope that it would also work as an eap-sim system 
and someone would find it useful.

Of course, this is a software emulation of a card plus a limited 
back-end provider (we're pipe-ing in our case actually the back-end over 
RADIUS to our ePDG and then Diameter AAA/HSS/AuC servers). I am also 
interested in helping with a eap-simaka-pcsc module (or would you call 
that eap-usim-pcsc?), but I am still struggling a bit to send the right 
APDUs to the real USIM cards as to make them to do AKA. If anyone else 
is interested, please let me know.

Oh, and of course, the latest buzz - does anyone know if Android 
provides a SIM-card API? I don't think that PC/SC would work, as the 
(U)SIM is in the modem. There is a 3GPP TS on how to send arbitrary 
commands through AT+C modem commands, but support in real modems is not 


Dr.-Ing. Dragos Vingarzan
Founder and Technical Lead
Core Network Dynamics UG
A German Engineering Software Company registered in Berlin (HRB152643B)

mobile:  +49 176 48 32 16 00
web:     www.corenetdynamics.com
Offices: Prinzessinnenstr. 18/19 - betahaus, 10969 Berlin, Germany
CEO:     Dipl.Ing. Berthold Butscher

More information about the Dev mailing list