[strongSwan-dev] New plugin for eap-aka-3gpp (Soft-AKA with Rijndael/Milenage)

Dragos Vingarzan dragos at corenetdynamics.com
Mon Jun 30 12:37:41 CEST 2014 

Hi Again,

so unfortunately I had no response to my request for help to integrate 
this. Attached the new plugin then, do what you want with it. Of course, 
I hope you would integrate it, so that we could stop distributing our 
own tree of strongswan.

Works with standard HSS/SPR/HLR backend implementing the UMTS/LTE 
version of AKA, so basically implementing the algorithm in the most SIM 
cards out there today. "Server" side not extensively tested.

Cheers,
-Dragos

On 14.04.2014 17:22, Dragos Vingarzan wrote:
> Hi guys,
>
> so based on your eap-aka-3gpp2 plugin, I did one that implements the 
> 3GPP flavor, with Rijndael/Milenage instead of SHA-1. We're doing a 
> bit of testing now with our HSS/SPR from OpenEPC, which works fine 
> against real-life USIM cards and we'd like to contribute the module. I 
> need a bit of help actually, as you know better how to integrate it in 
> your build system, so should I just attach the patch? Or?
>
> The work is based on 3GPP TS 35.205->208. The module also generate 
> triplets, besides quintuplets. 3GPP specifies a derivation of SRES/Kc 
> from AKA material, for example to do legacy authentication when you 
> have a newer and safer USIM card only in your client device. The code 
> is there, but I can only hope that it would also work as an eap-sim 
> system and someone would find it useful.
>
> Of course, this is a software emulation of a card plus a limited 
> back-end provider (we're pipe-ing in our case actually the back-end 
> over RADIUS to our ePDG and then Diameter AAA/HSS/AuC servers). I am 
> also interested in helping with a eap-simaka-pcsc module (or would you 
> call that eap-usim-pcsc?), but I am still struggling a bit to send the 
> right APDUs to the real USIM cards as to make them to do AKA. If 
> anyone else is interested, please let me know.
>
> Oh, and of course, the latest buzz - does anyone know if Android 
> provides a SIM-card API? I don't think that PC/SC would work, as the 
> (U)SIM is in the modem. There is a 3GPP TS on how to send arbitrary 
> commands through AT+C modem commands, but support in real modems is 
> not there...
>
> Cheers,
> -Dragos
>
>
> -- 
> -----------------------------------------
> Dr.-Ing. Dragos Vingarzan
> Founder and Technical Lead
> Core Network Dynamics UG
> A German Engineering Software Company registered in Berlin (HRB152643B)
>
> mobile:  +49 176 48 32 16 00
> web:     www.corenetdynamics.com
> Offices: Prinzessinnenstr. 18/19 - betahaus, 10969 Berlin, Germany
> CEO:     Dipl.Ing. Berthold Butscher
> ---------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eap_aka_3gpp_plugin.tgz
Type: application/x-compressed-tar
Size: 24900 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140630/7a3a92f1/attachment-0001.bin>

More information about the Dev mailing list