[strongSwan-dev] New plugin for eap-aka-3gpp (Soft-AKA with Rijndael/Milenage)

Meul, Dirk Dirk.Meul at p3-group.com
Mon Jun 6 09:10:25 CEST 2016


Hello.

Thank you very much for sharing your work!

As I am looking for integration of real USIM for EAP-AKA on client side, I would like to ask if you had any success in sending the right APDUs?

Best regards,
Dirk

--

Dirk Meul
P3 communications

Cell:          +49 151 571 33 167
Phone:    +49 241 9437 230
E-Mail:    Dirk.Meul at p3-group.com
Web:       www.p3-group.com
P3 communications GmbH
legal disclaimer, mandatory information and the P3 office addresses can be found at
http://www.p3-group.com/portfolio-item/legal-disclaimer-p3-communications-gmbh


-----Ursprüngliche Nachricht-----
Von: dragos at corenetdynamics.com (Dragos Vingarzan) [mailto:dragos at corenetdynamics.com (Dragos Vingarzan)]
Gesendet: Montag, 30. Juni 2014 12:38
Betreff: [strongSwan-dev] New plugin for eap-aka-3gpp (Soft-AKA with Rijndael/Milenage)

Hi Again,

so unfortunately I had no response to my request for help to integrate this. Attached the new plugin then, do what you want with it. Of course, I hope you would integrate it, so that we could stop distributing our own tree of strongswan.

Works with standard HSS/SPR/HLR backend implementing the UMTS/LTE version of AKA, so basically implementing the algorithm in the most SIM cards out there today. "Server" side not extensively tested.

Cheers,
-Dragos

On 14.04.2014 17:22, Dragos Vingarzan wrote:
> Hi guys,
>
> so based on your eap-aka-3gpp2 plugin, I did one that implements the
> 3GPP flavor, with Rijndael/Milenage instead of SHA-1. We're doing a
> bit of testing now with our HSS/SPR from OpenEPC, which works fine
> against real-life USIM cards and we'd like to contribute the module. I
> need a bit of help actually, as you know better how to integrate it in
> your build system, so should I just attach the patch? Or?
>
> The work is based on 3GPP TS 35.205->208. The module also generate
> triplets, besides quintuplets. 3GPP specifies a derivation of SRES/Kc
> from AKA material, for example to do legacy authentication when you
> have a newer and safer USIM card only in your client device. The code
> is there, but I can only hope that it would also work as an eap-sim
> system and someone would find it useful.
>
> Of course, this is a software emulation of a card plus a limited
> back-end provider (we're pipe-ing in our case actually the back-end
> over RADIUS to our ePDG and then Diameter AAA/HSS/AuC servers). I am
> also interested in helping with a eap-simaka-pcsc module (or would you
> call that eap-usim-pcsc?), but I am still struggling a bit to send the
> right APDUs to the real USIM cards as to make them to do AKA. If
> anyone else is interested, please let me know.
>
> Oh, and of course, the latest buzz - does anyone know if Android
> provides a SIM-card API? I don't think that PC/SC would work, as the
> (U)SIM is in the modem. There is a 3GPP TS on how to send arbitrary
> commands through AT+C modem commands, but support in real modems is
> not there...
>
> Cheers,
> -Dragos
>
>
> --
> -----------------------------------------
> Dr.-Ing. Dragos Vingarzan
> Founder and Technical Lead
> Core Network Dynamics UG
> A German Engineering Software Company registered in Berlin
> (HRB152643B)
>
> mobile:  +49 176 48 32 16 00
> web:     www.corenetdynamics.com
> Offices: Prinzessinnenstr. 18/19 - betahaus, 10969 Berlin, Germany
> CEO:     Dipl.Ing. Berthold Butscher
> ----------------------------------------------------------------------
> -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eap_aka_3gpp_plugin.tgz
Type: application/x-compressed-tar
Size: 24900 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140630/7a3a92f1/attachment-0001.bin>





More information about the Dev mailing list