EAP-SIM is an Extensible Authentication Protocol (EAP) [RFC3748] mechanism for authentication and session key distribution using the Global System for Mobile communications (GSM) Subscriber Identity Module (SIM). [Hence the name !] .
As you all know EAP is an authentication framework which supports multiple authentication methods.
EAP typically runs directly over data link layers such as Point-to-Point Protocol (PPP) or IEEE 802 .
GSM cellular networks use a subscriber identity module (SIM) card to carry out user authentication..
EAP-SIM uses a SIM authentication algorithm between the client and an Authentication, Authorization and Accounting (AAA) server providing mutual authentication between the client and the network.
In EAP-SIM the communication between the SIM card and the Authentication Centre (AuC) replaces the need for a pre-established password between the client and the AAA server.
Note - GSM is a second generation mobile network standard.
Second generation mobile networks and third generation mobile networks use different authentication and key agreement mechanisms.
EAP-AKA specifies an EAP method that is based on the Authentication and Key Agreement (AKA) mechanism used in 3rd generation mobile networks Universal Mobile Telecommunications System (UMTS) and CDMA2000.
This is explained in the diagram below
Call flows are exactly same as EAP-SIM with the type AKA. The USIM security algorithms are used in this case.
Great Doc Sharath :) , I have couple of queries on this
1) Would it be Possible to have a Location based attribute to assign the VLAN/IP_Addr dynamically to the EAP-SIM User similar to the Dynamic VLAN Assignment from the Radius server in an Enterprise Environment ?
2) In a Mobile roaming scenario, does the Point of attachment of the USIM Client change or is it taken care by PMIPV6 ?
This is great. But can you tell me can the IR829 connect in WGB using EAP-SIM to a root AP/WLC?
or how do we get the LTE modem/router in the 829 to be supplicant to the AP for EAP-SIM?
thank you!