Home

EAPSIM

EAP-SIM, short for Extensible Authentication Protocol Method for GSM Subscriber Identity Module, is an EAP authentication method that uses the credentials stored on a SIM card to authenticate a network peer. It enables an access network such as a WLAN or a mobile network to verify a user device by leveraging the SIM’s IMSI and the shared secret Ki, in coordination with the operator’s authentication infrastructure. The method aims to provide mutual authentication and to establish cryptographic keys for securing subsequent data traffic.

Operation of EAP-SIM involves an exchange between the network’s authenticator and an authentication server. The server

Deployment and usage: EAP-SIM has been used to enable SIM-based authentication in enterprise WLAN deployments and

Security considerations: EAP-SIM inherits GSM-derived security features but also faces limitations and risks related to SIM

See also: EAP-AKA, 802.11i, WPA-Enterprise.

negotiates
an
authentication
vector
with
the
home
network,
which
uses
the
SIM’s
Ki
to
respond
to
challenges.
The
SIM
computes
a
response
to
a
RAND
challenge,
and
the
device
conveys
this
response
as
part
of
the
EAP
payload.
The
server
verifies
the
response;
upon
success,
session
keys
such
as
the
Master
Session
Key
(MSK)
can
be
derived
to
secure
the
data
channel,
for
example
in
WPA2-Enterprise
in
WLAN
environments.
in
some
3GPP
access
scenarios,
allowing
users
to
authenticate
without
entering
a
separate
username
or
password.
It
is
related
to,
and
often
compared
with,
EAP-AKA;
in
many
UMTS/LTE
contexts
EAP-AKA
is
preferred
due
to
its
broader
security
properties
and
compatibility
with
USIM
cards.
secrecy,
potential
SIM
cloning,
and
IMSI
exposure
if
not
properly
protected.
Protecting
EAP
messages
with
an
additional
secure
tunnel
(e.g.,
TLS-based
EAP
methods)
is
commonly
recommended
to
mitigate
interception
risks.