Previous page Section 3.1. Compiling eapol_test Section 3.2. Testing EAP-SIM, EAP-AKA and EAP-AKA' with a known Milenage SIM/3G/LTE SIM card (13 / 191)   Table of Contents Section 3.3. Testing EAP-SIM with an unknown SIM card and canned triplets Next page

3.2. Testing EAP-SIM, EAP-AKA and EAP-AKA' with a known Milenage SIM/3G/LTE SIM card Previous topic Parent topic Child topic Next topic

About this task

This scenario shows how to test EAP-SIM, EAP-AKA and EAP-AKA' functionality when the SIM card has the Milenage key algorithm and its secret keys are known.

Before you begin

You need a SIM card for which you know the embedded Milenage keys. You also need eapol_test or Wi-Fi client device with that supports one of the SIM based EAP methods.

Procedure

To execute the test:
  1. Copy the sample card data file /opt/radiator/radiator-sim/goodies/simcards.dat in a directory writable by Radiator process. Radiator will update the file in the directory: 
    sudo mkdir /etc/radiator/simcards
sudo cp /opt/radiator/radiator-sim/goodies/simcards.dat /etc/radiator/simcards/
sudo chown radiator:radiator /etc/radiator/simcards/
  2. Copy Radiator SWx/Cx/Wx (HSS) Diameter server configuration file /opt/radiator/radiator-sim/goodies/wxmap.cfg to /etc/radiator/radiator-wxmap.conf
  3. Verify that the card data file path in /etc/radiator/radiator-wxmap.conf is set up correctly. 
    3GPPCardDatabaseFilename %D/simcards/simcards.dat
  4. Run the Radiator SWx/Cx/Wx server and verify from log file in /var/log/radiator/ that the server has started correctly. 
    sudo systemctl start radiator@wxmap
  5. Copy Radiator EAP-SIM server configuration file /opt/radiator/radiator-sim/goodies/eap_sim_wx.cfg to /etc/radiator/radiator-eapsim.conf
  6. Run the Radiator EAP-SIM server and verify from log file in /var/log/radiator/ that the server has started correctly. 
    sudo systemctl start radiator@eapsim
  7. To verify configuration, run eapol_test with a configuration that simulates the card. The values in sim-simulator.conf match values in simcards.dat.
    eapol_test -p 1645 -s mysecret -c
    /opt/radiator/radiator-sim/goodies/sim-simulator.conf
  8. To test with Wi-Fi device, first add Milenage key data of one or more cards to the card data file. Use the following format. See the file for examples:
    IMSI (International mobile subscriber identity):Ki (Authentication key):OPc (Operator Code):AMF (Authentication Management Field):SQN (Sequence Number)
  9. Then insert the test SIM card to the EAP-SIM Wi-Fi device and configure your Wi-Fi access point or controller to use Radiator as the authentication server. See, and possibly set, <Client DEFAULT> in radiator-eapsim.conf for the shared secret value. The secret defaults to mysecret. Configure the Wi-Fi client device to use EAP-SIM and follow the authentication in the Radiator log file.
  10. For TMSI (Temporary Mobile Subscriber Identity) or Fast Re-Authentication support, enable UseTMSI and UseReauthentication flags in the Radiator EAP server configuration file.
  11. To test EAP-AKA, use /opt/radiator/radiator-sim/goodies/eap_aka_wx.cfg and /opt/radiator/radiator-sim/goodies/aka-simulator.conf for Radiator and eapol_test, respectively. EAP-AKA' files are named eap_aka_prime_wx.cfg and aka-prime-simulator.conf
Previous page Section 3.1. Compiling eapol_test Section 3.2. Testing EAP-SIM, EAP-AKA and EAP-AKA' with a known Milenage SIM/3G/LTE SIM card (13 / 191)   Table of Contents Section 3.3. Testing EAP-SIM with an unknown SIM card and canned triplets Next page