Versions Compared

Old Version 5

changes.mady.by.user Chandrakanth Pokuru

Saved on

compared with

New Version 6

changes.mady.by.user Chandrakanth Pokuru

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • SIM Based Auth(users moving between cellular and Wi-Fi networks)

    1. Steps to Map SIM-Based Authentication with Wi-Fi Passpoint
      :
      • SIM-based Authentication Overview (EAP-SIM)
        • EAP-SIM is a type of EAP (Extensible Authentication Protocol) used for authenticating devices based on their SIM cards. It enables automatic connection to Wi-Fi networks using information from the SIM card (such as IMSI and authentication keys) instead of traditional username/password methods.
        • Mobile Network Operators (MNOs) or Wi-Fi providers that have partnerships with MNOs can use EAP-SIM to let subscribers connect to Wi-Fi networks seamlessly.
    2. Steps to Implement SIM-Based Authentication with Wi-Fi Passpoint
      :

      1. Configure Wi-Fi Network to Support EAP-SIM:

        • The Wi-Fi network, specifically the RADIUS server (Authentication server), must be configured to support EAP-SIM for authentication.
        • The network provider’s infrastructure should support 3GPP AAA servers or similar infrastructure that allows the Wi-Fi network to communicate with the Home Location Register (HLR) or Home Subscriber Server (HSS) to authenticate the SIM credentials.

        Steps:

        • The Wi-Fi access point (AP) is configured to use WPA2-Enterprise (or WPA3-Enterprise for enhanced security).
        • In the AP's configuration, select EAP-SIM as one of the supported authentication methods.
        • The AP communicates with a RADIUS server, which verifies the subscriber's identity through the Mobile Core Network using the SIM card information.

      2. Wi-Fi Passpoint Network Configuration:

        • Passpoint profiles are used to configure client devices to automatically connect to Passpoint-enabled networks.
        • The Passpoint profile for a network that supports SIM-based authentication will specify EAP-SIM as the authentication method.
        • The network's Online Sign-Up (OSU) Server can also deliver the profile to compatible devices, so they can connect automatically.

        Steps:

        • In the Access Network Query Protocol (ANQP) settings, configure EAP-SIM as a supported authentication method.
        • The ANQP responses from the AP will indicate to the device that the network supports EAP-SIM, allowing devices with SIM cards to select this network for automatic connection.

      3. Device-Side Configuration:

        • On the client side (e.g., smartphones or tablets), Passpoint profiles are created by the mobile operator or network provider.
        • Devices with Passpoint support will automatically select networks that match their Passpoint profile and initiate EAP-SIM authentication.

        Steps:

        • The device detects the Passpoint-enabled network and checks the profile for available authentication methods (such as EAP-SIM).
        • The device automatically chooses EAP-SIM and sends the SIM card information (IMSI) to the network.
        • The RADIUS server communicates with the mobile operator’s backend to verify the SIM card’s information.

      4. Authentication Process (EAP-SIM):

        • When a device with a SIM card attempts to connect to a Passpoint-enabled network that supports EAP-SIM, the following occurs:

        Steps:

        • The device sends a request to authenticate using EAP-SIM.
        • The access point forwards this request to the RADIUS server.
        • The RADIUS server then communicates with the Mobile Core Network, querying the HLR or HSS to authenticate the device using the IMSI and other SIM data.
        • The mobile network sends a challenge-response mechanism back to the device, which uses the SIM card to respond and complete authentication.
        • Once authentication is successful, the device is granted access to the network.

      5. SIM-Based Roaming:

        • When the network is set up for roaming, SIM-based authentication works across different networks with roaming agreements.
        • A device using SIM-based authentication can automatically connect to Wi-Fi networks provided by a partner operator in a different country or region.

      6. Advantages of SIM-Based Authentication in Passpoint:

        • Seamless Authentication: Users do not need to manually select a Wi-Fi network or enter credentials. The SIM card handles all authentication automatically.
        • Roaming Support: EAP-SIM enables users to roam between Wi-Fi networks that have roaming agreements with the user’s mobile operator, providing a seamless transition between Wi-Fi and cellular networks.
        • Security: The authentication process is secure, leveraging SIM credentials that are difficult to compromise. EAP-SIM operates over WPA2/WPA3-Enterprise networks, ensuring encryption during data transmission.

Example Workflow of SIM-Based Authentication with Passpoint:

        1. User Device with SIM detects a Passpoint-enabled Wi-Fi network.
        2. The device checks its Passpoint profile and determines that EAP-SIM is supported by the network.
        3. The device sends an authentication request using EAP-SIM, including the IMSI (International Mobile Subscriber Identity) from the SIM card.
        4. The Wi-Fi network’s AP forwards the request to the RADIUS server, which queries the user’s mobile network for authentication.
        5. The mobile network verifies the SIM credentials using the HLR/HSS and sends back an authentication challenge.
        6. The device responds to the challenge using the SIM card.
        7. Upon successful verification, the RADIUS server grants access to the Wi-Fi network, and the user is automatically connected.

...