Which of the following Extensible Authentication protocols uses a SIM authentication algorithm between the client and AAA server for providing mutual authentication between the client and the network?

A.
EAP-TLS

B.
EAP-AKA

C.
EAP-TTLS

D.
EAP-SIM

Explanation:
Extensible Authentication Protocol Method for GSM Subscriber Identity Module, or EAP-SIM, is an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution using the Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM). GSM cellular networks use a subscriber identity module (SIM) card to carry out user authentication. EAP-SIM uses a SIM authentication algorithm between the client and an Authentication, Authorization, and Accounting (AAA) server providing mutual authentication between the client and the network. Answer option B is incorrect. Extensible Authentication Protocol Method for UMTS Authentication and Key Agreement, or EAP-AKA, is an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution using the Universal Mobile Telecommunications System (UMTS) Subscriber Identity Module (USIM). Answer option A is incorrect. EAP-Transport Layer Security (EAP-TLS) is an IETF open standard and is well-supported among wireless vendors. The security of the TLS protocol is strong, provided the user understands potential warnings about false credentials. It uses PKI to secure communication to a RADIUS authentication server or another type of authentication server. Answer option C is incorrect. EAP-Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extends TLS. It is widely supported across platforms; although there is no native OS support for this EAP protocol in Microsoft Windows, it requires the installation of small extra programs such as SecureW2. EAP-TTLS offers very good security. The client can but does not have to be authenticated via a CA-signed PKI certificate to the server. This greatly simplifies the setup procedure, as a certificate does not need to be installed on every client. After the server is securely authenticated to the client via its CA certificate and optionally the client to the server, the server can then use the established secure connection (“tunnel”) to authenticate the client.