On 24 Sep 2015, at 22:14, Harald Welte laforge@gnumonks.org wrote:
Hi Neels,
welcome to OpenBSC code :)
Osmocom Authentication Protocol (OAP)I would argue it makes sense to at least specify/define the protocol also to support UMTS AKA, not just plain-old GSM authentication.
This is important
- for future compatibility once the SGSN suppots 3G
- to use UMTS AKA for increased security over GERAN (GPRS/EDGE RAN)
OAP is to authenticate something like the A-link, GSUP link or maybe even MNCC over TCP/IP, or a USSD provider, etc. It is using “AKA” right now but in a restricted mode:
* SQN will be 0 (because the clients might have no way to persistently store the SQNs). Yes, this will allow a replay against the client.[1]
* There is not “AuthenticationFailure” message with the AUTS. As the SQN will always be fixed in the first iteration there should not be a need to re-synchronize.
[1] It is a trade off in efforts. The clients can not store a SQN, the last RANDS, etc. They could in theory start with a random RAND and client/server will go through one re-synchronization of the SQN. I obviously made a trade-off here and this protocol allows us to add SQN number handling in the future and client API users are not impacted.