On 24 Sep 2015, at 22:14, Harald Welte
<laforge(a)gnumonks.org> wrote:
Hi Neels,
welcome to OpenBSC code :)
+ Osmocom Authentication Protocol
(OAP)
I would argue it makes sense to at least specify/define the protocol
also to support UMTS AKA, not just plain-old GSM authentication.
This is important
* for future compatibility once the SGSN suppots 3G
* to use UMTS AKA for increased security over GERAN (GPRS/EDGE RAN)
OAP is to authenticate something like the A-link, GSUP link or maybe even
MNCC over TCP/IP, or a USSD provider, etc. It is using “AKA” right now but
in a restricted mode:
* SQN will be 0 (because the clients might have no way to persistently store
the SQNs). Yes, this will allow a replay against the client.[1]
* There is not “AuthenticationFailure” message with the AUTS. As the SQN
will always be fixed in the first iteration there should not be a need to
re-synchronize.
[1] It is a trade off in efforts. The clients can not store a SQN, the last RANDS,
etc. They could in theory start with a random RAND and client/server will go
through one re-synchronization of the SQN. I obviously made a trade-off here
and this protocol allows us to add SQN number handling in the future and
client API users are not impacted.