Hi,
1) Issue our own SIM cards to permit Authentication +
Encryption. This is
the perfect way how we can have a A5/1 based network that people can use
to play with airprobe + Kraken - without violating any laws.
I was planning to enhance pySim to allow more batch programming and
support for pc/sc reader (so you just have to insert, wait, remove,
insert, wait, ...).
I will probably do that soon, after DeepSec.
I would suggest we simply sell them (as opposed to
providing
them for a deposit, as we then would have to take back a lot of cards and
return money, which is a lot of overhead).
Definitely. I don't see any people having a problem with paying a few
EUR for a SIM.
Should :
- Personal SIM with IMSI/KI/algo specified
- Personal/official SIM with just known IMSI
be allowed as well ?
4) Consider putting all BTS in the same location area
I didn't see the logs / analysis from last year, but :
- Was the 'location' feature really exploited for something ?
- Was paging a limit ? (if all are in the same area, the number of
paging request would triple I guess).
- What was the usage of sdcch/8 / TCH ?
Would TCH/H with AMR be useful ? (i.e. was tch a limit ?)
6) User registration
So we sell SIM cards with a pre-programmed IMSI + Ki, but how do we
enable users to assign a phone number to them? Ideally I would want
them to simply register a phone number at the eventphone.de GURU
web interface ahead of the event. But how do we match the IMSI and
the phone number? Ask users to simply state the phone number they
registered? How do we get some kind of authentication?
Well, I guess SMS is the easier.
What kind of control can you have on the eventphone.de interface ?
Each SIM has a 'default' number, and if they want to instead use a number they
pre-registred, have them text a 'token' (long enough not to guess a
valid one, but not too long as to be annoying).
That token is just displayed on eventphone.de when they register a
number as 'GSM' without an IMSI.
Other option is IMEI. They put the IMEI on evenphone.de and when we
get a registration we know who to link.
Cheers,
Sylvain