Hi everyone,
This evening I spent a few hours hacking a small test to activate ciphering and I tought people might be interested with tinkering with it. If you want to try for yourself, start off from the encryption branch of Harald, then apply the 4 patches I just posted to this list then apply the quick hack attached to this message.
This patch is not for merge since it's a gross hack just 'to see if it works', and it does ! ( See the log in attachment )
What this patch does is pretty simple: - When there is a location update, it does a AUTHENTICATION REQUEST with a static RAND. - When the AUTHENTICATION RESPONSE is received, it compares the result with the 'known expected' results (see the wiki for AT commands to get SRES and Kc for a given RAND) - When sending a SMS to the MS, it activates the ciphering after receiving the paging response with the 'known precomputed' Kc. If everything goes well, the ME sends back a CIPHER MODE COMPLETE and the rest of the talk is ciphered.
The included patch uses A5/2 but can be trivially modified for A5/1. I just wanted to see if the iPhone would accept A5/2 and it doesn't (works with A5/1 tough) ! My old Ericsson T610 takes A5/2 and A5/1.
Of course, this is no where near a good implementation but at least it provides proof that the lower level functions works. I'm not sure what's the best solution to get SRES and Kc. Most of the time getting the Ki is not an option, so either we have a fixed RAND, or a bunch RAND and corresponding SRES and Kc ... Or a side channel to run the algo on the phone itself ...
Sylvain
On Thu, Sep 24, 2009 at 02:13:45AM +0200, Sylvain Munaut wrote:
This patch is not for merge since it's a gross hack just 'to see if it works', and it does ! ( See the log in attachment )
sure, but it's good to know the infrastructure in OpenBSC works...
The included patch uses A5/2 but can be trivially modified for A5/1. I just wanted to see if the iPhone would accept A5/2 and it doesn't (works with A5/1 tough) ! My old Ericsson T610 takes A5/2 and A5/1.
The iPhone should then also indicate the lack of A5/2 support in the classmark values...
I'm not sure what's the best solution to get SRES and Kc. Most of the time getting the Ki is not an option, so either we have a fixed RAND, or a bunch RAND and corresponding SRES and Kc ... Or a side channel to run the algo on the phone itself ...
Well, I presume if you want OpenBSC with encryption support, then you will probably either
1) connect to a real-world MSC (with holgers new MSC/BSC split) and HLR This is the case where you actually want to deploy a network that interoperates with a public network. Don't be surprised, some companies are considering this, and work is being doe in this direction.
2) issue your own SIM cards, where you know the Ki. This is likely the case when you operate a small private network. In this case we would simply store the Ki in our SQL tables.
The latter case is what we can test relatively easy by using the '16in1' SIM cards as Dieter has indicated some time ago. I've bought a couple of those, but am too busy right now. Anyone interested to complete our crpyto implementation can also easily get them for very little money.
Regards,
On Thu, Sep 24, 2009 at 02:13:45AM +0200, Sylvain Munaut wrote:
This patch is not for merge since it's a gross hack just 'to see if it works', and it does ! ( See the log in attachment )
sure, but it's good to know the infrastructure in OpenBSC works...
The included patch uses A5/2 but can be trivially modified for A5/1. I just wanted to see if the iPhone would accept A5/2 and it doesn't (works with A5/1 tough) ! My old Ericsson T610 takes A5/2 and A5/1.
The iPhone should then also indicate the lack of A5/2 support in the classmark values...
I'm not sure what's the best solution to get SRES and Kc. Most of the time getting the Ki is not an option, so either we have a fixed RAND, or a bunch RAND and corresponding SRES and Kc ... Or a side channel to run the algo on the phone itself ...
Well, I presume if you want OpenBSC with encryption support, then you will probably either
1) connect to a real-world MSC (with holgers new MSC/BSC split) and HLR This is the case where you actually want to deploy a network that interoperates with a public network. Don't be surprised, some companies are considering this, and work is being doe in this direction.
2) issue your own SIM cards, where you know the Ki. This is likely the case when you operate a small private network. In this case we would simply store the Ki in our SQL tables.
The latter case is what we can test relatively easy by using the '16in1' SIM cards as Dieter has indicated some time ago. I've bought a couple of those, but am too busy right now. Anyone interested to complete our crpyto implementation can also easily get them for very little money.
Regards,
-
Harald Welte -
Sylvain Munaut