Hi Sylvain,
On Tue, Oct 26, 2010 at 08:59:27PM +0200, Sylvain Munaut wrote:
1) Issue our
own SIM cards to permit Authentication + Encryption. This is
the perfect way how we can have a A5/1 based network that people can use
to play with airprobe + Kraken - without violating any laws.
I was planning to enhance pySim to allow more batch programming and
support for pc/sc reader (so you just have to insert, wait, remove,
insert, wait, ...).
I will probably do that soon, after DeepSec.
ok, great. looking forward to it.
Should :
- Personal SIM with IMSI/KI/algo specified
I think the number of people who have that is very limited. So sure, we
can do that manually if somebody wants to.
- Personal/official SIM with just known IMSI
be allowed as well ?
I don't think we should do it, or at least not publicly advertise it.
It just creates extra effort, and we want to ensure we can enable many
people to test the network without creating a lot of per-user work for us.
4) Consider
putting all BTS in the same location area
I didn't see the logs / analysis from last year, but :
- Was the 'location' feature really exploited for something ?
no, it's just nice to see and for debugging. And you can see
- Was paging a limit ? (if all are in the same area,
the number of
paging request would triple I guess).
No, paging is never a limit... there are so many paging slots and so few
calls or SMSs
- What was the usage of sdcch/8 / TCH ?
I don't really have statistics for it, but TCH use was relatively low... I
think people are more interested in reliable SMS.
Would TCH/H with AMR be useful ? (i.e. was tch a
limit ?)
No, TCH was no limit.
AMR/HR would be useful, but I don't want to use it as we only have it in
OsmoBSC mode so far and no code for codec negotiation in our call control
engine. Also, AMR/HR is incompatible with dynamic PDCH allocation, which
sucks.
6) User
registration
So we sell SIM cards with a pre-programmed IMSI + Ki, but how do we
enable users to assign a phone number to them? Ideally I would want
them to simply register a phone number at the eventphone.de GURU
web interface ahead of the event. But how do we match the IMSI and
the phone number? Ask users to simply state the phone number they
registered? How do we get some kind of authentication?
Well, I guess SMS is the easier.
Ah, indeed. So we simply allow all IMSIs that we have issued on our network
but send them a SMS with some token that they can use to associate that IMSI
with their account on GURU?
What kind of control can you have on the eventphone.de
interface ?
We have to discuss it with them... I think now we still might have time
for that.
Each SIM has a 'default' number, and if they
want to instead use a number they
pre-registred, have them text a 'token' (long enough not to guess a
valid one, but not too long as to be annoying).
That token is just displayed on eventphone.de when they register a
number as 'GSM' without an IMSI.
ok, the other way around. The token is a unique value that they have to SMS to
OpenBSC... great idea. I like it that way.
Other option is IMEI. They put the IMEI on
evenphone.de and when we
get a registration we know who to link.
too cumbersome for most users from my experience.
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)