Authentication and Encryption

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Dieter Spaar spaar at mirider.augusta.de
Sat Jul 11 20:03:30 UTC 2009 

Hello,

I did a few tests with Authentication and Encryption. Its just
a quick hack and nothing which can be integrated into OpenBSC
in a clean way but the process was rather straightforward:

  - For my tests I used the location update request.

  - I sent the AUTHENTICATION REQUEST to the MS.

  - When I received the AUTHENTICATION RESPONSE from the MS, I
    compared SRES with the expected value. If the expected value
    was received, I send the ENCRYPTION COMMAND with Kc to the
    BTS. If the wrong SRES was received, I send an AUTHENTICATION
    REJECT to the MS.

  - The BTS will now send the CIPHERING MODE COMMAND to
    the MS and activate encryption.

  - The CIPHERING MODE COMPLETE command from the MS will already
    be received encrypted.

I have not recorded the RF traffic to check if encryption is really
enabled. But the Nokia Netmonitor indicated encryption, additionally
if I send the wrong Kc in the ENCRYPTION COMMAND, the location update
does not complete.

I have not tested speech traffic yet, but it most certainly works the
same way.

One thing which might be interesting is how to get SRES and Kc because
the A3/A8 algorithm on the SIM is usually not known. There are a few ways
how to do it:

  - one could record a few results from a SIM and only send RAND values
    where the pre-recorded results are known.

  - the SIM communication could be intercepted (for example with a
    device like the "Turbo Lite" from www.bladox.com) and if the APDU for
    authentication is sent, one can run its own A3/A8 algorithm instead of
    the one from the card.

  - if one has a SIM with the broken and known COMP128, its possible
    to find Ki so that the authentication response from the card can
    be calculated.

  - Test SIMs (for GSM Test Equipment) have implemented a know
    A3/A8 algorithm (XOR) and so the authentication response can
    be calculated.

  - One can buy one of those SIM clone cards (they are called Super-SIM
    Magic-SIM, 16in1 SIM or similar). They are of not much use for official
    networks because only a few (if any) providers use COMP128 any more
    and this is the algorithm those card implement (and expect it to be in
    the card which should be cloned). You can buy such SIM cards rather cheap
    (around 5 Euro). They usually come with a software (Windows) which allows
    to set the IMSI and Ki for COMP128. So you have a card with a know
    A3/A8 algorithm (COMP128) and a know Ki.

I used one of those SIM clone cards for my experiments, the SIM worked
fine in an older Nokia 3310 (at least for this test). I don't know how
well it will work in other phones but for this rathe low price its
probably worth a try.

Best regards,
  Dieter
-- 
Dieter Spaar, Germany                           spaar at mirider.augusta.de

More information about the OpenBSC mailing list