Authentication and Encryption

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Dieter Spaar spaar at mirider.augusta.de
Sun Jul 12 16:50:48 UTC 2009


Hello Harald,

On Sun, 12 Jul 2009 16:02:11 +0200, "Harald Welte" <laforge at gnumonks.org> wrote:
> 
> Thanks a lot for your investigation.  Are you planning to take it beyond the
> hack and do a clean implementation that we can merge at some point?

To implement it in a clean way in my opinion requires some discussion
about how to do it so that it fits into the architecture:

  - When do the authentication, most certainly during the first
    Loacation Update, but when else ?

  - Where to store the subscriber Ki for authentication and the
    information about which algorithm is used ? Also store for each
    subscriber if authentication and/or encryption should to be used.

  - Where to cache Kc, its not necessary to authenticate every time when
    encryption for a channel is turned on. Kc from a previous
    authentication can be used several times.

  - Where to turn on encryption, every time a channel is allocated ?

Those are just a few thoughts. I guess discussion about the details
probably takes longer than if you or Holger implement it during your
ongoing work on OpenBSC. Currently you both are the main people working
on OpenBSC at several places of the implementation and a clean integration
of authentication and encryption affects a lot of those places too. I am
reluctant to interfere here, not because of the time it takes (its not
that much) but because any changes should fit to what you plan to
do. If anyone want to see the technical details, I can provide them,
its rather simple and straightforward.

Best regards,
  Dieter
-- 
Dieter Spaar, Germany                           spaar at mirider.augusta.de




More information about the OpenBSC mailing list