GSM license approval for HAR2009

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Harald Welte laforge at gnumonks.org
Wed Jul 22 16:38:11 UTC 2009 

Hi David,

On Wed, Jul 22, 2009 at 09:22:57AM -0700, David A. Burgess wrote:
> One thing we plan do at Burning Man is run an auto-provisioning system 
> via SMS, using the BTS itself as a SIM reader.  When a handset first 
> tries to register, we will accept the location updating attempt and then 
> send a text message saying "If you want experimental service, please 
> reply with your telephone number."  The reply to the text message then 
> goes into a function that creates a new entry in the provisioning 
> database based on the originating IMSI and the content of the message.  
> Then we will respond with something like "Thanks for joining our test.  
> This is an experimental network.  WE DO NOT SUPPORT EMERGENCY CALLS.  To 
> quit the test, reply to this message."  In the US, at least, the part 
> about emergency calls is really important.
>
> I realize you don't have a lot of time left to get ready for HAR,  
> though.  This may or may not be a simple hack, depending on the state of 
> your SMS software.  But if it works, it will be a lot faster than  
> provisioning phone by hand.

Yes, I was thinking about something similar, but more restrictive:

* let an unknown imsi perform location update
* send a SMS that this is a test network, include IMSI plus some
  authentication token in the SMS
* send a authentication request to the phone
* reject the authentication irrespective of the response

This way the phone cannot stay on our network until somebody has gone to a web
browser and entered imsi + auth code from that SMS.  Still it's not foolproof,
since anyone with airprobe could just get that imsi + auth code off the air
and authenticate for somebody else :(

Oh, and of course, only do that entire procedure onec for every given IMSI,
so next time the location update request is rejected without any SMS,
unless the auth code has been entered on the web site.

I'm not sure if I can manage to implement this, but it would be the
solution I would hope for.  On the other hand, having to manually enter people
keeps the number of users smaller and more controllable.  If there's one
volunteer who can take care of that, it should be fine.
 
Regards,
-- 
- Harald Welte <laforge at gnumonks.org>           http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)

More information about the OpenBSC mailing list