This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Neels Hofmeyr nhofmeyr at sysmocom.deHello all, these patches are sitting in branch neels/sgsn-id in openbsc.git. The planned new feature is outlined in the commit log messages. It's my first larger patch submission for openbsc, which I am developing as a sysmocom employee, while this work is sponsored by On-Waves ehf. It's not completely done yet, in the sense of more tests and config UI, and the authentication method/direction may be subject to discussion: Currently, the server (MAP proxy) sends a 16 octet AUTN to authenticate itself. The client (SGSN) only sends a 4 byte SRES in response. IMHO that's not enough, so I've made the SGSN also send the Kc along with the SRES as a challenge response. That's a bit untypical, since the Kc is usually kept secret on both sides, to use as encryption key. We don't use it as encryption key, but it could make sense to turn the authn process around instead: let the *client* send a 16 bit AUTN, and have the server reply with 4 SRES octets (and omit Kc). This would make it more difficult to spoof an SGSN, while keeping Kc private as usual. (If a fake SGSN is accepted, the upstream network infra may be compromised. Guarding against a spoofed MAP proxy is less security sensitive, so 4 octets may suffice there.) Any comments are more than welcome! Thanks, ~Neels On Thu, Sep 24, 2015 at 01:44:06PM +0200, Neels Hofmeyr wrote: > Sponsored-by: On-Waves ehf > --- > openbsc/doc/osmocom-authn-protocol.txt | 191 +++++++++++++++++++++++++++++++++ > 1 file changed, 191 insertions(+) > create mode 100644 openbsc/doc/osmocom-authn-protocol.txt [...] -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20150924/51726c58/attachment.bin>