[PATCH 1/3] Add initial OAP protocol design document

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Holger Freyther holger at freyther.de
Mon Sep 28 05:13:37 UTC 2015


> On 24 Sep 2015, at 22:14, Harald Welte <laforge at gnumonks.org> wrote:
> 
> Hi Neels,
> 
> welcome to OpenBSC code :)
> 
>> +               Osmocom Authentication Protocol (OAP)
> 
> I would argue it makes sense to at least specify/define the protocol
> also to support UMTS AKA, not just plain-old GSM authentication.
> 
> This is important
> * for future compatibility once the SGSN suppots 3G
> * to use UMTS AKA for increased security over GERAN (GPRS/EDGE RAN)

OAP is to authenticate something like the A-link, GSUP link or maybe even
MNCC over TCP/IP, or a USSD provider, etc. It is using “AKA” right now but
in a restricted mode:

* SQN will be 0 (because the clients might have no way to persistently store
the SQNs). Yes, this will allow a replay against the client.[1]

* There is not “AuthenticationFailure” message with the AUTS. As the SQN
will always be fixed in the first iteration there should not be a need to
re-synchronize. 



[1] It is a trade off in efforts. The clients can not store a SQN, the last RANDS,
etc. They could in theory start with a random RAND and client/server will go
through one re-synchronization of the SQN. I obviously made a trade-off here
and this protocol allows us to add SQN number handling in the future and
client API users are not impacted.


More information about the OpenBSC mailing list