Comments (5)
As I know, OPc can be derived from K and OP value like the src/hss/milenage.c
void milenage_opc(const c_uint8_t *k, const c_uint8_t *op, c_uint8_t *opc)
{
int i;
aes_128_encrypt_block(k, op, opc);
for (i = 0; i < 16; i++)
{
opc[i] ^= op[i];
}
}
I have no experience how EPC is deployed. So I'm not sure which value is good to store database.
I've assumed it as follows.
- Operator order USIM with global OP, K, and AMF
- USIM manufacturer provide the chip with individual OPc, K, and AMF
(Individual OPc is derived from OP and K). - Operator add new subscriber with global OP, K, and AMF.
And also, there is one more operator in this system. So, I've stored OP in the Subscriber database.
At this point, I don't know whether the above scenario is right or not. If operator also want to use the individual OPc that is not derived from global OP, I'll change OP to OPc field in Web User Interface.
from open5gs.
Both scenarios exist. It is up to the agreement between SIM card manufacturer and operator whether they use global OP or card-individual OPC. In OsmoHLR, we have prepared the database for both variants. I know it adds complexity, but it's unfortunately the only solution to cover both common cases.
For my immediate testing, I've reprogrammed my card to use global OP instead of OPc and authentication via USIM-UE-ENB-MME-HSS is now working with nextepc. So I can make progress right now, but I guess sooner or later somebody will have this issue and not be able to reprogram the card[s].
Regarding your assumption that the card would always contain an OPc: This is unfortunately not correct. We know of at least one widely-used CardOS / USIM application which actually stores the global OP on each card in case of "global OP" case, and only a card-individual OPc in case of card-individual OPc.
from open5gs.
Sukchan, we should cover both scenarios, regarding pratical use-cases at least. It seems that real USIMs might be provided not only with 'OP' + 'K', but also with 'OPc' + 'K' although 'OPc' is derived from 'OP' and 'K' by the 'Milenage' algorithm framework. And please refer to the following about "OPc computed off the USIM":
(From ETSI TS 135 206)
5.1 OPC computed on or off the USIM?
Recall that OP is an Operator Variant Algorithm Configuration Field. It is expected that each operator will define a value of OP which will then be used for all its subscribers. (It is up to operators to decide how to manage OP. The value of OP used for new batches of USIMs could be changed occasionally; or perhaps a different value could be given to each different USIM supplier. OP could even be given a different value for every subscriber if desired, but that is not really the intention.)
It will be seen in section 4.1 that OPC is computed from OP and K, and that it is only OPC, not OP, that is ever used in subsequent computations. This gives two alternative options for implementation of the algorithms on the USIM:
(a) OPC computed off the USIM: OPC is computed as part of the USIM prepersonalisation process, and OPC is stored on the USIM. OP itself is not stored on the USIM.
(b) OPC computed on the USIM: OP is stored on the USIM (it may be considered as a hard-coded part of the algorithm if preferred). OPC is recomputed each time the algorithms are called.
The SAGE Task Force recommends that OPC be computed off the USIM if possible, since this gives the following benefits:
- The complexity of the algorithms run on the USIM is reduced.
- It is more likely that OP can be kept secret. (If OP is stored on the USIM, it only takes one USIM to be reverse engineered for OP to be discovered and published. But it should be difficult for someone who has discovered even a large number of (OPC, K) pairs to deduce OP. That means that the OPC associated with any other value of K will be unknown, which may make it harder to mount some kinds of cryptanalytic and forgery attacks. The algorithms are designed to be secure whether or not OP is known to the attacker, but a secret OP is one more hurdle in the attacker's path.)
from open5gs.
It's good discussion. Let me add OPc field in nextepc database.
On the HSS aspect,
- If there is OPc value in the database, HSS will use it directly without calculation at first.
- If there is no OPc value, HSS will try to find OP value in the database, and if there is OP value, HSS will derive OPc value from K and OP value.
And also, I will update WebUI for supporting these two value.
Thanks!
from open5gs.
I've updated WebUI and HSS for supporting OPc in r0.2 branch.
Even though database stores both OP and OPc, End-User enter only one of OP and OPc in the WebUI.
Thanks!
from open5gs.
Related Issues (20)
- Can we use latest kamailio(git) with open5gs HOT 1
- [Bug]: If the upf gtpu-server is configured with an ipv6 address, the upf will coredump
- NGAP setup failure: Cannot find S_NSSAI
- [Bug]: Heap overflow in open5gs-mmed over s1ap interface, in SetupRequest and ConfigurationUpdate HOT 2
- [Bug]: Heap overflow in open5gs-seppd over n32c interface, in SecurityCapabilityRequest and SecurityCapabilityResponse HOT 2
- [Bug]: Stack overflow in open5gs-hssd over S6a interface, in Update-Location-Request and Authentication-Information-Request HOT 2
- [Bug]: Heap overflow in open5gs-mmed over s6a interface, in Update-Location-Answer and Insert-Subscriber-Data HOT 1
- [Bug]: Stack overflow in open5gs-pcrfd over Rx interface, in AA-Request HOT 1
- 4G VoLTE Docker setup not visible in the android phone after configuring APNs
- 4G VoLTE Docker setup not visible in the android phone after configuring APNs
- TAU from 2G to 4G fails HOT 1
- How to trigger paging and configuration update from the CoreNetwork(AMF)?
- volte_ue
- Assistance Needed with Open5GS and IMS Setup in XIAOMI UEs
- meson test failed 9 tests HOT 1
- meson test failed 9 tests
- Documentation (https://open5gs.org/open5gs/docs/) links under "@gradiant helm charts" are not reachable (404 error) HOT 2
- The slice cannot be throttled.
- Webui failing to get booted
- UE downlink data forwarding HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from open5gs.