On Sat, Oct 13, 2001 at 02:12:06AM +0900, Benjamin Kowarsch wrote:
>
> On Saturday, October 13, 2001, at 01:54 , Ben Hutchings wrote:
[I wrote that authentication of a GSM handset and initialisation of the
keystream relies on the cooperation of the home network, and that a network
could threaten not to cooperate with networks that implement ZEBRA.]
To be precise, the network must send a challenge to the terminal, which uses
its SIM to generate (a) an authenticating response and (b) a seed for the
key- stream. The algorithms are chosen by the home network operator. For
normal roaming, when a subscriber attempts to sign-on to the visited
network, the visited network obtains several challenge, response, seed
triplets from the home network which it can then use for authentication.
<snip>
> 1) if they did that, then they would instantly loose their roaming
> income from traditional roaming with that network as all their roamers
> could not roam anymore in that network. Reason being that they can only
> switch off all or nothing.
Yes, I understood that, but the uncooperative network might have roaming
agreements with competitors of the ZEBRA implementor in the same area,
so they wouldn't lose much. (My network has roaming agreements with all
4 operators in Germany, for example.)
> 2) ZEBRA includes an alternative authentication system called Secure
> Visitor Authentication (SVA) which is based on public key encryption and
> allows the visited network to authenticate the handset directly for the
> duration of the visit.
Surely this still requires the home network to provide a public key to the
visited network on deman, and to identify the algorithms used?
[ Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/ ]
Received on Fri Oct 12 21:02:25 2001