phone "swiss one SC230" fails to do ciphering with 2G and 3G auth tokens present
on 34c3, person comes with above MS, and I see Location Updating Rejects.
Authentication works with UMTS AKA, but Ciphering Mode Command times out.
As soon as I remove the aud_3g tokens from the HLR, the phone is happy, i.e. doing GSM AKA.
Not sure what action we should be taking, just noting this down so far.
It is the first time that I notice an R99 MS being unable to handle UMTS AKA on GERAN.
#5 Updated by neels about 1 month ago
- File os2793_samsungB2100_ciph_fail.pcapng added
Also got the Samsung B2100 and was able to reproduce the issue.In attached trace, I have 2G comp128v1 and 3G milenage tokens set up in the database.
Authentication goes fine, but the Ciphering Mode Command times out.
The cause is this:
- We send a UMTS AKA challenge in the Authentication Request.
- But we receive back a GSM AKA result (SRES) -- the VLR log clearly states:
"VLR INFO OsmoMSC SUBSCR AUTH established GSM security context"
(see packet 115 in os2793_samsungB2100_ciph_fail.pcapng )
- Nevertheless, we use the UMTS AKA Kc as ciphering key, while the MS clearly went for GSM AKA.
A fix is coming up...
#6 Updated by neels about 1 month ago
- File os2793_works_now.pcapng added
- Status changed from New to In Progress
- % Done changed from 0 to 90
The fix https://gerrit.osmocom.org/7187 is preceded by a test that pinpoints the failure.
In attached pcap, notice how the log says "established GSM security context" (again packet 115) and now the ciphering works out.
In the process, I also found a fix for gracefully rejecting malformed auth responses: https://gerrit.osmocom.org/7188
and threw in a bunch of more tests with various auth response failures around SRES/RES sizes.