Make authentication of the BSC (more) secure¶
The nat authenticates a BSC by sending a token in clear text. A challenge and response mechanism should be used instead, e.g. the MILENAGE implementation of libosmocom could be used to implement challenge and response. The code can be found inside the BSC and NAT implementation.
This does not protect against someone hijacking the TCP connection after the initial connection setup.