Project

General

Profile

Actions

Bug #2958

open

OsmoSGSN doesn't authenticate on second/further ATTACH REQUEST

Added by laforge about 6 years ago. Updated about 4 years ago.

Status:
Stalled
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
02/17/2018
Due date:
% Done:

50%

Spec Reference:
Tags:

Description

When a new/unknown MS performs an ATTACH REQUEST for the first time, it is authenticated.

However, if that same MS later performs a second ATTACH REQUEST, even with new P-TMSI/TLLI, it is not authenticated and we simply send an ATTACH ACCEPT. This is a security problem, as it means anyone can impersonate other known-existing IMSIs.


Files


Related issues

Related to OsmoSGSN - Bug #3302: implement a FSM for GMM Attach RequestClosedlynxis05/29/2018

Actions
Related to OsmoSGSN - Bug #4221: create ttcn testcase for T3350 in combination with a PDP contextResolvedfixeria10/08/2019

Actions
Actions #1

Updated by laforge almost 6 years ago

  • Assignee changed from 4368 to lynxis
Actions #2

Updated by lynxis almost 6 years ago

  • Status changed from New to In Progress
Actions #3

Updated by lynxis almost 6 years ago

  • Status changed from In Progress to Stalled
  • % Done changed from 0 to 50

I've started to refactor the whole GMM Attach Request handling into one fsm.
This issue is already fixed in the new fsm implementation.
I've created the ttcn3 testcase

SGSN_Tests.TC_attach_second_attempt
for this.

Actions #4

Updated by lynxis almost 6 years ago

  • Related to Bug #3302: implement a FSM for GMM Attach Request added
Actions #5

Updated by laforge almost 6 years ago

  • Tags set to TTCN3
Actions #6

Updated by lynxis almost 6 years ago

Actions #7

Updated by lynxis over 5 years ago

The test is failing again, even under the new FSM.
The HLR integration into the test must be rewritten.

At the moment, the TTCN test case SGSN_Tests.TC_attach_second_attempt still fails, but this is fails, because the
second attach does not proceed, because TTCN explicit expect to see an Insert Subscriber Data Request.
This request will be never sent from the SGSN, because it has still valid key data.

Actions #8

Updated by laforge almost 5 years ago

Actions #9

Updated by lynxis almost 5 years ago

  • Status changed from Stalled to In Progress
Actions #10

Updated by lynxis almost 5 years ago

  • Priority changed from High to Normal

It's not only the SGSN Tests. The SGSN does not behave correctly. The sgsn_authentication have to be rewritten as well the integration of Auth Req/Response to fix the real problem.

Actions #11

Updated by laforge over 4 years ago

  • Status changed from In Progress to Stalled
Actions #12

Updated by laforge about 4 years ago

  • Assignee changed from lynxis to 4368
Actions #13

Updated by fixeria 9 months ago

  • Related to Bug #4221: create ttcn testcase for T3350 in combination with a PDP context added
Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)