Using osmo-sim-auth to query USIM/SIM cards authentication mechanism.
Exploring the how and why of Authentication in LTE & NR networks.
Adventures in getting USIMs to use on private LTE networks.
Creating a Kamailio based SIP Honeypot
Using GeoIP2 module to trace source of traffic and use that for routing in Kamailio
The other day I got an SMS from my bank, one of the big 4 Australian Banks. BANKNAME Alert: Block placed on card ending in XXXX, for suspicious transaction at ‘THING NICK PURCHASED ONLINE’ for $29.00 at 13:56. If genuine, reply ‘Yes’. If Fraud, reply ‘No’. SMS from bank They’d detected possible fraud on my … Continue reading SMS Security – Banks
We’ve talked a bit in the past few posts about keys, K and all it’s derivatives, such as Kenc, Kint, etc. Each of these is derived from our single secret key K, known only to the HSS and the USIM. To minimise the load on the HSS, the HSS transfers some of the key management … Continue reading LTE (4G) – EUTRAN – Key Distribution and Hierarchy
We’ve already touched on how subscribers are authenticated to the network, how the network is authenticated to subscribers. Those functions are done “in the clear” meaning anyone listening can get a copy of the data transmitted, and responses could be spoofed or faked. To prevent this, we want to ensure the data is ciphered (encrypted) … Continue reading LTE (4G) – Ciphering & Integrity of Messages
How LTE Subscriber authenticate the network
Contents of a USIM, fields & their meanings and basics of EUTRAN authentication.
Hash Tables (HTable) – Lightning fast small databases used in Kamailio for anything you can imagine.
Who is calling?
Using Kamailio’s Permissions module to implement basic ACL functionality.
Adding Trunks to our Kamailio instance to make / receive calls from the PSTN.
DNS style message amplification using SIP requests to flood a server / host.
How the AKAv1-MD5 algorith derives keys and how it’s used in IMS Networks
Putting security into practice in Kamailio to authenticate INVITE and REGISTER traffic by source IP and Challenge / Response in the Auth header.