Re: otp - the next generation

["Denis A. Doroshenko" <cyxob () THIEF DYNDNS ORG>]

On Fri, Mar 23, 2001 at 12:35:44AM +0100, Szilveszter Adam wrote:
> Hello,
>
> Although the system you present is interesting and promising, (and I have
> not heard of any such systems for Linux yet, athough commercial solutions
> of this kind already exist) but I would like to focus everybody's
> attention on two minor things.
>
> 1) AFAIK mobile communications are *not* encrypted. This means that... yes,
> you guessed it. It is more difficult than the average wire-sniff attack but
> only because there are fewer tools out there from the likes of tcpdump(1).

Man... GSM encrypts the traffic in Um (radio) interface -- interface
between BTS (base transiver station) and MS (mobile station). This means
in air traffic goes encrypted. Well, it's not said in specifications,
but logically everybody understands it, A interface [between MSC (mobile
switching centre) and BSC (base station controller] goes unencrypted.
What about Abis interface (between BSC and BTS) it is not specified
and depend on vendor's decisions. In case of intellectual BTS'es, they
perform encryption themselves, but in more case of "dumb" BTS'es, BSC
does that. Also, there is not so simple to find a subscriber even if
you sniff A or Abis, because of TMSI (temporary mobils subscriber
identity), which is used instead of IMSI and is changed from time to time.

Well, it gets too much off-topic. http://www.etsi.org has it all in
PDF format ;-) tho i've seen only one man who read almost all of it.

> 2) Also, all SMS-es go through the mobile service provider's SMS center or
> whatever it is called in English. If the phone you are authenticating to
> belongs to a different provider, than even two such centers are used.

No that is wrong. In any case only one SMSC will be used -- the one
through which SMS is being sent. For details you may want consulting
ETSI GSM 03.40.

> Of course, manipulating messages (or even just reading them) there would
> require access to the GSM providers infrastructure, but it is another facet
> you shouldn't neglect.

well, having simple GSM handset with MT SMS service supported, you
have device which allows you to read messages. If you indicate to
login that you wish to use one-time-SMS-secret, it is assumed you have
the handset.

Other things -- short message delivery takes time, and it may fail for
temporary reasons. The delivery will be repeated later in case of
temporary fail, but such paramteters like the time intervals between
delivery attempts and number of delivery attempts depend on concrete
configuration of SMSC being used.

The suggested method is another attempt to solve endless problem "how
to determine the user is really who he claims to be" using external
"artifacts" :-) is it good or is it bad?

--
Denis A. Doroshenko