spec: error scenarios
This commit is contained in:
parent
7b0dbb962d
commit
5de45c0885
|
@ -167,6 +167,7 @@ pseudonymous IMSI.
|
||||||
The HLR is allocating a pseudonymous IMSI for the subscriber. This pseudonymous
|
The HLR is allocating a pseudonymous IMSI for the subscriber. This pseudonymous
|
||||||
IMSI is stored as IMSI on the subscriber's SIM instead of the real IMSI.
|
IMSI is stored as IMSI on the subscriber's SIM instead of the real IMSI.
|
||||||
|
|
||||||
|
[[sim-app]]
|
||||||
==== SIM applet
|
==== SIM applet
|
||||||
|
|
||||||
The SIM is provisioned with a SIM applet, which is able to change the IMSI once
|
The SIM is provisioned with a SIM applet, which is able to change the IMSI once
|
||||||
|
@ -316,8 +317,28 @@ PAD: 8 bits::
|
||||||
Padding at the end, should be filled with 1111 as in the TBCD specification.
|
Padding at the end, should be filled with 1111 as in the TBCD specification.
|
||||||
|
|
||||||
== Error Scenarios
|
== Error Scenarios
|
||||||
|
|
||||||
=== Next Pseudonymous IMSI SMS is Lost
|
=== Next Pseudonymous IMSI SMS is Lost
|
||||||
=== SMS Arrives Late
|
|
||||||
|
If the SMS with the next pseudonymous IMSI does not arrive, the SIM will start
|
||||||
|
the next Location Updating Procedure with the old pseudonymous IMSI. Because
|
||||||
|
the HLR has both the old and the new pseudonymous IMSI allocated at this point,
|
||||||
|
the subscriber is not locked out of the network.
|
||||||
|
|
||||||
|
An attacker might block the next pseudonymous IMSI SMS on purpose. Then the
|
||||||
|
subscriber would have the same pseudonymous IMSI for a long time. A suitable
|
||||||
|
defense is warning the subscriber if the IMSI does not change
|
||||||
|
(<<warn-no-imsi-change>>).
|
||||||
|
|
||||||
|
=== Next Pseudonymous IMSI SMS arrives out of order
|
||||||
|
|
||||||
|
The next pseudonymous IMSI SMS may arrive out of order. Either, because the
|
||||||
|
network is not able to deliver them in order, or even because an attacker would
|
||||||
|
perform a replay attack.
|
||||||
|
|
||||||
|
If the SMS arrives out of order, the imsi_pseudo_i counter will not be higher
|
||||||
|
than the value the SIM applet (<<sim-app>>) has stored. Therefore, the applet
|
||||||
|
will discard the message and the subscriber is not locked out of the network.
|
||||||
|
|
||||||
// === SMS Arrives Before Timer Expires
|
// === SMS Arrives Before Timer Expires
|
||||||
// FIXME: OS#4486
|
// FIXME: OS#4486
|
||||||
|
@ -328,6 +349,7 @@ Padding at the end, should be filled with 1111 as in the TBCD specification.
|
||||||
== Recommendations for Real-World Implementations
|
== Recommendations for Real-World Implementations
|
||||||
=== ATT = 0
|
=== ATT = 0
|
||||||
=== End to End Encryption of SMS
|
=== End to End Encryption of SMS
|
||||||
|
[[warn-no-imsi-change]]
|
||||||
=== Warning the User if the IMSI Does Not Change
|
=== Warning the User if the IMSI Does Not Change
|
||||||
=== User-configurable Minimum Duration Between IMSI Changes
|
=== User-configurable Minimum Duration Between IMSI Changes
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue