Feature #4397
Updated by osmith about 4 years ago
This was my first approach, I think the HOTP based one is better. But for completeness, I will write it out here and what the issues are.
Inspired by Time-Based One-Time Password Algorithm (TOTP, RFC 6238), which is used as 2FA in logins for gitlab and github for example, the pseudo IMSI would be generated with:
<pre>
IMSI_PSEUDO = distribute(IMSI_RANGE_START, IMSI_RANGE_END, hash(SECRET + (TIMESTAMP / INTERVAL)))
</pre>
Interval could be 10 minutes for example. The SIM applet would generate the pseudo IMSI before the first location update, write it to the SIM, and rewrite it when the interval is over. The HLR needs to be able to resolve IMSI_PSEUDO => IMSI. To do that, it would build a lookup table whenever INTERVAL is over, for all subscribers.
<pre>
table = {}
for imsi in imsis:
secret = get_secret_by_imsi(imsi)
imsi_pseudo = distribute(IMSI_RANGE_START, IMSI_RANGE_END, hash(secret + hash(secret, (TIMESTAMP / INTERVAL))
table[imsi_pseudo] = imsi
</pre>
Problems with this approach:
* Building the lookup table every INTERVAL costs some CPU power
* Getting the timestamp in the SIM applet is not so trivial, javacards "do not have an internal clock":https://stackoverflow.com/q/15740034. We could "ask the modem via AT":https://electronics.stackexchange.com/a/82240 but that might not work with all modems, and we would need to handle the resulting string etc, which makes this a messy solution.
* Harald pointed out, that IMSI_RANGE_START and IMSI_RANGE_END would be barely bigger than the amount of real IMSIs in that range, so the chance of collisions is high!
** I thought of a workaround, include a counter in the hash and increase it until there are no more collisions in the HLR, but the SIM doesn't know about the collisions and would have to retry several times and increase the counter each time, until it finds the proper pseudo IMSI without collision. This would probably not work at all in practice, I assume that the SIM does not retry connecting to the same network over and over after it has been rejected. (The rejection would happen, because AKA does not work if HLR and SIM assume a different real IMSI.)
