The Osmocom core network landscape is transforming. Adding full UMTS Authentication support, paired with the 3G developments of the past year, has rocked the boat of the good old OsmoNITB. Here is why:
From previous 3G announcements1, you may already know that the OsmoNITB, the Network-In-The-Box, combines BSC, MSC and HLR (among other things), which has drawbacks. Our MSC code was nicely placed in a separate libmsc, but libmsc never stood on its own. From the start it always had its fingers deep in libbsc data structures. In 3G core networks, there no longer is a BSC, so we needed a clear interface to talk to libmsc, and make it not depend on libbsc. We do have a standalone OsmoBSC, so technically, it could talk to a standalone MSC implementation, instead of having both in the same program. Thus, on the 3G branch, we basically killed off the BSC part of OsmoNITB: the first step towards our brand new standalone OsmoMSC.
But what is a 3G core network without full 3G authentication? UMTS AKA2 was published in Release 1999 of the 3GPP technical specifications (R99) and provides the means for mutual authentication, usually using the Milenage algorithm. Since R99, SIM cards (USIM) not only verify their authenticity to the core network, they also expect the core network to verify its own authenticity, hence the term mutual authentication. 3G USIMs may fall back to pre-R99 authentication, but in general, 3G is expected to be synonymous with UMTS AKA. So far, Osmocom fell short of that.
We have had the Milenage algorithms implemented in libosmocore for years, but our stock OsmoNITB is unable to use it. The main reason: the subscriber database is incapable of managing UMTS AKA tokens. Another shortcoming of this database is that it runs synchronously in the OsmoNITB process: if it is locked or needs a bit longer, our entire core network stalls until the request is completed. And a third clumsy fact is that the OsmoSGSN cannot use OsmoNITB's subscriber database, duplicating the authorization configuration.
It made sense to solve all of these subscriber database problems in one effort, again trimming OsmoNITB, but this time at the other end. Enter stage the brand new OsmoHLR, a separate process managing the subscriber database:
- OsmoHLR has full UMTS AKA support.
- It serves GSUP to both our MSC and SGSN.
- As a separate process, the HLR now runs fully asynchronously.
Of course, the MSC needs to act as a GSUP client to use the separate OsmoHLR server. We needed to teach libmsc to handle GSUP requests asynchronously. In the 3GPP TS specifications, this is handled by the VLR, the Visitor Location Register. So far the VLR existed implicitly within OsmoNITB, basically as an in-RAM storage of subscriber data read directly from the database storage. But the VLR is more than that: it is specified to follow detailed state machines interacting with MSC and HLR, which allow, you guessed it, asynchronous handling of subscriber data. With the HLR moving to a separate process, we needed to implement a VLR proper. A generic finite state machine implementation has been added to libosmocore, and the specs' state machine definitions for the VLR have been implemented, supporting UMTS AKA right from the start.
Adding the new feature set had the logical consequence of profound code changes. In the 3G developments, we have for some time called the OsmoNITB-without-BSC a Circuit-Switched Core Network (OsmoCSCN). As it turns out, OsmoCSCN was merely a working title, it is already gone from code and documentation. Because, what do you get when you also strip from it the HLR? You get an OsmoMSC! (Technically, to accurately call it "OsmoMSC", we would also need to externalize the SMS storage3. It's on the todo list!)
By now it may be clear to you that OsmoNITB will not be around for long. But the transition away from OsmoNITB is not trivial: users have to get familiar with the new OsmoHLR. OsmoNITB's VTY configuration commands for subscriber management no longer exist. And, of course, our OsmoMSC cannot talk to OsmoBSC yet: to fully replace OsmoNITB with OsmoBSC + OsmoMSC + OsmoHLR, we also need a proper A-interface implementation on the OsmoMSC side. Even though OsmoNITB will stick around as a 2G solution until then, the move to an external HLR process in itself is a profound change in admin processes.
In consequence, we have taken yet another profound decision: we will not merge these new developments to openbsc.git's master branch. To clearly mark the move to the new Osmocom core network topology with the VLR-HLR separation and support for 3G by the new OsmoMSC program, we will create a brand new git repository that will be the focus of ongoing development. The current openbsc.git repository will remain as it is; it may see backports in urgent cases, but in essence it will be laid to rest and clearly marked as legacy4. Before we can flip that switch, we still need to sort out some petty details of what should move where, and then agree on a good name for the new repository. Until then, 2G with UMTS AKA support will live on the openbsc.git vlr_2G branch, while 3G with UMTS AKA support will live on the vlr_3G branch. The vlr_2G branch still features an OsmoNITB, but with an external OsmoHLR. The vlr_3G (previously sysmocom/iu) extends the vlr_2G branch to transform OsmoNITB to OsmoMSC and support the IuCS interface.
What about UMTS AKA on packet-switched connections? OsmoSGSN has had a GSUP client for quite some time now5. In fact GSUP was initially named "GPRS Subscriber Update Protocol" -- the G now re-coined to "Generic". Adding UMTS AKA to the OsmoSGSN was a breeze. You don't even need a special branch for that, it's already merged to master.
UMTS AKA is not limited to 3G. Any 2G network that indicates compliance with Release 1999 in the System Information bits can benefit from mutual authentication, and so does Osmocom, now.
Here is an overview of the current landscape:
Legacy 2G without UMTS AKA
openbsc.git master
┌────────────────────────┐
│ OsmoNITB │
┌─────┐ ├╌╌╌╌╌┐ ╔═════╤════════╗ │
│ BTS │ <-Abis-> │ BSC ┆ ║ SMS ┆ subscr ║ │
│ │ └─────┴─╨─────┴────────╨─┘
│ │
│ │ ┌──────────┐ ┌──────────┐
│ PCU │ <-Gb---> │ OsmoSGSN │ <-GTP-> │ OpenGGSN │
└─────┘ └──────────┘ └──────────┘
2G with UMTS AKA
openbsc.git vlr_2G
┌─────────────────────┐
│ OsmoNITB │
┌─────┐ ├╌╌╌╌╌┐ ╔═════╗ ┌╌╌╌╌╌┤ ┌────────────┐
│ BTS │ <-Abis-> │ BSC ┆ ║ SMS ║ ┆ VLR │ <-GSUP-> │ OsmoHLR │
│ │ └─────┴─╨─────╨─┴─────┘ │ │
│ │ │ │
│ │ ┌─────────────────────┐ │ ╔════════╗ │
│ PCU │ <-Gb---> │ OsmoSGSN │ <-GSUP-> │ ║ subscr ║ │
└─────┘ │ │ └─╨────────╨─┘
│ │ ┌──────────┐
│ │ <-GTP--> │ OpenGGSN │
└─────────────────────┘ └──────────┘
3G with UMTS AKA
openbsc.git vlr_3G
┌─────────────────────┐
│ OsmoMSC │
┌───────────┐ ┌───────────┐ │ ╔═════╗ ┌╌╌╌╌╌┤ ┌────────────┐
│ 3G hNodeB │ <-Iuh-> │ OsmoHNBGW │ <-IuCS-> │ ║ SMS ║ ┆ VLR │ <-GSUP-> │ OsmoHLR │
└───────────┘ │ │ └───────╨─────╨─┴─────┘ │ │
│ │ │ │
│ │ ┌─────────────────────┐ │ ╔════════╗ │
│ │ <-IuPS-> │ OsmoSGSN │ <-GSUP-> │ ║ subscr ║ │
└───────────┘ │ │ └─╨────────╨─┘
│ │ ┌──────────┐
│ │ <-GTP--> │ OpenGGSN │
└─────────────────────┘ └──────────┘
2G with UMTS AKA and 3G support are not packaged yet. To use them, you need to build the software from source.
- For OsmoNITB with 2G UMTS AKA, you need to build openbsc.git using the vlr_2G branch.
- For 3G including UMTS AKA support, refer to the 3G wiki page.
To get assistance, you may ask on the mailing list, or contact for example sysmocom for professional support and development services.
With the help of Osmocom's sponsors and supporters, including but not limited to NLnet and sysmocom, we were able to invest due time and effort and have reached a remarkable milestone: UMTS AKA is now supported on Osmocom 3G as well as 2G networks, using Free Software all the way. Thank you for making this possible!