2

I am currently working on a soft phone working on windows, the goal is to be able to make a call from a standard phone number, using a sim card, through VoLTE (Voice over LTE).

Currently I am able to contact the HSS/HLR and receive a 401 Unauthorized with a nonce (According to he standard RFC3310). This nonce should be given as a input a AKAv1-MD5 algorithm, which will return a new value that can be send to the HSS/HLR and the authorization is done, this can only be done on a sim card. It cannot be done on a computer due to another input to the algorithm which is highly confidential and only known by a sim card.

Therefore, I would like to know how I can interface with a sim card through a sim card reader, send the nonce to the card, and let it calculate the response and return it.

As my project is written in C# it is preferable if some headers for C# exists.

Since I am using VoLTE the sim card must be a USIM, hence the interface must be to a USIM.

I can, if needed get the Ki key from the sim card, because I working together with a telephone operator.

Niva
  • 47
  • 9

1 Answers1

3

You are (most probably) looking for the AUTHENTICATE command as defined in 3GPP TS 31.102 (the former variants of the same command were referred to as RUN GSM ALGORITHM or INTERNAL AUTHENTICATE in the past).

To use it, you must meet some conditions, citing TS 31.102:

The function is related to a particular USIM and shall not be executable unless the USIM application has been selected and activated, and the current directory is the USIM ADF or any subdirectory under this ADF and a successful PIN verification procedure has been performed (see clause 5).

The selection of the USIM application is described in section USIM application selection, some notes:

  • EF.DIR file format is specified in ETSI TS 102 221 (originates from ISO 7816-4)

  • USIM AID should start with A00000000900001 (RID=A0000000090, PIX=0001...) as defined in ETSI TS 101 220

  • For PIN verification the VERIFY PIN command should be used as defined in ETSI TS 102 221 (it might be easier to disable PIN at all). Beware that you need to pad the PIN value with 'FF' bytes, citing:

PIN and PIN2 are coded on 8 bytes. Only (decimal) digits (0‑9) shall be used, coded in ITU‑T T.50 [5] with bit 8 set to zero. The minimum number of digits is 4. If the number of digits presented by the user is less than 8 then the ME shall pad the presented PIN with 'FF' before sending it to the 3GPP application.

The underlying cryptography is >somewhat< described in 3GPP TS 33.102 (probably the section Authentication and key agreement).

To actually communicate with the smart card from .NET use pcsc-sharp. Some example code is here and here.

If you can get the Ki and know the correct algorithm then I would strongly recommend using the 'emulation approach' if possible (can't help here -- but see e.g. this post with some interesting links).

Disclaimer: My hobbyist GSM experience ended several years ago (before 2.5G) so please do validate my thoughts

Good luck -- you will definitely need it!

EDIT>

Osmocom provides a simple tool -- Osmo-sim-auth which performs the authentication -- might be helpful for you.

Community
  • 1
  • 1
vlp
  • 7,811
  • 2
  • 23
  • 51
  • I've also been stumbling over Osmo-sim-auth, and it seems to do the job. But to be honest i don't know if it is correct anyway. It is able to talk to a sim card and calculate some UMTS credentials, but can i use these for VoLTE authentication (3g authentication isn't enough)? – Niva Oct 18 '16 at 09:19
  • @Niva My bet is yes. I went through some specs, but then found [this](http://www.simpletechpost.com/2012/11/aka-digest-authentication-scheme-for.html) article which seems reasonable. From the specs you need to know if you have USIM or ISIM for different identity mapping. (I am on a thin ice now, so please do validate my thoughts) – vlp Oct 18 '16 at 11:40
  • The osmo-sim-auth did the job! My solution (it not pretty, but it works!): I use an app called boghe, written i C#, C++ and c. – Niva Oct 21 '16 at 11:47
  • The osmo-sim-auth did the job! My solution (it not pretty, but it works!): I use an app called boghe, written i C#, C++ and c. Boghe receives the nonce (number used once) from the HLR, this is forwarded to osmo-sim-auth (slightly modified) - a python script. The python script returns 3 keys, IK, CK, and AKARES. These are "put" back into Boghe, which then can generate a "Digest Response", and return it to the p-CSCF and the registration is done. And for the record, as far as I can see, then 3G and VoLTE sim authentication is the same. – Niva Oct 21 '16 at 11:51