New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication failure (Synch failure) #11

Closed
eric80s opened this Issue Dec 12, 2017 · 21 comments

Comments

Projects
None yet
2 participants
@eric80s

eric80s commented Dec 12, 2017

I used nextepc and srsenb to set up a 4G experimental network. When a commercial UE(USIM with custom information and had been added to HSS) accesses the network, Authentication failure (Synch failure) is triggered during authentication procedure . According to 3GPP TS 24.301 5.4.2.6 (c) and 5.4.2.7 (e), Upon the first receipt of an AUTHENTICATION FAILURE message from the UE with the EMM cause #21 "synch failure", the network shall use the returned AUTS parameter from the authentication failure parameter IE in the AUTHENTICATION FAILURE message, to re-synchronise.
So, I suggest that this procedure should be implemented in nextepc.

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 12, 2017

I've missed 're-synchronise'. I think that it should be implemented as soon as possible.
Let me try to do it!

BTW, could you give me a related 'pcap' file? It will be very helpful for me to implement the feature.

@eric80s

This comment has been minimized.

eric80s commented Dec 12, 2017

Thank you for your reply, I uploaded an attachment zip package, contains two pcap files, synch_failure.pcap is generated by nextepc + srsenb, resynch.pcap is generated by Amarisoft MME + srsenb, hoping to help you.

pcap_log.zip

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 12, 2017

Great! That is what I wanted. I'm very appreciated. Let me update nextepc soon.

Thank you for your effort!

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 17, 2017

Today, the feature of authentication failure is added. Unfortunately, the related package is not released at this point. We're not sure that you are familiar to build the nextepc.

For you information,

  • The feature is updated in branch 'ipv6'.
  • IPv6 related TUN setting is needed in this branch.
  • The configuration file format is changed from JSON to YAML.
  • From your pcap file, you need to change MME_Group_ID(8001), MME_Code(01), TAC(1)
  • You don't have to setup S1AP, GTP related IP setting. All things are auto-detected.

The sequence is like this.

  • sudo apt-get -y install autotools-dev pkg-config git flex bison libsctp-dev libgnutls28-dev libgcrypt-dev libssl-dev libmongoc-dev libbson-dev mongodb
  • sudo apt-get -y install libyaml-dev
  • git clone https://github.com/acetcom/nextepc
  • git checkout ipv6
  • autoreconf -iv;./configure --prefix=/home/acetcom/git/nextepc/install;make -j 2;make install
  • sudo ip tuntap add name pgwtun mode tun;
  • sudo ip addr add 45.45.0.1/16 dev pgwtun
  • sudo ip addr add cafe::1/64 dev pgwtun
  • sudo ip link set pgwtun up
  • mkdir -p data/db
  • mongod --dbpath data/db
  • ./test/testepc
  • Edit ./install/etc/nextepc.conf(mme.gummei.mme_gid, mme_code, mme.tai.tac)
  • ./nextepc-epcd

If you are not want to build nextepc, please wait a little time. The new version(v0.3) will be release soon.

@eric80s

This comment has been minimized.

eric80s commented Dec 18, 2017

Hi, acetcom
Thank you very much for your effort. I recompiled nextepc as you described and reconfigured my 4g network. During the test, the UE triggered a resync failed error when it tried to access the network. Since I am unfamiliar with yaml Configuration file syntax, so I uploaded the nextepc log and ue access procedure pcap file, I think it may be because I made the mistake in the steps that led to this error and look forward to your advice.
resynch_failed.zip

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 18, 2017

Hi, eric80s

Oops!. This is my bugs. MAC_S checking is failed in nextepc. Would you give me a K, AMF, OPc? I need a test vector for solving this problem. I'm wondering whether there is a security problem or not. Email(acetcom@gmail.com) is also good to me.

So sorry to bother you!

@eric80s

This comment has been minimized.

eric80s commented Dec 18, 2017

Hi, acetcom
Don't say sorry, I am very willing to test nextepc to help you do it better.
This is the information of my test USIM card.
opc: "000102030405060708090A0B0C0D0E0F"
amf: 0x9001
K: "00112233445566778899AABBCCDDEEFF"

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 18, 2017

Very Thanks! Let me start to debug it. Not much time is needed.

Thanks again!

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 18, 2017

Hi, eric80s

MAC_S is verified. The reason that I used real AMF(0x9001) instead of AMF(0x0000) to calculate MAC_S. From the standard, I understand that AMF(0x0000) should be used at this stage.

And I've checked-in the related code to ipv6 branch.

BTW, I'm not sure MS sends Authentication Response after NextEPC re-sends Authentication Request. In current vector, MS sends SQN with 22615. And then, NextEPC sends new SQN(22647) with increasing 32. ==> New SQN = (SQN + 32) & 0x7ffffffffff). Isn't it true?

I need to study the standard 33.102 more. Let me update nextepc If I'm wrong.

Thanks for your helping.

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 18, 2017

Ah..One more thing.. I've missed guide.

In nextepc directory,

git pull
make
./nextepc-epcd

I think that it is enough for you.

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 18, 2017

From the standard guide(33.102 C.3.4), I've changed SQN allocation.
New SQN = (MS SQN + 32) + 1) % 0x7ffffffffff for changing IND value.

I've check-in this changes.

Thanks!

@eric80s

This comment has been minimized.

eric80s commented Dec 19, 2017

Hi, acetcom
I retested nextepc, and the good news is that the authentication process is normal, but new problems have arisen, "PDN connectivity reject" has been triggered by the UE, but I have already set up the APN in the UE and in the webui, and I'm still continuing test this question and welcome any suggestions.

missing_or_unknown_APN.zip

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 19, 2017

Hi, eric80s

I need more log in pcapng file. Could you give me a pcapng with the following filter?

s1ap || diameter || gtpv2

If you are not familiar with wireshark filter, empty filter is also good to me.

Thanks!

@eric80s

This comment has been minimized.

eric80s commented Dec 19, 2017

Thanks for your reply, I uploaded a log with more information.
s1ap_diameter_gtpv2.zip

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 19, 2017

Ah..!! I found the reason why NextEPC sends PDN connectivity reject.

If UE sends without APN in PDN Connectivity Request, NextEPC should select the default APN from the HSS Location Update's Subscription Data. Your default APN is internet. And then, NextEPC initiates the Create Session Request with this DEFAULT APN. The thing is missing in NextEPC.

Let me update NextEPC.

Thank you so much!

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 19, 2017

Ok!. I've checked-in the patches in ipv6 branch.

Looking forward to listening good news!

Thanks!

@eric80s

This comment has been minimized.

eric80s commented Dec 20, 2017

Hi,
Thank you very much, the good news is that the UE is already registered to nextepc, but the UE still can not access the internet via 4G, so again I uploaded the nextepc log and pcap.
Thanks again.
UE_registration_process.zip

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 20, 2017

Hi, eric80s

That is really good news. Very nice work!

I have one question regarding this issue. From your pcap, there is an another PDN request (APN : ims). Do you add "ims" APN using Web User Interface?

Yeah! I think you don't have to add the APN. So your mobile re-initiate the Attach Request without another PDN request. But, in this case, there is one bug in NextEPC. So, I've fixed it and check-in ipv6 branch.

BTW, if you want to use 'ping' or 'ping6', please check the manual(http://nextepc.org/guides/2-configuration/) for setting your router.

Let me paste it as below.

By default, a LTE UE will receive a IP address with the network address of 45.45.0.0/16 or cafe::0/64. If you have a NAT router (e.g., wireless router, cable modem, etc), the LTE UE can reach Internet in uplink, but it cannot in downlink. It's because the NAT router has no idea on these IP addresses, so adding a route is required. Please refer to the user manual to know how to add a static route in your router.

I'm very appreciated for your effort.

@eric80s

This comment has been minimized.

eric80s commented Dec 20, 2017

hi,
It's great, the 'ping' is working properly.
Test scenarios:
4G Network: Amarisoft LTE100 eNB+NextEPC
UE: N1 MAX (TDD, Band41)
ping

@acetcom

This comment has been minimized.

Owner

acetcom commented Dec 20, 2017

Wow! We are happy!

Thank you very much!

@eric80s eric80s closed this Dec 20, 2017

@eric80s

This comment has been minimized.

eric80s commented Dec 20, 2017

My host is ubuntu16.04.3, the firewall is enabled, so I added the following few rules:
echo 1 > /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -o enp0s31f6 -j MASQUERADE
iptables -I INPUT -i pgwtun -j ACCEPT

Then, the UE can access the internet via 4G.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment