New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-synch MAC failed during UE attach process #17

Closed
razaborg opened this Issue Feb 6, 2018 · 5 comments

Comments

Projects
None yet
2 participants
@razaborg

razaborg commented Feb 6, 2018

Hi,
I have some trouble with the Re-sync process of nextepc. This issue seems very close from this one #11 . But I don't understand why I'm facing it, given it seems to have been fixed in v0.3.0

My setup is the following : Amarisoft eNodeB + NextEpc.

Here is the message I got each time I want to connect my UE to the network :

[02/06 16:05:21.837] ERRR: Re-synch MAC failed for IMSI:001010123456789 (hss_fd_path.c:120)
MAC_S: 8 bytes hex:
64465b1c 258f5bef
8 bytes hex:
00000000 00000000
SQN: 6 bytes hex:
18d8673f 7706
[02/06 16:05:21.838] WARN: ERROR DIAMETER Result Code(4181) (mme_fd_path.c:300)

And if that can help, here is the content of the Mongo DB I use and a part of my config :

{ "_id" : ObjectId("5a79c0ea69df3306ec9f3ec6"), "imsi" : "001010123456789", "pdn" : [ { "apn" : "internet", "_id" : ObjectId("5a79ba3208aedf206943a44c"), "pcc_rule" : [ ], "qos" : { "qci" : 9, "arp" : { "priority_level" : 8, "pre_emption_vulnerability" : 1, "pre_emption_capability" : 1 } }, "type" : 2 } ], "ambr" : { "downlink" : NumberLong(1024000), "uplink" : NumberLong(1024000) }, "subscribed_rau_tau_timer" : 12, "network_access_mode" : 2, "subscriber_status" : 0, "access_restriction_data" : 32, "security" : { "k" : "0682309B783C78988C174C9C69DAD88A", "amf" : "9001", "op" : null, "opc" : "398153093661279FB1FC74BE07059FEF", "rand" : "A5E316DA 079E9D32 9BF01B77 0F118EB1", "sqn" : NumberLong(320) }, "__v" : 0 }

nextepc.conf :

gummei:
    plmn_id:
      mcc: 001
      mnc: 01
    mme_gid: 2
    mme_code: 1
tai:
    plmn_id:
      mcc: 001
      mnc: 01
    tac: 1

  security:
      integrity_order : [ EIA1, EIA2, EIA0 ]
      ciphering_order : [ EEA0, EEA1, EEA2 ]

mme.conf

mme:
    freeDiameter: mme.conf
    s1ap:
    gtpc:
    gummei:
      plmn_id:
        mcc: 001
        mnc: 01
      mme_gid: 8001
      mme_code: 01
    tai:
      plmn_id:
        mcc: 001
        mnc: 01
      tac: 1
    security:
        integrity_order : [ EIA1, EIA2, EIA0 ]
        ciphering_order : [ EEA0, EEA1, EEA2 ]

Maybe I missed something in the config ?
Could you help me to understand why this error pops-up ? I do not really understand it to be honest...

@acetcom

This comment has been minimized.

Owner

acetcom commented Feb 6, 2018

Could you give me a wireshark packet capture file? If you give me K, OPc, AMF, it is helpful to solve the problem.

Thank you for your effort.

@razaborg

This comment has been minimized.

razaborg commented Feb 6, 2018

Thank you so much for your prompt answer.

Please find attached (here: captures.zip ) a zip file containing 2 pcaps : dump.lo.pcap which contains all the traffic on the loopback interface (so everything internal to nextepc) and dump.enb.pcap, which contains all the traffic between the eNB and nextepc.

Concerning K, OPc and AMF they are included in the mongoDB quote in my previous message :)

@acetcom

This comment has been minimized.

Owner

acetcom commented Feb 6, 2018

IMHO, it is a different issue with (#11). Authentication failure type is not resync-failure, but MAC failure.

Is USIM using Milenage Algorithm? Current, NextEPC is not supporting XOR and TUAK. Milenage algorithm is only supported. And also, please re-check K, OPc, and AMF of USIM.

Nevertheless, NextEPC needs to add one more feature related to MAC failure of authentication failure. This feature is not supported at this point.

Thanks!

acetcom added a commit that referenced this issue Feb 7, 2018

Authentication failure should be handled based on EMM_CAUSE(#17)
* Synch failure(EMM_CAUSE:21)
  - Re-authorization. Send authentication request again.

* MAC failure(EMM_CAUSE:20)
  - Send Authentication Reject
  - Send UE Context Release Command

* Non-EPS authentication failure(EMM_CAUSE:26)
  - Send Authentication Reject
  - Send UE Context Release Command

* Others
  - Send Authentication Reject
  - Send UE Context Release Command
@acetcom

This comment has been minimized.

Owner

acetcom commented Feb 7, 2018

I've updated the handler related to authentication failure.

Previously, I sent Authentication request regardless EMM_CAUSE of Authentication failure. In other worlds, re-authorization was always performed. Currently, Re-authorization only works when EMM Cause is synch-failure. If EMM cause is not synch-failure, MME will send an Authentication reject.

BTW, this updates is not solving your problem. I think that security parameter should be matched between USIM and MongoDB. What happened? Are you succeeding to pass the authorization process?

Feel free to raise any problem if you need to help.

Thanks!

@razaborg

This comment has been minimized.

razaborg commented Feb 7, 2018

Hi,
I double checked my SIM card config and programmed a new SIM card with new IMSI/OPc/... values just to be sure.
The authantifcation process seems to work fine now... I don't understand why, but I probably did some mistake with the programmation of the first SIM card.

Anyway thank you for your prompt answer and sorry for the trouble...

@razaborg razaborg closed this Feb 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment