> 1) Issue our own SIM cards to permit Authentication + Encryption.  This is
>   the perfect way how we can have a A5/1 based network that people can use
>   to play with airprobe + Kraken - without violating any laws.

I was planning to enhance pySim to allow more batch programming and
support for pc/sc reader (so you just have to insert, wait, remove,
insert, wait, ...).

I will probably do that soon, after DeepSec.

>   I would suggest we simply sell them (as opposed to providing
>   them for a deposit, as we then would have to take back a lot of cards and
>   return money, which is a lot of overhead).

Definitely. I don't see any people having a problem with paying a few
EUR for a SIM.

Should :
 - Personal SIM with IMSI/KI/algo specified
 - Personal/official SIM with just known IMSI
be allowed as well ?

> 4) Consider putting all BTS in the same location area

I didn't see the logs / analysis from last year, but :
 - Was the 'location' feature really exploited for something ?
 - Was paging a limit ? (if all are in the same area, the number of
paging request would triple I guess).
 - What was the usage of sdcch/8 / TCH ?

Would TCH/H with AMR be useful ?  (i.e. was tch a limit ?)

> 6) User registration
>   So we sell SIM cards with a pre-programmed IMSI + Ki, but how do we
>   enable users to assign a phone number to them?  Ideally I would want
>   them to simply register a phone number at the eventphone.de GURU
>   web interface ahead of the event.  But how do we match the IMSI and
>   the phone number?  Ask users to simply state the phone number they
>   registered?  How do we get some kind of authentication?

Well, I guess SMS is the easier.

What kind of control can you have on the eventphone.de interface ?

Each SIM has a 'default' number, and if they want to instead use a number they
pre-registred, have them text a 'token' (long enough not to guess a
valid one, but not too long as to be annoying).
That token is just displayed on eventphone.de when they register a
number as 'GSM' without an IMSI.

Other option is IMEI. They put the IMEI on evenphone.de and when we
get a registration we know who to link.



Reply via email to