Friday, October 15, 2021

Radiator provides IMSI privacy for EAP-SIM, EAP-AKA and EAP-AKA’ authentication

In many high traffic areas such as sports stadiums, shopping venues, or public transport hubs, mobile carriers may partner with the local Wi-Fi providers to improve coverage and user experience: mobile devices can be automatically connected to Wi-Fi instead of congested cellular network. Internationally, Wi-Fi roaming agreements also allow carriers to lower the cellular roaming costs. 

EAP-SIM, EAP-AKA and EAP-AKA’ are SIM-based Wi-Fi authentication methods used to achieve seamless offloading to carrier and partner Wi-Fi, with International Mobile Subscriber Identifier (IMSI) derived from the SIM card acting as a unique identifier for each user. 

On the first ever connection to such a Wi-Fi network, the mobile device communicates its permanent subscriber identity information (IMSI), which is then sent to the home operator for authentication. This identity is sent in the clear. A potential 3rd party adversary installing a Wi-Fi sniffer in the vicinity of such networks can harvest permanent identities and track users. This tracking can also be done by the venue or network owner when connecting to the Wi-Fi network. 

Because of this, mobile operating systems such as iOS15 will show the following warning when joining a Wi-Fi network without IMSI encryption: “your mobile subscriber identity will be exposed”. The similar situation can be seen from the pictures below. 

Privacy warning when authenticating to Wi-Fi network without IMSI encryption

 

Operators risk decreased user satisfaction for Wi-Fi offloading if transmitting IMSI in the open - it may cause users to feel their privacy is being compromised.

Radiator SIM Pack provides IMSI privacy protection 

The solution is to protect user privacy by implementing IMSI encryption for EAP-SIM, EAP-AKA and EAP-AKA’ authentication. As an operator, you can enable IMSI privacy easily: Radiator 3GPP AAA Server handles both encrypted and clear authentication requests. This means IMSI privacy can be offered to devices supporting it without affecting other users. 

Starting already from revision 2.5, Radiator SIM Pack supports IMSI encryption as specified in 3GPP S3-170116 document “Privacy Protection for EAP-AKA”, and WBA’s IMSI Privacy Protection for Wi-Fi – Technical Specification. The feature is already implemented by some of our operator customers to cover their AAA server encryption. 

The latest release of Radiator SIM Pack is available for new licensees and for licensed customers with valid download access. To find out if Radiator SIM Pack suits your needs, you can contact us at sales@radiatorsoftware.com and a member of our sales team will be happy to assist you. 

You can also contact us to renew your support contract and get access to the newest release. A full history of Radiator SIM Pack releases is available on our website.

Tuesday, October 5, 2021

Radiator and NCINGA - working together towards customer success

 

 

 

While Radiator has hundreds of operator customers all over the world, we also have an extensive network of integrator partners providing turn-key solutions for our customers. One of these trusted integrators is NCINGA.  As NCINGA is known to provide technology transformations in frontier markets, they also provide Radiator AAA solutions to operators and carriers especially in the APAC area.

This collaboration has provided solutions to customers both for fixed and wireless AAA. In
different use cases, the main focus in the cooperation has involved integrating Radiator
solutions with different vendor environments and network elements. Radiator is used for
example when applying policy and control functionalities for end user data plans.

    “With Radiator, we were able to quickly deliver complex AAA implementations. It was easy
    to configure and extend to the customers need. The Radiator Technical Support team made
    it even easier to implement & support with prompt responses and guidance.” 

    -Kokum Randeni, VP Sales, Ncinga

One of the key elements in the working model has been the flexibility in Radiator licensing:
the components needed by the customer can be tailored to the use case and number of
subscribers. This way the ROI for the customer can be ensured as they can add new
features of Radiator to use when needed.

For the customer, the operating model is quite easy and straightforward: NCINGA and their
team of experts provide the first level support and integration consultation, and the Radiator
team provides the product-related 2nd level support and consultation related to Radiator
specific configuration and other needs.

Would you like to know more about Radiator and NCINGA?

If you are looking for a carrier-grade AAA server with flexible options for different use cases,
please do not hesitate to contact our sales team at sales(a)radiatorsoftware.com. For
NCINGA, please contact their sales team at www.ncinga.net.


Examples of Radiator use include carrier-grade AAA, Wi-Fi offloading, integrating Diameter
online and offline charging with RADIUS-based infrastructure, integrating RADIUS
accounting with Diameter online and offline charging and much more. On top of that, our
support team has wide experience of various carrier use cases in different environments.

Tuesday, September 21, 2021

Customer reference: Salt Mobile SA using Radiator Telco Pack

Salt Mobile SA uses Radiator for their Diameter interfaces

 

Swiss mobile operator Salt Mobile SA (Salt), one of the top operators in Switzerland, has been using Radiator Telco Pack since late 2020 for their 2 million customers. The use case in Salt has evolved from initial use of Radiator Enterprise Pack to the use of Radiator Telco Pack. 

 

The flexibility of Radiator licensing models has provided cost-efficient, step-by-step licensing where additional modules have been added when needed. 


Salt has been using Radiator products for several years. Nowadays, Salt uses Telco Pack for the charging and accounting of their customers' pre-paid and post-paid plans. Radiator Telco Pack provides the Diameter Gy and Gx interfaces specified by the 3GPP to implement this:


“We use Radiator for our DATA and SMS real-time charging (using Gy Diameter protocol). It sits between our core network elements (SMSC/GGSN) and our online charging system. All our DATA and SMS traffic (national and roaming ) is controlled using this flow. On top of that we use the control function (Gx) to apply throttling on the DATA flow for roaming.” 

-Annaick Rinderknecht, Devops Manager, IT, Salt Mobile

Would you like to know more? 


If you are looking for a carrier-grade AAA server with flexible options for different use cases, please do not hesitate to contact our sales team. 


For example, in the use case mentioned, Radiator Telco Pack extends Radiator by allowing direct connections to your 3GPP infrastructure through Diameter interfaces – a protocol commonly used in telecommunication systems. Radiator Telco pack includes support for different policy and charging related interfaces and implementations specified by the 3GPP.

Examples of use include Wi-Fi offloading, integrating Diameter online and offline charging with RADIUS based infrastructure, integrating RADIUS accounting with Diameter online and offline charging and much more.

Our support team has wide experience of various carrier use cases in different environments and we are happy to help you in all your AAA needs.

Wednesday, February 3, 2021

Radiator SIM Module 2.6 released

We are pleased to announce the release 2.6 of Radiator SIM Module. This release includes 3GPP emergency call support and overall enhanced 3GPP AAA Server support, as well as a number of enhancements and bug fixes. 

Customers with valid download access contracts can download updated software packages from our downloads site. Please note that Radiator 4.24 or later and Radiator Carrier Module 1.6 or later are required. 

If you would like to renew your download access contract, or need professional assistance with updating or migrating, please contact sales@radiatorsoftware.com and a member of our sales team will be happy to assist.

Revision 2.6 detailed updates and fixes:

  • Invalid APN formats are now rejected early.
  • Included APN match in S6b authorisation checks.
  • Fixed a crash in 3GPP AAA Server triggered by retransmitted messages.
  • Updated identity handling with IMSI encryption based on observed client behaviour.
  • RAT-Type for SWx requests is now set to the value received over SWm defaulting to VIRTUAL. Previously WLAN was always used by 3GPP AAA Server.
  • 3GPP-Charging-Characteristics is now copied to SWm answers when available. Subscription-Id was not added to SWm AAA messages after the user profile was updated by HSS with Push-Profile Request.
  • AAA-Failure-Indication is now sent over SWx to HSS. Previously the VSA was ignored when received from an ePDG.
  • Terminal-Information is now added to SWx requests as required by 29.273 version 13 and later.
  • Enhanced 3GPP AAA Server support to cover 29.273 version 15.4.0. The main behaviour change is S6b triggered PGW registration which is no longer done as often. This was clarified in 29.273 13.4.0 correction CP-160220 CR 0457.
  • Emergency services for authenticated users are now supported by 3GPP AAA Server. Support for emergency services needs to be enabled with a new configuration flag parameter EmergencyServices. When EmergencyServices parameter is set and SQL is used for a session database, one new column and SQL query modifications are needed.
  • Updated 3GPPP AAA Server SWm, SWx and S6b dictionaries for 29.273 version 15.4.0.
  • Crypt::Rijndael is no longer required when Radius::UtilXS release 2.2 or later and Radiator 4.25 or later is installed.
  • 3GPP AAA Server SQL and Redis based session backends no longer trigger unnecessary lookups and SWx deregistration updates when session termination requests are received over SWm or S6b. This can reduce Diameter traffic significantly with certain configurations where lots of clients are not allowed to connect and gateway devices send STRs for these attempts.
  • Removed warnings logged to STDERR by 3GPP AAA Server when processing certain request types. These warnings were harmless but cause unnecessary log entries.
  • 3GPP AAA Server now supports stripping MAC address from NAI format usernames. A new optional configuration parameter StripMACFromUserName controls how this is done.
  • A number of code clean up and maintenance changes were done based on Perl::Critic and other tools.
  • Requires Radiator 4.24 or later and Carrier Module 1.6 or later with 3GPP AAA Server. Radiator 4.24 and later are recommended with plain EAP-SIM, EAP-AKA and EAP-AKA’.
For more information, you can see the Radiator SIM Pack product page or contact us directly at info@radiatorsoftware.com.