Demonstration of the UMTS authentication along with Diameter

The demonstration was carried out for the purpose of how the Diameter base protocol and the SIM application operate on UMTS environment, and composed of the UMTS terminal emulator, the Diameter client for the UMTS Base Station and the Diameter server supporting SIM application serving for the UMTS authentication.
The test bed architecture for this demonstration is the following:



First of all, the stack of MAC and UMTS on the UMTS terminal and BS (Base Station) is not implemented, but simulated in  the ethernet interface. The UMTS Terminal first requests authentication with its identity and key from the authentication server, the Diameter server. The request is transferred encapsulated in a certain protocol recognized between the terminal and the UMTS BS for authentication. On receipt of the request, the UMTS BS delivers it to the Diameter client and it decapsulates the adhoc-encapsulated parquet and encapsulates it in the Diameter protocol. The Diameter-encapsulated parquet is sent to the authentication server and verified. The delivery between the two points, the Diameter client and server, is done possibly over either IPv4 or IPv6. The authentication procedure is performed along with the (U)SIM mechanism for the UMTS authentication. The authentication response is sent back to the Diameter client, and the UMTS BS possibly performs a certain process according to the authentication response. In this demo, it responds with the value 0 or 1, indicating rejected or authenticated respectively.

INRIA Diameter implementations support the SIM application for the UMTS authentication and the limited NASREQ as well. They work over both IPv4 and IPv6. The communication between the UMTS terminal and BS is performed over IPv6.

All executable codes are compiled on gcc (linux 8.0 v3.2-7) and Tcl/Tk (v8.3) and successfully tested on Linux kernel 2.4.18-14. Before download, make sure that the required configuration of your system is well adjusted for the following executable codes.

UMTS terminal - utiludp4c.tcl and util_c_tcl, which are implemented in Tcl/Tk and C, respectively, so it is required to download the two files. It is designed to support IPv4 as well as IPv6, but it, as default, is done for IPv6, so a slight modification is required for IPv4.
The Diameter Client - diaclient_umts .
The Diameter Server - diameterd6 .
The configuration files - diadb for the Diameter server and dia_cldb for the Diameter client.
[ Enter Achieve ]

Network setup for IPv6 on both Diameter server and client.
1. modify the following on '/etc/sysconfig/network':
HOSTNAME=
NETWORKING_IPV6=
IPV6_DEFAULTDEV=
IPV6_DEFAULTGW=

2. modify the following on '/etc/sysconfig/network-scripts/ifcfg-eth0'
DEVICE=
BOOTPROTO=static
ONBOOT=
IPV6INIT=
IPV6ADDR=

3. validate the modification with the following:
/etc/rc.d/init.d/network restart

4. check whether it's good or not.
/sbin/ifconfig

/usr/sbin/ping6 somewhere
PING host(host.inria.fr) 56 data bytes
ping: recvmsg: No route to host
If you see above, it's fine. There is a very well known bug in linux 2.4.18-14.

Diameter setup on both server and client.
2-2-1. add host names of diameter server and client in ip6 to '/etc/hosts' like
2001:660:xxx:x::100                      host.inria.fr host
2001:660:xxx:x::101                     host2.inria.fr host2

Add the following to '/etc/services'.
diameter        1812/tcp                        # Diameter
diameter-acct   1813/tcp                        # Diameter Accounting

Additionally, the client and the terminal should add the following.
umts-diameter  1811/udp                        # UMTS/Diameter & Terminal

The execution should go with the following in order.
1. Diameter Server
./diameterd6 -A inet6 -d ./diadb -sxy -l stdout

description:
-A [inet6/inet] : determine ip6 or ip4
-d [diadb path] : specify the path of diadb
-s : launch a single process for server
-x : debug option
-y : debug option
-l stdout : print log to stdout

2. Diameter Client
./diaclient_umts -A inet6 -e sim -d ./dia_cldb  hostnameofdiaserver 265 clepartage
./diaclient_umts -A inet6  -d ./dia_cldb hostnameofdiaserver 265 clepartage

description:
-A [inet6/inet] : determine the type of usage for ip6 or ip4
-e sim : change/response mechanism
-d [diadb path] : specify the path of diadb
-f [entity file] : contain the entity of user like the following 'User-Name="bob", Password="bob"'
For example, the 'accept' file contains 'User-Name=acpt-usr, Password=bob',
the 'reject' file contains 'User-Name=rej-usr, Password=bob', and
the 'system' file contains 'User-Name=sys-test, Password=testdiameter'. For the sys-test user, check '/etc/passwd' if there is the one or not.
airs : host name of Diameter server. It should be matched with the entity of /etc/hosts
265 : the command number of Diameter, which corresponds to the command code of NASREQ. That should be changed into an appropriate UMTS code.
clepartage : the secret password shared between the server and the client. It should be matched with the entity of /diadb/clients on the server.

Note: bob, accept, reject and system files should be made in hand and also exclude "-e sim". In addition, the entities defined in those files should also be specified in 'diadb/users' along with the appropriate values of 'Auth_Type', respectively.
For example,
badguy  Auth-Type = Reject
        State = "This user is not temporally allowed for login.",
        Reply-Message = "Test for Auth-Type=Reject"

goodguy Auth-Type = Accept
    State = "This user is temporally allowed without password.",
    Reply-Message = "Test for Auth-Type=Accept"

user Auth-Type = System
    Service-Type = Callback-Login-User,
    Login-IP-Host = timeshare1,
    Login-Service = PortMaster,
    Callback-Number = "9,1-800-555-1212",
    Reply-Message = "Test for Auth-Type=System"

are the entities, respectively, for reject, accept and system users. For the system user, the account of the user being authenticated should long to the user group of unix/linux system.

3. UMTS terminal
./utiludp4c.tcl

[1] I encountered an error like "getaddrinfo failed ... Servname not supported for ai_socktype"
[1-A] You forgot to adding port numbers of diameter to /etc/service. refer to setup environment.

[2] I encountered an error like "Failed to find Origin Realm" when I executed "./diaclient_umts -A inet6 -e sim -d ../dia_cldb -f bob hostR 265 cle".
[2-A] '/etc/hosts' should be checked whether there is the entity corresponding to hostR and also the order the following '2001:...  hostR.inria.fr hostR'.