Matthew Garrett

Two weird LTE auth questions that I'm sure someone here knows:

1) My understanding is that the mutual auth means relying on a SIM private key. But can't phones without SIMs get onto networks for emergency calls? Or can that be done without full authentication?

2) Is there anything at the protocol level stopping multiple identical SIMs joining the same network (private, unfederated) network? Multiple devices with different IMEIs but the same IMSI and cryptographic material

Aug 7, 2025 at 6:51amWeb
Show threadIgnas KielaAug 7, 2025
@mjg59 AFAIK you can get emergency calls without a SIM even, there is a somewhat significant carveout in the spec for emergency calls
Show threadMatthew GarrettAug 7, 2025
@ignaloidas Right, I'm interested in the details of that - the NIST doc on LTE doesn't seem to cover it
Show threadOomfie SnoofiesAug 7, 2025
@mjg59 @ignaloidas checkout 3gpp releases
Show threadOomfie SnoofiesAug 7, 2025
@mjg59 @ignaloidas this is release 15, LTE

https://www.etsi.org/deliver/etsi_ts/123100_123199/123167/15.04.00_60/ts_123167v150400p.pdf
Show threadMatthew GarrettAug 7, 2025
@kouett @ignaloidas Thank you!
Show threadDaveAug 7, 2025
@mjg59 @ignaloidas https://gdelugre.github.io/2018/05/10/3gpp-ota-security-evolution/ describes it
Evolution of 3GPP over-the-air security

An overview of the security of the 3GPP radio interfaces, from 2G to 5G

Show threadChristian SpeichAug 7, 2025
@mjg59 I’ve no idea what the specs say, but in Germany (the EU?) emergency calls require a working SIM card.
Show threadAnisseAug 7, 2025
@kleinweby @mjg59 TIL. Apparently, it's possible to call 112 without a SIM card in 19 or 20 member states. I haven't found the exact list though.
Show thread1000millimeterAug 7, 2025

@Aissen @kleinweby @mjg59 That used to be the default in GSM specs. However too much idiots then used calling 112 to test a phone without SIM whether it's working, so has been disabled in at least germany.

However you can still use other networks than your home network for 112, you just need to have a working SIM.

Show threadAnisseAug 7, 2025
@1000millimeter @kleinweby @mjg59 I know, it seems like Germany (and others) made the bad tradeoff though.
Show threadDaveAug 7, 2025
@mjg59 2) identical SIMs create headaches for the network's localisation mechanisms but can work depending on the particulars of the network. Have done it, would not recommend.
Show threadMatthew GarrettAug 7, 2025
@davedave Scenario I'm contemplating would be a single cell with me running the infra
Show threadlynxisAug 7, 2025

@mjg59

2) It might be possible. Paging must never use the IMSI and always S-TMSI.
Also higher up the stack there are constrains you will break. But if you only want to have many phones with the same IMSI in your single cell, I would try to look into srsEPC first. I don't know the code base of srsEPC, but it is a single daemon instead of 10 daemons.

Such constrains for e.g. a IMSI is often a unique id in internal structure to save phone capabilities. (auth, crypto, ...)

Show threadDan WilliamsAug 7, 2025
@mjg59 if you’re in the market for an eNodeB I can make recommendations…