Matthew GarrettAug 7, 2025

Two weird LTE auth questions that I'm sure someone here knows:

1) My understanding is that the mutual auth means relying on a SIM private key. But can't phones without SIMs get onto networks for emergency calls? Or can that be done without full authentication?

2) Is there anything at the protocol level stopping multiple identical SIMs joining the same network (private, unfederated) network? Multiple devices with different IMEIs but the same IMSI and cryptographic material

Show threadIgnas KielaAug 7, 2025
@mjg59 AFAIK you can get emergency calls without a SIM even, there is a somewhat significant carveout in the spec for emergency calls
Show threadMatthew Garrett
@ignaloidas Right, I'm interested in the details of that - the NIST doc on LTE doesn't seem to cover it
Aug 7, 2025 at 6:56amWeb
Show threadOomfie SnoofiesAug 7, 2025
@mjg59 @ignaloidas checkout 3gpp releases
Show threadOomfie SnoofiesAug 7, 2025
@mjg59 @ignaloidas this is release 15, LTE

https://www.etsi.org/deliver/etsi_ts/123100_123199/123167/15.04.00_60/ts_123167v150400p.pdf
Show threadMatthew GarrettAug 7, 2025
@kouett @ignaloidas Thank you!
Show threadDaveAug 7, 2025
@mjg59 @ignaloidas https://gdelugre.github.io/2018/05/10/3gpp-ota-security-evolution/ describes it
Evolution of 3GPP over-the-air security

An overview of the security of the 3GPP radio interfaces, from 2G to 5G