Your long answer is appreciated. I have a better understanding of it now.
But as I said, the matter isn't having the authentication cipher, it's holding onto it for 1-2 seconds longer.
There is nothing to hold on to. The cypher is never shared with the phone, so there is nothing to keep in memory, even for a few seconds. Not even one second. Not even HALF a second.
If you share the Ki, the security is broken. Granted, 128-bit security isn't all that great and might be hackable in some cases, but if you make an "exception" for this one purpose (which again,
has more negatives than any useful positives), then you've caused even
more problems than you've tried to solve.
It seems that, based on what I'm reading that you wrote, that it's more of a "rule" than a physical law.
No, precise timing is a necessary function of how cellular networks operate. You could get away with massive timing asymmetries back when the networks were analog, but as networks switched to digital, timeslots became both mandatory and precise. If you slack on timing, the network breaks down. These aren't arbitrary rules. They involve laws of physics and mathematics.
The bigger problem here is you're fixating on this one part of the discussion, to make your "improvement" work, while ignoring the broader issue here: You're basically asking the
GSMA to blow a massive functional and security hole in a globally-recognized standard, in order to hopefully brick a phone when it gets lost. How is opening up
all phones running in that standard to potential fraud - assuming the phones even continue to work at all - justified by this?
And again, it's already been pointed out: All of this assumes that you can realize your phone is missing, find a computer or iOS device, log into Find my iPhone and send the kill signal before the thief turns the phone off. Which is
no different from how things work now.
Let's say for the sake of argument that my phone has a 2 second latency problem. So everything I do, touch the screen, push the button, etc, is 2 seconds behind. If I eject the SIM card, wouldn't my phone still be connected for 2 seconds before it "recognizes" that the SIM card is ejected?
More than likely, if the latency were THAT bad on the OS side, people wouldn't buy it. And if it was on the baseband, the carrier would reject the phone outright and you wouldn't be able to connect with it. The Ki authentication would time out every single time, for starters. The phone would be both a fraud risk, and interfere with the operation of all other phones in the vicinity that don't have this latency.
Precise timing is absolutely necessary on a cellular network, and the timing tolerances get even more strict with the more recent cellular standards (GSM, UMTS, HSPA/+, LTE). A timing asymmetry of several nanoseconds is enough sometimes to drop a call and prevent network authentication. Two seconds? The network won't even acknowledge your phone exists after a few tries. Of course you could program your phone to keep trying, but before long it'll just start knocking other nearby phones off the network too, as its latent signals end up colliding with the correctly-timed signals of the other phones sharing the same pilot signal.
These aren't just arbitrary rules, either. These ARE physical and mathematical laws, part of basic communication theory. The way the network functions depends on
precise timing. You can't just introduce timing asymmetries and expect everything to be all right.
I'm not saying I'm any sort of expert on this, but as any semi-intelligent person would bring up, I don't know if what you were spouting before your previous answer had any facts to back it up
Yeah, okay. As I said earlier, this is a waste of time, especially since anyone who can use Google and look up articles on wikipedia can pretty much verify what I'm saying is correct and you seem unwilling to accept any facts that disagree with your idea. I wish you the best of luck as you invent this latency-ridden, network-skewing phone that does what you want at the expense of the broader telecommunications networks. Though you might find that what you've "invented" not only already exists, but might actually be
against the law.
