authentication in gsm

8/13/2019 Authentication in Gsm

1/14

Authentication procedure in gsm


2/14

Authentication ..why needed

To validate the subscriber who is sending theIMSI over air interface.


3/14

Authentication function is loadedwhere

HLR


4/14

The process where it starts ..for onesim card.

When one sim is launched (ki+imsi) is loadedon the sim

Ki+imsi is also loaded in the auc in hlr


5/14

The process Imsi sent to msc. MSC sends imsi to HLR/AUC for authentication which has

(ki+imsi)over SAI(mentioning the number of requestedvectors)

AUC generates RAND and then using a3 (authentication)algorithm calculates SRES AUC uses a5 to generate Kc(rand+ki-----kc) and sends the

triplet back to msc mSCs sends the RAND from triplet to MS. MS does the same process and calculates the sres Sres is matched with the previous sres.. If matches ..allowed to lu.


6/14

2G Authentication Flow


7/14

Imsi from ms carried by identityresponse


8/14

Imsi is sent over sai


9/14

SAI_response gives back the triplet


10/14

Authentication request RAND is sent


11/14

Sres is got from ms which is compared


12/14

3G Authentication and Encryption


13/14

The successful authentication flow of a 3G subscriber is as follows:

On receiving a location update, call, or supplementary service request, the MSC/VLR determines whether to performauthentication according to the data configuration. If authentication is not required, the MSC/VLR skips theauthentication flow. If authentication is required, the VLR checks whether authentication quintuples are available. Ifauthentication quintuples are available, the VLR sends an Authentication request to the UE. If no authenticationquintuples are available, the VLR obtains authentication sets from the HLR.

The MS C/VLR identifies the HLR serving the subscr iber based on the IMSI carried in the received request, and thensends a MAP_SEND_AUTHENTICATION_INFO_REQ message to the HLR. The message carries the IMSI of thesubscriber and the number of required authentication sets (can be configured as required).

The HLR requests the AuC (usually integra ted with the HLR) for five authentication quintuples, and then sends aMAP_SEND_AUTHENTICATION_INFO_RSP message carrying the authentication quintuples to the MSC/VLR.

The MSC/VLR sends an Authentication request message carrying the first authentication quintuple to the UE andstores the remaining authentication sets in the VLR.

On receiving the authentication request, the MS sends the RAND contained in the authentication quintuple to theUSIM. The USIM performs the following processing based on the RAND, AUTN, and the authentication key (K) storedin the USIM:

Checks the AUTN: The USIM checks whether the MAC contained in the AUTN is the same as the MAC calculated by using the RAND.If the MACs are not the same, the USIM sends an Authentication failure message carrying the failure cause value to the MSC/VLR.The authentication flow is ended.

Checks the SQN: The USIM check s whether the SQN sto red in it is the same as the SQN calculated by using the AUTN. If the SQNs arenot the same, the USIM sends an Authentication failure message carrying the failure cause value to the MSC/VLR. The authenticationflow is ended.

Calculates a UMTS CK an d an IK by using the RAND, uses the UMTS CK and IK to overwrite the original CK and IK, and sends anAuthentication response message carrying the authentication result to the MSC/VLR.

The MSC/VLR compares the SRES reported by the UE and t he XRES provided by the AuC . If the SRES is the same asXRES, the MSC/VLR passes the authentication and sends a SECURITY MODE COMMAND message to start theencryption flow. The message carries the encryption and integrity protection algorithms supported by the MSC/VLR.

The RNC chooses a common algorithm from the algori thms supported by the MSC /VLR, UE, and nodeB to startencryption and integrity protection, and then sends a SECURITY MODE COMPLETE message to the MSC/VLR. If thereis no common algorithms among the algorithms supported by the MSC/VLR, UE, and nodeB and the network is notready to use an unencrypted connection, the RNC ends a SECURITY MODE REJECT message to the MSC/VLR. At thispoint, the network access of the UE is complete.
http://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_84137.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_84137.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_84138.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_84138.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81010.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81012.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81012.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81012.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81012.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81011.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81011.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_83007.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_83007.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_83008.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_83008.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_83008.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_83007.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81011.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81012.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81012.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_81010.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_84138.htmlhttp://localhost:7890/pages/31185077/06/31185077/06/resources/msx/usermanual/cn_47_48_84137.html


14/14

Contd..

The VLR compares the value of SRES returned by the UE with the value of XRES computed by theAuC.

If the values are different, the VLR returns an authentication reject response to the UE. After receiving themessage, the UE determines that the subscriber is illegal, and that authentication fails.

If the values are the same, it indicates that the network succeeds in performing authentication. Then theVLR send to a response message that contains service acceptance or location update acceptanceinformation to the UE. The UE continues the following authentication for the network side.

The UE computes the authentication parameters XMAC and SQNms of the UE side based on RAND

and AUTN returned by the VLR, and then compares them with MAC and SQNhe in AUTNrespectively. If MAC is not equal to XMAC, it indicates that the UE fails to perform the validity check for the network, and

that authentication fails. The VLR sends an Authentication failure message to the AuC. If the difference between SQNms and SQNhe is not in an acceptable range, it indicates that the UE fails to

perform the effectiveness check for the network. The VLR originates a re-synchronization flow to the AuC.The re-synchronization flow is similar to the authentication set request flow. The difference is that theMAP_SEND_AUTHENTICATION_INFO message contains the re-synchronization information of AUTS andRAND that requires the AuC to synchronize. After receiving the re-synchronization message, the AuCcomputes MAC based on RAND in the message. Then the AuC compares MAC with MAC-S in the AUTS todetermine whether the re-synchronization is legal. After that, the AuC adjusts its SQNhe based on the valueof SQNms in the AUTS, and computes a group of authentication values to the VLR. The VLR uses these valuesto originate authentication flow again, and returns AUTN and RAND to the UE. Step 3 and Step 4 arerepeated in the following flow.

If both the validity check and the effectiveness check succeed, the authentication is successful

authentication in gsm

Documents