Professional Documents
Culture Documents
www.huawei.com
Refrences
Contents
1. Introduction 2. Network Access Security 3. Network access security mechanism
User Application
Provider Application
Application stratum
(I) (III)
(I)
USIM
(II) (I) (I)
HE SN Transport stratum
(I)
ME
AN
We have five different security groups each security group has a special security function
CS service domain
3G MSC/VLR CS state
3G SGSN PS state
PS service domain
UTRAN
CS state UE
PS state
Contents
1. Introduction 2. Network Access Security 3. Network access security mechanism
1- the user ID is authenticated by the Integrity key between user & network during previous execution 2-Authentication vector provided by home network to the serving network
2.3 Confidentiality
So, the user data cannot be hacked on the air interface & signaling data cannot be hacked over the access interface
Integrity Key: the MS and the Network negotiate the integrity Key and Algorithm
Contents
1. Introduction 2. Network Access Security 3. Network access security mechanism
The TMSI is used to identify user over the radio access link This mechanism should be taken after ciphering This method is also to assign TMSI/LAI pair
MS VLR/SGSN
The TMSI is stored in the data base of the SGSN with its corresponding IMSI
The SGSN if necessary send the LAI with the new TMSI
Upon the reception of a new TMSI , The SGSN removes the association of the old TMSI
1-the user is accessing the network for the first time 2-the SGSN/VLR cannot retrieve the IMSI from the old TMSI
ME/USIM User identity request User identity response IMSI VLR/SGSN
The network HE has a security Key K , and the USIM has the same security key K
In addition there is a keep track counters for the USIM and the HE to ensure the authentication
The HE/HLR sends an n array authentication vector Each vector is composed of the following
Authentication Token (AUTN) Expected response (XRES) Random number (RAND) Cipher key (CIPH) Integrity key (IK)
1. 2. 3. 4. 5.
The SGSN/VLR sends the authentication token AUTN and Random number RAND, USIM computes RES and then
1- IMSI 2-requesting node type (CS or PS ) Then the HE/HLR will send the ordered array of n VLR/SGSN authentication vector Authentication data request IMSI Authentication data response AV(1..n) HE
Authentication and key management AMF is used to select the Algorithm & Key to generate a particular vector
USIM Keeps track of Algorithm and Key through the AUTN The USIM uses parameter called L , which is the difference between SQN( highest sequence no. accepted ) and SQN received by USIM
Expected Response
Cipher key
CK = f3K (RAND)
Integrity Key
IK = f4K (RAND)
The USIM first computes the AK from the Random and AUTN then compute XMAC , Compare it with MAC if Wrong
If the USIM consider the SEQ not in the correct range it will send
AUTS
MAC-S
AK
SQNMS AK
If the sequence no. is in the correct range the USIM will compute the RES and send it to the SGSN/VLR
3.6 Distribution of IMSI and temporary authentication data within one serving network domain
When the new SGSN receives a location update request , it will identifies the old SGSN and it will send the request
The Old SGSN will provide the IMSI no. and the unused quintet vectors of the user
VLRn/SGSNn (TMSIo || LAIo) or (P-TMSIo || RAIo) IMSI || ({Qi} or {Ti}) || ((CK || IK || KSI) or (Kc || CKSN)) VLRo/SGSNo
The HE retrieves the SQN of MS ,and checks if the SQN of HE is in the correct range
Failure cause : network or user signature is wrong Access type Authentication reattempt : indicate if it is normal authentication or reattempt
We need to set Authentication reattempt in the following Reject cause MAC Failure Reject Cause Synch Failure Reject Cause GSM authentication unacceptable
K=128bit RAND=128bit
CK=128bit
IK=128bit SQN=48 bit AK=48bit AMF=16bit MAC=64bit RES=4-16 octet
Thanks