3G Security Architecture - Theory Explanation

3G Security architecture Theory explanation
www.huawei.com
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Refrences
3GPP TS 33.102 V7.0.0 (2005-12)
Contents
1. Introduction 2. Network Access Security 3. Network access security mechanism
1.1Overview of the security architecture

(IV)
User Application
Provider Application
Application stratum
(I) (III)
(I)
USIM
(II) (I) (I)
HE SN Transport stratum
Home stratum/ Serving Stratum
(I)
ME
AN
We have five different security groups each security group has a special security function
1-Network access security (I) : provide user secure access to the 3G

network especially from the attack of the Radio Network
2-Network domain security (II): provide user secure access to the 3G

network especially from the attack of the wire line network

3-User domain security (III) :prevent unsecured access to the mobile station
4-Application domain security (IV): provide secure data

transmission in the application between user and provider 5- visibility and configurability of security (V) : Ensure which level of security we will use

HLR CS location PS location Two CN service domains Common subscription data base
CS service domain
3G MSC/VLR CS state
3G SGSN PS state
PS service domain
Two Iu signalling connections (two RANAP instances)
UTRAN
UTRAN with distribution functionality One RRC connection
CS state UE
PS state
Contents
2.1Network access security

User identity confidentiality : 1. The user identity number IMSI is unique for one user 2. IMSI cannot be transmitted over the radio link 3. The Network allocate TMSI instead of IMSI
4. In order to avoid tracing , the TMSI is changed for each

user for along period of time.
2.2 Entity authentication
There is 2 mechanisms for user authentication
1- the user ID is authenticated by the Integrity key between user & network during previous execution 2-Authentication vector provided by home network to the serving network
2.3 Confidentiality
Cipher Key : the MS and the Network agrees on a certain key
Cipher Algorithm : the MS and the Network agrees on a

certain Algorithm
So, the user data cannot be hacked on the air interface & signaling data cannot be hacked over the access interface
2.4 Data integrity
Integrity Key: the MS and the Network negotiate the integrity Key and Algorithm
So ,authentication of signaling data can be done through the

verification of it integrity (has not been modified)
Contents
3.1 TMSI reallocation procedure

The TMSI is used to identify user over the radio access link This mechanism should be taken after ciphering This method is also to assign TMSI/LAI pair
MS VLR/SGSN
TMSI Allocation Command TMSIn, LAIn TMSI Allocation Complete
The TMSI is stored in the data base of the SGSN with its corresponding IMSI
The SGSN if necessary send the LAI with the new TMSI
Upon the reception of a new TMSI , The SGSN removes the association of the old TMSI
If the network doesnt receive acknowledge from the user
1-it will keep association between old TMSI & IMSI
2-it will keep association between new TMSI & IMSI

When there is a user originated transaction , the network will determine which TMSI is used & delete the other one
Repeated TMSI reallocation (certain limit) is reported to the O&M
3.2 Identification by a permanent identity
This case happens when
1-the user is accessing the network for the first time 2-the SGSN/VLR cannot retrieve the IMSI from the old TMSI
ME/USIM User identity request User identity response IMSI VLR/SGSN
3.3 Authentication and key agreement
The network HE has a security Key K , and the USIM has the same security key K
So , the network can authenticate the two users according

to this Key
In addition there is a keep track counters for the USIM and the HE to ensure the authentication

The HE/HLR sends an n array authentication vector Each vector is composed of the following
Authentication Token (AUTN) Expected response (XRES) Random number (RAND) Cipher key (CIPH) Integrity key (IK)
1. 2. 3. 4. 5.
The SGSN/VLR sends the authentication token AUTN and Random number RAND, USIM computes RES and then
SGSN compares RES with the XRES
If same , SGSN&USIM will send the CK & IK to the ciphering entities
3.4 Distribution of authentication data from HE to SN
The authentication data request shall include
1- IMSI 2-requesting node type (CS or PS ) Then the HE/HLR will send the ordered array of n VLR/SGSN authentication vector Authentication data request IMSI Authentication data response AV(1..n) HE

AMF :
Authentication and key management AMF is used to select the Algorithm & Key to generate a particular vector
USIM Keeps track of Algorithm and Key through the AUTN The USIM uses parameter called L , which is the difference between SQN( highest sequence no. accepted ) and SQN received by USIM
The AMF controls the L number

AK: AK = f5K (RAND) It is called the anatomy key
In case the SQN exposes the identity and location of the

USIM , the AK is used to conceal it
So , to delete this property put f5 = 0 , AK=0
Message Authentication Key
MAC = f1K(SQN || RAND || AMF)
Expected Response
XRES = f2K (RAND)
Cipher key
CK = f3K (RAND)
Integrity Key
IK = f4K (RAND)
3.5 Authentication and key agreement flow
The USIM first computes the AK from the Random and AUTN then compute XMAC , Compare it with MAC if Wrong
then it will send Failure (user authentication reject )
XMAC = f1K (SQN || RAND || AMF)

USIM User authentication request RAND || AUTN User authentication response RES User authentication reject CAUSE VLR/SGSN
If the USIM consider the SEQ not in the correct range it will send
failure message (synchronisation failure )
The synchronization failure message will include the parameter

USIM User authentication request RAND || AUTN User authentication response RES User authentication reject CAUSE VLR/SGSN
AUTS

SQNMS K RAND AMF f1* f5* xo r
MAC-S
AK
SQNMS AK
AUTS = SQNMS AK || MA C-S

If the sequence no. is in the correct range the USIM will compute the RES and send it to the SGSN/VLR
In message (user authentication response)

Finally the USIM computes IK and CK Then the SGSN & USIM will compare the RES with the XRES If the SGSN doesnt receive response from USIM , it will send the quintet again
3.6 Distribution of IMSI and temporary authentication data within one serving network domain
When the new SGSN receives a location update request , it will identifies the old SGSN and it will send the request
requiring (Identity request)
The Old SGSN will provide the IMSI no. and the unused quintet vectors of the user
VLRn/SGSNn (TMSIo || LAIo) or (P-TMSIo || RAIo) IMSI || ({Qi} or {Ti}) || ((CK || IK || KSI) or (Kc || CKSN)) VLRo/SGSNo
3.7 Re-synchronisation procedure
One the Synchrnization failure message is received by SGSN synchronisation failure
Then the SGSN will send authentication data request with

synchronisation failure indication in the message to the HE
With the Parameters RAND , AUTS

UE/USIM RAND, AUTN AUTS RAND, AUTS {Qi} VLR/SGSN HLR/AuC
3.7 Re-synchronisation procedure
The HE retrieves the SQN of MS ,and checks if the SQN of HE is in the correct range
if not in the range , the HE verifies the AUTS

If the verification is successful , set SQN of MS = SQN of HE Then new authentication vectors is sent to the SGSN
3.8 Reporting authentication failures from the SGSN/VLR to the HLR

Failure cause : network or user signature is wrong Access type Authentication reattempt : indicate if it is normal authentication or reattempt
SGSN number RAND number

VLR/SGSN Authentication failure report (IMSI, Failure cause, access type, authentication re-attempt, VLR/SGSN address and RAND ) HLR
3.9 Authentication re-attempt

We need to set Authentication reattempt in the following Reject cause MAC Failure Reject Cause Synch Failure Reject Cause GSM authentication unacceptable
3.10 Length of authentication parameters

K=128bit RAND=128bit
CK=128bit
IK=128bit SQN=48 bit AK=48bit AMF=16bit MAC=64bit RES=4-16 octet
Thanks

3G Security Architecture - Theory Explanation

Uploaded by

Document Information

Original Title

Copyright

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

3G Security Architecture - Theory Explanation

Uploaded by

Copyright:

3G Security architecture Theory explanation

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3GPP TS 33.102 V7.0.0 (2005-12)

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

1.1Overview of the security architecture

Home stratum/ Serving Stratum

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

1.1Overview of the security architecture

1-Network access security (I) : provide user secure access to the 3G

2-Network domain security (II): provide user secure access to the 3G

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

1.1Overview of the security architecture

4-Application domain security (IV): provide secure data

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

1.1Overview of the security architecture

Two Iu signalling connections (two RANAP instances)

UTRAN with distribution functionality One RRC connection

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

2.1Network access security

4. In order to avoid tracing , the TMSI is changed for each

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

2.2 Entity authentication

There is 2 mechanisms for user authentication

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Cipher Key : the MS and the Network agrees on a certain key

Cipher Algorithm : the MS and the Network agrees on a

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

2.4 Data integrity

So ,authentication of signaling data can be done through the

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.1 TMSI reallocation procedure

TMSI Allocation Command TMSIn, LAIn TMSI Allocation Complete

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.1 TMSI reallocation procedure

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.1 TMSI reallocation procedure

If the network doesnt receive acknowledge from the user

1-it will keep association between old TMSI & IMSI

2-it will keep association between new TMSI & IMSI

Repeated TMSI reallocation (certain limit) is reported to the O&M

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.2 Identification by a permanent identity

This case happens when

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.3 Authentication and key agreement

So , the network can authenticate the two users according

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.3 Authentication and key agreement

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.3 Authentication and key agreement

SGSN compares RES with the XRES

If same , SGSN&USIM will send the CK & IK to the ciphering entities

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.4 Distribution of authentication data from HE to SN

The authentication data request shall include

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.4 Distribution of authentication data from HE to SN

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.4 Distribution of authentication data from HE to SN

The AMF controls the L number

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3.4 Distribution of authentication data from HE to SN

AK: AK = f5K (RAND) It is called the anatomy key