M900/M1800 Base Station Subsystem

Signaling Analysis Manual

Contents

Contents
5 Authentication Procedure.........................................................................................................5-1
5.1 Overview...........................................................................................................................................................5-2
5.2 Authentication Procedure .................................................................................................................................5-2
5.2.1 Successful Authentication.......................................................................................................................5-2
5.2.2 Unsuccessful Authentication ..................................................................................................................5-3
5.3 Internal Handling of BSC.................................................................................................................................5-4
5.4 Abnormal Cases................................................................................................................................................5-4

Issue 01 (2007-03-15)

Huawei Technologies Proprietary

i

...M900/M1800 Base Station Subsystem Signaling Analysis Manual Figures Figures Figure 5-1 Procedure of successful authentication ...........................................................................................................5-4 ii Huawei Technologies Proprietary Issue 01 (2007-03-15) ......................................................5-3 Figure 5-2 Authentication rejection procedure .................................

M900/M1800 Base Station Subsystem Signaling Analysis Manual 5 Authentication Procedure 5 Authentication Procedure About This Chapter The following table lists the contents of this chapter.2 Authentication Procedure Describes authentication procedures. including successful and unsuccessful authentication procedures.1 Overview Introduces the authentication technology of Huawei GSM network.3 Internal Handling of BSC Describes the BSC internal handling regarding authentication. 5. Issue 01 (2007-03-15) Huawei Technologies Proprietary 5-1 .4 Abnormal Cases Describes typical abnormal authentication procedures. Title Description 5. 5. 5.

The purpose of the authentication procedure is to prevent illegal MS from accessing the network. The new ciphering key Kc calculated from the challenge information shall overwrite the previous one and be stored in SIM before the Authentication Response message is transmitted.1 Successful Authentication Figure 5-1 shows the procedure of successful authentication. and in the meantime. Upon receipt of the Authentication Response message. MS is called. MS processes the challenge information and sends back an Authentication Response message to the network. and also contains the CKSN (Ciphering Key Sequence Number) allocated to the key which may be computed from the given parameters. The purpose of the authentication procedure is twofold. On the following conditions. the network stops timer T3260 and checks the validity of the response. Upon receipt of the Authentication Request message. to protect the private information of legal MS from leakage. 5. Supplementary service is initiated) z MS accesses the network for the first time after MSC/VLR is restarted z The ciphering key sequence number Kc is not matched. the network may initiate the authentication procedure.2 Authentication Procedure The network initiates the authentication procedure by transferring an Authentication Request message to MS and starts timer T3260. z Service access is initiated (MS originates a call. MS is activated or deactivated. z To permit the network to check whether the identity provided by MS is acceptable or not z To provide parameters enabling MS to calculate a new ciphering key The authentication procedure is always initiated and controlled by the network. 5. z MS requests modification of its relevant information in VLR or HLR.M900/M1800 Base Station Subsystem Signaling Analysis Manual 5 Authentication Procedure 5.1 Overview Authentication refers to the procedure of authenticating the validity of the IMSI and TMSI of MS initiated by the GSM network. The CKSN shall be stored together with the calculated Kc. The Authentication Request message contains the parameters used to calculate the response parameters.2. 5-2 Huawei Technologies Proprietary Issue 01 (2007-03-15) .

M900/M1800 Base Station Subsystem Signaling Analysis Manual 5 Authentication Procedure Figure 5-1 Procedure of successful authentication MS BTS BSC MSC AUT_REQ(1) AUT_RES(2) Step 1 The Authentication Request message contains a RAND (Random Number) and a CKSN. the network shall restart the authentication procedure. Issue 01 (2007-03-15) Huawei Technologies Proprietary 5-3 . If the two are consistent. the network shall directly return an Authentication Reject message. Figure 5-2 Authentication rejection procedure MS BTS BSC MSC AUT_REQ(1) AUT_RES(2) AUT_REJ(3) After the network sends the Authentication Reject message. and the network restarts the RR connection release procedure. Figure 5-2 shows the authentication rejection procedure. the network may distinguish between the two different modes of identification adopted by MS. authentication shall be passed. all MM connections in progress are released. If the IMSI given by MS differs from the one the network has associated with the TMSI. Step 2 If IMSI identification mode has been adopted. the network shall initiate the identification procedure. the network shall return an Authentication Reject message. if the response is not valid. ----End 5. which is obtained based on calculation of RAND and Ki through the A3 algorithm. Step 2 The Authentication Response message contains a response number (SRES).2 Unsuccessful Authentication If authentication fails. and the subsequent sub-procedures (such as the encryption procedure) shall be entered. Step 1 If TMSI identification mode has been adopted. The network compares the SRES stored in itself with the one contained in the Authentication Response message. There are total 128 bits in the RAND. i.e.2. If the IMSI provided by MS is correct.

In both cases. Expiry of timer T3260 Before receipt of the Authentication Response message. SIM unregistered If the SIM of an MS has not been registered on the network side. MS should initiate the local release procedure after the normal release procedure is completed. MS shall abort the RR connection. 5-4 Huawei Technologies Proprietary Issue 01 (2007-03-15) . stop any of the timers T3210 or T3230 (if running). the network shall release the RR connection. release all MM connections. No special processing is required from the BSC. detach at power-off). and initiate the RR connection release procedure. the network shall release all MM connections (if any) and abort any ongoing MM-specific procedure. LAI and CKSN. If the Authentication Reject message is received in any other state. MS sets the update status in SIM to "U2 ROAMING NOT ALLOWED". abort the authentication procedure and any ongoing MM-specific procedure. release all MM connections. MS shall abort any MM connection establishment or call re-establishment procedure. timer T3220 shall be stopped when the RR connection is released.M900/M1800 Base Station Subsystem Signaling Analysis Manual 5 Authentication Procedure Upon receipt of the Authentication Reject message.g. deletes from SIM the stored TMSI. MS shall enter the substate "NO IMSI" of "MM IDLE". If the Authentication Reject message is received in the state "IMSI DETACH INITIATED". 5.3 Internal Handling of BSC The network initiates and controls the authentication procedure.4 Abnormal Cases RR connection failure Upon detection of a RR connection failure before the Authentication Response message is received. If this is not possible (e. expecting the release of the RR connection. If the RR connection is not released within a given time controlled by the timer T3240. if timer T3260 expires. 5. reset and start timer T3240. either after a RR connection release triggered from the network side or after a RR connection abort requested by the MS side. or after T3220 expires. If possible. and enter the state "WAIT FOR NETWORK COMMAND". the MSRR sublayer shall be aborted. the network will directly return an Authentication Reject message to the MS.