AIR/AIA (Authentication-Information-Request/Answer)

Authentication is a Major function of HSS/AuC. AIR/AIA is an important and first message on s6a/s6d interface that has been exchange between MME/SGSN and HSS during very first attach procedure. Here MME/SGSN asks for authentication credentials from HSS usually called as Authentication Vectors to authenticate and authorize the subscriber.

As we know MME uses EPS authentication vectors and SGSN can ask for UMTS or GERAN authentication vectors. while combined MME/SGSN can ask for all kind of authentication vectors in a single request. MME/SGSN shall tell the number of authentication vector it needs, generally between 1-5, if this information is missing then HSS shall send one authentication vector to MME. 

AVP structure used by MME to ask for EPS vectors

Requested- EUTRAN-Authentication-Info ::= <AVP header:10415 >

                         [ Number-Of-Requested-Vectors]

                         [ Immediate-Response-Preferred ]

                         [ Re-synchronization-Info ]

AVP structure used by SGSN to ask for UTRAN/GERAN vectors

Requested-UTRAN-GERAN-Authentication-Info ::= <AVP header: 10415>

                         [ Number-Of-Requested-Vectors]

                         [ Immediate-Response-Preferred ]

                         [ Re-synchronization-Info ]

Combined MME/SGSN can use "Immediate-Response-Preferred" AVP to tell HSS which Authentication Vector it wants on urgent basis; then other type of vector could be sent in same response but they are optional. For example: Combined node sends "Immediate-Response-Preferred" in Requested- EUTRAN-Authentication-Info AVP then HSS must send EUTRAN authentication vectors; HSS may send GERAN/UTRAN vector but they are optional; it totally depends on HSS whether it want to send them or not; because it will not be immediately consumed by combined node.

Generally a time-period on MME/SGSN end for which if more than one vector are downloaded at MME/SGSN are treated as fresh; After that time is elapsed the vectors are treated as stale and shall be deleted by MME from its end.

MME/SGSN can send "Re-synchronization-Info" if sequence number mis-match at UE end and shall be discussed whole scenario in following article.

Re-synchronization Failure

HSS generates responses after processing request and shall send AIA

GERAN Vector are generated by HSS as discussed in Article

GSM [2G] Authentication Procedure

HSS sends GERAN vector in following AVP

GERAN-Vector ::= <AVP header: 1416 10415>

                 [ Item-Number ]

                 { RAND }

                 { SRES }

                 { Kc }

UTRAN Vector are generated by HSS as discussed in Article 

[UMTS - 3G] UTRAN Authentication Procedure

HSS sends UTRAN vector in following AVP

UTRAN-Vector ::= <AVP header: 1415 10415>

                [ Item-Number ]

                { RAND }

                { XRES }

                { AUTN }

                { Confidentiality-Key }

                { Integrity-Key }

EUTRAN Vector are generated by HSS as discussed in Article

[EPS 4G] E-UTRAN Authentication Procedure

HSS sends EUTRAN vector in following AVP

E-UTRAN-Vector ::= <AVP header: 1414 10415>

                [ Item-Number ]

                { RAND }

                { XRES }

                { AUTN }

                { KASME }

Usage of OP/OPc and Transport Key in authentication procedure is explained in following article 

Usage of OP/OPc and Transport Key

Your Comments /Suggestions and Questions are always welcome,  shall clarify with best of our knowledge. So feel free to put Questions.

Re-synchronization Failure ( Synchronization in Telecom)

Re-Synchronization mechanism is a rare.It happens when difference of sequence number at HSS and UE/SIM is not in valid range. Before we go in detail of it, it would be better we just scroll through 3G Authentication.

Here we shall explain Re-synchronization with example. As we know Sequence Number is of 48 bits

SQN=(SEQ (43-Bits)+ IND(3-Bits))

Ideally HSS should have high sequence number(SEQ) at any (IND)index. Lets assume if sequence number difference is equal to and more than 2, then it is needed to synchronize again with HSS. This range is called DELTA range that is defined by SIM vendor. 

During re-synchronization process UE/SIM send it's own sequence number to HSS, HSS updates it own end, generates fresh Authentication Vectors (AV) on updated Sequence Number, then to UE to authenticate Identity and Network again.

Re-synchronization is a very useful process by which we can Sync sequence number at HSS with SIM because we can not update sequence number at SIM because it is stored in non-volatile memory. Ideally both HSS and SIM should have Identical Sequence Number for an Index, but it is not always true because of following causes that could create Re-Synchronization.

1) As we know controlling entity (MME/SGSN) can ask for multiple Authentication Vectors. There are chances that some vectors are not used and got staled, this will increase the sequence number for some IND (Index) at HSS but not at SIM shall result in Re-Synchronization if difference reaches to 2. I.e. Sequence Number for a Index at HSS very high.

2) Sequence Number at SIM/UE for a Index is Higher than the HSS. Only possible to simulate in LAB network. 

Your Comments /Suggestions and Questions are always welcome,  shall clarify with best of our knowledge. So feel free to put Questions.

[EPS 4G] E-UTRAN Authentication Procedure

It would be better that before going to E-UTRAN just scroll through the 3G authentication procedure. E-UTRAN authentication also checks that the PLMN in which UE is roaming is authenticated or not. Here one key KASME is generated that takes visited PLMN Id, CK, IK as an input that are generated in the same way they are generated in 3G Authentication. Rest all is same as 3G authentication.

4G Authentication Procedure

Algorithm to generate KASME is as follow

KASME = HMAC-SHA-256(Key,S) 

where,
S = FC||P0||L0||P1||L1||P2||L2||P3||L3||... ||Pn||Ln

FC is single octet. Its value is defined by 3GPP.
All Px are inputs and Lx is the length of the inputs 
For KASME, 
Key = CK || IK
FC = 0x10,
P0 = SN id,
L0 = length of SN id (i.e.0x00 0x03),
P1 = SQN Å AK
L1 = length of SQN Å AK (i.e. 0x00 0x06) 

Your Comments /Suggestions and Questions are always welcome,  shall clarify with best of our knowledge. So feel free to put Questions.

Usage of OP/OPc and Transport Key

OP: Operator Code : It is allotted to an operator and used in key generation algorithms of 3G and 4G. It is not shown as a part of input, because it is not specific to a user/Subscriber/SIM. It remains fix for all Subscriber/SIM of an operator that is why it is not used as an input to key generation algorithms. This OP (a 128-bits Operator Variant Algorithm Configuration Field )value is passed to an encryption algorithm ("RijndaelEncrypt") to generate OPc and OPc is used in all f1,f2,f3,f4,f5 functions internally to generate various keys.

As OP value is single, same to all subscriber/SIM. If someone knows it then there can be a possibility of spoofing of all SIM, because all SIMs are using the same value of OP. So Operator come up with the solution that they shall provision OPc rather than OP in AuC or HLR/HSS. When f1,f2....f5 get the OPc they doesn't generate it from OP; received OPC is used in vector generation. There is no reverse engineering for OP from OPC.

Basically OPc was the ultimate key that is generated from OP and KEy (secret Key) by using  ("RijndaelEncrypt") algorithm which is specific to SIM. if some one able to theft OPc then it can spoof only single SIM not all the SIMs.

OPc=Encypt-Algo(OP,Key)
OPc -[128 Bits]

Transport Key (64-Bits) : This key is used as a Lock to KEY (secret key) and OPc. When authentication credentials are to be provisioned at AuC or HLR/HSS; then they are provisioned in encrypted form rather then plain and this encryption is done by Transport Key. 

When authentication credentials are to be used in Authentication Generation then; all fields are decrypted  to plain key by transport key; and now plain key is used f1,f2,f3,f4,f5 algorithms.

Encypted-Key= Encypt-Algo(Plain-Key,Trans-Key)

General Procedure is as follow:

1) Plain Keys /OPC are in-Fused in SIM.

2) Now Vendor shall Encrypt KEY and OPC with Transport Key.

3) Encrypted Data to be given to Operator's AuC and Operator provision at AuC

4) AuC Stores Encrypted data.

5) Request for Authentication Comes from network; Now AuC generates Plain Key using Transport Key before generating Authentication Vectors.



Your Comments /Suggestions and Questions are always welcome.we would try to clarify your doubts with best of our knowledge. So feel free to put Query.

[UMTS - 3G] UTRAN Authentication Procedure

This is a mutual authentication mechanism, in which UE/SIM is authenticated by Network and Network is authenticated by UE/SIM. In this procedure message follow is more or less same as GSM Procedure, But key generation is complex, multiple key are generated, Integrity protection is also taken care and a sequence number is also maintained. As in every authentication procedure (telecom) it also have three major entities.

1) User Entity (SIM, User Equipment)

2) Controlling Entity (SGSN)

3) Authentication Entity(HSS/HLR,AuC)

Following table contains the attribute used in KEY generation, Table gives the usage of each attribute,size and place where they are used/stored.

Field Name	Description	Size	Used/Stored at
IMSI	To uniquely identify a SIM	Up to 15 digits	Both UE , HSS
Secret Key (K)	Sometimes called as shared key because it is stored in both User Entity and Authentication Entity.	128 Bits	Both UE , HSS
Algorithm F1	Used to generate MAC	64 Bits	HSS
Algorithm F1*	Used to generate MAC-S	64 Bits	UE
Algorithm F2	Used to generate XRES/RES i.e. Expected Response.	64 Bits	HSS,UE
Algorithm F3	Used to generate CK; Cipher Key	128 Bits	HSS,UE
Algorithm F4	Used to generate IK; Integrity Key	128 Bits	HSS,UE
Algorithm F5	Used to generate AK; Anonymity Key; used to hide/reveal sequence Number	48 Bits	HSS
Algorithm F5*	Used to generate AK; Anonymity Key; used to hide/reveal sequence Number	48 Bits	UE
Sequence Numbers	32 different Sequence Numbers - for synchronization i.e. no breach of security over the air	48 Bits	HSS,UE
Delta Value	Delta Value- a allowed range of sequence number difference at HSS and UE.		UE
AMF	Authentication Management Field. Usage is operator dependent. Bit 0 is “AMF Separation Bit” and is used to in EPS Bits 1 to 7 are reserved for future standardization use. Bits 8 to 15 are open for proprietary use	16 Bits	HSS
AUTN	AUTN := SQN Å AK || AMF || MAC	128 Bits	HSS
AUTS	AUTS = SQNMS Å AK || MAC-S	112 Bits	UE

Here we are directly moving how does it works.

Step -1 User sends a attach request toward SGSN, and SGSN send authentication request toward HSS/HLR.

Step -2 After receiving authentication request HSS/HLR shall generate Authentication Vectors (AV) consisting of RAND,XRES, AUTN ,CK ,IK.

Step-3  Following steps explains how AV are generated.

a) First of all HSS generates RAND a random number.

b) Now randomly pick any sequence number out of 32. At very first all sequence number is set to zero and shall be increase by one as a considered sequence number is used. Sequence Number is of following format.Give a minute to following image which is self-explanatory (8-Motions)

c) Say sequence number with index IND 3 (three) is picked then value of  SEQ shall be incremented by one and updated information is stored in HSS. if suppose once again sequence number with IND 3 (three) is selected then again one is incremented as shown below.

d) Now generate XRES, ATUN, CK , IK. Give few seconds to following image it has 9 motions.

Authentication Vector generation at HSS

Step -4 HSS sends generated Vector and to Controlling Entity (SGSN).

Step -5 SGSN keeps XRES, CK, IK with it and sends AUTN and RAND to UE.

Step -6 Now on receive of RAND and AUTN UE shall extract MAC, SQN, and AMF.

Step -7 UE compares SQN [SEQ+IND] received with SQN [SEQ+IND] at its end in following way. if received SEQ in valid delta range then moves to step -8. Generally value of delta is one; otherwise shall trigger re-synchronization request to SGSN(explained later). Give few seconds to following image,it contains 8 motions.

Sequence Number processing at HSS and UE end

Step -8 UE shall generate XMAC, RES, CK, IK. in following way. Give a minute to following IMAGE which is self-explanatory, it contains 5 motions.

Authentication Vector Processing at UE

Step -9 Now RES is sent to Controlling Entity (SGSN).

Step -10 Controlling Entity shall compare RES with XRES store at its own end.

[RES=XRES]

Step -11 If both are not equal then Controlling entity shall send attach rejected to UE.

Step -12 If both are equal , implies user is Authenticated, shall invoke next message of Attach Procedure.

Usage of OP/OPc and Transport Key

Your Comments /Suggestions and Questions are always welcome.we would try to clarify your doubts with best of our knowledge. So feel free to put Query.

GSM [2G] Authentication Procedure

Authentication procedure is needed to know whether a User/ UE (User Equipment i.e. Mobile)/SIM (subscriber) has a valid access to an operator network. As we know there are there major entities participate in it.

1) User Entity (SIM - UE)

2) Controlling Entities(MSC, VLR, SGSN)

3) Authentication Entity(HLR, Auc)

General Details

Before going into the technical details of a Authentication procedure here is brief idea what actually happens.During Authentication Procedure some messages have been exchanged between User Entity and Authentication Entity via controlling entity. During this message exchange some algorithms are applied on User Entity and Authentication Entity; as a result of these algorithms one or two secret information (KEYs) have been generated; these generated information (KEYS) are  sent by User Entity to controlling entity and Authentication entity to controlling entity. After receiving information from both entities controlling entities compares  them if they are identical then authentication is successful otherwise not a valid subscriber.

Following Image gives the idea how it works with MSC (Controlling Entity)

Following Image gives the idea how it works with SGSN (Controlling Entity)

Now let's see how it works technically.

SIM - Subscriber Identity Module contains following data for Authentication for each subscriber

1) IMSI:- International Mobile Subscriber Identity

2) Secret Key (K 128 Bits):-  This key some times known as shared   

         key as well because this is present in both SIM and HSS.

3)Algorithm  A3:- Authentication algorithm

4)Algorithm  A8:- Ciphering key generator.

5)Algorithm  A5:- Ciphering/deciphering algorithm (Used after 

      authentication to hide data with CK Ciphering key )

HSS/AuC (Home Subscriber Server) contains following things

1) IMSI:- International Mobile Subscriber Identity

2) Secret Key (K  128Bits):-  This key some times known as shared  

      key as well because this is present in both SIM and HSS.

3) Algorithm A3:- Authentication algorithm

4) Algorithm A8:- Ciphering key generator.

5) RAND generator:-  HSS also have a way to generate a 128 Bits random number generator.

GSM Authentication Scheme

When UE attaches then HSS receives MAP_SEND_AUTHENTICATION_INFO request, upon receiving this request HSS computes authentication vectors(AVs) consisting of RAND,SRES,Kc. Following steps to be taken in complete cycle of authentication

Step -1 HSS generates a RAND (Random Number 128 Bits) 

Step -2 This generated RAND and Secret KEY (K) already 

      provisioned at HSS for given User identified by IMSI  shall    

      be passed to Algorithm A3 to generate SRES.

Step -3 RAND and Secret KEY (K) shall be passed to Algorithm A8 

      to generate Kc i.e. Confidentiality Key.

Step -4 This generated information along with RAND shall be send 

      to VLR or SGSN.

Step -5 VLR sends AV(Authentication Vectors) to MSC.

Step -6 MSC Keeps Kc and SRES with it and send RAND to UE over 

      network.

Step -7 Now UE shall generate the same AV using received RAND as 

      done in HSS such as SRES is generated by passing Shared 

      KEY(K) already stored in SIM along with received RAND to A3  

      algorithm.

Step -8 Similarly Kc shall be generated by passing RAND and 

      Shared KEY (K) to A8 algorithm.

Step -9 UE send generated SRES to MSC.

Step -10 On receive of SRES from UE; MSC matches with the SRES 

      received from HSS. If both are identical then User is  

      Authenticated User. Otherwise not.
Step -11 An Authenticated User shall use Kc Ciphering Key during 
      to encrypt/decrypt data using A5 function 

Your Comments /Suggestions and Questions are always welcome. We would try to clear your doubts with best of my knowledge. So feel free to put Questions.

Bootstrapping Server Function (BSF)

Bootstrapping Server function (BSF) is part of Generic Authentication Scheme (GBA Generic Bootstrapping Architecture). This article is in form of slide-show; explaining all the concept of BSF.

Bootstrapping Architecture 

Following Image is in form of slide. Just read it; it's self-explanatory (15mins).

It's our new way to interact, Kindly give your reviews.

Your Comments /Suggestions and Questions are always welcome. We would try to clear your doubts with best of my knowledge. So feel free to put Questions.