Authentication procedure is needed to know whether a User/ UE (User Equipment i.e. Mobile)/SIM (subscriber) has a valid access to an operator network. As we know there are there major entities participate in it.
1) User Entity (SIM - UE)
2) Controlling Entities(MSC, VLR, SGSN)
3) Authentication Entity(HLR, Auc)
General Details
Before going into the technical details of a Authentication procedure here is brief idea what actually happens.During Authentication Procedure some messages have been exchanged between User Entity and Authentication Entity via controlling entity. During this message exchange some algorithms are applied on User Entity and Authentication Entity; as a result of these algorithms one or two secret information (KEYs) have been generated; these generated information (KEYS) are sent by User Entity to controlling entity and Authentication entity to controlling entity. After receiving information from both entities controlling entities compares them if they are identical then authentication is successful otherwise not a valid subscriber.
Following Image gives the idea how it works with MSC (Controlling Entity)
Following Image gives the idea how it works with SGSN (Controlling Entity)
Now let's see how it works technically.
SIM - Subscriber Identity Module contains following data for Authentication for each subscriber
1) IMSI:- International Mobile Subscriber Identity
2) Secret Key (K 128 Bits):- This key some times known as shared
key as well because this is present in both SIM and HSS.
3)Algorithm A3:- Authentication algorithm
4)Algorithm A8:- Ciphering key generator.
5)Algorithm A5:- Ciphering/deciphering algorithm (Used after
authentication to hide data with CK Ciphering key )
HSS/AuC (Home Subscriber Server) contains following things
1) IMSI:- International Mobile Subscriber Identity
2) Secret Key (K 128Bits):- This key some times known as shared
key as well because this is present in both SIM and HSS.
3) Algorithm A3:- Authentication algorithm
4) Algorithm A8:- Ciphering key generator.
5) RAND generator:- HSS also have a way to generate a 128 Bits random number generator.
GSM Authentication Scheme |
When UE attaches then HSS receives MAP_SEND_AUTHENTICATION_INFO request, upon receiving this request HSS computes authentication vectors(AVs) consisting of RAND,SRES,Kc. Following steps to be taken in complete cycle of authentication
Step -1 HSS generates a RAND (Random Number 128 Bits)
Step -2 This generated RAND and Secret KEY (K) already
provisioned at HSS for given User identified by IMSI shall
be passed to Algorithm A3 to generate SRES.
Step -3 RAND and Secret KEY (K) shall be passed to Algorithm A8
to generate Kc i.e. Confidentiality Key.
Step -4 This generated information along with RAND shall be send
to VLR or SGSN.
Step -5 VLR sends AV(Authentication Vectors) to MSC.
Step -6 MSC Keeps Kc and SRES with it and send RAND to UE over
network.
Step -7 Now UE shall generate the same AV using received RAND as
done in HSS such as SRES is generated by passing Shared
KEY(K) already stored in SIM along with received RAND to A3
algorithm.
Step -8 Similarly Kc shall be generated by passing RAND and
Shared KEY (K) to A8 algorithm.
Step -9 UE send generated SRES to MSC.
Step -10 On receive of SRES from UE; MSC matches with the SRES
received from HSS. If both are identical then User is
Authenticated User. Otherwise not.
Step -11 An Authenticated User shall use Kc Ciphering Key during
to encrypt/decrypt data using A5 function
Step -11 An Authenticated User shall use Kc Ciphering Key during
to encrypt/decrypt data using A5 function
Your Comments /Suggestions and Questions are always welcome. We would try to clear your doubts with best of my knowledge. So feel free to put Questions.
Thank you for a very useful information.
ReplyDeleteOne question. No mention of HLR in complete cycle of Authentication. Also want to know this authentication process is same for prepaid and postpaid subscriber?
In image the authentication entity is (HSS, AuC). For GSM authentication it should be HLR, AuC.
DeleteThe HSS is a master user database of IP Multimedia System that contains the subscription-related information (subscriber profiles) and performs authentication and authorization of the user.
It is similar to the GSM HLR and Authentication Centre (AuC).
Yes, Authentication process is same for prepaid and postpaid subscriber.
Thank you very much for resolving my query.
DeleteCould you please help to answer above?
ReplyDeleteThank you in advance.
Thanks,
Vidhi.
very good explanation...
ReplyDeleteThanks
Thank you very much ...
ReplyDeleteThank you very much ...
ReplyDeleteHi,
ReplyDeleteI've a question and here it is.. Is it possible to recognise whether the SAI/UL request is belongs to 2G or 3G? If so based on what parameter we can differentiate 2G's SAI/UL and 3G's UL? Because we are sending SRES,Kc,RAND separately. We are sending as AV(Av=RAND||SRES||Kc) as a single request for both 2G and 3G..
Thanks in advance..
Arun
Hi Arun
DeleteDo you want to know how HSS/HLR identifies that whether subscriber belongs to 2G or 3G ?
If so, then HSS can identify from subscriber profile associating with a subscriber. As per the reply sent for authentication then 3G will also send AUTN parameter.
Thanks for your query.
Happy to help you again.
Team-Diameter
Hi,
DeleteThanks for your reply..
MSC/VLR requests SAI to HLR/HSS with no. of authentication vectors required(it varies from 1 from 5). what it represents? when the MSC/VLR requests SAI with 2 vectors what operation will be performed ?? If UL has to be performed how many vectors are required for 2G as well 3G?
If possible explain for all 5 vectors.
Thanks in advance
Arun
Hi Arun
DeleteA single vector is enough for authentication for one time, MSC ask for multiple so that it can avoid message initiating and processing burden(Message traffic over network) periodic authentication.
A authentication Vector contains following items in 3G RAND, XRES, CK, IK, AUTN. Set of RAND, XRES, CK, IK, AUTN is called a vector
Hope it suffice you.
alaska airlines Reservations Number
ReplyDeleteallegiant airlines Reservations Number
emirates airlines Reservations Number
hawaiian airlines Reservations Number
jetblue-airlines-customer-service-number
jetblue airways reservations number
klm airlines reservations number
lufthansa airlines reservations number
qatar airways reservations number
spirit airlines reservations number
turkish airlines reservations number
delta airlines customer service number
united airlines reservations number
air canada reservations number
delta airlines reservations number
delta airlines reservations number
delta airlines customer service number