Authentication

Published on July 2016 | Categories: Documents | Downloads: 31 | Comments: 0 | Views: 377
of 19
Download PDF   Embed   Report

Comments

Content

Authentication Feature Parameter
Description
Copyright © Huawei Technologies Co., Ltd. 2010. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

BSS
Authentication

Contents

Contents
1 Introduction ................................................................................................................................1-1
1.1 Scope ............................................................................................................................................ 1-1
1.2 Intended Audience ........................................................................................................................ 1-1
1.3 Change History.............................................................................................................................. 1-1

2 Overview of Authentication....................................................................................................2-1
3 Authentication Principles .......................................................................................................3-1
4 Authentication Procedure.......................................................................................................4-1
4.1 Authentication Success ................................................................................................................. 4-1
4.2 Authentication Failure.................................................................................................................... 4-1

5 Parameters .................................................................................................................................5-1
6 Counters......................................................................................................................................6-1
7 Glossary ......................................................................................................................................7-1
8 Reference Documents .............................................................................................................8-1

Issue 01 (2010-01-12)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

iii

BSS
Authentication

1 Introduction

1 Introduction
1.1 Scope
This document describes the function and purpose of authentication, authentication procedures, and
handling of successful and failed authentication on the network side.

1.2 Intended Audience
This document is intended for:
z

Personnel who need to understand Authentication

z

Personnel who work with Huawei products

1.3 Change History
This section provides information on the changes in different document versions.
There are two types of changes, which are defined as follows:
z

Feature change: refers to the change in the Authentication feature of a specific product version.

z

Editorial change: refers to the change in wording or the addition of the information that was not
described in the earlier version.

Document Issues
The document issues are as follows:
z

01 (2010-01-12)

01 (2010-01-12)
This is the first commercial release of BSS9.0.

Issue 01 (2010-01-12)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

1-1

BSS
Authentication

2 Overview of Authentication

2 Overview of Authentication
Authentication is a procedure in which the GSM network verifies the validity of the identity of an MS, that
is, verifies the validity of the International Mobile Subscriber Identity (IMSI) or Temporary Mobile
Subscriber Identity (TMSI) transmitted over the Um interface.
Authentication aims to prevent unauthorized subscribers from accessing the network and to protect the
private information of authorized subscribers.
The functions of authentication are as follows:
z

To check whether the MS is authorized to access the network

z

To provide parameters that enable the MS to calculate a new ciphering key

The authentication procedure is always initiated and controlled by the network.

Issue 01 (2010-01-12)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

2-1

BSS
Authentication

3 Authentication Principles

3 Authentication Principles
The network initiates the authentication procedure in the following situations:
z

The MS requests to change the subscriber information restored in VLR or HLR.

z

Service access is initiated. For example, when the MS originates a call, the MS is called, activated, or
deactivated, or the supplementary service is initiated.

z

The MS accesses the network for the first time after the MSC/VLR restarts.

z

The ciphering key Kc on the network does not match that on the MS.

The authentication procedure uses an authentication triplet, namely, RAND, Kc, and SERS. The
authentication triplet is calculated in the authentication center (AUC) of the GSM network. When
registering in a GSM network, each subscriber is assigned a Mobile Station International ISDN Number
(MSISDN) and an IMSI. The IMSI is written into the SIM through a SIM writer. The SIM writer also
generates an authentication parameter Ki, which is stored in the SIM and the authentication center as
well. The IMSI and Ki are permanent information.
A pseudo-random number generator is used in the AUC to generate an unpredictable pseudo random
number RAND. In the AUC, the RAND and Ki are used to generate a signed response (SRES) through
algorithm A3 and to generate a ciphering key Kc through algorithm A8. The three parameters RAND, Kc,
and SERS constitute an authentication triplet, which is stored as part of the subscriber data in the HLR.
Generally, the AUC sends five groups of authentication triplets to the HLR at one time. The HLR
automatically stores them. The HLR can store ten groups of authentication triplets. Upon request, the
HLR sends five groups of authentication triplets to the MSC/VLR at one time. The MSC/VLR uses the
authentication triplets one by one. When only two groups are left, the MSC/VLR requests the HLR for
new authentication triplets again.
The network initiates an authentication procedure by sending an Authentication Request message to the
MS and starts timer T3260. The Authentication Request message carries a 128-bit RAND, which is used
to calculate the values of the authentication response parameters. This message also carries the
Ciphering Key Sequence Number (CKSN) assigned to the ciphering key.
Upon receiving the Authentication Request message, the MS calculates the SRES required by the
Authentication Response message and the new ciphering key Kc. After writing the new ciphering key Kc
and the CKSN into the SIM, the MS sends the network an Authentication Response message.
Upon receiving the Authentication Response message, the network stops timer T3260 and checks
whether the Authentication Response message is valid..

Issue 01 (2010-01-12)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

3-1

BSS
Authentication

4 Authentication Procedure

4 Authentication Procedure
4.1 Authentication Success
Figure 4-1 shows a successful authentication procedure.
Figure 4-1 Successful authentication procedure

z

The Authentication Request message carries a 128-bit RAND and a Ciphering Key Sequence Number
(CKSN).

z

The Authentication Response message carries an SRES, which is calculated on the basis of the
RAND and Ki through algorithm A3.

The network compares the stored SRES with the SRES carried in the Authentication Response
message. If the SRESs are the same, the authentication is successful. After the authentication succeeds,
subsequent procedures, for example, the ciphering procedure, are initiated.

4.2 Authentication Failure
If the authentication fails, that is, if the Authentication Response message is invalid, the network may
distinguish between the following two ways of identification used by the MS:
If the TMSI is used, the network initiates the identification procedure.
z

If the IMSI provided by the MS differs from that in the network, the network restarts the authentication
procedure.

z

If the IMSI provided by the MS is the expected one, the network responds with an Authentication
Reject message.

If the IMSI is used, the network responds with an Authentication Reject message.
Figure 4-2 shows a failed authentication procedure.

Issue 01 (2010-01-12)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

4-1

BSS
Authentication

4 Authentication Procedure

Figure 4-2 Failed authentication procedure

After sending an Authentication Reject message to the MS, the network releases all the existing MM
connections and restarts an RR connection release procedure.
Upon receiving the Authentication Reject message, the MS sets the roaming flag to prohibited and
deletes the information such as TMSI, LAI, and ciphering key.
If the Authentication Reject message is received when the MS is in the IMSI Detach Initiated state, timer
T3220 will be stopped after the RR connection is released. The MS, if possible, starts the local release
procedure after the normal release procedure is complete or timer T3220 expires. If not possible, for
example, during IMSI detachment at MS power-off, the RR sublayer on the MS side is aborted.
If the Authentication Reject message is received in any other state, the MS aborts any MM connection
establishment or call re-establishment procedure, stops timer T3210 or T3230, releases all the MM
connections, starts timer T3240, enters the Wait For Network Command state, and waits for the release
of the RR connection. If the RR connection is not released after timer T3240 expires, the MS aborts the
RR connection. In both cases, either after an RR connection release triggered by the network or after an
RR connection abort requested by the MS, the MS enters the NO IMSI state, which is a sub-state of the
MM Idle state.

4-2

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

Issue 01 (2010-01-12)

BSS
Authentication

5 Parameters

5 Parameters
None.

Issue 01 (2010-01-12)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

5-1

BSS
Authentication

6 Counters

6 Counters
None.

Issue 01 (2010-01-12)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

6-1

BSS
Authentication

7 Glossary

7 Glossary
For the acronyms, abbreviations, terms, and definitions, see the Glossary.

Issue 01 (2010-01-12)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

7-1

BSS
Authentication

8 Reference Documents

8 Reference Documents
z

3GPP TS 24.008

z

3GPP TS 42.009

z

3GPP TS 43.020

z

BSC6900 Feature List

z

BSC6900 Basic Feature Description

Issue 01 (2010-01-12)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd

8-1

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close