AIR/AIA (Authentication-Information-Request/Answer)

Authentication is a Major function of HSS/AuC. AIR/AIA is an important and first message on s6a/s6d interface that has been exchange between MME/SGSN and HSS during very first attach procedure. Here MME/SGSN asks for authentication credentials from HSS usually called as Authentication Vectors to authenticate and authorize the subscriber.

As we know MME uses EPS authentication vectors and SGSN can ask for UMTS or GERAN authentication vectors. while combined MME/SGSN can ask for all kind of authentication vectors in a single request. MME/SGSN shall tell the number of authentication vector it needs, generally between 1-5, if this information is missing then HSS shall send one authentication vector to MME. 

AVP structure used by MME to ask for EPS vectors
Requested- EUTRAN-Authentication-Info ::= <AVP header:10415 >
                         [ Number-Of-Requested-Vectors]
                         [ Immediate-Response-Preferred ]
                         [ Re-synchronization-Info ]


AVP structure used by SGSN to ask for UTRAN/GERAN vectors
Requested-UTRAN-GERAN-Authentication-Info ::= <AVP header: 10415>
                         [ Number-Of-Requested-Vectors]
                         [ Immediate-Response-Preferred ]
                         [ Re-synchronization-Info ]


Combined MME/SGSN can use "Immediate-Response-Preferred" AVP to tell HSS which Authentication Vector it wants on urgent basis; then other type of vector could be sent in same response but they are optional. For example: Combined node sends "Immediate-Response-Preferred" in Requested- EUTRAN-Authentication-Info AVP then HSS must send EUTRAN authentication vectors; HSS may send GERAN/UTRAN vector but they are optional; it totally depends on HSS whether it want to send them or not; because it will not be immediately consumed by combined node.

Generally a time-period on MME/SGSN end for which if more than one vector are downloaded at MME/SGSN are treated as fresh; After that time is elapsed the vectors are treated as stale and shall be deleted by MME from its end.

MME/SGSN can send "Re-synchronization-Info" if sequence number mis-match at UE end and shall be discussed whole scenario in following article.

Re-synchronization Failure


HSS generates responses after processing request and shall send AIA

GERAN Vector are generated by HSS as discussed in Article


HSS sends GERAN vector in following AVP
GERAN-Vector ::= <AVP header: 1416 10415>
                 [ Item-Number ]
                 { RAND }
                 { SRES }
                 { Kc }

UTRAN Vector are generated by HSS as discussed in Article 

[UMTS - 3G] UTRAN Authentication Procedure


HSS sends UTRAN vector in following AVP
UTRAN-Vector ::= <AVP header: 1415 10415>
                [ Item-Number ]
                { RAND }
                { XRES }
                { AUTN }
                { Confidentiality-Key }
                { Integrity-Key }

EUTRAN Vector are generated by HSS as discussed in Article


HSS sends EUTRAN vector in following AVP
E-UTRAN-Vector ::= <AVP header: 1414 10415>
                [ Item-Number ]
                { RAND }
                { XRES }
                { AUTN }
                { KASME }

Usage of OP/OPc and Transport Key in authentication procedure is explained in following article 





Your Comments /Suggestions and Questions are always welcome,  shall clarify with best of our knowledge. So feel free to put Questions.

11 comments:

  1. Replies
    1. We appreciate you support.

      Thanks for your valuable time.
      Team-Diameter

      Delete
  2. Hi,
    When SGSN asks for UTRAN/GERAN vectors from HSS, how does HSS know whether to respond with UTRAN or GERAN vectors? Why would a 2G/3G SIM be hosted on a HSS? Shouldn't the SGSN use SS7 MAP Gr interface for the 2G/3G SIMs and only S6d for the 4G?
    Thanks

    ReplyDelete
    Replies
    1. What about those cases in which eNodeB is receiving data from BTS i.e. 4G->3g or 2G failover over radio services but at backend only LTE is supported for all the subscriber. It can be the cases where LTE coverage is not supported but subscriber has taken LTE connection.

      Delete
    2. There should be each avp have the
      "avp code "that has to recognise the type of info that has to contain....u just check the s6 spec for those info

      Delete
  3. Can anybody please share LTE attaché (s6a/s6d) process in detail. Mail Id : parthapratim.hazra@gmail.com

    ReplyDelete
    Replies
    1. Hi

      Following link might help you.
      http://diameter-protocol.blogspot.in/2012/07/s6as6d.html

      Thanks for your query.
      Happy to help you again.
      Team-Diameter

      Delete
  4. Hi ,

    Can anybody help to me to explain when mme sends AIR request to Hss and hss responds back to mme in AIA . then MME sends u.e to Authn. challenge request when u.e responds back with Auth. Challenge Answer . in u.e case u.e sends ans in "" RES "" and mme have XRES ok . me seen in traces the value are different i jus confuse about it please help me to solve my query

    ReplyDelete
    Replies
    1. Hi Sanjeev,

      UE sends (RES) to MME and then MME Compares (RES) with (XRES) [i.e. XRES received form HSS in AIA].
      if Both RES and XRES are equal then Authenticaiton is successful.

      Delete
  5. In Diameter Error Answer Message What are all the AVP will present

    ReplyDelete
    Replies
    1. Hi Stanley Paul,

      AIA in error case will contain experimental result code AVP

      Following links will help you

      http://diameter-protocol.blogspot.in/2012/10/result-code-and-experimental-result-code.html


      http://diameter-protocol.blogspot.in/2012/10/list-of-experimental-result-codes.html

      Delete