[UMTS - 3G] UTRAN Authentication Procedure


This is a mutual authentication mechanism, in which UE/SIM is authenticated by Network and Network is authenticated by UE/SIM. In this procedure message follow is more or less same as GSM Procedure, But key generation is complex, multiple key are generated, Integrity protection is also taken care and a sequence number is also maintained. As in every authentication procedure (telecom) it also have three major entities.

1) User Entity (SIM, User Equipment)
2) Controlling Entity (SGSN)
3) Authentication Entity(HSS/HLR,AuC)

Following table contains the attribute used in KEY generation, Table gives the usage of each attribute,size and place where they are used/stored.

Field Name
Description
Size
Used/Stored at
IMSI
To uniquely identify a SIM
Up to 15
digits
Both UE , HSS
Secret Key (K)
Sometimes called as shared key because it is stored in both User Entity and Authentication Entity.
128 Bits
Both UE , HSS
Algorithm F1
Used to generate MAC
64 Bits
HSS
Algorithm F1*
Used to generate MAC-S
64 Bits
UE
Algorithm F2
Used to generate XRES/RES i.e. Expected Response.
64 Bits
HSS,UE
Algorithm F3
Used to generate CK; Cipher Key
128 Bits
HSS,UE
Algorithm F4
Used to generate IK; Integrity Key
128 Bits
HSS,UE
Algorithm F5
Used to generate AK; Anonymity Key; used to hide/reveal sequence Number
48 Bits
HSS
Algorithm F5*
Used to generate AK; Anonymity Key; used to hide/reveal sequence Number
48 Bits
UE
Sequence Numbers
32 different Sequence Numbers - for synchronization i.e. no breach of security over the air
48 Bits
HSS,UE
Delta Value
Delta Value- a allowed range of sequence number difference at HSS and UE.

UE
AMF
Authentication Management Field. Usage is operator dependent.
Bit 0 is “AMF Separation Bit” and is used to in EPS
Bits 1 to 7 are reserved for future standardization use.
Bits 8 to 15 are open for proprietary use
16 Bits
HSS
AUTN
AUTN := SQN Å AK || AMF || MAC

128 Bits
HSS
AUTS
AUTS = SQNMS Å AK || MAC-S

112 Bits
UE


Here we are directly moving how does it works.

Step -1 User sends a attach request toward SGSN, and SGSN send authentication request toward HSS/HLR.

Step -2 After receiving authentication request HSS/HLR shall generate Authentication Vectors (AV) consisting of RAND,XRES, AUTN ,CK ,IK.

Step-3  Following steps explains how AV are generated.



a) First of all HSS generates RAND a random number.

b) Now randomly pick any sequence number out of 32. At very first all sequence number is set to zero and shall be increase by one as a considered sequence number is used. Sequence Number is of following format.Give a minute to following image which is self-explanatory (8-Motions)




c) Say sequence number with index IND 3 (three) is picked then value of  SEQ shall be incremented by one and updated information is stored in HSS. if suppose once again sequence number with IND 3 (three) is selected then again one is incremented as shown below.

d) Now generate XRES, ATUN, CK , IK. Give few seconds to following image it has 9 motions.
Authentication Vector generation at HSS


Step -4 HSS sends generated Vector and to Controlling Entity (SGSN).
Step -5 SGSN keeps XRES, CK, IK with it and sends AUTN and RAND to UE.
Step -6 Now on receive of RAND and AUTN UE shall extract MAC, SQN, and AMF.
Step -7 UE compares SQN [SEQ+IND] received with SQN [SEQ+IND] at its end in following way. if received SEQ in valid delta range then moves to step -8. Generally value of delta is one; otherwise shall trigger re-synchronization request to SGSN(explained later). Give few seconds to following image,it contains 8 motions.
Sequence Number processing at HSS and UE end


Step -8 UE shall generate XMAC, RES, CK, IK. in following way. Give a minute to following IMAGE which is self-explanatory, it contains 5 motions.
Authentication Vector Processing at UE


Step -9 Now RES is sent to Controlling Entity (SGSN).
Step -10 Controlling Entity shall compare RES with XRES store at its own end.
[RES=XRES]
Step -11 If both are not equal then Controlling entity shall send attach rejected to UE.
Step -12 If both are equal , implies user is Authenticated, shall invoke next message of Attach Procedure.

Usage of OP/OPc and Transport Key

Your Comments /Suggestions and Questions are always welcome.we would try to clarify your doubts with best of our knowledge. So feel free to put Query.

5 comments: