Upload
jgkkk
View
221
Download
0
Embed Size (px)
Citation preview
7/28/2019 UMTS Security 1
1/4
UMTS Security: Entity Authentication
Posted on September 15, 2009by Prashant Panigrahi
Entity authentication is the procedure of mutual authentication of UE or USIM and thenetwork. There are few fundamental requirements for this procedure:
1. First to permit the network to check whether the identity provided by the mobile
station is acceptable or not;
2. Second to provide parameters enabling the mobile station to calculate a newUMTS ciphering key;
3. Third to provide parameters enabling the mobile station to calculate a new UMTS
integrity key;4. Fourth to permit the mobile station to authenticate the network.
Authentication Vectors
TheAuthentication Vectors are used in Entity Authentication and Security procedures.
The VLR/SGSN starts this procedure by requesting authentication vector to the HE/AuC.
When HE/AuC receives the request from the VLR/SGSN it retrieves the calculatedauthentication vectorsAV (1n) from the HLR database and sends it to the VLR/SGSN
inAuthentication data response.
http://www.3glteinfo.com/umts-security-entity-authentication-20090915http://www.3glteinfo.com/umts-security-entity-authentication-20090915http://www.3glteinfo.com/author/prashanthttp://www.3glteinfo.com/category/3gpp/umtshttp://www.3glteinfo.com/category/3gpp/umtshttp://i0.wp.com/www.3glteinfo.com/wp-content/uploads/2009/09/clip_image0011.jpg?resize=544%2C219http://www.3glteinfo.com/umts-security-entity-authentication-20090915http://www.3glteinfo.com/author/prashanthttp://www.3glteinfo.com/category/3gpp/umtshttp://www.3glteinfo.com/category/3gpp/umts7/28/2019 UMTS Security 1
2/4
TheAuthentication Vectors generation procedure in HE/AuC is as follows:
HE/AuC first generates a fresh sequence numberSQNand an unpredictable challenge
RAND.
After that the following will be calculated:
Message Authentication CodeMAC = f1K (SQN || RAND || AMF), f1 is the messageauthentication function.
Expected response XRES = f2K (RAND)
Cipher key CK = f3K (RAND), f3 is a key generating function
Integrity key IK = f4K (RAND), f4 is a key generating function.
Anonymity key AK = f5K (RAND)
Authentication Procedure
The authentication procedure is as follows:
http://i0.wp.com/www.3glteinfo.com/wp-content/uploads/2009/09/clip_image003.gif?resize=511%2C4177/28/2019 UMTS Security 1
3/4
The steps are as follows:
Step#1
In the beginning both the USIM and the Network are not authenticated. That means
USIM does not know whether the network is a real network and network does not know
whether the USIM is a valid Subscriber.
http://i2.wp.com/www.3glteinfo.com/wp-content/uploads/2009/09/clip_image005.gif?resize=544%2C6867/28/2019 UMTS Security 1
4/4
Step#2
Network starts the authentication procedure by sending the User Authentication Request
with the parameterRAND andAUTN.
Step#3
After UE receives RAND and AUTN, the USIM first computes the anonymity key AK =
f5K (RAND) and retrieves the SQN = (SQN AK) AK
After that UE computes XMAC = f1K (SQN || RAND || AMF) and compares with MAC.
If both are different UE send user authentication rejectback to the VLR/SGSN.
If the USIM finds the SQN is not in the correct range, it sends synchronization failure.
Step#4
UE sends expected responseRESto the VLR/SGSN.
IfRES = XRES, then the authentication procedure completes
Message sequence from UE point of view
[UE NW] UPLINK DIRECT TRANSFER (IDENTITY RESPONSE)
[UE NW] UPLINK DIRECT TRANSFER (AUTHENTICATION RESPONSE)
[UE NW] SECURITY MODE COMPLETE