UMTS Security 1

  • Upload
    jgkkk

  • View
    221

  • Download
    0

Embed Size (px)

Citation preview

  • 7/28/2019 UMTS Security 1

    1/4

    UMTS Security: Entity Authentication

    Posted on September 15, 2009by Prashant Panigrahi

    Entity authentication is the procedure of mutual authentication of UE or USIM and thenetwork. There are few fundamental requirements for this procedure:

    1. First to permit the network to check whether the identity provided by the mobile

    station is acceptable or not;

    2. Second to provide parameters enabling the mobile station to calculate a newUMTS ciphering key;

    3. Third to provide parameters enabling the mobile station to calculate a new UMTS

    integrity key;4. Fourth to permit the mobile station to authenticate the network.

    Authentication Vectors

    TheAuthentication Vectors are used in Entity Authentication and Security procedures.

    The VLR/SGSN starts this procedure by requesting authentication vector to the HE/AuC.

    When HE/AuC receives the request from the VLR/SGSN it retrieves the calculatedauthentication vectorsAV (1n) from the HLR database and sends it to the VLR/SGSN

    inAuthentication data response.

    http://www.3glteinfo.com/umts-security-entity-authentication-20090915http://www.3glteinfo.com/umts-security-entity-authentication-20090915http://www.3glteinfo.com/author/prashanthttp://www.3glteinfo.com/category/3gpp/umtshttp://www.3glteinfo.com/category/3gpp/umtshttp://i0.wp.com/www.3glteinfo.com/wp-content/uploads/2009/09/clip_image0011.jpg?resize=544%2C219http://www.3glteinfo.com/umts-security-entity-authentication-20090915http://www.3glteinfo.com/author/prashanthttp://www.3glteinfo.com/category/3gpp/umtshttp://www.3glteinfo.com/category/3gpp/umts
  • 7/28/2019 UMTS Security 1

    2/4

    TheAuthentication Vectors generation procedure in HE/AuC is as follows:

    HE/AuC first generates a fresh sequence numberSQNand an unpredictable challenge

    RAND.

    After that the following will be calculated:

    Message Authentication CodeMAC = f1K (SQN || RAND || AMF), f1 is the messageauthentication function.

    Expected response XRES = f2K (RAND)

    Cipher key CK = f3K (RAND), f3 is a key generating function

    Integrity key IK = f4K (RAND), f4 is a key generating function.

    Anonymity key AK = f5K (RAND)

    Authentication Procedure

    The authentication procedure is as follows:

    http://i0.wp.com/www.3glteinfo.com/wp-content/uploads/2009/09/clip_image003.gif?resize=511%2C417
  • 7/28/2019 UMTS Security 1

    3/4

    The steps are as follows:

    Step#1

    In the beginning both the USIM and the Network are not authenticated. That means

    USIM does not know whether the network is a real network and network does not know

    whether the USIM is a valid Subscriber.

    http://i2.wp.com/www.3glteinfo.com/wp-content/uploads/2009/09/clip_image005.gif?resize=544%2C686
  • 7/28/2019 UMTS Security 1

    4/4

    Step#2

    Network starts the authentication procedure by sending the User Authentication Request

    with the parameterRAND andAUTN.

    Step#3

    After UE receives RAND and AUTN, the USIM first computes the anonymity key AK =

    f5K (RAND) and retrieves the SQN = (SQN AK) AK

    After that UE computes XMAC = f1K (SQN || RAND || AMF) and compares with MAC.

    If both are different UE send user authentication rejectback to the VLR/SGSN.

    If the USIM finds the SQN is not in the correct range, it sends synchronization failure.

    Step#4

    UE sends expected responseRESto the VLR/SGSN.

    IfRES = XRES, then the authentication procedure completes

    Message sequence from UE point of view

    [UE NW] UPLINK DIRECT TRANSFER (IDENTITY RESPONSE)

    [UE NW] UPLINK DIRECT TRANSFER (AUTHENTICATION RESPONSE)

    [UE NW] SECURITY MODE COMPLETE