NAS : Authentication Request

Overview on Authentication and security 

Authentication:

"Authentication" process is similar to 'sign in' process when you use a computer. In GSM, this authentication process is 'uni-directional', its means that only Network authenticates the UE and UE does not authenticate the network. As we can easily guess, this would be a serious security problem. If I use a fake network which accepts any UE, I can cheat a UE to camp on the fake network rather than the one the UE is supposed to camp on to. (But this kind of 'uni directional' authentication would make it so easy to test a UE using network simulator -

To improve this security issues, in LTE (in WCDMA as well) they do 'bi-directional' authentication, meaning that UE has to pass the authentication process and Network also has to pass the process as well.

Three important steps are used for Authentication process.

a) Input Parameters

b) ‘Authentication Algorithm’ which are used to find Output value.

c) Output Values (it is calculated by Authentication Algorithm using the Input Parameters).

Same Input Parameters and the same Authentication Algorithms are used on UE and network side so that both should be produce same output values, in case output value are not same then authentication will be fail.

Remember, UE and Network exchange only Input Parameters and Output values, not the authentication Algorithm. Authentication Algorithm on UE side is stored in USIM and Authentication Algorithm on NW side is stored in Authentication Centre. Both UE and NW just assume that they would use the identical algorithms.

The overall authentication process is as follows.

 Some important Keys are used to calculate output value through using Authentication.

Question: How calculate output values usingAuthentication Algorithms for the Authentication process.

Pre Shared Keys

• UE Security Key – Configured in operator’s DB in Authentication center and USIM.
• AMF – Configured in operator’s DB in Authentication center and USIM.
• OP – This is optional and configured in operator’s DB in Authentication center and USIM.

Generated Keys

• SQN – It is the 4 Octet sequence no which should be refreshed each time NW tries to re authenticate the UE. It is generated as below.

SQN1-n = SEQ1-n || IND1-n
SEQ is the Prefix with value in the range of 27 bits (0-2^27) and IND is the index of 5 bits (0-31).

SQN 1 =SEQ || IND
SQN 2 =SEQ+ 1 || IND
SQN 3 =SEQ+ 2 || IND
SQN 4 =SEQ+ 3 || IND
SQN 5 =SEQ+ 4 || IND

RAND – It is the random no generated through some random no generation algorithm.

Derived Authentication vectors

• IK – Is the integrity key generated with input (K, RAND)->f4->IK. It is generated at authentication center and USIM.
• CK – It is the ciphering key generated with input (K, RAND)->f3->CK. It is generated at authentication center and USIM.
• AK – It is the anonymity key generated with input (K, RAND)->f5->AK. It is generated only at authentication center.
• XRES – Expected response generated with input (K, RAND)->f2->XRES. It is generated only at authentication center. Corresponding parameter RES is generated at USIM.
• MAC – Message authentication code generated with input (K, SQN, RAND, AMF)->f1->MAC. It is generated only at authentication center. Corresponding parameter XMAC is generated at USIM.
• AUTN – authentication token generated with AUTN = SQN * AK || AMF || MAC. It is generated only at authentication center.

Vector derivation on network side:

Vector derivation on UE side: