Authentication:
"Authentication"
process is similar to 'sign in' process when you use a computer. In GSM, this
authentication process is 'uni-directional', its means that only Network
authenticates the UE and UE does not authenticate the network. As we can easily
guess, this would be a serious security problem. If I use a fake network which
accepts any UE, I can cheat a UE to camp on the fake network rather than the
one the UE is supposed to camp on to. (But this kind of 'uni directional'
authentication would make it so easy to test a UE using network simulator
-
To
improve this security issues, in LTE (in WCDMA as well) they do
'bi-directional' authentication, meaning that UE has to pass the authentication
process and Network also has to pass the process as well.
Three important steps are used for Authentication process.
a) Input Parameters
b) ‘Authentication Algorithm’ which are used
to find Output value.
c) Output Values (it is calculated by
Authentication Algorithm using the Input Parameters).
Same Input Parameters and the same
Authentication Algorithms are used on UE and network side so that both should
be produce same output values, in case output value are not same then authentication
will be fail.
Remember, UE and Network exchange only Input
Parameters and Output values, not the authentication Algorithm. Authentication
Algorithm on UE side is stored in USIM and Authentication Algorithm on NW side
is stored in Authentication Centre. Both UE and NW just assume that they would
use the identical algorithms.
The
overall authentication process is as follows.
Some important Keys are used to calculate output value through using Authentication.
Question: How calculate output values usingAuthentication Algorithms
for the Authentication process.
Pre Shared Keys
- UE Security Key – Configured in operator’s DB
in Authentication center and USIM.
- AMF – Configured in operator’s DB
in Authentication center and USIM.
- OP – This is optional and
configured in operator’s DB in Authentication center and USIM.
Generated Keys
- SQN – It is the 4 Octet sequence
no which should be refreshed each time NW tries to re authenticate the UE.
It is generated as below.
SQN1-n = SEQ1-n || IND1-n
SEQ is the Prefix with value in the range of 27 bits (0-2^27) and IND is the index of 5 bits (0-31).
SEQ is the Prefix with value in the range of 27 bits (0-2^27) and IND is the index of 5 bits (0-31).
SQN 1 =SEQ || IND
SQN 2 =SEQ+ 1 || IND
SQN 3 =SEQ+ 2 || IND
SQN 4 =SEQ+ 3 || IND
SQN 5 =SEQ+ 4 || IND
RAND
– It
is the random no generated through some random no generation algorithm.SQN 2 =SEQ+ 1 || IND
SQN 3 =SEQ+ 2 || IND
SQN 4 =SEQ+ 3 || IND
SQN 5 =SEQ+ 4 || IND
Derived Authentication vectors
- IK – Is the integrity key
generated with input (K, RAND)->f4->IK. It is generated at
authentication center and USIM.
- CK – It is the ciphering key
generated with input (K, RAND)->f3->CK. It is generated at
authentication center and USIM.
- AK – It is the anonymity key
generated with input (K, RAND)->f5->AK. It is generated only at
authentication center.
- XRES – Expected response generated
with input (K, RAND)->f2->XRES. It is generated only at
authentication center. Corresponding parameter RES is generated at USIM.
- MAC – Message authentication code
generated with input (K, SQN, RAND, AMF)->f1->MAC. It is generated
only at authentication center. Corresponding parameter XMAC is generated
at USIM.
- AUTN – authentication token
generated with AUTN = SQN * AK || AMF || MAC. It is generated only at
authentication center.
Vector derivation on network side:
Vector derivation on UE side:
No comments:
Post a Comment
If You have any concern you are free to message/comment me.