01-06 authentication procedure

M900/M1800 Base Station Subsystem Signaling Analysis Manual Contents

Issue 02 (2007-06-30) Huawei Technologies Proprietary i

Contents

6 Authentication Procedure.........................................................................................................6-1 6.1 Overview of Authentication Procedure .........................................................................................................6-2 6.2 Authentication Procedure ..............................................................................................................................6-3

6.2.1 General Authentication Procedure .......................................................................................................6-3 6.2.2 Successful Authentication ....................................................................................................................6-3 6.2.3 Unsuccessful Authentication................................................................................................................6-4

6.3 Signaling Procedure in the BSC....................................................................................................................6-5 6.4 Abnormal Cases and Troubleshooting...........................................................................................................6-6

6.4.1 RR Connection Failure.........................................................................................................................6-6 6.4.2 Expiry of timer T3260..........................................................................................................................6-6 6.4.3 SIM Card Unregistered ........................................................................................................................6-6

Figures M900/M1800 Base Station Subsystem

Signaling Analysis Manual

ii Huawei Technologies Proprietary Issue 02(2007-06-30)

Figures

Figure 6-1 General authentication procedure .....................................................................................................6-3

Figure 6-2 Successful authentication procedure.................................................................................................6-4

Figure 6-3 Unsuccessful authentication procedure.............................................................................................6-5

M900/M1800 Base Station Subsystem Signaling Analysis Manual 6 Authentication Procedure

Issue 02 (2007-06-30) Huawei Technologies Proprietary 6-1

6 Authentication Procedure

About This Chapter

The following table lists the contents of this chapter.

Section Describes

6.1 Overview of Authentication Procedure

The function of authentication, key parameters, and relevant GSM protocols.

6.2 Authentication Procedure The authentication procedures.

6.3 Signaling Procedure in the BSC

The requirement on the BSC side.

6.4 Abnormal Cases and Troubleshooting

The abnormal cases when the authentication procedure fails and how to troubleshoot them.

6 Authentication Procedure M900/M1800 Base Station Subsystem


6-2 Huawei Technologies Proprietary Issue 02(2007-06-30)

6.1 Overview of Authentication Procedure Authentication is a procedure initiated by the GSM network to verify the validity of the IMSI and TMSI of an MS.

The authentication procedure prevents an illegal MS from accessing the network and safeguards the private information of a legal MS from leakage.

The authentication procedure is initiated by the network under the following conditions:

The MS requests modification of its information in the Visitor Location Register (VLR) or Home Location Register (HLR).

The following services are initiated: − MS originates a call. − MS is called. − MS is activated or deactivated. − Supplementary service is initiated.

The MS accesses the network for the first time after the MSC/VLR restarts. The ciphering key Kc does not match between the network and the MS.

The authentication procedure permits the network to check whether the identity provided by the MS is acceptable. It also provides parameters for enabling the MS to calculate a new ciphering key.

The authentication procedure is always initiated and controlled by the network.

The authentication procedure uses an Authentication Triplet from an MS, namely RAND, Kc, and SERS.

The Authentication Triplet is calculated in the authentication center of the GSM network. Each MS is assigned a Mobile Station International ISDN Number (MSISDN) and an International Mobile Subscriber Identity (IMSI) while registering on the GSM network. The IMSI is written into the SIM card using a SIM card writer.

The SIM card writer also produces an authentication parameter Ki, which is stored in the SIM card and the authentication center as well. The IMSI and Ki are permanent information.

In the authentication center, a pseudo-random number generator is used to generate an unpredictable pseudo random number RAND. The RAND and Ki then generate a signed response (SRES) using algorithm A3 and a ciphering key Kc using algorithm A8.

The three parameters RAND, Kc, and SERS are stored as part of subscriber data in the HLR. Generally, the authentication center sends five groups of Authentication Triplet to the HLR, which automatically stores them. The HLR can store ten groups of Authentication Triplet. Upon request, the HLR sends five groups of the Authentication Triplet to the MSC/VLR. The MSC/VLR uses the Authentication Triplet one by one. When only two groups are left, the MSC/VLR will request the HLR for the Authentication Triplet again.

For details about the authentication procedure, see 3GPP Rec. 24.008.



6.2 Authentication Procedure 6.2.1 General Authentication Procedure

Figure 6-1 shows the general authentication procedure.

Figure 6-1 General authentication procedure

MS MSCBSCBTS

AuthenticationRequest(1)

AuthenticationResponse(2)

start T3260

stop T3260

SDCCH

SDCCH

Step 1 The network initiates an authentication procedure by sending an Authentication Request message to an MS and starts timer T3260. The Authentication Request message contains a 128-bit RAND that is used to calculate the response parameters. It also contains the Ciphering Key Sequence Number (CKSN) allocated to the ciphering key. :

Step 2 Upon receipt of the Authentication Request message, the MS calculates the SRES required by the Authentication Response message and the new ciphering key Kc. After writing the new ciphering key Kc and the CKSN in the SIM card, the MS sends an Authentication Response message to the network.

Step 3 Upon receipt of the Authentication Response message, the network stops timer T3260 and checks whether the stored SRES is consistent with the SRES in the Authentication Response message. If the SRES stored in the network is consistent with that in the Authentication Response message, the authentication is passed, and the subsequent sub-procedures, such as the encryption procedure, starts.

----End

6.2.2 Successful Authentication Figure 6-2 shows the successful authentication procedure.




Figure 6-2 Successful authentication procedure

MS MSCBSCBTS

AuthenticationReject(3)

SDCCH

SDCCH

SDCCH

AuthenticationRequest(1)

AuthenticationResponse(2)

Step 1 The network initiates an authentication procedure by sending an Authentication Request message to the MS. The Authentication Request message contains a random number (RAND) and a CKSN. The RAND is 128 bits in length.

Step 2 Upon receipt of the Authentication Response message, the MS returns an Authentication Response message to the MSC. The Authentication Response message contains a Signed Response (SRES), which is calculated from the RAND and Ki using algorithm A3.

Step 3 The network compares the stored SRES with the received SRES. If the two parameters are consistent, the authentication is successful and the MS can access the network. Then, the subsequent sub-procedures (such as the encryption procedure) follow.

----End

6.2.3 Unsuccessful Authentication Unsuccessful authentication means that the Authentication Response message is invalid.

Different ways of identification used by the MS may have different unsuccessful authentication procedures.

If a TMSI is used by the MS, the network initiates the identification procedure. If the IMSI given by the MS differs from that in the network, the network restarts the authentication procedure. If the IMSI given by the MS is the accepted one, an Authentication Reject message is sent back by the network.

If an IMSI is used by the MS, the network directly returns an Authentication Reject message.

Figure 6-3 shows the unsuccessful authentication procedure.



Figure 6-3 Unsuccessful authentication procedure

MS MSCBSCBTS

Authentication Request(1)

Authentication Response(2)

Authentication Reject(3)

SDCCH

SDCCH

SDCCH

After the network sends the Authentication Reject message, the following procedures start on the network side and the MS side.

Network side After sending the Authentication Reject message, the network releases all the MM connections in progress and initiates the RR connection release procedure.

MS side Upon receipt of the Authentication Reject message, the MS sets the update status in the SIM card to U2 Roaming Not Allowed and deletes the stored TMSI and LAI from the SIM card.

If the Authentication Reject message is received when the MS is in IMSI Detach Initiated state, timer T3220 shall be stopped when the RR connection is released. The mobile station should, if possible, delay the local release of the channel to allow a normal release from the network side until T3220 timeout. If this is not possible, such as detach at power down, the RR sublayer on the MS side should be aborted.

If the Authentication Reject message is received in any other state, the MS aborts any MM connection establishment or call re-establishment procedure, stops any of the timers T3210 or T3230, releases all MM connections, starts timer T3240, and enters the state Wait For Network Command, expecting the release of the RR connection. If the RR connection is not released within a given time controlled by timer T3240, the mobile station aborts the RR connection. In both the cases, either after an RR connection release triggered from the network side or after a RR connection abort requested by the MS side, the MS enters the state MM IDLE, substate NO IMSI.

6.3 Signaling Procedure in the BSC The network initiates and controls the authentication procedure. It does not require any special processing on the BSC side.




6.4 Abnormal Cases and Troubleshooting 6.4.1 RR Connection Failure

Description The authentication procedure fails and the network releases all the MM connections.

Causes Analysis Upon detection of an RR connection failure before the Authentication Response message is received, the network releases all MM connections (if any) and aborts any ongoing MM specific procedure. :

Troubleshooting Check whether interference exists on the Um interface.

6.4.2 Expiry of timer T3260

Description The authentication procedure fails.

Causes Analysis If timer T3260 expires before the Authentication Response message is received, the network takes the following actions:

Release the RR connection Abort the authentication procedure and any ongoing MM specific procedure Release all MM connections Initiate the RR connection release procedure.

Troubleshooting Check whether the length of timer T3260 is reasonably set.

6.4.3 SIM Card Unregistered

Description The network directly returns the Authentication Reject message to the MS.

Causes Analysis If the SIM card of an MS is not registered in the network, the network returns the Authentication Reject message to the MS.



Troubleshooting Register the SIM correctly.

01-06 authentication procedure

Documents