1/xx

AKA Support In IS-820-BStage 2

Lijun ZhaoQUALCOMM Incorporated

Apr 14, 2003

Notice•QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. QUALCOMM Incorporated is also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.•This document has been prepared by QUALCOMM Incorporated to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on QUALCOMM Incorporated. QUALCOMM Incorporated specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of QUALCOMM Incorporated other than provided in the copyright statement above.

2/xx

Outline

• UIM Vs.ME in terms of AKA

• New UIM EFs

• New Commands/Responses

• Call Flow

• Further Work

• Refernce

3/xx

ME Vs. UIM in terms of AKA

4/xx

ME’s Responsibility

• Perform Message Integrity and Ciphering

• Pass RANDA, AUTN of AV to R-UIM

• Pass MAC-I to R-UIM to generate UMAC

• Keep track of 2 sets of keys and corresponding KEY IDs.

5/xx

Computation Of MAC-I

.

Integrity Algorithm

32-bit Crypto-sync

Other channel ormessage specificinputs

32-bit Broadcast RAND(only o f/r-csch)

Message MAC-I(32-bit)

Transmitted over the air

128-bit integity key

MessageMAC-I(32-bit)

8LSB ofcryto-sync

6/xx

UIM’s Responsibility

• Compute IK,CK and pass them to ME• Compute RES with variable length and pass them

to ME.• Compute MACA to authenticate the BS• Compute UAK, to which ME does not have access• Compute UMAC and pass it to the ME• Store 3G key in Elementary File• Store UAK hidden from ME• Store Threshold/Start Value in Elementary Files• Store sequence number hidden from ME• Validate CON_SEQ and start re-sync if necessary• Sequence number management

7/xx

UIM’s Computation

– Generate MACA: f1

– Generate RES: f2

– Generate CK: f3

– Generate IK: f4

– Generate AK: f5

– Generate UAK: f11

8/xx

New UIM Elementary Files

9/xx

3 New UIM EFs

• 3GCIK: {16-byte CK, 16-byte IK}

• THRESHOLD

{Maximum value of START}

• START

{START}

10/xx

EF: 3GCIK

EF3GCIK (3GCIK) contains the (CK,IK)

– Identifier: '6F55' – Structure: transparent– Mandatory– File size: 32 bytes – Update activity: low

11/xx

EF:THRESHOLD

EFTHRESHOLD (THRESHOLD) contains the maximum value of START. This value is used to control the lifetime of the keys in EF3GCIK

–Identifier: '6F56'

–Structure: transparent

–Mandatory

–File size: TBD bytes

–Update activity: low

12/xx

EF:START

EFSTART (START) contains the value of START.

This value is used to control the lifetime of the keys in EF3GCIK.

– Identifier: '6F57'

– Structure: transparent

– Mandatory

– File size: TBD bytes

– Update activity: high

13/xx

ACCESS CONDITIONS

3GCIK

READ CHV1

UPDATE ADM

INVALIDATE ADM

REHABILITATE ADM

THRESHOLD START

CHV1 CHV1

ADM CHV1

ADM ADM

ADM ADM

14/xx

New Commands/Responses

15/xx

3G Authenticate

Command Parameters: {RANDA, AUTN: CON_SEQ, AMF, MAC-A}

Response Parameters: {Success Tag, CK, IK, RES LENGTH, RES, AUTS}

16/xx

Response of UIM to 3G Authenticate Command

• Compute AK and retrieve SQN from CON_SEQ sent in AUTN

• Compute MACA, which may trigger to send Auth Reject (Status Word X)

• Check if SQN is valid, which may trigger to send Sync Failure (Status Word Y, AUTS: CON_MS_SEQ, MAC_S=f1* {RAND, AMF, SQN} )

• If both MACA and SQN are valid, send Auth Response

17/xx

Generate UMAC

Command Parameters:

{MACI}

Response Parameters:

{Success Tag, UMAC}

18/xx

UAK/UMAC

• UAK shall be generated together with CK, IK when processing AV if UIM supports UAK

• If ME sends a Generate UMAC command, and UIM does not support UAK, UIM responds with an error code “UAK is not supported” and no UMAC is returned

19/xx

Call Flow

20/xx

Modified 2G Authentication

MSC/VLR HLR/ACUIM ME BS

Registration Message(AUTHR, NEW_KEY_ID) AUTHREQ(RAND, AUTHR) AUTHREQ(RAND,

AUTHR)

authreq(CMEAkey)authreq(CMEAkey)

Registration AcceptedOrder(MAC-I)

Security Mode CompetionOrder(MAC-I)

Generate Key/VPMCommand

Generate Key/VPMResponse (Key)

RAND, MSG_INT_SUP=1

CIK[NEW_KEY_ID]= 2 * CMEAkey

CIK[NEW_KEY_ID]= 2 * CMEAkey

21/xx

AKA

MSC/VLR HLR/ACUIM ME

RAND, MSG_INT_SUP=1

BS

Registration Message(AUTHR, NEW_KEY_IDx)

AUTHREQ(RAND, AUTHR) AUTHREQ(RAND,AUTHR)

authreq(AV list)authreq(AV)Auth Req Msg (RANDA,AUTN)

Auth Resp Msg(RES,NEW_KEY_IDy)

Generate Key/VPMCommand

Generate Key/VPMResponse (Key)

3G AuthenticateCommand

(RANDA, AUTN)

3G AuthenticateResponse

(IK, CK, RES LengthRES)

Security Mode CommandMsg (MAC-I)

IK[NEW_KEY_IDy] = IK

IK[NEW_KEY_IDy] = IK

a

b

22/xx

AV SEQ Re-sync

MSC/VLR HLR/ACUIM ME

RAND, MSG_INT_SUP=1

BS

Registration Message(AUTHR, NEW_KEY_IDx) AUTHREQ(RAND, AUTHR) AUTHREQ(RAND,

AUTHR)

authreq(AV list)authreq(AV)Auth Req Msg (RANDA,

AUTN)

Auth ResyncMsg(CON_MS_SEQ,

MAC_S)

Generate Key/VPM Command

Generate Key/VPMResponse

(key)

3G AuthenticateCommand

(RANDA, AUTN)

3G AuthenticateResponse

(AUTS)Auth Data Request

(RAND, CON_MS_SEQ,MAC_S)

Auth Data Response(AV')authreq(AV')

Auth ResyncMsg(CON_MS_SEQ, MAC_S)

To a in Page 21

23/xx

UMAC/UAK

UIM ME BS

Generate UMACCommand (MAC-I)

Security Mode CommandMsg (MAC-I,

USE_UAK='1')

Generate UMACResponse (UMAC)

Error Code(UAK is notsupported)

OR

UAK*

*: if supported by UIM

24/xx

Key Restoration

UIM ME

RAND, MSG_INT_SUP='1'

Registration Message(AUTHR, MAC-I)

Read Binary

BS

Read Binary Response

SELECT (ElementaryFile ID)

25/xx

Further Work

26/xx

What is next….

• Define details/structures of EFs, and Command/Responses

• Write the procedures of the functions:(We can refer to C.S0055 with some descriptions of the functions included in IS-820-B)– Generate MACA– Generate RES– Generate IK,CK– Generate AK– Generate UAK

• Fine Tuning:Such as Exception/error handling, Result Code, Status Words…

27/xx

Reference

• S.S0055 Enhanced Cryptographic Algorithms, Revision B

• S.S0053-0 Common Cryptographic Algorithms, Revision D

• C.S0005-C Upper Layer(Layer 3) Signaling Standard for cdma2000 Spread Spectrum Systems

• C.S00023-A Removable User Identity Module for Spread Spectrum Systems