7/29/2019 3G Security Architecture_Theory Explanation
1/37
www.huawei.com
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3G Security architecture
Theory explanation
7/29/2019 3G Security Architecture_Theory Explanation
2/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Refrences
3GPP TS 33.102 V7.0.0 (2005-12)
7/29/2019 3G Security Architecture_Theory Explanation
3/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. Introduction
2. Network Access Security
3. Network access security mechanism
7/29/2019 3G Security Architecture_Theory Explanation
4/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
1.1Overview of the security architecture
Homestratum/ServingStratum
USIM HE
Transport
stratumME
SN
AN
Applicationstratum
User Application Provider Application
(IV)
(III)
(II)
(I)
(I)
(I)
(I)
(I)
7/29/2019 3G Security Architecture_Theory Explanation
5/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
1.1Overview of the security architecture
We have five different security groups each security group has a
special security function
1-Network access security (I) : provide user secure access to the 3G
network especially from the attack of the Radio Network
2-Network domain security (II): provide user secure access to the 3G
network especially from the attack of the wire line network
7/29/2019 3G Security Architecture_Theory Explanation
6/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
1.1Overview of the security architecture
3-User domain security (III) :prevent unsecured access to the
mobile station
4-Application domain security (IV): provide secure data
transmission in the application between user and provider
5- visibility and configurability of security (V) :
Ensure which level of security we will use
7/29/2019 3G Security Architecture_Theory Explanation
7/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Two Iu signalling connections(two RANAP instances)
UTRAN
3G SGSN
HLR
3G MSC/VLR
UE
CS service
domain
Two CN service domains
One RRC connection
UTRAN with
distributionunctionality
PS servicedomain
Common subscriptiondata base
CS statePS state
PS stateCS state
CS location PS location
1.1Overview of the security architecture
7/29/2019 3G Security Architecture_Theory Explanation
8/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. Introduction
2. Network Access Security
3. Network access security mechanism
7/29/2019 3G Security Architecture_Theory Explanation
9/37
7/29/2019 3G Security Architecture_Theory Explanation
10/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
2.2 Entity authentication
There is 2 mechanisms for user authentication
1- the user ID is authenticated by the Integrity key between
user & network during previous execution
2-Authentication vector provided by home network to the
serving network
7/29/2019 3G Security Architecture_Theory Explanation
11/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
2.3 Confidentiality
Cipher Key : the MS and the Network agrees on a certain
key
Cipher Algorithm : the MS and the Network agrees on a
certain Algorithm
So, the user data cannot be hacked on the air interface
& signaling data cannot be hacked over the access interface
7/29/2019 3G Security Architecture_Theory Explanation
12/37
7/29/2019 3G Security Architecture_Theory Explanation
13/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. Introduction
2. Network Access Security
3. Network access security mechanism
7/29/2019 3G Security Architecture_Theory Explanation
14/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.1 TMSI reallocation procedure
The TMSI is used to identify user over the radio access link
This mechanism should be taken after ciphering
This method is also to assign TMSI/LAI pair
MS VLR/SGSN
TMSI Allocation Complete
TMSI Allocation CommandTMSIn, LAIn
7/29/2019 3G Security Architecture_Theory Explanation
15/37
7/29/2019 3G Security Architecture_Theory Explanation
16/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
If the network doesnt receive acknowledge from the user
1-it will keep association between old TMSI & IMSI
2-it will keep association between new TMSI & IMSI
When there is a user originated transaction , the network will
determine which TMSI is used & delete the other one
Repeated TMSI reallocation (certain limit) is reported to theO&M
3.1 TMSI reallocation procedure
7/29/2019 3G Security Architecture_Theory Explanation
17/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.2 Identification by a permanent
identity
This case happens when
1-the user is accessing the network for the first time
2-the SGSN/VLR cannot retrieve the IMSI from the old TMSI
ME/USIM VLR/SGSN
User identity response
IMSI
User identity request
7/29/2019 3G Security Architecture_Theory Explanation
18/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.3 Authentication and key agreement
The network HE has a security Key K , and the USIM has
the same security key K
So , the network can authenticate the two users according
to this Key
In addition there is a keep track counters for the USIM and
the HE to ensure the authentication
7/29/2019 3G Security Architecture_Theory Explanation
19/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
The HE/HLR sends an n array authentication vector
Each vector is composed of the following
1. Authentication Token (AUTN)
2. Expected response (XRES)
3. Random number (RAND)
4. Cipher key (CIPH)
5. Integrity key (IK)
3.3 Authentication and key agreement
7/29/2019 3G Security Architecture_Theory Explanation
20/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
The SGSN/VLR sends the authentication token AUTN and
Random number RAND, USIM computes RES and then
SGSN compares RES with the XRES
If same , SGSN&USIM will send the CK & IK to theciphering entities
3.3 Authentication and key agreement
7/29/2019 3G Security Architecture_Theory Explanation
21/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.4 Distribution of authentication data
from HE to SN
The authentication data request shall include
1- IMSI
2-requesting node type (CS or PS )
Then the HE/HLR will send the ordered array of n -
authentication vectorVLR/SGSN HEAuthentication data request
IMSI
Authentication data response
AV(1..n)
7/29/2019 3G Security Architecture_Theory Explanation
22/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.4 Distribution of authentication data
from HE to SN
7/29/2019 3G Security Architecture_Theory Explanation
23/37
7/29/2019 3G Security Architecture_Theory Explanation
24/37
7/29/2019 3G Security Architecture_Theory Explanation
25/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Message Authentication Key
MAC = f1K(SQN || RAND || AMF)
Expected Response
XRES = f2K (RAND)
Cipher key
CK = f3K (RAND)
Integrity Key
IK = f4K (RAND)
3.4 Distribution of authentication data
from HE to SN
7/29/2019 3G Security Architecture_Theory Explanation
26/37
7/29/2019 3G Security Architecture_Theory Explanation
27/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
The USIM first computes the AK from the Random and
AUTN then compute XMAC , Compare it with MAC if Wrong
then it will send Failure (user authentication reject)
XMAC = f1K (SQN || RAND || AMF)USIM VLR/SGSN
User authentication request
RAND || AUTN
User authentication response
RES
User authentication rejectCAUSE
3.5 Authentication and key agreement
flow
7/29/2019 3G Security Architecture_Theory Explanation
28/37
7/29/2019 3G Security Architecture_Theory Explanation
29/37
7/29/2019 3G Security Architecture_Theory Explanation
30/37
7/29/2019 3G Security Architecture_Theory Explanation
31/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.6 Distribution of IMSI and temporary
authentication data within one serving network
domain
When the new SGSN receives a location update request , it
will identifies the old SGSN and it will send the request
requiring (Identity request)
The Old SGSN will provide the IMSI no. and the unusedquintet vectors of the user
VLRn/SGSNn VLRo/SGSNo
(TMSIo || LAIo)
or (P-TMSIo || RAIo)
IMSI || ({Qi} or {Ti}) ||
((CK || IK || KSI) or (Kc || CKSN))
7/29/2019 3G Security Architecture_Theory Explanation
32/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.7 Re-synchronisation procedure
One the Synchrnization failure message is received by
SGSN synchronisation failure
Then the SGSN will send authentication data request with
synchronisation failure indication in the message to the HE
With the Parameters RAND , AUTS
UE/USIM VLR/SGSN HLR/AuC
RAND, AUTN
AUTS
RAND, AUTS
{Qi}
7/29/2019 3G Security Architecture_Theory Explanation
33/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.7 Re-synchronisation procedure
The HE retrieves the SQN of MS ,and checks if the SQN of
HE is in the correct range
if not in the range , the HE verifies the AUTS
If the verification is successful , set
SQN of MS = SQN of HE
Then new authentication vectors is sent to the SGSN
7/29/2019 3G Security Architecture_Theory Explanation
34/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.8 Reporting authentication failures
from the SGSN/VLR to the HLR
Failure cause : network or user signature is wrong
Access type
Authentication reattempt : indicate if it is normal
authentication or reattempt
SGSN number
RAND number VLR/SGSN HLR
Authentication failure report
(IMSI, Failure cause, access type, authentication re-attempt,
VLR/SGSN address and RAND )
7/29/2019 3G Security Architecture_Theory Explanation
35/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.9 Authentication re-attempt
We need to set Authentication reattempt in the following
Reject cause MAC Failure
Reject Cause Synch Failure
Reject Cause GSM authentication unacceptable
7/29/2019 3G Security Architecture_Theory Explanation
36/37
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
3.10 Length of authentication
parameters
K=128bit RAND=128bit
CK=128bit
IK=128bit
SQN=48 bit
AK=48bit
AMF=16bit
MAC=64bit RES=4-16 octet
7/29/2019 3G Security Architecture_Theory Explanation
37/37
C i ht 2006 H i T h l i C Ltd All i ht d
Thanks