3G Security Architecture_Theory Explanation

7/29/2019 3G Security Architecture_Theory Explanation

1/37

www.huawei.com

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

3G Security architecture

Theory explanation


2/37


Refrences

3GPP TS 33.102 V7.0.0 (2005-12)


3/37


Contents

1. Introduction

2. Network Access Security

3. Network access security mechanism


4/37


1.1Overview of the security architecture

Homestratum/ServingStratum

USIM HE

Transport

stratumME

SN

AN

Applicationstratum

User Application Provider Application

(IV)

(III)

(II)

(I)

(I)

(I)

(I)

(I)


5/37



We have five different security groups each security group has a

special security function

1-Network access security (I) : provide user secure access to the 3G

network especially from the attack of the Radio Network

2-Network domain security (II): provide user secure access to the 3G

network especially from the attack of the wire line network


6/37



3-User domain security (III) :prevent unsecured access to the

mobile station

4-Application domain security (IV): provide secure data

transmission in the application between user and provider

5- visibility and configurability of security (V) :

Ensure which level of security we will use


7/37


Two Iu signalling connections(two RANAP instances)

UTRAN

3G SGSN

HLR

3G MSC/VLR

UE

CS service

domain

Two CN service domains

One RRC connection

UTRAN with

distributionunctionality

PS servicedomain

Common subscriptiondata base

CS statePS state

PS stateCS state

CS location PS location



8/37


Contents

1. Introduction




9/37


10/37


2.2 Entity authentication

There is 2 mechanisms for user authentication

1- the user ID is authenticated by the Integrity key between

user & network during previous execution

2-Authentication vector provided by home network to the

serving network


11/37


2.3 Confidentiality

Cipher Key : the MS and the Network agrees on a certain

key

Cipher Algorithm : the MS and the Network agrees on a

certain Algorithm

So, the user data cannot be hacked on the air interface

& signaling data cannot be hacked over the access interface


12/37


13/37


Contents

1. Introduction




14/37


3.1 TMSI reallocation procedure

The TMSI is used to identify user over the radio access link

This mechanism should be taken after ciphering

This method is also to assign TMSI/LAI pair

MS VLR/SGSN

TMSI Allocation Complete

TMSI Allocation CommandTMSIn, LAIn


15/37


16/37


If the network doesnt receive acknowledge from the user

1-it will keep association between old TMSI & IMSI

2-it will keep association between new TMSI & IMSI

When there is a user originated transaction , the network will

determine which TMSI is used & delete the other one

Repeated TMSI reallocation (certain limit) is reported to theO&M

3.1 TMSI reallocation procedure


17/37


3.2 Identification by a permanent

identity

This case happens when

1-the user is accessing the network for the first time

2-the SGSN/VLR cannot retrieve the IMSI from the old TMSI

ME/USIM VLR/SGSN

User identity response

IMSI

User identity request


18/37


3.3 Authentication and key agreement

The network HE has a security Key K , and the USIM has

the same security key K

So , the network can authenticate the two users according

to this Key

In addition there is a keep track counters for the USIM and

the HE to ensure the authentication


19/37


The HE/HLR sends an n array authentication vector

Each vector is composed of the following

1. Authentication Token (AUTN)

2. Expected response (XRES)

3. Random number (RAND)

4. Cipher key (CIPH)

5. Integrity key (IK)



20/37


The SGSN/VLR sends the authentication token AUTN and

Random number RAND, USIM computes RES and then

SGSN compares RES with the XRES

If same , SGSN&USIM will send the CK & IK to theciphering entities



21/37


3.4 Distribution of authentication data

from HE to SN

The authentication data request shall include

1- IMSI

2-requesting node type (CS or PS )

Then the HE/HLR will send the ordered array of n -

authentication vectorVLR/SGSN HEAuthentication data request

IMSI

Authentication data response

AV(1..n)


22/37



from HE to SN


23/37


24/37


25/37


Message Authentication Key

MAC = f1K(SQN || RAND || AMF)

Expected Response

XRES = f2K (RAND)

Cipher key

CK = f3K (RAND)

Integrity Key

IK = f4K (RAND)


from HE to SN


26/37


27/37


The USIM first computes the AK from the Random and

AUTN then compute XMAC , Compare it with MAC if Wrong

then it will send Failure (user authentication reject)

XMAC = f1K (SQN || RAND || AMF)USIM VLR/SGSN

User authentication request

RAND || AUTN

User authentication response

RES

User authentication rejectCAUSE


flow


28/37


29/37


30/37


31/37


3.6 Distribution of IMSI and temporary

authentication data within one serving network

domain

When the new SGSN receives a location update request , it

will identifies the old SGSN and it will send the request

requiring (Identity request)

The Old SGSN will provide the IMSI no. and the unusedquintet vectors of the user

VLRn/SGSNn VLRo/SGSNo

(TMSIo || LAIo)

or (P-TMSIo || RAIo)

IMSI || ({Qi} or {Ti}) ||

((CK || IK || KSI) or (Kc || CKSN))


32/37


3.7 Re-synchronisation procedure

One the Synchrnization failure message is received by

SGSN synchronisation failure

Then the SGSN will send authentication data request with

synchronisation failure indication in the message to the HE

With the Parameters RAND , AUTS

UE/USIM VLR/SGSN HLR/AuC

RAND, AUTN

AUTS

RAND, AUTS

{Qi}


33/37


3.7 Re-synchronisation procedure

The HE retrieves the SQN of MS ,and checks if the SQN of

HE is in the correct range

if not in the range , the HE verifies the AUTS

If the verification is successful , set

SQN of MS = SQN of HE

Then new authentication vectors is sent to the SGSN


34/37


3.8 Reporting authentication failures

from the SGSN/VLR to the HLR

Failure cause : network or user signature is wrong

Access type

Authentication reattempt : indicate if it is normal

authentication or reattempt

SGSN number

RAND number VLR/SGSN HLR

Authentication failure report

(IMSI, Failure cause, access type, authentication re-attempt,

VLR/SGSN address and RAND )


35/37


3.9 Authentication re-attempt

We need to set Authentication reattempt in the following

Reject cause MAC Failure

Reject Cause Synch Failure

Reject Cause GSM authentication unacceptable


36/37


3.10 Length of authentication

parameters

K=128bit RAND=128bit

CK=128bit

IK=128bit

SQN=48 bit

AK=48bit

AMF=16bit

MAC=64bit RES=4-16 octet


37/37

C i ht 2006 H i T h l i C Ltd All i ht d

Thanks

3G Security Architecture_Theory Explanation

Documents