Describe in details the Authentication in 3GPP with clear steps and definition o
ID: 3733774 • Letter: D
Question
Describe in details the Authentication in 3GPP with clear steps and definition of each element involved and its role (IMSI, AUTN, CK,…etc).
Authentication in 3GPP Home Environment Mobile Station Visited Network Sequence number (SON) RAND(i) K: User's secret key Generation of ryptographic material User authentication request IMSI/TMSI Authentication vectors RAND(i)AUTN(i) Verify AUTN(i) Compute RES(i) User authentication response RES(i) Compare RES(i) and YRES(i) Compute CK(i) and IK(i) Select CK(i) and IK(i)Explanation / Answer
there are several real and perceived security weaknesses present in GSM and other 2G systems. to iliminate such weakness (UMTS) universal Mobile Telecommunication System standard for third generation (3G) wireless communications, deviced and opted the Enhanced authentication and key agreement protocol created by the Third-Generation Partnership Project (3GPP).
3GPP AKA :- is protocol by the Third-Generation Partnership Project (3GPP) for Enhanced authentication and key agreement.
3gpp AKA extends the framework of the GSM AKA and provides significant improvement in mutual authentication, agreement on an integrity key between the user and the serving network, and
freshness assurance of agreed cipher key and integrity key. As in the GSM AKA, the serving network authenticates the user by using authentication data (called authentication vectors).
Authentication Vector is Either a quintet or a triplet of parameters. The GSM AV uses a triplet of parameters which provides temporary authentication data that enables a VLR (Visitor Location Register) or SGSN (Serving GPRS Support Node) to engage in GSM authentication with a particular user.
to achieve freshness assurance of agreed cipher and integrity keys. To facilitate sequence number generation and verification, two counters are maintained for each user: one in the mobile station and the other one in the home network. Normally, the counter in the mobile station has a value less than or equal to the counter in the home network. When a mismatch occurs between the two counters, which may be caused by a failure in the home network, the authentication vectors generated by the home network may not be acceptable by the mobile station. Such a phenomenon is called loss of synchronization and resynchronization is needed to adjust the counter in the home network.
The 3GPP authentication and key agreement protocol has been scrutinized widely within wireless communications industries. To date, no serious flaw has ever been reported in the public literature. Using a formal method known as BAN logic, the designers have
the goals of the protocol as they are stated in are met by the protocol. In this paper, we show however, that the protocol 3GPP AKA is vulnerable to a variant of false base station attack. The flaw of 3GPP AKA allows an adversary to redirect user traffic from one network to another. It also allows an adversary to use the authentication vectors corrupted from one network to impersonate other networks, hence the corruption of one network may jeopardize the entire system. The redirection attack represents a real threat since the security levels provided by different networks are not always the same. The redirection attack could also cause billing problem as the service rates offered by different networks are not always the same, either. In addition, the use of synchronization between a mobile station and its home network incurs considerable difficulty for the normal operation of the protocol, and may lead to synchronization attack as occurred in the Internet.
IMSI (international Mobile Subscriber Identity) :- is used to identify the user of a cellular network and is a unique identification associated with all cellular networks. It is stored as a 64 bit field and is sent by the phone to the network. It is also used for acquiring other details of the mobile in the home location register (HLR) or as locally copied in the visitor location register.
visitor location register :- The Visitor Location Register (VLR) is a database of the MSs (Mobile stations) that have roamed into the jurisdiction of the MSC (Mobile Switching Center) which it serves. Each main base station in the network is served by exactly one VLR (one BTS may be served by many MSCs in case of MSC in pool), hence a subscriber cannot be present in more than one VLR at a time.
AUTH :- An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities.
GSM (Global System for Mobile Communications, originally Groupe Spécial Mobile) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation digital cellular networks used by mobile devices such as tablets, first deployed in Finland in December 1991.[2] As of 2014, it has become the global standard for mobile communications – with over 90% market share, operating in over 193 countries and territories .
The authentication challenge data received in AUTHENTICATION REQUEST message (RAND and AUTN) and responds with an AUTHENTICATION RESPONSE message to deliver a calculated authentication response RES to the network.
EPS authentication Performs the response takes in the USIM (RES) is minimum 4 octets and may be up to 16 octets in length. The RES is included in the IE Authentication response parameter in the AUTHENTICATION RESPONSE message.
Upon receipt of an AUTHENTICATION RESPONSE message the MME compares the received RES value with the XRES (Expected Response) value. If RES == XRES, then the network considers that the successfully authenticated itself to the network.
If the AUTHENTICATION RESPONSE get by the source is not valid (RES != XRES), the network response depends upon the type of identity used by the Source in the initial NAS message (if GUTI was used or IMSI was used) as explained below:
the network should initiate an identification procedure. If the IMSI given by the UE during the identification procedure differs from the IMSI the network had associated with the GUTI, the authentication should be restarted with the correct parameters. Otherwise, if the IMSI provided by the UE is the same as the IMSI stored in the network (i.e. authentication has really failed), the network should sends AUTHENTICATION REJECT message to the UE
If the IMSI was used for identification in the initial NAS message, or the network decides not to initiate the identification procedure after an unsuccessful authentication procedure, the network should send an AUTHENTICATION REJECT message to Source.