GSM [2G] Authentication Procedure

Authentication procedure is needed to know whether a User/ UE

(User Equipment i.e. Mobile)/SIM (subscriber) has a valid access to an operator
network. As we know there are there major entities participate in it.

1) User Entity (SIM - UE)

2) Controlling Entities(MSC, VLR, SGSN)
3) Authentication Entity(HLR, Auc)

General Details
Before going into the technical details of a Authentication procedure here is
brief idea what actually happens.During Authentication Procedure some messages
have been exchanged between User Entity and Authentication Entity via
controlling entity. During this message exchange some algorithms are applied on
User Entity and Authentication Entity; as a result of these algorithms one or
two secret information (KEYs) have been generated; these generated information
(KEYS) are sent by User Entity to controlling entity and Authentication entity
to controlling entity. After receiving information from both entities
controlling entities compares them if they are identical then authentication
is successful otherwise not a valid subscriber.

Following Image gives the idea how it works with MSC (Controlling Entity)
Following Image gives the idea how it works with SGSN (Controlling Entity)

Now let's see how it works technically.

SIM - Subscriber Identity Module contains following data for Authentication for
each subscriber
1) IMSI:- International Mobile Subscriber Identity
2) Secret Key (K 128 Bits):- This key some times known as shared
key as well because this is present in both SIM and HSS.
3)Algorithm A3:- Authentication algorithm
4)Algorithm A8:- Ciphering key generator.
5)Algorithm A5:- Ciphering/deciphering algorithm (Used after
authentication to hide data with CK Ciphering key )

HSS/AuC (Home Subscriber Server) contains following things

1) IMSI:- International Mobile Subscriber Identity
2) Secret Key (K 128Bits):- This key some times known as shared
key as well because this is present in both SIM and HSS.
3) Algorithm A3:- Authentication algorithm
4) Algorithm A8:- Ciphering key generator.
5) RAND generator:- HSS also have a way to generate a 128 Bits random number
generator.

GSM Authentication Scheme

When UE attaches then HSS receives MAP_SEND_AUTHENTICATION_INFO request, upon

receiving this request HSS computes authentication vectors(AVs) consisting of
RAND,SRES,Kc. Following steps to be taken in complete cycle of authentication

Step -1 HSS generates a RAND (Random Number 128 Bits)

Step -2 This generated RAND and Secret KEY (K) already
provisioned at HSS for given User identified by IMSI shall
be passed to Algorithm A3 to generate SRES.
Step -3 RAND and Secret KEY (K) shall be passed to Algorithm A8
to generate Kc i.e. Confidentiality Key.
Step -4 This generated information along with RAND shall be send
to VLR or SGSN.
Step -5 VLR sends AV(Authentication Vectors) to MSC.
Step -6 MSC Keeps Kc and SRES with it and send RAND to UE over
network.
Step -7 Now UE shall generate the same AV using received RAND as
done in HSS such as SRES is generated by passing Shared
KEY(K) already stored in SIM along with received RAND to A3
algorithm.
Step -8 Similarly Kc shall be generated by passing RAND and
Shared KEY (K) to A8 algorithm.
Step -9 UE send generated SRES to MSC.
Step -10 On receive of SRES from UE; MSC matches with the SRES
received from HSS. If both are identical then User is
Authenticated User. Otherwise not.
Step -11 An Authenticated User shall use Kc Ciphering Key during
to encrypt/decrypt data using A5 function

[UMTS - 3G] UTRAN Authentication Procedure

This is a mutual authentication mechanism, in which UE/SIM is authenticated by
Network and Network is authenticated by UE/SIM. In this procedure message follow
is more or less same as GSM Procedure, But key generation is complex,
multiple key are generated, Integrity protection is also taken care and a
sequence number is also maintained. As in every authentication procedure
(telecom) it also have three major entities.

1) User Entity (SIM, User Equipment)

2) Controlling Entity (SGSN)
3) Authentication Entity(HSS/HLR,AuC)

Following table contains the attribute used in KEY generation, Table gives
the usage of each attribute,size and place where they are used/stored.

Field Name Description Size Used/Stored

at
IMSI To uniquely identify a SIM Up to 15 Both UE ,
digits HSS
Secret Key Sometimes called as shared key because 128 Bits Both UE ,
(K) it is stored in both User Entity and HSS
Authentication Entity.
Algorithm F1 Used to generate MAC 64 Bits HSS
Algorithm F1* Used to generate MAC-S 64 Bits UE
Algorithm F2 Used to generate XRES/RES i.e. Expected 64 Bits HSS,UE
Response.
Algorithm F3 Used to generate CK; Cipher Key 128 Bits HSS,UE
Algorithm F4 Used to generate IK; Integrity Key 128 Bits HSS,UE
Algorithm F5 Used to generate AK; Anonymity Key; 48 Bits HSS
used to hide/reveal sequence Number
Algorithm F5* Used to generate AK; Anonymity Key; 48 Bits UE
used to hide/reveal sequence Number
Sequence 32 different Sequence Numbers - for 48 Bits HSS,UE
Numbers synchronization i.e. no breach of
security over the air
Delta Value Delta Value- a allowed range of UE
sequence number difference at HSS and
UE.
AMF Authentication Management Field. Usage 16 Bits HSS
is operator dependent.
Bit 0 is “AMF Separation Bit” and is
used to in EPS
Bits 1 to 7 are reserved for future
standardization use.
 Bits 8 to 15 are open for proprietary
use
AUTN AUTN := SQN  AK || AMF || MAC 128 Bits HSS

AUTS AUTS = SQNMS  AK || MAC-S 112 Bits UE

Here we are directly moving how does it works.

Step -1 User sends a attach request toward SGSN, and SGSN send authentication
request toward HSS/HLR.

Step -2 After receiving authentication request HSS/HLR shall generate

Authentication Vectors (AV) consisting of RAND,XRES, AUTN ,CK ,IK.

Step-3 Following steps explains how AV are generated.

a) First of all HSS generates RAND a random number.

b) Now randomly pick any sequence number out of 32. At very first all sequence
number is set to zero and shall be increase by one as a considered sequence
number is used. Sequence Number is of following format.Give a minute to
following image which is self-explanatory (8-Motions)

c) Say sequence number with index IND 3 (three) is picked then value of SEQ
shall be incremented by one and updated information is stored in HSS. if suppose
once again sequence number with IND 3 (three) is selected then again one is
incremented as shown below.
d) Now generate XRES, ATUN, CK , IK. Give few seconds to following image it has
9 motions.

Authentication Vector generation at HSS

Step -4 HSS sends generated Vector and to Controlling Entity (SGSN).

Step -5 SGSN keeps XRES, CK, IK with it and sends AUTN and RAND to UE.
Step -6 Now on receive of RAND and AUTN UE shall extract MAC, SQN, and AMF.
Step -7 UE compares SQN [SEQ+IND] received with SQN [SEQ+IND] at its end in
following way. if received SEQ in valid delta range then moves to step -8.
Generally value of delta is one; otherwise shall trigger re-synchronization
request to SGSN(explained later). Give few seconds to following image,it
contains 8 motions.

Sequence Number processing at HSS and UE end

Step -8 UE shall generate XMAC, RES, CK, IK. in following way. Give a minute to
following IMAGE which is self-explanatory, it contains 5 motions.
 Authentication Vector Processing at UE

Step -9 Now RES is sent to Controlling Entity (SGSN).

Step -10 Controlling Entity shall compare RES with XRES store at its own end.
[RES=XRES]
Step -11 If both are not equal then Controlling entity shall send attach
rejected to UE.
Step -12 If both are equal , implies user is Authenticated, shall invoke next
message of Attach Procedure.

Usage of OP/OPc and Transport Key

[EPS 4G] E-UTRAN Authentication Procedure
It would be better that before going to E-UTRAN just scroll through the 3G
authentication procedure. E-UTRAN authentication also checks that the PLMN in
which UE is roaming is authenticated or not. Here one key KASME is generated
that takes visited PLMN Id, CK, IK as an input that are generated in the same
way they are generated in 3G Authentication. Rest all is same as 3G
authentication.

4G Authentication Procedure

Algorithm to generate KASME is as follow

KASME = HMAC-SHA-256(Key,S)
where,
S = FC||P0||L0||P1||L1||P2||L2||P3||L3||... ||Pn||Ln

FC is single octet. Its value is defined by 3GPP.

All Px are inputs and Lx is the length of the inputs
For KASME,
Key = CK || IK
FC = 0x10,
P0 = SN id,
L0 = length of SN id (i.e.0x00 0x03),
P1 = SQN  AK
L1 = length of SQN AK (i.e. 0x00 0x06)