HUAWEI MSOFTX3000 Feature Description

Contents

Contents
10 Authentication Feature..........................................................................................................10-1
10.1 Service Description ...................................................................................................................................10-2 10.1.1 Function Code..................................................................................................................................10-2 10.1.2 Definition .........................................................................................................................................10-2 10.1.3 Benefits ............................................................................................................................................10-2 10.2 Availability ................................................................................................................................................10-3 10.2.1 Requirements for NEs......................................................................................................................10-3 10.2.2 Requirements for License ................................................................................................................10-3 10.2.3 Applicable Versions..........................................................................................................................10-3 10.3 Working Principle......................................................................................................................................10-3 10.4 Service Flow..............................................................................................................................................10-4 10.4.1 UMTS Authentication ......................................................................................................................10-4 10.4.2 GSM Authentication ........................................................................................................................10-5 10.5 Data Configuration....................................................................................................................................10-7 10.5.1 Data Configuration on MSOFTX3000.............................................................................................10-7 10.5.2 Data Configuration on HLR.............................................................................................................10-7 10.6 Service Management .................................................................................................................................10-7 10.6.1 Subscription of Authentication.........................................................................................................10-7 10.6.2 Query of Authentication...................................................................................................................10-7 10.7 Charging and CDR ....................................................................................................................................10-7 10.8 Service Interaction ....................................................................................................................................10-8 10.9 Reference ..................................................................................................................................................10-8 10.9.1 Protocols and Specifications ............................................................................................................10-8 10.9.2 Glossary, Acronyms and Abbreviations ...........................................................................................10-8

Issue 09 (2007-05-20)

Huawei Technologies Proprietary

Figures

HUAWEI MSOFTX3000 Feature Description

Figures
Figure 10-1 Flow of UMTS authentication ......................................................................................................10-4 Figure 10-2 Flow of GSM authentication.........................................................................................................10-6

ii

Huawei Technologies Proprietary

Issue 09 (2007-05-20)

HUAWEI MSOFTX3000 Feature Description

Tables

Tables
Table 10-1 Function names and functions codes in the authentication and encryption ....................................10-2 Table 10-2 Benefits for carriers and mobile subscribers...................................................................................10-2 Table 10-3 NEs involved in the authentication and encryption ........................................................................10-3 Table 10-4 Versions of the products that support the authentication and encryption........................................10-3 Table 10-5 Steps of configuring authentication data.........................................................................................10-7

Issue 09 (2007-05-20)

Huawei Technologies Proprietary

iii

HUAWEI MSOFTX3000 Feature Description

10 Authentication Feature

10
About This Chapter
Section 10.1 Service Description 10.2 Availability

Authentication Feature

The following table lists the contents of this chapter. Describes This section describes the function code, function definition of this feature, and the benefits that carriers and mobile subscribers can obtain from this feature. This section describes the network elements (NEs) that are required for the feature, whether Licenses are required, and the version requirements of the NEs. This section describes the functions of the NEs, and networking requirements. This section describes the service flow of the network when providing this feature. This section describes the data configurations that are required on the MSOFTX3000 and the UMG8900. This section describes the service operations that carriers and mobile subscribers are required to implement when the network provides this feature. None None This section describes the protocols and specifications that this feature must comply with, and the acronyms and abbreviations of this chapter.

10.3 Working Principle 10.4 Service Flow 10.5 Data Configuration 10.6 Service Management

10.7 Charging and CDR 10.8 Service Interaction 10.9 Reference

Issue 09 (2007-05-20)

Huawei Technologies Proprietary

10-1

10 Authentication Feature

HUAWEI MSOFTX3000 Feature Description

10.1 Service Description

10.1.1 Function Code
Table 10-1 lists the mapping between function names and function codes in the speech service. Table 10-1 Function names and functions codes in the authentication and encryption Name GSM Authentication and Encryption UMTS Authentication and Encryption
Note: GSM = Global System for Mobile communications; UMTS = Universal Mobile Telecommunications System

Code WMFD-060301 WMFD-060302

10.1.2 Definition
Authentication is a process used for a network to verify the validity of an UE. In the UMTS, an UE can also verify the validity of a network. Authentication, as part of the security management of a wireless network, guarantees the confidentiality and integrity of the wireless network, so that illegal subscribers cannot use the services that the network provides.

10.1.3 Benefits
Table 10-2 lists the benefits for carriers and mobile subscribers. Table 10-2 Benefits for carriers and mobile subscribers Beneficiary Carriers Description Authentication is an elementary feature of a network. Authentication enables carriers to verify the validity of MSs/UEs, and prevents illegal subscribers from accessing the network and using the services that the network provides. Authentication protects mobile subscribers from illegal attack.

Mobile subscribers

Note: MS = mobile station; UE = user equipment

10-2

Huawei Technologies Proprietary

Issue 09 (2007-05-20)

HUAWEI MSOFTX3000 Feature Description

10 Authentication Feature

10.2 Availability
10.2.1 Requirements for NEs
The authentication and encryption requires the cooperation of the UE/MS, base station subsystem (BSS) , radio access network (RAN) and core network (CN). For details, see Table 10-3. Table 10-3 NEs involved in the authentication and encryption UE/ MS NodeB /BTS RNC/ BSC MSC Server MGW SGSN GGSN VLR HLR

"" means the NE is required.

10.2.2 Requirements for License

No License is required to obtain the authentication service, because the service is the elementary feature of the HUAWEI wireless core network.

10.2.3 Applicable Versions

Table 10-4 lists the versions of the HUAWEI circuited switched (CS) products that support the authentication and encryption. Table 10-4 Versions of the products that support the authentication and encryption Product MSC Server MGW MSOFTX3000 UMG8900 Applicable version V100R002 and later V200R002 and later

10.3 Working Principle

In the GSM and UMTS, the MS/UE, visitor location register (VLR) and authentication center (AuC) cooperate with each other to implement authentication. The MS/UE and AuC calculate authentication parameters respectively. The VLR then compares the two results, to verify the validity of the MS/UE. In the UMTS, the MS/UE can also verify the validity of the network.

Issue 09 (2007-05-20)

Huawei Technologies Proprietary

10-3

10 Authentication Feature

HUAWEI MSOFTX3000 Feature Description

10.4 Service Flow

10.4.1 UMTS Authentication
UMTS authentication takes place when a UMTS subscriber accesses the UMTS with a UMTS subscriber identity module (USIM) card. Figure 10-1 shows the flow of UMTS authentication. Figure 10-1 Flow of UMTS authentication

Uu UE RAN

RANAP Iu MSC

MAP B VLR

MAP D HLR/AuC

1. Send a service request (call setup/location update/ supplementary serice/SMS) 2. Send a MAP request (CKSN, IMSI/TMSI) 5. Start authentication 5 5 (RAND, AUTN) 3. Send a request for authntication parameters ( IMSI) 4. Return parameters IMSIRANDCK IKAUTNXRES

6. Refuse authentication (XMAC MAC) 6. Synchronization fails (SQNHE SQNMS) 7. Send an authentication response

AuC re-synchronization

7. Accept the request/ Refuse the request Sends an acceptance response Authentication succeeds legal UE Authentication fails illegal UE

8. Compare SRES and XRES

Explanations of the flow of UMTS authentication are as follows: Step 1 The UE sends an authentication request to the mobile switching center (MSC). The authentication of services is defined by the data configured on the MSC. Step 2 The MSC sends a MAP_PROCESS_ACCESS_REQUEST to the VLR, requesting the authentication set from the VLR. If there are available authentication sets in the VLR, the VLR returns the RAND and AUTN contained in the authentication set to the MSC before starting authentication. The MSC then directly transfers the two parameters to the UE over the RAN, without interacting with the AuC. That is, step 5 takes place immediately after step 2. If no available authentication set is in the VLR, step 3 takes place.

10-4

Huawei Technologies Proprietary

Issue 09 (2007-05-20)

HUAWEI MSOFTX3000 Feature Description

10 Authentication Feature

Step 3 The VLR requests the authentication set from the AuC. Step 4 The AuC returns one to five groups of quintuples to the VLR based on actual conditions. Step 5 The VLR starts authentication. Step 6 The UE calculates the authentication parameters XMAC and SQNMS at the UE side, based on the RAND and AUTN returned by the VLR. The UE then compares the XMAC and SQNMS with the MAC and SQNHE in AUTN. If MAC is not equal to XMAC, the authentication of the UE to the network fails. In this case, the VLR reports the authentication failure message to the AuC. If the difference between SQNMS and SQNHE is not within the specific range, it means the authentication of the UE to the network fails. In this case, the VLR sends a re-synchronization message to the AuC. The re-synchronization flow is similar to the flow of obtaining authentication set from the AuC. The difference is that the MAP_SEND_AUTHENTICATION_INFO message carries the re-synchronization information containing AUTS and RAND. After receiving the re-synchronization message, the AuC calculates MAC based on the RAND in the message, and compares the MAC with the MAC-S in AUTS, to judge whether the re-synchronization is valid. The AuC adjusts its own SQNHE based on the SQNMS in AUTS, and calculates a new group of authentication values for the VLR. The VLR starts authentication again with the new group of authentication values, and returns AUTN and RAND to the UE. After that, steps 3 and 4 are repeated. If the validity verification succeeds, then the authentication succeeds. Step 7 The UE calculates XRES based on the AUTN and RAND returned from the VLR, and sends an authentication response carrying XRES to the VLR. Step 8 The VLR compares the XRES returned by the UE with the XRES calculated by the AuC. If the two values are different, the VLR sends an authentication rejection response to the UE. The UE receives the response. This means the UE is invalid and the authentication fails. If the two values are the same, the authentication of the network to the UE succeeds. In this case, the network sends a response to the UE, indicating that the service or location update is accepted. ----End

10.4.2 GSM Authentication

GSM authentication takes place under one of the following conditions: A GSM subscriber accesses the GSM with a SIM card. A GSM subscriber accesses the UMTS. A UMTS subscriber accesses the GSM. SIM stands for subscriber identity module. In GSM authentication, the MS does not have to authenticate the network. Figure 10-2 shows the flow of GSM authentication.

Issue 09 (2007-05-20)

Huawei Technologies Proprietary

10-5

10 Authentication Feature

HUAWEI MSOFTX3000 Feature Description

Figure 10-2 Flow of GSM authentication

Um MS BSS 1. Send a service request (call setup/location update/ supplementary serice/SMS) (CKSN, IMSI/TMSI) 3. Send a request for authntication parameters (IMSI) 4. Return parameters (IMSI, KC, S, RAND) BSSAP A MSC 2. Send a MAP request MAP B VLR MAP D HLR/AuC

5. Start authentication 5 5 (CKSN, RAND)

6. Send an authentication response 6 Sends an acceptance response 7. Accept the request/ Refuse the request Authentication succeeds legal UE Authentication fails illegal UE 8. Compare SRES and XRES

Explanations of the flow of GSM authentication are as follows: Step 1 The MS sends an authentication request to the MSC. The authentication of services is defined by the data configured on the MSC. Step 2 The MSC sends a MAP_PROCESS_ACCESS_REQUEST to the VLR, requesting the authentication set from the VLR. If there are available authentication sets in the VLR, the VLR returns the RAND and AUTN contained in the authentication set to the MSC before starting authentication. The MSC then directly transfers the two parameters to the MS, without interacting with the AuC. That is, step 5 takes place immediately after step 2. If no available authentication set is in the VLR, step 3 takes place. Step 3 The VLR requests the authentication set from the AuC. Step 4 The AuC returns one to five groups of triplets to the VLR based on actual conditions. Step 5 The VLR starts authentication. Step 6 The MS calculates SRES based on the RAND returned from the VLR, and sends an authentication response carrying SRES to the VLR. Step 7 The VLR compares the SRES returned by the MS with the SRES calculated by the AuC. If the two values are different, the VLR sends an authentication rejection response to the MS. The MS receives the response. This means the MS is invalid and the authentication fails. If the two values are the same, the authentication of the network to the MS succeeds. In this case, the network sends a response to the MS, indicating that the service or location update is accepted.

10-6

Huawei Technologies Proprietary

Issue 09 (2007-05-20)

HUAWEI MSOFTX3000 Feature Description

10 Authentication Feature

----End

When a UMTS subscriber roams in the GSM, the AuC may return a quintuple to the VLR. In this case, the VLR must transform the quintuple to a triplet. After that, the VLR returns the ciphering key sequence number (CKSN) together with the RAND in the triple to the MS.

10.5 Data Configuration

10.5.1 Data Configuration on MSOFTX3000
Table 10-5 lists the steps of configuring authentication data. Table 10-5 Steps of configuring authentication data Step 1 2 3 4 Operation Run MOD AUTHCFG to modify authentication configuration. Run ADD CHKIMEICTRL to add IMEI check control. Run SET CHKIMEICFG to set IMEI check configuration. Run ADD VEIRUSER to add a virtual EIR subscriber. Remark Optional Optional Optional Optional

10.5.2 Data Configuration on HLR

For the details on configuration steps and parameter description, see the manuals relevant to the HLR.

10.6 Service Management

10.6.1 Subscription of Authentication
The subscription of authentication is on the HLR. For details, see the manuals relevant to the HLR.

10.6.2 Query of Authentication

The query of authentication is on the HLR. For details, see the manuals relevant to the HLR.

10.7 Charging and CDR

None

Issue 09 (2007-05-20)

Huawei Technologies Proprietary

10-7

10 Authentication Feature

HUAWEI MSOFTX3000 Feature Description

10.8 Service Interaction

None

10.9 Reference
10.9.1 Protocols and Specifications
3GPP TS 33.102: <3rd Generation Partnership Project;Technical Specification Group Services and System Aspects;3G Security;Security Architecture> 3GPP TS 29.002: <3rd Generation Partnership Project;Technical Specification Group Core Network;Mobile Application Part (MAP) specification;>

10.9.2 Glossary, Acronyms and Abbreviations

Glossary
Glossary Triplet Definition A triplet is a GSM authentication vector composed of three elements: RAND, SRES and Kc. It is a temporary data used for the MSC/VLR or SGSN to negotiate GSM authentication and key agreement (AKA) with a specific subscriber. A quintuple is a UMTS authentication vector composed of five elements: RAND, XRES, CK, IK and AUTN. It is a temporary data used for the MSC/VLR or SGSN to negotiate UMTS AKA with a specific subscriber.

Quintuple

Acronyms and Abbreviations

Acronym/Abbreviation AuC CKSN GSM MAC MS MSC RAND UMTS UE Full Name Authentication Center Ciphering Key Sequence Number Global System for Mobile Communications Message Authentication Code Mobile Station Mobile Switching Center RANDom number Universal Mobile Telecommunication Services User Equipment

10-8

Huawei Technologies Proprietary

Issue 09 (2007-05-20)

HUAWEI MSOFTX3000 Feature Description

10 Authentication Feature

Acronym/Abbreviation VLR

Full Name Visitor Location Register

Issue 09 (2007-05-20)

Huawei Technologies Proprietary

10-9