M900/M1800 Base Station Subsystem

Signaling Analysis Manual

Contents

Contents
5 Authentication Procedure.........................................................................................................5-1
5.1 Overview...........................................................................................................................................................5-2
5.2 Authentication Procedure .................................................................................................................................5-2
5.2.1 Successful Authentication.......................................................................................................................5-2
5.2.2 Unsuccessful Authentication ..................................................................................................................5-3
5.3 Internal Handling of BSC.................................................................................................................................5-4
5.4 Abnormal Cases................................................................................................................................................5-4

Issue 01 (2007-03-15)

Huawei Technologies Proprietary

M900/M1800 Base Station Subsystem

Signaling Analysis Manual

Figures

Figures
Figure 5-1 Procedure of successful authentication ...............................................................................................5-3
Figure 5-2 Authentication rejection procedure .....................................................................................................5-4

ii

Huawei Technologies Proprietary

Issue 01 (2007-03-15)

M900/M1800 Base Station Subsystem

Signaling Analysis Manual

5 Authentication Procedure

Authentication Procedure

About This Chapter

The following table lists the contents of this chapter.
Title

Description

5.1 Overview

Introduces the authentication technology of Huawei GSM

network.

5.2 Authentication Procedure

Describes authentication procedures, including successful

and unsuccessful authentication procedures.

5.3 Internal Handling of BSC

Describes the BSC internal handling regarding

authentication.

5.4 Abnormal Cases

Describes typical abnormal authentication procedures.

Issue 01 (2007-03-15)

Huawei Technologies Proprietary

5-1

M900/M1800 Base Station Subsystem

Signaling Analysis Manual

5 Authentication Procedure

5.1 Overview
Authentication refers to the procedure of authenticating the validity of the IMSI and TMSI of
MS initiated by the GSM network.
The purpose of the authentication procedure is to prevent illegal MS from accessing the
network, and in the meantime, to protect the private information of legal MS from leakage.
On the following conditions, the network may initiate the authentication procedure.
z

MS requests modification of its relevant information in VLR or HLR.

Service access is initiated (MS originates a call. MS is called. MS is activated or

deactivated. Supplementary service is initiated)

MS accesses the network for the first time after MSC/VLR is restarted

The ciphering key sequence number Kc is not matched.

The purpose of the authentication procedure is twofold.

z

To permit the network to check whether the identity provided by MS is acceptable or not

To provide parameters enabling MS to calculate a new ciphering key

The authentication procedure is always initiated and controlled by the network.

5.2 Authentication Procedure

The network initiates the authentication procedure by transferring an Authentication Request
message to MS and starts timer T3260. The Authentication Request message contains the
parameters used to calculate the response parameters, and also contains the CKSN (Ciphering
Key Sequence Number) allocated to the key which may be computed from the given
parameters.
Upon receipt of the Authentication Request message, MS processes the challenge information
and sends back an Authentication Response message to the network. The new ciphering key
Kc calculated from the challenge information shall overwrite the previous one and be stored
in SIM before the Authentication Response message is transmitted. The CKSN shall be stored
together with the calculated Kc.
Upon receipt of the Authentication Response message, the network stops timer T3260 and
checks the validity of the response.

5.2.1 Successful Authentication

Figure 5-1 shows the procedure of successful authentication.

5-2

Huawei Technologies Proprietary

Issue 01 (2007-03-15)

M900/M1800 Base Station Subsystem

Signaling Analysis Manual

5 Authentication Procedure

Figure 5-1 Procedure of successful authentication

MS

BTS

BSC

MSC

AUT_REQ(1)

AUT_RES(2)

Step 1 The Authentication Request message contains a RAND (Random Number) and a CKSN.
There are total 128 bits in the RAND.
Step 2 The Authentication Response message contains a response number (SRES), which is obtained
based on calculation of RAND and Ki through the A3 algorithm.
The network compares the SRES stored in itself with the one contained in the Authentication
Response message. If the two are consistent, authentication shall be passed, and the
subsequent sub-procedures (such as the encryption procedure) shall be entered.
----End

5.2.2 Unsuccessful Authentication

If authentication fails, i.e. if the response is not valid, the network may distinguish between
the two different modes of identification adopted by MS.
Step 1 If TMSI identification mode has been adopted, the network shall initiate the identification
procedure. If the IMSI given by MS differs from the one the network has associated with the
TMSI, the network shall restart the authentication procedure. If the IMSI provided by MS is
correct, the network shall return an Authentication Reject message.
Step 2 If IMSI identification mode has been adopted, the network shall directly return an
Authentication Reject message. Figure 5-2 shows the authentication rejection procedure.
Figure 5-2 Authentication rejection procedure
MS

BTS

BSC

MSC

AUT_REQ(1)

AUT_RES(2)
AUT_REJ(3)

After the network sends the Authentication Reject message, all MM connections in progress
are released, and the network restarts the RR connection release procedure.

Issue 01 (2007-03-15)

Huawei Technologies Proprietary

5-3

M900/M1800 Base Station Subsystem

Signaling Analysis Manual

5 Authentication Procedure

Upon receipt of the Authentication Reject message, MS sets the update status in SIM to "U2
ROAMING NOT ALLOWED", deletes from SIM the stored TMSI, LAI and CKSN.
If the Authentication Reject message is received in the state "IMSI DETACH INITIATED",
timer T3220 shall be stopped when the RR connection is released. If possible, MS should
initiate the local release procedure after the normal release procedure is completed, or after
T3220 expires. If this is not possible (e.g. detach at power-off), the MSRR sublayer shall be
aborted.
If the Authentication Reject message is received in any other state, MS shall abort any MM
connection establishment or call re-establishment procedure, stop any of the timers T3210 or
T3230 (if running), release all MM connections, reset and start timer T3240, and enter the
state "WAIT FOR NETWORK COMMAND", expecting the release of the RR connection. If
the RR connection is not released within a given time controlled by the timer T3240, MS shall
abort the RR connection. In both cases, either after a RR connection release triggered from the
network side or after a RR connection abort requested by the MS side, MS shall enter the
substate "NO IMSI" of "MM IDLE".

5.3 Internal Handling of BSC

The network initiates and controls the authentication procedure. No special processing is
required from the BSC.

5.4 Abnormal Cases

RR connection failure
Upon detection of a RR connection failure before the Authentication Response message is
received, the network shall release all MM connections (if any) and abort any ongoing
MM-specific procedure.

Expiry of timer T3260

Before receipt of the Authentication Response message, if timer T3260 expires, the network
shall release the RR connection, abort the authentication procedure and any ongoing
MM-specific procedure, release all MM connections, and initiate the RR connection release
procedure.

SIM unregistered
If the SIM of an MS has not been registered on the network side, the network will directly
return an Authentication Reject message to the MS.

5-4

Huawei Technologies Proprietary

Issue 01 (2007-03-15)