AUTHENICATION

Authentication is a process by which Base station confirms the identity of mobile station. There is 128 bit data called Shared Secret Data (SSD), which is stored in semi permanent memory of mobile. We can say authentication is successful only when MS and BS pocess same SSD.

Authentication parameters
The parameters of Authentication are as follows: Random challenge number (RAND) Electronic Serial Number (ESN) Mobile Identification Number (MIN) Shared Secret Data (SSD)

1. 2. 3. 4.

1. Random challenge Number(RAND) : It is a 32 bit sequence send by Base Station. This is sent on access parameter in paging channel used along SSD and other parameters for authenticating mobile.

2. Electronic serial Number (ESN) : It is a 32 bit sequence that uniquely defines mobile. Its bits (0 to 17) are for serial number. Bits (18 to 23) are reserved, and remaining bits (24 to 31) are manufacturer code.
31 24 23 Reserved 18 17 Serial number 0

Manufacturer code

3. Mobile Identification Number (MIN) : It is a 34 bit sequence. First 24 bits (LSBs) are called MIN1 and remaining bits (MSBs) are called MIN2.

33 MIN 2

24

23 MIN 1

4. Shared Secret Data (SSD) : It is 128 bit data stored in MS, similar to K i in GSM. The first subset of 64 bits are called SSD-A, and are used for authentication purpose. The next 64 bits are called SSD-B, and are used for supporting ciphering procedure.
SSD A (64 bits) SSD B (64 bits)

Authentication procedure
Field AUTH in the system parameter message is set to 1 for enabling standard Authentication mode. Mobile uses Random number (RAND), ESN, MIN, SSDA, MIN-1 data for AUC process. It runs Authentication procedure to generate an 18 bit long AUC signature, through the AUTHR field in registration message.

The mobile sends AUTHR and RAND C (8 MSB) of RAND to Base Station. Base Station compares the RAND C received from mobile with its internally stored value of RAND, infact it is derived from RAND C coming from mobile. Base Station also retrieves the ESN & MIN of mobile from its data base based on count value received from mobile. It runs authentication process locally by using the internally stored SSD-A and generates its own AUTH R, AUTHRbase

If AUC response AUTHRmobile matches AUC response of base AUTHRbase , then Authentication is successful. If AUC fails, then Base Station may either do a Unique Challenge response or initiate an SSD Update.

Mobile Station End RAND ESN SSD-A RAND

Base Station End

MIN1

ESN

MIN1

SSD-A

Authentication algorithm

Authentication algorithm

AUTHRmobile
(18 Bits)

RANDC RANDC

AUTHRbase
(18 Bits)

YES AUTHRm=AUTHRb ? Authentication Successful

NO

Perform Unique Challenge response or SSD Update Procedure

Unique Challenge response : Initiated by Base Station in the event of unsuccessful authentication attempt. This can be done either on paging or access or forward or reverse Traffic channel. The base Station sends to MS an Authentication Challenge message. It generates 24 bit data called RANDU and sends it on challenge message. The mobile sets AUC parameters using 24 MSBs of RANDU and 8 MSBs of MIN2 in its RAND field.

The mobile performs an AUC procedure and returns AUTHR to Base Station. The base station also does a similar calculation using internal parameters including SSD-A. If comparison fails, then Base Station may either deny further access to mobile or drop the call in progress or initiates an SSD procedure.

Mobile Station End RANDU MIN2 ESN MIN1 SSD-A

Base Station End RANDU MIN2 ESN MIN1 SSD-A

Authentication algorithm

Authentication algorithm

AUTHRmobile
(18 Bits)

AUTHRbase
(18 Bits)

YES AUTHRm=AUTHRb ? Authentication Successful

NO

Deny access or drop call in progress or initiate SSD update.

SSD Update Procedure: When Authentication fails, initiated by Base station, as SSD update procedure is used along with mobile specific data and authentication key. The authentication key of mobile is 64 bits long and is unique to mobile. It is known only to mobile and HLR, similar to Ki in GSM. The Base Station sends an SSD Update message either on paging channel or forward traffic channel . It generates RAND, SSD number and sends it on SSD update message.

Both mobile and B.S performs AUC procedure to get AUTH values and these are compared. For its comparison the BS sends its AUTHbs through a BS challenge confirmation order. If comparison match then mobile performs an SSD update procedure at end of which it sends an SSD update conformation order to BS. It also sets the SSD-A, SSD-B values to new values. Base Station also sets its corresponding new values.

If comparison fails, then mobile discards the new values of SSD-A, SSD-B and sends an SSD update rejection order to Base Station. Again if Mobile doesnt receive Base Station confirmation order with in a time limit set by timer (10sec), new values are discarded and update procedure is terminated.

Mobile Station End RANDSSD (56 bits) ESN A Key (64 bits)

Base Station End RANDSSD (56 bits) ESN A Key (64 bits)

SSD - Generation

SSD Generation

SSD A new

SSD B new RAND BS

BS challenge order

SSD A new

SSD B new

AUC process BS challenge confirmation

AUC process YES AUTHBSm=AUTHBSb ? SSD Update confirmation Order

SSD Update Rejection Order