Академический Документы
Профессиональный Документы
Культура Документы
Authentication is a process by which Base station confirms the identity of mobile station. There is 128 bit data called Shared Secret Data (SSD), which is stored in semi permanent memory of mobile. We can say authentication is successful only when MS and BS pocess same SSD.
Authentication parameters
The parameters of Authentication are as follows: Random challenge number (RAND) Electronic Serial Number (ESN) Mobile Identification Number (MIN) Shared Secret Data (SSD)
1. 2. 3. 4.
1. Random challenge Number(RAND) : It is a 32 bit sequence send by Base Station. This is sent on access parameter in paging channel used along SSD and other parameters for authenticating mobile.
2. Electronic serial Number (ESN) : It is a 32 bit sequence that uniquely defines mobile. Its bits (0 to 17) are for serial number. Bits (18 to 23) are reserved, and remaining bits (24 to 31) are manufacturer code.
31 24 23 Reserved 18 17 Serial number 0
Manufacturer code
3. Mobile Identification Number (MIN) : It is a 34 bit sequence. First 24 bits (LSBs) are called MIN1 and remaining bits (MSBs) are called MIN2.
33 MIN 2
24
23 MIN 1
4. Shared Secret Data (SSD) : It is 128 bit data stored in MS, similar to K i in GSM. The first subset of 64 bits are called SSD-A, and are used for authentication purpose. The next 64 bits are called SSD-B, and are used for supporting ciphering procedure.
SSD A (64 bits) SSD B (64 bits)
Authentication procedure
Field AUTH in the system parameter message is set to 1 for enabling standard Authentication mode. Mobile uses Random number (RAND), ESN, MIN, SSDA, MIN-1 data for AUC process. It runs Authentication procedure to generate an 18 bit long AUC signature, through the AUTHR field in registration message.
The mobile sends AUTHR and RAND C (8 MSB) of RAND to Base Station. Base Station compares the RAND C received from mobile with its internally stored value of RAND, infact it is derived from RAND C coming from mobile. Base Station also retrieves the ESN & MIN of mobile from its data base based on count value received from mobile. It runs authentication process locally by using the internally stored SSD-A and generates its own AUTH R, AUTHRbase
If AUC response AUTHRmobile matches AUC response of base AUTHRbase , then Authentication is successful. If AUC fails, then Base Station may either do a Unique Challenge response or initiate an SSD Update.
MIN1
ESN
MIN1
SSD-A
Authentication algorithm
Authentication algorithm
AUTHRmobile
(18 Bits)
RANDC RANDC
AUTHRbase
(18 Bits)
NO
Unique Challenge response : Initiated by Base Station in the event of unsuccessful authentication attempt. This can be done either on paging or access or forward or reverse Traffic channel. The base Station sends to MS an Authentication Challenge message. It generates 24 bit data called RANDU and sends it on challenge message. The mobile sets AUC parameters using 24 MSBs of RANDU and 8 MSBs of MIN2 in its RAND field.
The mobile performs an AUC procedure and returns AUTHR to Base Station. The base station also does a similar calculation using internal parameters including SSD-A. If comparison fails, then Base Station may either deny further access to mobile or drop the call in progress or initiates an SSD procedure.
Authentication algorithm
Authentication algorithm
AUTHRmobile
(18 Bits)
AUTHRbase
(18 Bits)
NO
SSD Update Procedure: When Authentication fails, initiated by Base station, as SSD update procedure is used along with mobile specific data and authentication key. The authentication key of mobile is 64 bits long and is unique to mobile. It is known only to mobile and HLR, similar to Ki in GSM. The Base Station sends an SSD Update message either on paging channel or forward traffic channel . It generates RAND, SSD number and sends it on SSD update message.
Both mobile and B.S performs AUC procedure to get AUTH values and these are compared. For its comparison the BS sends its AUTHbs through a BS challenge confirmation order. If comparison match then mobile performs an SSD update procedure at end of which it sends an SSD update conformation order to BS. It also sets the SSD-A, SSD-B values to new values. Base Station also sets its corresponding new values.
If comparison fails, then mobile discards the new values of SSD-A, SSD-B and sends an SSD update rejection order to Base Station. Again if Mobile doesnt receive Base Station confirmation order with in a time limit set by timer (10sec), new values are discarded and update procedure is terminated.
Mobile Station End RANDSSD (56 bits) ESN A Key (64 bits)
Base Station End RANDSSD (56 bits) ESN A Key (64 bits)
SSD - Generation
SSD Generation
SSD A new
SSD A new
SSD B new