Upload File

01-05 authentication procedure

6
M900/M1800 Base Station Subsystem Signaling Analysis Manual Contents Issue 01 (2007-03-15) Huawei Technologies Proprietary i Contents 5 Authentication Procedure.........................................................................................................5-1 5.1 Overview........................................................................................................................................................... 5-2 5.2 Authentication Procedure ................................................................................................................................. 5-2 5.2.1 Successful Authentication ....................................................................................................................... 5-2 5.2.2 Unsuccessful Authentication .................................................................................................................. 5-3 5.3 Internal Handling of BSC................................................................................................................................. 5-4 5.4 Abnormal Cases ................................................................................................................................................ 5-4

Upload: paul-kabeya

Post on 03-Oct-2015

212 views

Category:

Documents


0 download

Report

DESCRIPTION

Core Network (GSM Authentication)

TRANSCRIPT

  • M900/M1800 Base Station Subsystem Signaling Analysis Manual Contents

    Issue 01 (2007-03-15) Huawei Technologies Proprietary i

    Contents

    5 Authentication Procedure.........................................................................................................5-1 5.1 Overview...........................................................................................................................................................5-2 5.2 Authentication Procedure .................................................................................................................................5-2

    5.2.1 Successful Authentication.......................................................................................................................5-2 5.2.2 Unsuccessful Authentication ..................................................................................................................5-3

    5.3 Internal Handling of BSC.................................................................................................................................5-4 5.4 Abnormal Cases................................................................................................................................................5-4

  • Figures M900/M1800 Base Station Subsystem

    Signaling Analysis Manual

    ii Huawei Technologies Proprietary Issue 01 (2007-03-15)

    Figures

    Figure 5-1 Procedure of successful authentication ...............................................................................................5-3

    Figure 5-2 Authentication rejection procedure .....................................................................................................5-4

  • M900/M1800 Base Station Subsystem Signaling Analysis Manual 5 Authentication Procedure

    Issue 01 (2007-03-15) Huawei Technologies Proprietary 5-1

    5 Authentication Procedure About This Chapter

    The following table lists the contents of this chapter.

    Title Description

    5.1 Overview Introduces the authentication technology of Huawei GSM network.

    5.2 Authentication Procedure Describes authentication procedures, including successful and unsuccessful authentication procedures.

    5.3 Internal Handling of BSC Describes the BSC internal handling regarding authentication.

    5.4 Abnormal Cases Describes typical abnormal authentication procedures.

  • 5 Authentication Procedure M900/M1800 Base Station Subsystem

    Signaling Analysis Manual

    5-2 Huawei Technologies Proprietary Issue 01 (2007-03-15)

    5.1 Overview Authentication refers to the procedure of authenticating the validity of the IMSI and TMSI of MS initiated by the GSM network.

    The purpose of the authentication procedure is to prevent illegal MS from accessing the network, and in the meantime, to protect the private information of legal MS from leakage.

    On the following conditions, the network may initiate the authentication procedure.

    z MS requests modification of its relevant information in VLR or HLR. z Service access is initiated (MS originates a call. MS is called. MS is activated or

    deactivated. Supplementary service is initiated) z MS accesses the network for the first time after MSC/VLR is restarted z The ciphering key sequence number Kc is not matched.

    The purpose of the authentication procedure is twofold.

    z To permit the network to check whether the identity provided by MS is acceptable or not z To provide parameters enabling MS to calculate a new ciphering key

    The authentication procedure is always initiated and controlled by the network.

    5.2 Authentication Procedure The network initiates the authentication procedure by transferring an Authentication Request message to MS and starts timer T3260. The Authentication Request message contains the parameters used to calculate the response parameters, and also contains the CKSN (Ciphering Key Sequence Number) allocated to the key which may be computed from the given parameters.

    Upon receipt of the Authentication Request message, MS processes the challenge information and sends back an Authentication Response message to the network. The new ciphering key Kc calculated from the challenge information shall overwrite the previous one and be stored in SIM before the Authentication Response message is transmitted. The CKSN shall be stored together with the calculated Kc.

    Upon receipt of the Authentication Response message, the network stops timer T3260 and checks the validity of the response.

    5.2.1 Successful Authentication Figure 5-1 shows the procedure of successful authentication.

  • M900/M1800 Base Station Subsystem Signaling Analysis Manual 5 Authentication Procedure

    Issue 01 (2007-03-15) Huawei Technologies Proprietary 5-3

    Figure 5-1 Procedure of successful authentication

    AUT_REQ(1)

    AUT_RES(2)

    MSCBSCBTSMS

    Step 1 The Authentication Request message contains a RAND (Random Number) and a CKSN. There are total 128 bits in the RAND.

    Step 2 The Authentication Response message contains a response number (SRES), which is obtained based on calculation of RAND and Ki through the A3 algorithm.

    The network compares the SRES stored in itself with the one contained in the Authentication Response message. If the two are consistent, authentication shall be passed, and the subsequent sub-procedures (such as the encryption procedure) shall be entered.

    ----End

    5.2.2 Unsuccessful Authentication If authentication fails, i.e. if the response is not valid, the network may distinguish between the two different modes of identification adopted by MS.

    Step 1 If TMSI identification mode has been adopted, the network shall initiate the identification procedure. If the IMSI given by MS differs from the one the network has associated with the TMSI, the network shall restart the authentication procedure. If the IMSI provided by MS is correct, the network shall return an Authentication Reject message.

    Step 2 If IMSI identification mode has been adopted, the network shall directly return an Authentication Reject message. Figure 5-2 shows the authentication rejection procedure.

    Figure 5-2 Authentication rejection procedure

    MSC

    AUT_RES(2)

    AUT_REJ(3)

    BSCBTSMS

    AUT_REQ(1)

    After the network sends the Authentication Reject message, all MM connections in progress are released, and the network restarts the RR connection release procedure.

  • 5 Authentication Procedure M900/M1800 Base Station Subsystem

    Signaling Analysis Manual

    5-4 Huawei Technologies Proprietary Issue 01 (2007-03-15)

    Upon receipt of the Authentication Reject message, MS sets the update status in SIM to "U2 ROAMING NOT ALLOWED", deletes from SIM the stored TMSI, LAI and CKSN.

    If the Authentication Reject message is received in the state "IMSI DETACH INITIATED", timer T3220 shall be stopped when the RR connection is released. If possible, MS should initiate the local release procedure after the normal release procedure is completed, or after T3220 expires. If this is not possible (e.g. detach at power-off), the MSRR sublayer shall be aborted.

    If the Authentication Reject message is received in any other state, MS shall abort any MM connection establishment or call re-establishment procedure, stop any of the timers T3210 or T3230 (if running), release all MM connections, reset and start timer T3240, and enter the state "WAIT FOR NETWORK COMMAND", expecting the release of the RR connection. If the RR connection is not released within a given time controlled by the timer T3240, MS shall abort the RR connection. In both cases, either after a RR connection release triggered from the network side or after a RR connection abort requested by the MS side, MS shall enter the substate "NO IMSI" of "MM IDLE".

    5.3 Internal Handling of BSC The network initiates and controls the authentication procedure. No special processing is required from the BSC.

    5.4 Abnormal Cases

    RR connection failure Upon detection of a RR connection failure before the Authentication Response message is received, the network shall release all MM connections (if any) and abort any ongoing MM-specific procedure.

    Expiry of timer T3260 Before receipt of the Authentication Response message, if timer T3260 expires, the network shall release the RR connection, abort the authentication procedure and any ongoing MM-specific procedure, release all MM connections, and initiate the RR connection release procedure.

    SIM unregistered If the SIM of an MS has not been registered on the network side, the network will directly return an Authentication Reject message to the MS.

    ContentsFigures5 Authentication ProcedureAbout This Chapter5.1 Overview5.2 Authentication Procedure5.2.1 Successful Authentication5.2.2 Unsuccessful Authentication

    5.3 Internal Handling of BSC5.4 Abnormal Cases


05 HCM 2010 Procedure - Kittelson & Associates, Inc

ARIPO...industrial property right (IPR) granting, or registration, procedure with no need for authentication of the local procedure at a registry of a foreign state. In these countries,

1 05-06-23Civil Procedure

Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication

Authenticity/Authentication Definitions and Sources Rules of Civil Procedure ..... 38 Pretrial Procedures—Rule 51 Admissions—Interpretation..... 38 ... Authenticity/Authentication

OFAC Policy & Procedure Manual Updated 05-06

3GPP TS 24.008 V10.6...4.3.2b Authentication Procedure used for a GSM authentication challenge .....76 4.3.2.1 Authentication request by the network4.3.2.2 Authentication response

Advanced Authentication - Device Service · 2019-09-05 · 6 Advanced Authentication - Device Service Contacting Sales Support For questions about products, pricing, and capabilities,

LDAP Authentication Configuration Example for UCS … · This procedure describes how to test LDAP authentication. Open a new session in UCS Central, and enter the username and password

Final IT Policy and Procedure 05-09-2012

MAO HIPPA POLICY AND PROCEDURE MANUALmaoi.org/.../05/MAO-HIPPA-Policy-and-Procedure-Manual_V3.pdf · 2019-05-03 · MAO HIPPA POLICY AND PROCEDURE MANUAL September 2018 Created: September

Towards Science of Gesture-Based Authentication - … · 2014-05-15 · Towards Science of Gesture-Based Authentication Janne Lindqvist WINLAB Research ... Practical Authentication

Magic Quadrant for User Authentication - Securitesecurite.net.au/.../2014/05/Magic-Quadrant-for-User-Authentication.pdf · 3/13/13 Magic Quadrant for User Authentication ... SAML

UNIX Authentication and Pluggable-authentication Modules ... · UNIX Authentication and Pluggable-authentication Modules (PAMs) Russell Bateman Description of UNIX authentication,

Authentication Authorization and Accounting Configuration ...AAA Authentication General Configuration Procedure 4 RADIUS Change of Authorization 5 Change-of-Authorization Requests

Graphical Password Authentication Techniques: A Review › 8889 › b4f1e2ead99f83d27c... · 2018-05-17 · predictable. For authentication user has to recreate a same drawing on

VoIP - SIP Securitycs.uccs.edu/.../Sip_Security_Mechanisms_Evaluation... · Web viewSIP Security Issues: The SIP Authentication Procedure and its processing Load, Stefano Salsano,

Authentication Applications - khu.ac.krnetworking.khu.ac.kr/html/lecture_data/2019_03... · 2019-05-08 · Authentication Applications. 2 Outline • Security Concerns • Kerberos

05 Installation Procedure for Aboveground GRP Pipelines

Downloading Authentication Certificate with User Generated Password Using Mozilla Firefox · 2019-05-09 · Downloading Authentication Certificate with User Generated Password Using

05 Improving the Security of Authentication in An

SIP Security Issues : The SIP Authentication Procedure and its Processing Load

Authentication Without Authentication

Configuring Authentication with Kerberos · 2020-05-09 · Configuring Authentication with Kerberos Kerberos Principals Overview Term Description Keytab A file that includes one or

Identification and Authentication of Confederate …americansocietyofarmscollectors.org/wp-content/uploads/2013/05/B... · Identification and Authentication of Confederate ... would

2008 12 18 Retrofit a Procedure Rev 05

Example procedure for adding O365 authentication to

Back-of-Device Authentication on Smartphones › pubdb › publications › pub › ... · 2013-05-06 · Back-of-Device Authentication on Smartphones Alexander De Luca1, Emanuel

Beluthai - Thai Court Procedure on 15-05-2013

Define authentication Authentication credentials Authentication models Authentication servers Extended authentication protocols Virtual

05 Stored Procedure

Oracle Banking Digital Experience Manual... · 2020-05-26 · Pattern / PIN Authentication User Manual Oracle Banking Digital Experience PIN / Pattern /Touch and Face Authentication

05 Troubleshooting Procedure

Kerberos Constrained Delegation (KCD) Authentication for ...Enable Windows Authentication on the CAS/EAS Configure Windows Authentication on CAS/EAS. Procedure 1 On the Exchange Server,

User Authentication Using Keystroke Dynamicsathena.ecs.csus.edu/~ghorpadm/UserAuthenticationUsing... · 2019-05-16 · User Authentication Using Keystroke Dynamics Madhuri Ghorpade