How
Authentication Center (AUC) Works In GSM
When we
talk about Mobile Business then its worst useful without authentication means
to make Network as business all user required to be authenticate lets
understand how authentication done in gsm.
Authentication Center (AUC)
The AUC
is a processor system, it performs the “authentication” function. It will
normally be co-located with the Home Location Register (HLR) as it will be
required to continuously access and update, as necessary, the system subscriber
records.
The
AUC/HLR centre can be co-located with the MSC or located remote from the MSC.
The authentication process will usually take place each time the subscriber
“initializes” on the system.
Authentication Process
To
discuss the authentication process we will assume that the VLR has all the
information required to perform that authentication process (Kc, SRES and
RAND). If this information is unavailable, then the VLR would request it from
the HLR/AUC.
1.
Triples (Kc, SRES and RAND) are stored at the VLR.
2. The
VLR sends RAND via the MSC and BSS, to the MS (unencrypted).
3. The
MS, using the A3 and A8 algorithms and the parameter Ki stored on the MS SIM
card, together with the received RAND from the VLR, calculates the values of
SRES and Kc.
4. The MS
sends SRES unencrypted to the VLR
5. Within
the VLR the value of SRES is compared with the SRES received from the mobile.
If the two values match, then the authentication is successful.
6. If
cyphering is to be used, Kc from the assigned triple is passed to the BTS.
7. The
mobile calculates Kc from the RAND and A8 and Ki on the SIM.
8. Using Kc, A5 and the GSM hyperframe number, encryption between
the MS and the BSS can now occur over the air interface.
Note: The triples are generated at the AUC by:
·
RAND = Randomly generated number.
·
SRES = Derived from A3 (RAND, Ki).
·
Kc = Derived from A8 (RAND, Ki).
·
A3 = From 1 of 16 possible algorithms defined on allocation of
IMSI and creation of SIM card.
·
A8 = From 1 of 16 possible algorithms defined on allocation of
IMSI and creation of SIM card.
·
Ki = Authentication key, assigned at random together with the
versions of A3 and A8.
The first
time a subscriber attempts to make a call, the full authentication process
takes place.
However,
for subsequent calls attempted within a given system control time period, or
within a single system provider’s network, authentication may not be necessary,
as the data generated during the first authentication will still be available.
GSM Security:-
•
Ki = Authentication key (32 hex digits)
•
RAND
= Random Number
•
SRES
= Signed Response
•
Kc =
Ciphering key
•
A3
and A8 = algorithms
•
Authentication
Triplet = RAND + SRES + Kc
Authentication:-
•
Authentication Triplet is sent from AUC to VLR
•
RAND
is sent to MS
•
MS
generates SRES with Ki and A3 algorithm
•
SRES
is sent to VLR
•
VLR
compares the two SRES, if identical => ok
Ciphering:-
•
Kc
is sent to BTS
•
MS
generates Kc with Ki and A8 algorithm
•
The
speech is ciphered with Kc and A5
•
Prevents
eavesdropping
Comments are most Welcomed,
Telecom Champ Team
telecomchamp@gmail.com
No comments:
Post a Comment