auc in gsm

AUC in GSM, for 2G, 3G, and LTE authentication

Each mobile device has a sim card in telecom, which authenticates from a mobile operator of sim provider, before any voice, SMS, or data services. Why we need Auc in GSM, as the network is owned by mobile operators, so all communication must be safe? We need AuC, there can be attacks on the air interface.  Mobile has to cipher the communication between a mobile device and a GSM tower.

Auc in the GSM network is the node hosted by the home operator for sim card authentication. When mobile switches on, the attache procedure starts between UE and the gsm network. During attache SGSN/MSC do the authentication with the AUC.  if authentication fails no service to sim. On successful, there is sim registration and services become active.

Sim Authentication Data In AuC :

While manufacturing SIM cards, an authentication key called Ki is embedded in SIM. The same key is configured on AuC, for the IMSI.  During GSM authentication, AuC generates vectors using Ki, Random number, and Authentication algorithm.  Send Authentication-Info (SAI) is the GSM level map protocol procedure. Each GSM MAP message uses SS7 as a transport protocol.

Authentication Vectors for 2G, 3G, and LTE:

With the advancement of mobile network generation, mobile communication becoming more secure. This leads to more advancements in algorithms and number of parameters, here we will discuss the authentication vectors for 2G, 3G, and LTE (4G) mobile networks.

For 2G authentication, AuC keeps the Ki, authentication algorithm (have A3, A8 functions) and generates the random number (RAND). 3GPP /GSM provides a specification for the authentication algorithm. AUC for GSM 2G, sim cards sends the triplet to MSC (or SGSN). Each triplet has RAND,  Kc, and SRES.

A3(Ki, RAND) -> SRES, A8(Ki, RAND) = Kc

Upon receiving the triplet, MSC sends the RAND to the UE, UE uses pre-configured Ki and sends SRES to the MSC. If SRES same and from AuC, authentication is successful.  MSC sends Kc to the mobile device for encryption.

In 3G (USIM), the procedure is more complex than 2G, to make communication more secure. USIM profile on AUC has, Ki, Random Number (RAND), the Sequence Number (SQN), and algorithm( have functions, f1, f2, f3, f4, f5).  In USIM there are five authentication vectors, which is called quintuple. Each quintuple has RAND, XRES, CK, IK, and AUTN.   MSC can download multiple quintuples from AuC for future use.

Re-synchronization in USIM, MSC may have older vectors (e.g when a subscriber moves to previous MSC), this may result in failure in matching of sequence number when a vector needs to use.  To synchronize the sequence number, the authentication request has the AUTS parameter. AUTS has SQN and MAC.  New SQN is updated in AUC and a new set of vectors is transmitted to the MSC. 

4G or LTE, the authentication process is similar to the 3G.  Vectors are XRES, CK, IK, AUTH, and KASME.  Here KASME is a new vector.  Kasme calculation also has PLMN id as input. This makes vectors specific to the visiting PLMN only.

Auc and HLR :

In another tutorial, we have described the HLR.  HLR is the interface with the roaming network over GSM Map protocol.  The SAI message reach to the HLR. HLR checks for subscription profile. If IMSI is provisioned, HLR sends the vector request to the AUC. Authentication Center is a logical module. It may be located with the HLR or maybe on a separate server.

Mobile Phone Vs SIM card Authentication:

Both types of authentication look similar. But they are totally different.  Mobile phone verification means, authenticate the mobile device or hardware.  A mobile device may be blacklisted (e.f if stolen). The device check is done using the IMEI number from EIR.  While SIM authentication is done, using IMSI, from AUC.


Leave a Comment