auc in gsm

AuC in GSM, 2G, 3G and LTE authentication

Each mobile device have a sim card in telecom, which authenticates from a mobile operator of sim provider, before any voice , sms or data services. Why we need Auc in GSM , as network is owned by mobile operators, so all communication must be safe? We need AuC, there can be attacks on air interface.  A mobile has to cipher the communication between a mobile device and GSM tower.

Auc in GSM network is the node hosted by the home operator for sim card authentication. When a mobile switches on, attache procedure starts between UE and gsm network. During attache SGSN/MSC do the authentication with the AuC.  if authentication fails no service to sim. On successful, there is sim registration and services becomes active.

Sim Authentication Data In AuC :

While manufacturing SIM card, a authentication key called Ki is embedded in SIM. Same key is configured on AuC, for the IMSI.  During GSM authentication, AuC generates vectors using Ki, Random number and Authentication algorithm.  Send Authentication Info (SAI) is the GSM level map protocol procedure. Each GSM MAP message uses SS7 as transport protocol.

Authentication Vectors for 2G, 3G and LTE:

With the advancement of mobile network generation, mobile communication becoming more secure. This leads to the more advancements in algorithms and number of parameters, here we will discuss about the authentication vectors for 2G , 3G and LTE (4G) mobile networks.

For 2G authentication, AuC keeps the Ki , authentication algorithm (have A3, A8 functions) and generates the random number (RAND). 3GPP /GSM provides specification for authentication algorithm. AuC for GSM 2G , sim cards sends the triplet to MSC (or SGSN). Each triplet have RAND,  Kc and SRES .

A3(Ki, RAND) -> SRES, A8(Ki, RAND) = Kc

Upon receiving triplet, MSC sends the RAND to the UE, UE uses pre-configured Ki and sends SRES to the MSC. If SRES same and from AuC , authentication is successful.  MSC sends Kc to the mobile device for encryption.

In 3G (USIM),  procedure is more complex than 2G, to make communication more secure. USIM profile on AuC have, Ki, Random Number (RAND), Sequence number (SQN) and algorithm( have functions, f1, f2, f3, f4, f5).  In USIM there are five authentication vectors, which is called quintuple. Each quintuple have RAND, XRES, CK, IK and AUTN.   MSC can download multiple quintuples  from AuC for future use.

Re-synchronization in USIM, MSC may have older vectors (e.g when a subscriber moves to previous MSC), this may result to failure in matching of sequence number when a vector needs to use.  To synchronize the sequence number, authentication request have AUTS parameter . AUTS have SQN and MAC.  New SQN is updated in AuC and new set of vectors are transmitted to the MSC. 

4G or LTE, authentication process is similar to the 3G.  Vectors are XRES, CK, IK, AUTH and KASME.  Here kasme is new vector.  Kasme calculation also have plmn id as input. This make vectors specific to the visiting plmn only.

Auc and HLR :

In other tutorial we have described about the HLR.  HLR is the interface with the roaming network over GSM Map protocol.  The SAI messages reaches to the HLR. HLR checks for subscription profile. If IMSI is provisioned, HLR sends the vector request to the AuC. Authentication Center is a logical module. It may be located with the HLR or may be on separate server.

Mobile Phone Vs SIM card Authentication:

Both types of authentication looks similar. But they are totally different.  Mobile phone verification means, authenticate the mobile device or hardware.  A mobile device may be blacklisted (e.f if stolen). Device check is done using IMEI number from EIR.  While SIM authentication is done , using IMSI , from AuC.

 

Leave a Comment

Your email address will not be published. Required fields are marked *