AUC in GSM for 2G, 3G, and LTE authentication.

Each mobile device needs a SIM card for voice, data, and SMS services. It authenticates with the mobile operator of the sim provider to activate voice, SMS, or data services. For authentication, a mobile operator needs a node name AUC. As the telecom networks are dedicated to mobile operators, so looks like all communication is secure. No need for any authentication and ciphering mechanism.

But not always. We need AuC to avoid intrusion on the air interface. To secure the air interface, all communication should be cipher between the device and the GSM tower.

Auc is the network node in the GSM network that the operator hosts in the HPLM for sim card authentication. The attach procedure starts between UE and the gsm network as the mobile switches on. SGSN/MSC does all messaging with the AUC for authentication during attachment. If authentication fails, no service to the sim activates. On successful, sim registration starts, and services become active eventually if the subscriber is allowed to roam.

Sim Authentication Data In AuC :

While manufacturing SIM cards, an authentication key called Ki is embedded in SIM. The same key is configured on AuC for the IMSI. During GSM authentication, AuC generates vectors using Ki, Random number, and Authentication algorithm. Send Authentication-Info (SAI) is the GSM-level map protocol procedure. Each GSM MAP message uses SS7 as a transport protocol.

Authentication Vectors for 2G, 3G, and LTE:

With the advancement of mobile network generation, mobile communication is becoming more secure. This leads to more advances in algorithms and a total number of parameters.

Here, we will discuss the authentication vectors for 2G, 3G, and LTE (4G) mobile networks.

For 2G authentication, AuC keeps the Ki authentication algorithm (has A3, A8 functions) and generates the random number (RAND). 3GPP /GSM provides a specification for the authentication algorithm. AUC for GSM 2G, sim cards send the triplet to MSC (or SGSN). Each triplet has RAND,  Kc, and SRES.

A3(Ki, RAND) -> SRES, A8(Ki, RAND) = Kc

Upon receiving the triplet, MSC sends the RAND to the UE, and UE uses pre-configured Ki and sends SRES to the MSC. If SRES is the same and from AuC, authentication is successful. MSC sends Kc to the mobile device for encryption.

In 3G (USIM), the procedure is more complex than in 2G to make communication more secure. USIM profile on AUC has Ki, Random Number (RAND), the Sequence Number (SQN), and algorithm( have functions, f1, f2, f3, f4, f5). In USIM, there are five authentication vectors, which is called quintuple. Each quintuple has RAND, XRES, CK, IK, and AUTN.   MSC can download multiple quintuples from AuC for future use.

Re-synchronization in USIM, MSC may have older vectors (e.g., when a subscriber moves to the previous MSC). This may fail in matching the sequence number in the UE when a vector needs to use. To synchronize the sequence number, the authentication request has the AUTS parameter. AUTS has SQN and MAC. A new SQN is updated in AUC, and a new set of vectors is transmitted to the MSC. 

4G or LTE, the authentication process is similar to the 3G. Vectors are XRES, CK, IK, AUTH, and KASME. Here KASME is a new vector. Kasme calculation also has PLMN id as input. This makes vectors specific to the visiting PLMN only.

Auc and HLR :

In another tutorial, we have described the HLR. HLR is the interface with the roaming network over the GSM Map protocol. The SAI message reaches the HLR. HLR checks for the subscription profile. If IMSI is provisioned, HLR sends the vector request to the AUC. Authentication Center is a logical module. It may be located with the HLR or maybe on a separate server.

Mobile Phone Vs. SIM card Authentication:

Both types of authentication look similar. But they are different. Mobile phone verification means authenticating the mobile device or hardware. A mobile device may be blacklisted (e.g., if stolen). The device check is done using the IMEI number from EIR. While SIM authentication is done using IMSI from AUC.