Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
CIPHERING                AND AUTHENTICATION               IN GSMPresented by     : Mr. Che Sokunth
OBJECTIVES         Authentication      o   To check whether the MS is authorized to access the network      oTo provide p...
AUTHENTICATION      o   When The Authentication procedure start?               The Subscriber data is changed in VLR or H...
AUTHENTICATION OVERVIEW      oThe   Authentication triplet: RAND, Kc and SERS      o   When registering, each subscriber i...
AUTHENTICATION PROCEDURE - 1      When a MS requests access to the network, the MSC/VLR will normally      require the MS ...
AUTHENTICATION PROCEDURE - 2      When the HLR receives the IMSI and the authentication request, it first      checks its ...
AUTHENTICATION PROCEDURE - 3      The AuC will use the IMSI to look up the Ki associated with that IMSI.      The Ki is th...
AUTHENTICATION PROCEDURE - 4      The RAND and the Ki are inputted into the A3 encryption algorithm. The      output is th...
AUTHENTICATION PROCEDURE - 4      The RAND and Ki are input into the A8 encryption algorithm. The output      is the 64-bi...
AUTHENTICATION PROCEDURE - 5      The RAND, SRES, and Kc are collectively known as the Triplets. The      AuC may generate...
AUTHENTICATION PROCEDURE - 6      Once the AuC has generated the triplets (or sets of triplets), it forwards      them to ...
AUTHENTICATION PROCEDURE - 7      The MSC stores the Kc and the SRES but forwards the RAND to the MS      and orders it to...
AUTHENTICATION PROCEDURE - 8      The MS has the Ki stored on the SIM card. The A3 and A8 algorithms      also reside on t...
CIPHERING OVERVIEW       The information is ciphered on the Um interface. The implementation      of ciphering guarantees...
KC AND ALGORITHMS SELECTION      oKc is computed on the MS and network side by using the A8 algorithm      (Ki and RAND)  ...
CIPHERING PROCEDURE      When the Authentication procedure is completed. The MSC send the Ciphering      Command message (...
CIPHERING PROCEDURE- COMPLETE      The BTS inputs the Kc and the data payload into the A5 encryption algorithm      result...
REFERENCE DOCUMENT         GBSS12.0 – Authentication and Ciphering         ETSI GSM TS 08.08         ETSI GSM TS 04.08 ...
QUESTIONPRESENTED BY: MR. SOKUNTH CHE
Upcoming SlideShare
Loading in …5
×

Authentication and Ciphering

3,841 views

Published on

Published in: Education

Authentication and Ciphering

  1. 1. CIPHERING AND AUTHENTICATION IN GSMPresented by : Mr. Che Sokunth
  2. 2. OBJECTIVES  Authentication o To check whether the MS is authorized to access the network oTo provide parameters that enable the MS to calculate a new ciphering key o To understand the Key Generation Algorithm  Ciphering o To prevent user information and security over Um interface o To understand the ciphering algorithm and involve parameterPRESENTED BY: MR. SOKUNTH CHE
  3. 3. AUTHENTICATION o When The Authentication procedure start?  The Subscriber data is changed in VLR or HLR  The MS first access to the network  The Kc is mismatch  The first time a subscriber initiated the service  MS originates a call.  MS is called.  MS is activated or deactivated.  Supplementary service is initiated.PRESENTED BY: MR. SOKUNTH CHE
  4. 4. AUTHENTICATION OVERVIEW oThe Authentication triplet: RAND, Kc and SERS o When registering, each subscriber is assigned MSISDN and IMSI o The SIM writer generate the IMSI and Ki o The AuC use PRNG to generate the Random number RAND oIn AuC. The RAND and Ki are used to generated SRES through algorithm A3 and Kc through algorithm A8PRESENTED BY: MR. SOKUNTH CHE
  5. 5. AUTHENTICATION PROCEDURE - 1 When a MS requests access to the network, the MSC/VLR will normally require the MS to authenticate. The MSC will forward the IMSI to the HLR and request authentication Triplets. Request Access, IMSI Request TMSI or IMSI Authentication Triplet MS MSC HLRPRESENTED BY: MR. SOKUNTH CHE
  6. 6. AUTHENTICATION PROCEDURE - 2 When the HLR receives the IMSI and the authentication request, it first checks its database to make sure the IMSI is valid and belongs to the network. Once it has accomplished this, it will forward the IMSI and authentication request to the Authentication Center (AuC). Request Access, IMSI Request TMSI or IMSI Authentication Triplet MS MSC HLR IMSI, Request Triplet AuCPRESENTED BY: MR. SOKUNTH CHE
  7. 7. AUTHENTICATION PROCEDURE - 3 The AuC will use the IMSI to look up the Ki associated with that IMSI. The Ki is the individual subscriber authentication key. It is a 128-bit number that is paired with an IMSI when the SIM card is created. The Ki is only stored on the SIM card and at the AuC. The Auc will also generate a 128-bit random number called the RAND. IMSI RAND AuC KiPRESENTED BY: MR. SOKUNTH CHE
  8. 8. AUTHENTICATION PROCEDURE - 4 The RAND and the Ki are inputted into the A3 encryption algorithm. The output is the 32-bit Signed Response (SRES). The SRES is essentially the "challenge" sent to the MS when authentication is requested. AuC RAND Ki A3 SRESPRESENTED BY: MR. SOKUNTH CHE
  9. 9. AUTHENTICATION PROCEDURE - 4 The RAND and Ki are input into the A8 encryption algorithm. The output is the 64-bit Kc. The Kc is the ciphering key that is used in the A5 encryption algorithm to encipher and decipher the data that is being transmitted on the Um interface. AuC RAND Ki RAND Ki A3 A8 SRES KcPRESENTED BY: MR. SOKUNTH CHE
  10. 10. AUTHENTICATION PROCEDURE - 5 The RAND, SRES, and Kc are collectively known as the Triplets. The AuC may generate many sets of Triplets and send them to the requesting MSC/VLR. This is in order to reduce the signalling overhead that would result if the MSC/VLR requested one set of triplets every time it wanted to authenticate the. It should be noted that a set of triplets is unique to one IMSI, it can not be used with any other IMSI. AuC RAND Ki RAND Ki A3 A8 Triplet RAND, SRES, Kc RAND, SRES, Kc RAND, SRES, Kc SRES Kc RAND, SRES, Kc RAND, SRES, KcPRESENTED BY: MR. SOKUNTH CHE
  11. 11. AUTHENTICATION PROCEDURE - 6 Once the AuC has generated the triplets (or sets of triplets), it forwards them to the HLR. The HLR subsequently sends them to the requesting MSC/VLR. IMSI Triplet MSC HLR IMSI Triplet AuCPRESENTED BY: MR. SOKUNTH CHE
  12. 12. AUTHENTICATION PROCEDURE - 7 The MSC stores the Kc and the SRES but forwards the RAND to the MS and orders it to authenticate. RAND RAND MS MSC SRER KcPRESENTED BY: MR. SOKUNTH CHE
  13. 13. AUTHENTICATION PROCEDURE - 8 The MS has the Ki stored on the SIM card. The A3 and A8 algorithms also reside on the SIM card. The RAND and Ki are inputted into the A3 and A8 encryption algorithms to generate the SRES and the Kc respectively. MS RAND Ki RAND Ki A3 A8 SRES KcPRESENTED BY: MR. SOKUNTH CHE
  14. 14. CIPHERING OVERVIEW  The information is ciphered on the Um interface. The implementation of ciphering guarantees the information security and prevents user information or conversation contents from unauthorized access by using the same Kc  The A8 algorithm is used to generation the Kc base on the basic of the capability of BTS and MS with the same Ki and RAND  The A5 algorithm is used to cipher and decipher the information (Signaling, Speech and Data) between BTS and MS  NEs involved : MS, BTS, BSC, MSC/VLR, HLR and AUcPRESENTED BY: MR. SOKUNTH CHE
  15. 15. KC AND ALGORITHMS SELECTION oKc is computed on the MS and network side by using the A8 algorithm (Ki and RAND) oIn the call access procedure, the MS sends an Establish Indication message to the BSC • If ECSC set to No, Classmark 1 or Classmark 2 is sent, indicating that MS support A5/1, A5/2 and A5/3 Ciphering Algorithm • If ECSC set to Yes, Classmark 1, Classmark 2 and Classmark 3 is sent, indicating that A5/1, A5/2, A5/3, A5/4, A5/5, A5/6, and A5/7 ciphering algorithms.PRESENTED BY: MR. SOKUNTH CHE
  16. 16. CIPHERING PROCEDURE When the Authentication procedure is completed. The MSC send the Ciphering Command message (Kc) that order MS should perform the Ciphering and which Ciphering Algorithm should be used. MS BSS MSC VLR HLR 1. Pre-send Triplet to VLR RAND RAND SDCCH 2. Authentication Request CKSN T3260 Start SDCCH 2. Authentication Response SRES 4. Starting Ciphering T3260 Stop SDCCH/A5 Kc 5. Ciphering Mode Command and Complete Kc The ciphering procedure generally applies to location update, service access, and inter-BSC handoverPRESENTED BY: MR. SOKUNTH CHE
  17. 17. CIPHERING PROCEDURE- COMPLETE The BTS inputs the Kc and the data payload into the A5 encryption algorithm resulting in an enciphered data stream. The MS also inputs the Kc and the data payload into the A5 encryption algorithm resulting in an enciphered data stream. It should be noted that the A5 algorithm is a function of the Mobile Equipment (ME) and not the SIM card. On receiving a valid Ciphering Mode message , MS load the Kc in the SIM card and compare. If not, MS sends an RR Status Message – Protocol Error and no further processing. Data Data MS A5 Ciphering Data A5 Kc KcPRESENTED BY: MR. SOKUNTH CHE
  18. 18. REFERENCE DOCUMENT  GBSS12.0 – Authentication and Ciphering  ETSI GSM TS 08.08  ETSI GSM TS 04.08  Telecomedu.blogspot.comPRESENTED BY: MR. SOKUNTH CHE
  19. 19. QUESTIONPRESENTED BY: MR. SOKUNTH CHE

×