Page 190 - From GMS to LTE
P. 190
176 From GSM to LTE-Advanced Pro and 5G
register with the network by initiating location and routing area update procedures. At
the beginning of the message exchange the mobile device transmits its identity (IMSI or
TMSI and PTMSI), which it retrieves from the SIM. If the subscriber is not known by
the MSC/VLR and/or the SGSN, authentication information has to be requested from
the authentication center, which is part of the HLR. In addition to the random number
(RAND), the expected response (XRES) and the CK, which are also used in GSM, two
additional values are returned. These are the integrity key (IK) and the authentication
token (AUTN). Together, these five values form an authentication vector.
The AUTN serves two purposes. The AuC generates the AUTN from a RAND and
the secret key of the subscriber. It is then forwarded together with the RAND to the
mobile device in an MM Authentication Request message. The mobile device then uses
the AUTN to verify that the authentication procedure was initiated by an authorized
network. The AUTN additionally includes a sequence number, which is increased in
both the network and the mobile device after every successful authentication. This pre-
vents attackers from using intercepted authentication vectors for fake authentications
later on.
Like in GSM, a UMTS device has to generate a response value, which it returns to
the network in the MM Authentication Response message. The MSC/VLR or SGSN
then compares the response value to the XRES value, which it received as part of the
authentication vector from the HLR/AuC. If both values match, the subscriber is
authenticated.
In a further step, ciphering between the mobile device and the network is activated
when the network sends a RANAP Security Mode Command message to the RNC. This
message contains the 128‐bit CK. While in GSM, ciphering for circuit‐switched calls is
a function of the base station, UMTS calls are ciphered by the RNC. This prevents
eavesdropping on the Iub interface between the RNC and the base station. An RRC
Security Mode Command message informs the mobile device that ciphering is to be
activated. Like in GSM, the CK is not sent to the mobile as this would compromise
security. Instead, the mobile calculates the CK itself by using, among other values, its
secret key and the RAND.
Security mode command messages activate not only ciphering but also integrity
checking for signaling messages, which was not performed in GSM. While ciphering is
optional, it is mandatory for integrity checking to be activated after authentication.
Integrity checking is performed for RRC, CC, SM, MM and GMM messages between
the mobile device and the network. User data, on the other hand, has to be verified by
the application layer, if required. To allow the receiver to check the validity of a message,
an integrity stamp field is added to the signaling messages. The most important param-
eters for the RNC to calculate the stamp are the content of the signaling message and
the IK, which is part of the authentication vector. Integrity checking is done for both
uplink and downlink signaling messages. To perform integrity checking for incoming
messages and to be able to append the stamp for outgoing messages, the mobile device
calculates the IK itself after the authentication procedure. The calculation of the key is
performed by the SIM card, using the secret key and the RAND which were part of the
Authentication Request message. This way, the IK is also never exchanged between the
mobile device and the network.
Keys for ciphering and integrity checking have a limited lifetime to prevent attempts
to break the cipher or integrity protection by brute force during long‐duration
