Page 35 - From GMS to LTE
P. 35
Global System for Mobile Communications (GSM) 21
Figure 1.14 Creation of a signed response (SRES). Ki
A3 SRES
RAND
For many operations in the network, for instance, during the establishment of a call,
the subscriber is identified by use of this key. Thus, it can be ensured that the subscriber’s
identity is not misused by a third party. Figure 1.15 shows how the authentication
process is performed.
The authentication process, as shown in Figure 1.16, is initiated when a subscriber
establishes a signaling connection with the network before the actual request (e.g. call
establishment request) is sent. In the first step of the process, the MSC requests an
authentication triplet from the HLR/AuC. The AuC retrieves the Ki of the subscriber
and the authentication algorithm (A3 algorithm) based on the IMSI of the subscriber
that is part of the message from the MSC. The Ki is then used together with the A3
algorithm and a random number to generate the authentication triplet, which contains
the following values:
RAND: A 128‐bit random number.
●
SRES: The signed response (SRES) is generated by using Ki, RAND and the A3
●
authentication algorithm, and has a length of 32 bits (see Figure 1.14).
Kc: The ciphering key, Kc, is also generated by using Ki and RAND. It is used for the
●
ciphering of the connection once the authentication has been performed successfully.
Further information on this topic can be found in Section 1.7.7.
RAND, SRES and Kc are then returned to the MSC, which then performs authentication
of the subscriber. It is important to note that the secret Ki key never leaves the AuC.
Extract of a decoded authentication request message
SCCP MSG: Data Form 1
DEST. REF ID: 0B 02 00
DTAP MSG LENGTH: 19
PROTOCOL DISC.: Mobility Management
DTAP MM MSG: Auth. Request
Ciphering Key Seq.: 0
RAND in hex: 12 27 33 49 11 00 98 45 87 49 12 51 22 89 18 81
(16 B = 128 bit)
Extract of a decoded authentication response message
SCCP MSG: Data Form 1
DEST. REF ID: 00 25 FE
DTAP MSG LENGTH: 6
PROTOCOL DISC.: Mobility Management
DTAP MM MSG: Auth. Response
SRES in hex: 37 21 77 61 (4 B = 32 bit)
Figure 1.15 Message flow during the authentication of a subscriber.