Authentication & Encryption

Introduction

Authentication - Whenever a MS requests access to a network, the network must authenticate the MS. Authentication verifies the identity and validity of the SIM card to the network and ensures that the subscriber is authorized access to the network.

Encryption - In GSM, encryption refers to the process of creating authentication and ciphering cryptovariables using a special key and an encryption algorithm.

Ciphering - Ciphering refers to the process of changing plaintext data into encrypted data using a special key and a special encryption algorithm. Transmissions between the MS and the BTS on the Um link, are enciphered.

Ki - The Ki is the individual subscriber authentication key. It is a 128-bit number that is paired with an IMSI when the SIM card is created. The Ki is only stored on the SIM card and at the Authentication Center (AuC). The Ki should never be transmitted across the network on any link.

RAND - The RAND is a random 128-bit number that is generated by the Auc when the network requests to authenticate a subscriber. The RAND is used to generate the Signed Response (SRES) and Kc cryptovariables.

Signed Response - The SRES is a 32-bit cryptovariable used in the authentication process. The MS is challenged by being given the RAND by the network, the SRES is the expected correct response. The SRES is never passed on the Um (Air) interface. It is kept at the MSC/VLR, which performs the authentication check.

A3 Algorithm - The A3 algorithm computes a 32-bit Signed Response (SRES). The Ki and RAND are inputted into the A3 algorithm and the result is the 32-bit SRES. The A3 algorithm resides on the SIM card and at the AuC.

A8 Algorithm - The A8 algorithm computes a 64-bit ciphering key (Kc). The Ki and the RAND are inputted into the A8 algorithm and the result is the 64-bit Kc. The A8 algorithm resides on the ISM card and at the AuC.

Kc - The Kc is the 64-bit ciphering key that is used in the A5 encryption algorithm to encipher and decipher the data that is being transmitted on the Um interface.

A5 - The A5 encryption algorithm is used to encipher and decipher the data that is being transmitted on the Um interface. The Kc and the plaintext data are inputted into the A5 algorithm and the output is enciphered data. The A5 algorithm is a function of the Mobile Equipment (ME) and not a function of the SIM card. The BTS also makes use of the A5 algorithm.

There are three versions of the A5 algorithm:

     A5/1 - The current standard for U.S. and European networks. A5/1 is a stream cipher.

     A5/2 - The deliberately weakened version of A5/1 that is intended for export to non-western countries. A5/2 is a stream cipher.

     A5/3 - A newly developed algorithm not yet in full use. A5/3 is a block cipher.

Triplets - The RAND, SRES, and Kc together are known as the Triplets. The AuC will send these three cryptovariables to the requesting MSC/VLR so it can authenticate and encipher.

[Back to Top]

Authentication Procedures

when a MS requests access to the network, the MSC/VLR will normally require the MS to authenticate. The MSC will forward the IMSI to the HLR and request authentication Triplets.
When the HLR receives the IMSI and the authentication request, it first checks its database to make sure the IMSI is valid and belongs to the network. Once it has accomplished this, it will forward the IMSI and authentication request to the Authentication Center (AuC).
The AuC will use the IMSI to look up the Ki associated with that IMSI. The Ki is the individual subscriber authentication key. It is a 128-bit number that is paired with an IMSI when the SIM card is created. The Ki is only stored on the SIM card and at the AuC. The Auc will also generate a 128-bit random number called the RAND.
The RAND and the Ki are inputted into the A3 encryption algorithm. The output is the 32-bit Signed Response (SRES). The SRES is essentially the "challenge" sent to the MS when authentication is requested.
The RAND and Ki are input into the A8 encryption algorithm. The output is the 64-bit Kc. The Kc is the ciphering key that is used in the A5 encryption algorithm to encipher and decipher the data that is being transmitted on the Um interface.
The RAND, SRES, and Kc are collectively known as the Triplets. The AuC may generate many sets of Triplets and send them to the requesting MSC/VLR. This is in order to reduce the signalling overhead that would result if the MSC/VLR requested one set of triplets every time it wanted to authenticate the. It should be noted that a set of triplets is unique to one IMSI, it can not be used with any other IMSI.
Once the AuC has generated the triplets (or sets of triplets), it forwards them to the HLR. The HLr subsequently sends them to the requesting MSC/VLR.
The MSC stores the Kc and the SRES but forwards the RAND to the MS and orders it to authenticate.
The MS has the Ki stored on the SIM card. The A3 and A8 algorithms also reside on the SIM card. The RAND and Ki are inputted into the A3 and A8 encryption algorithms to generate the SRES and the Kc respectively.


[Back to Top]


Ciphering Procedure


The MS stores the Kc on the SIM card and sends the generated SRES back to the network. The MSC recieves the MS generated SRES and compares it to the ARES generated by the AuC. if they match, then the MS is authenticated.
Once the MS is authenticated, it passes the Kc to the BSS (the BTS to be specific), and orders the BTS and MS to switch to Cipher Mode. The Kc should not be passed on the Um link, it will be stored at the BTS.
The BTS inputs the Kc and the data payload into the A5 encryption algorithm resulting in an enciphered data stream. The MS also inputs the Kc and the data payload into the A5 encryption algorithm resulting in an enciphered data stream. It should be noted that the A5 algorithm is a function of the Mobile Equipment (ME) and not the SIM card.







Introduction     Architecture     TDMA     Logical Channels     Authentication & Encryption     Timing Advances     Speech Encoding     GSM Events