Introduction:
Authentication
is the process or action of verifying the identity of a user . If we comes
in a Cellular communication, it is a procedure used to check whether a
particular UE (User Equipment, Common name is mobile ) can be given access to an operator’s mobile network. We are
familiar with the name SIM card. Each operator have its own SIM cards. A
specific ID is in-build in the SIM card, which we call it as IMSI
(International Mobile Subscriber Identity ). This is a combination of PLMN ID
& Mobile number. The PLMN ID is the unique ID of a mobile operator.An UE
can access a mobile operator network only
if this in-build IMSI match with the same configured in the network. It is
possible to spoof the IMSI by hacker and can access the mobile network
unethically. There comes the importance of complicated Authentication Process
in mobile networks.
What is special in LTE Authentication
In older generation of mobile communication only network authenticate the
mobile which is trying to access an operator’s network. The authentication
process is completed in LTE only if the mobile authenticate the network &
Network authenticates the mobile. We can say that the authentication is 2 way
in LTE. This makes the LTE authentication more robust and secure.
The Authentication is not only done using the respective IMSI of a mobile subscriber, but also uses certain authentication keys. These keys are generated by predefined authentication algorithm. This algorithm is known to the network and mobile. The detailed description of these authentication keys are given below:
The below Steps need to read with the authentication Block diagram mentioned below to get a better clarity. Also should remember the authentication keys explained above.
The Authentication is not only done using the respective IMSI of a mobile subscriber, but also uses certain authentication keys. These keys are generated by predefined authentication algorithm. This algorithm is known to the network and mobile. The detailed description of these authentication keys are given below:
Authentication Keys & How they classified:
The authentication keys are classified into two categories.
Some keys are inbuilt in the mobile and the authentication center in the
network. These are known as In-build Keys. Some keys are generated by the
mobile and the network based on the in-build keys & some pre-defined
algorithms. These are knows as Generated Keys.
The IMSI & LTE –K are those keys which are in-build in
SIM and authentication center (Auc). Other 8 keys are generated by the network
and mobile.
LTE Authentication Is Explained below In 15 Steps:
The below Steps need to read with the authentication Block diagram mentioned below to get a better clarity. Also should remember the authentication keys explained above.
1. UE, MME & HSS
involved in the authentication process. MME is the mobility management entity
which handles the signalling and controlling. HSS is home subscriber server in
which the user information is stored.
2. The Authentication
process starts after UE sending the Attach Request message
to the mobile network (UE->MME). The attach request consists of UE identity
(IMSI) & UE capability (Encryption
& Integrity Algorithm). As attach Request is a NAS message, the eNb
directly forward this to MME without opening it.
3. The MME send an Authentication
Information Request message to the
HSS. (MME->HSS).
4. The HSS Generates a
Random number (RAND) & Sequence number (SQN) corresponding to the IMSI for
which the Authentication Request has been received.
5. Using this RAND, SQN
& LTE-K (In-build Key), the HSS generates XRES,AUTN, CK & IK.
6. Using this CK,IK,
SQN & SN ID ( Serving Network ID), the HSS generates other Key KASME.
8. It is already
discussed that,in LTE the authentication is 2 way. The UE authenticate
the network by comparing the AUTN-
UE & AUTN-HSS & the MME authenticate the UE by comparing
the XRES & RES.
9. First we can discuss
on how the UE do the authentication. For this the UE require the AUTN generated
within the UE & the AUTN generated by the HSS. The UE generate the
AUTN in the same way as HSS generates(
Discussed in the above steps).Only difference is that HSS generate the RAND ,
but UE do not generates this . It uses the same RAND generated by the HSS which
it gets in the Authentication
Request from the MME(MME ->UE).
10. Next we need to know how the UE gets the AUTN
generated by the HSS. In response to the Authentication Information Request
Message from the MME, the HSS sends the Authentication Information Answer (HSS ->MME).
This answer contains AUTN & RAND. MME sends these 2 keys to the UE in the Authentication Request.
(MME->UE).
11. Now the UE have both the AUTN and can do the
network authentication, by comparing the AUTN generated within it & AUTN received from the network. (AUTN-UE =AUTN-HSS).
12. If the above authentication is success, UE sends
the Authentication
Complete message to the MME.( UE->MME).
This message contains RES. This key is used for the authentication of UE by the
network.
13. The MME Compares the above mentioned RES received from the UE with the XRES that already received from HSS
within the authentication Information Answer Message.
14. If the RES & XRES matches the Network Authentication also
succeeds & the LTE-Authentication process will be completed.
15. The KASME is used to generate further Keys for
integrity & Ciphering
Conclusion
After the completion
of Authentication Process, UE will enter into the Security Process. If both the
process succeeds, UE can attach to the
network.The Authentication process in 5G is also similar to this which we can discuss later.If any doubts/suggestions please comment in the comment box.
"Don't forget to subscribe this blog by email to get notification about latest updates.(Subscribe button at top right corner & bottom of the page in Web Version)
"Don't forget to subscribe this blog by email to get notification about latest updates.(Subscribe button at top right corner & bottom of the page in Web Version)
Thanks
Aneesh....