1.1 Authentifizierung - Challenge and Response

Authentication of the Subscriber

Authentication is the corroboration that an entity is the one claimed or, in this context, the verification of the identity of the SIM card. The user authenticates itself to the SIM card with its PIN, and the SIM card authenticates to the network with cryptographic strong authentication algorithm. Subscriber authentication is of major interest to each operator (protect the network against unauthorized use, correct billing, preventing masquerading attacks). The authentication algorithm in GSM is denoted as A3 and is implemented in the Authentication Center (AC) of the home network, i. e. the Home Public Lands Mobile Network (HPLMN), and in the SIM. The method employed between HLR/AC and a SIM is a Chellenge-Response mechanism using cryptographic secure random numbers. Thereby, a 128-bit authentication key Ki is used, which is kept in the SIM card (subscriber side) and in the AC (network side). The animation shows the basic procedure for the authentication of the SIM by the network. After establishing the identity of the SIM, the VLR sends an authentication request to the network. This request contains the IMSI (or TMSI) which is needed to retrive the secret on the network side (which is an individual subscriber authentication key Ki). The network then generates a non-predictable 128-bit random number RAND which is sent to the MS as a chellenge (via the VLR). This chellenge changes each time the protocol is run. To compute the Signed RESponse SRES to the chellenge RAND, the SIM uses the algorithm A3 with RAND and the key Ki (stored in the SIM) as input data. The algorithm A3 ia actually an one-way function with a 32-bit output SRES. SRES is then transmitted to the VLR (which may be in a foreign network). There it is compared with the value SRES computed by the home network which is received by the AC. The AC has used the same RAND and the key Ki which is associated with the identity claimed by the subscriber. The MS is granted access to the network by the VLR only if the value of SRES received from the MS equals the value received for SRES from the HLR/AC. Only in this case it can be assumed that the SIM is in possession of the right subscriber key Ki and that its identity is the one claimed. The authentication process takes less then 500 ms. When a user has moved to a new VLR, the new VLR will normally establish the subscriber’s identity by requesting the IMSI from the old VLR. Note that the individual subscriber keys are not transmitted over the network - they are only used in the challenge-response protocol for authentication and key agreement.

IMSI: International Mobile Subscribing Identity

TMSI: Temporary Mobile Subscribing Identity

Ki: geheimer Schlüssel des Mobilfunkteilnehmers (128 Bit)

RAND: Zufallsbitfolge / Challenge (128 Bit)

SRES / SRES': Response (32 Bit)

SRES = A3(Ki, RAND)

Der Algorithmus A3 sollte eine gute Einwegfunktion sein. Er ist nicht europaweit standardisiert.