Professional Documents
Culture Documents
HLR
The process
Imsi sent to msc. MSC sends imsi to HLR/AUC for authentication which has (ki+imsi)over SAI(mentioning the number of requested vectors) AUC generates RAND and then using a3 (authentication) algorithm calculates SRES AUC uses a5 to generate Kc(rand+ki-----kc) and sends the triplet back to msc mSCs sends the RAND from triplet to MS. MS does the same process and calculates the sres Sres is matched with the previous sres.. If matches ..allowed to lu.
2G Authentication Flow
The MSC/VLR compares the SRES reported by the UE and the XRES provided by the AuC. If the SRES is the same as XRES, the MSC/VLR passes the authentication and sends a SECURITY MODE COMMAND message to start the encryption flow. The message carries the encryption and integrity protection algorithms supported by the MSC/VLR. The RNC chooses a common algorithm from the algorithms supported by the MSC/VLR, UE, and nodeB to start encryption and integrity protection, and then sends a SECURITY MODE COMPLETE message to the MSC/VLR. If there is no common algorithms among the algorithms supported by the MSC/VLR, UE, and nodeB and the network is not ready to use an unencrypted connection, the RNC ends a SECURITY MODE REJECT message to the MSC/VLR. At this point, the network access of the UE is complete.
Contd..
The VLR compares the value of SRES returned by the UE with the value of XRES computed by the AuC.
If the values are different, the VLR returns an authentication reject response to the UE. After receiving the message, the UE determines that the subscriber is illegal, and that authentication fails. If the values are the same, it indicates that the network succeeds in performing authentication. Then the VLR send to a response message that contains service acceptance or location update acceptance information to the UE. The UE continues the following authentication for the network side.
The UE computes the authentication parameters XMAC and SQNms of the UE side based on RAND and AUTN returned by the VLR, and then compares them with MAC and SQNhe in AUTN respectively.
If MAC is not equal to XMAC, it indicates that the UE fails to perform the validity check for the network, and that authentication fails. The VLR sends an Authentication failure message to the AuC. If the difference between SQNms and SQNhe is not in an acceptable range, it indicates that the UE fails to perform the effectiveness check for the network. The VLR originates a re-synchronization flow to the AuC. The re-synchronization flow is similar to the authentication set request flow. The difference is that the MAP_SEND_AUTHENTICATION_INFO message contains the re-synchronization information of AUTS and RAND that requires the AuC to synchronize. After receiving the re-synchronization message, the AuC computes MAC based on RAND in the message. Then the AuC compares MAC with MAC-S in the AUTS to determine whether the re-synchronization is legal. After that, the AuC adjusts its SQNhe based on the value of SQNms in the AUTS, and computes a group of authentication values to the VLR. The VLR uses these values to originate authentication flow again, and returns AUTN and RAND to the UE. Step 3 and Step 4 are repeated in the following flow. If both the validity check and the effectiveness check succeed, the authentication is successful