This clause gives an overview of the authentication mechanism and cipher and integrity key generation which are invoked by the network. For the specification of the corresponding procedures across the USIM/ME interface see
clause 5.
The mechanism achieves mutual authentication by the user and the network showing knowledge of a secret key K which is shared between and available only to the USIM and the AuC in the user's HE. In addition, the USIM and the HE keep track of counters SQN
MS and SQN
HE respectively to support network authentication. SQN
HE is a counter in the HLR/AuC, individual for each user and SQNMS denotes the highest sequence number the USIM has ever accepted.
When the SN/VLR initiates an authentication and key agreement, it selects the next authentication vector and sends the parameters RAND and AUTN (authentication token) to the user. Each authentication token consists of the following components: a sequence number SQN, an Authentication Management Field (AMF) and a message authentication code MAC over the RAND, SQN and AMF.
The USIM checks whether AUTN can be accepted and, if so, produces a response RES which is sent back to the SN/VLR. The SN/VLR compares the received RES with XRES. If they match the SN/VLR considers the authentication and key agreement exchange to be successfully completed. The USIM also computes CK and IK. The established keys CK and IK will be used by the ME to perform ciphering and integrity functions.
A permanent secret key K is used in this procedure. This key K has a length of 128 bits or 256 bits and is stored within the USIM for use in the algorithms described below. Also more than one secret key K can be stored in the USIM. The active key to be used by the algorithms is signalled within the AMF field in the AUTN.
The names and parameters of the cryptographic functions supported by the USIM are defined in
TS 33.102. These are:
f1:
a message authentication function for network authentication used to compute XMAC;
f1*:
a message authentication function for support to re-synchronisation with the property that no valuable information can be inferred from the function values of f1* about those of f1, ..., f5, f5* and vice versa;
f2:
a message authentication function for user authentication used to compute SRES;
f3:
a key generating function to compute the cipher key CK;
f4:
a key generating function to compute the integrity key IK;
f5:
a key generating function to compute the anonymity key AK (optional);
f5*:
a key generating function to compute AK in re-synchronisation procedures with the property that no valuable information can be inferred from the function values of f5* about those of f1, f1*, f2, ..., f5 and vice versa.
These cryptographic functions may exist either discretely or combined within the USIM.
To gain GSM access, the USIM provides the conversion functions c2 and c3. These functions derive the required GSM parameters (SRES, cipher key Kc) from available 3G parameters.
The security architecture as defined in
TS 31.101 applies to the USIM application with the following definitions and additions.
-
The USIM application shall use a global key reference as PIN and local key reference as PIN2. For access to DFTELECOM the PIN shall be verified. Access with PIN2 is limited to the ADF(USIM).
-
The only valid values for the usage qualifier are '00' (verification requirement is not used) and '08' (user authentication knowledge based (PIN)) as defined in ISO/IEC 7816-4 [20].
Disabling of PIN2 is allowed. This is, however, not the case if PIN2 is mapped to the CHV2 of a GSM application.