Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Network switching subsystem
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=={{anchor|AuC}} Authentication center (AuC)== ===Description=== The '''authentication center''' (AuC) is a function to [[authentication|authenticate]] each [[SIM card]] that attempts to connect to the '''gsm''' core network (typically when the phone is powered on). Once the authentication is successful, the HLR is allowed to manage the SIM and services described above. An [[encryption key]] is also generated that is subsequently used to encrypt all wireless communications (voice, SMS, etc.) between the mobile phone and the GSM core network. If the authentication fails, then no services are possible from that particular combination of SIM card and mobile phone operator attempted. There is an additional form of identification check performed on the serial number of the mobile phone described in the EIR section below, but this is not relevant to the AuC processing. Proper implementation of security in and around the AuC is a key part of an operator's strategy to avoid [[SIM cloning]]. The AuC does not engage directly in the authentication process, but instead generates data known as ''triplets'' for the MSC to use during the procedure. The security of the process depends upon a [[shared secret]] between the AuC and the SIM called the ''K<sub>i</sub>''. The ''K<sub>i</sub>'' is securely burned into the SIM during manufacture and is also securely replicated onto the AuC. This ''K<sub>i</sub>'' is never transmitted between the AuC and SIM, but is combined with the IMSI to produce a [[Challenge–response authentication|challenge/response]] for identification purposes and an encryption key called ''K<sub>c</sub>'' for use in over the air communications. ===Other GSM core network elements connected to the AuC=== The AuC connects to the following elements: * The MSC which requests a new batch of triplet data for an IMSI after the previous data have been used. This ensures that same keys and challenge responses are not used twice for a particular mobile. ===Procedures implemented=== The AuC stores the following data for each IMSI: * the ''K<sub>i</sub>'' * Algorithm id. (the standard algorithms are called A3 or A8, but an operator may choose a proprietary one). When the MSC asks the AuC for a new set of triplets for a particular IMSI, the AuC first generates a random number known as ''RAND''. This ''RAND'' is then combined with the ''K<sub>i</sub>'' to produce two numbers as follows: * The ''K<sub>i</sub>'' and ''RAND'' are fed into the A3 algorithm and the signed response (SRES) is calculated. * The ''K<sub>i</sub>'' and ''RAND'' are fed into the A8 algorithm and a session key called ''K<sub>c</sub>'' is calculated. The numbers (''RAND'', SRES, ''K<sub>c</sub>'') form the triplet sent back to the MSC. When a particular IMSI requests access to the GSM core network, the MSC sends the ''RAND'' part of the triplet to the SIM. The SIM then feeds this number and the ''K<sub>i</sub>'' (which is burned onto the SIM) into the A3 algorithm as appropriate and an SRES is calculated and sent back to the MSC. If this SRES matches with the SRES in the triplet (which it should if it is a valid SIM), then the mobile is allowed to attach and proceed with GSM services. After successful authentication, the MSC sends the encryption key ''K<sub>c</sub>'' to the [[Base Station Subsystem#Base station controller|base station controller]] (BSC) so that all communications can be encrypted and decrypted. Of course, the mobile phone can generate the ''K<sub>c</sub>'' itself by feeding the same RAND supplied during authentication and the ''K<sub>i</sub>'' into the A8 algorithm. The AuC is usually collocated with the HLR, although this is not necessary. Whilst the procedure is secure for most everyday use, it is by no means hack proof. Therefore, a new set of security methods was designed for 3G phones. In practice, A3 and A8 algorithms are generally implemented together (known as A3/A8, see [[COMP128]]). An A3/A8 algorithm is implemented in Subscriber Identity Module (SIM) cards and in GSM network Authentication Centers. It is used to authenticate the customer and generate a key for encrypting voice and data traffic, as defined in 3GPP TS 43.020 (03.20 before Rel-4). Development of A3 and A8 algorithms is considered a matter for individual GSM network operators, although example implementations are available. To encrypt Global System for Mobile Communications (GSM) cellular communications A5 algorithm is used.<ref>{{cite book | title = A Comprehensive Guide to 5G Security | publisher = John Wiley & Sons Ltd. | first1 = Shahria | last1 = Shahabuddin | first2 = Sadiqur | last2 = Rahaman | first3 = Faisal | last3 = Rehman | first4 = Ijaz | last4 = Ahmad | first5 = Zaheer | last5 = Khan | year = 2018 | page = 12}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)