GSM Authentication ▪ the MS will send either an IMSI or a TMSI to the BSS. ▪ The BSS forwards the MSC/VLR ▪ The MSC/VLR forwards the IMSI to the HLR and requests verification of the IMSI as well as Authentication Triplets. ▪ The HLR will forward the IMSI to the Authentication Center (AUC) and request authentication triplets. ▪ The AUC generates the triplets and sends them along with the IMSI, back to the HLR.
Ali Alammori & Dr. Nizar Zarka
GSM Authentication ▪ The HLR validates the IMSI by ensuring it is allowed on the network and is allowed subscriber services. It then forwards the IMSI and Triplets to the MSC/VLR. ▪ The MSC/VLR stores the SRES and the Kc and forwards the RAND to the BSS and orders the BSS to authenticate the MS
▪ The MS uses the RAND to calculate the SRES and sends the SRES back to the BSS
Ali Alammori & Dr. Nizar Zarka
GSM Authentication
▪ The BSS forwards the SRES up to the MSC/VLR. ▪ The MSC/VLR compares the SRES generated by the AUC with the SRES generated by the MS. If they match, then authentication is completed successfully
Ali Alammori & Dr. Nizar Zarka
Ali Alammori & Dr. Nizar Zarka
A3- Authentication
A3 Input: o 128-bit RAND random
Ki
o Ki 128-bit private key
A3 Output: o 32-bit SRES signed response
Ali Alammori & Dr. Nizar Zarka
RAND Ki
A3
SRES
A8 Key Generator A8 Input: o 128-bit RAND random o Ki 128-bit private key
A8 Output: o 64-bit Kc Cipher Key
Ali Alammori & Dr. Nizar Zarka
RAND Ki
A8
Kc
Comp128 Comp128 Input: o 128-bit RAND random o Ki 128-bit private key
RAND Comp128 Output:
o 128-bit :
Ki
A3
the first 32-bit SERS the last 54-bit used as Kc after adding 10 zeros
Ali Alammori & Dr. Nizar Zarka
SRES kc
Comp128 ▪ Comp 128 is MAC function (Message Authentication Codes) ▪ We have 5 secret tables T0-512 Byte,T1-256 Byte,T2-128 Byte,T3-64 Byte and T4 -32 Byte ▪ Then there are 8 loops of the following compression function : Apply 5 rounds of table lookups and substitution using table T0 to T4.
Perform a permutation on the 128 output bits before next loop ,except in the last loop.
Ali Alammori & Dr. Nizar Zarka
Comp128 The pseudocode for the 5 rounds of substitutions :
for j := 0 to 4 for k := 0 to 2j-1 for l := 0 to 24-j-1 m := l + k * 25-j n := m + 24-j y := (x[m] + 2 * x[n]) mod 29-j z := (2 * x[m] + x[n]) mod 29-j x[m] := Tj[y] x[n] := Tj[z] end end end Ali Alammori & Dr. Nizar Zarka
With X -32 byte X[0..15]=Ki X[16 ..31]=RAND
Ali Alammori & Dr. Nizar Zarka
comp128 FormBitsFromBytes for j := 0 to 31 for k := 0 to 3 B[4 * j + k] := x[j]3-k end end pseudocode for permutation: if i < 8 for j := 0 to 15 for k := 0 to 7 x[j + 16]7-k := B[((8 * j + k) * 17) mod 128] end end end Ali Alammori & Dr. Nizar Zarka
With B -128 bit
comp128 ▪ After 8 loop we can extract SRES and Kc SRES := B[0..31] Kc := B[74..127] |00000000002