33.1033G security3GPPIntegration guidelinesTS
For the purposes of the present document, the following definitions apply:
Authentication vector: either a quintet or a triplet.
Confidentiality: The property that information is not made available or disclosed to unauthorised individuals, entities or processes.
Data integrity: The property that data has not been altered in an unauthorised manner.
Data origin authentication: The corroboration that the source of data received is as claimed.
Entity authentication: The provision of assurance of the claimed identity of an entity.
GSM Entity authentication and key agreement: Entity authentication according to GSM 03.20.
GSM security context: a state that is established between a user and a serving network domain usually as a result of the execution of GSM AKA. At both ends "GSM security context data" is stored, that consists at least of the GSM cipher key Kc and the cipher key sequence number CKSN.
GSM subscriber: a mobile station that consists of user equipment with a SIM inserted.
Key freshness: A key is fresh if it can be guaranteed to be new, as opposed to an old key being reused through actions of either an adversary or authorised party.
Mobile station, user: the combination of user equipment and a user access module.
Quintet, UMTS authentication vector: temporary authentication data that enables an MSC/VLR or SGSN to engage in UMTS AKA with a particular user. A quintet consists of five elements: a) a network challenge RAND, b) an expected user response XRES, c) a cipher key CK, d) an integrity key IK and e) a network authentication token AUTN.
SIM – GSM Subscriber Identity Module. In a security context, this module is responsible for performing GSM subscriber authentication and key agreement. This module is not capable of handling UMTS authentication nor storing UMTS style keys.
Temporary authentication data: either UMTS or GSM security context data or UMTS or GSM authentication vectors.
Triplet, GSM authentication vector: temporary authentication data that enables an MSC/VLR or SGSN to engage in GSM AKA with a particular user. A triplet consists of three elements: a) a network challenge RAND, b) an expected user response SRES and c) a cipher key Kc.
User access module: either a USIM or a SIM
USIM – User Services Identity Module. In a security context, this module is responsible for performing UMTS subscriber and network authentication and key agreement. It should also be capable of performing GSM authentication and key agreement to enable the subscriber to roam easily into a GSM Radio Access Network.
UMTS Entity authentication and key agreement: Entity authentication according to this specification.
UMTS security context: a state that is established between a user and a serving network domain as a result of the execution of UMTS AKA. At both ends "UMTS security context data" is stored, that consists at least of the UMTS cipher/integrity keys CK and IK and the key set identifier KSI.
UMTS subscriber: a mobile station that consists of user equipment with a USIM inserted.
For the purposes of the present document, the following symbols apply:
Å Exclusive or
f1 Message authentication function used to compute MAC
f1* Message authentication function used to compute MAC‑S
f2 Message authentication function used to compute RES and XRES
f3 Key generating function used to compute CK
f4 Key generating function used to compute IK
f5 Key generating function used to compute AK in normal operation
f5* Key generating function used to compute AK for re-synchronisation
f6 Encryption function used to encrypt the IMSI
f7 Decryption function used to decrypt the IMSI (=f6-1)
f8 Integrity algorithm
f9 Confidentiality algorithm
f10 Deriving function used to compute TEMSI
K Long-term secret key shared between the USIM and the AuC
For the purposes of the present document, the following abbreviations apply:
AK Anonymity Key
AKA Authentication and key agreement
AMF Authentication management field
AUTN Authentication Token
AV Authentication Vector
CK Cipher Key
CKSN Cipher key sequence number
CS Circuit Switched
DSK(X)(data) Decryption of "data" with Secret Key of X used for signing
EKSXY(i)(data) Encryption of "data" with Symmetric Session Key #i for sending data from X to Y
EPK(X)(data) Encryption of "data" with Public Key of X used for encryption
EMSI Encrypted Mobile Subscriber Identity
EMSIN Encrypted MSIN
Hash(data) The result of applying a collision-resistant one-way hash-function to "data"
HE Home Environment
HLR Home Location Register
IK Integrity Key
IMSI International Mobile Subscriber Identity
IV Initialisation Vector
KACX Key Administration Centre of Network X
KSXY(i) Symmetric Session Key #i for sending data from X to Y
KSI Key Set Identifier
KSS Key Stream Segment
LAI Location Area Identity
MAP Mobile Application Part
MAC Message Authentication Code
MAC-A The message authentication code included in AUTN, computed using f1
MS Mobile Station
MSC Mobile Services Switching Centre
MSIN Mobile Station Identity Number
MT Mobile Termination
NEX Network Element of Network X
PS Packet Switched
Q Quintet, UMTS authentication vector
RAI Routing Area Identifier
RAND Random challenge
RNDX Unpredictable Random Value generated by X
SQN Sequence number
SQNUIC Sequence number user for enhanced user identity confidentiality
SQNHE Sequence number counter maintained in the HLR/AuC
SQNMS Sequence number counter maintained in the USIM
SGSN Serving GPRS Support Node
SIM (GSM) Subscriber Identity Module
SN Serving Network
T Triplet, GSM authentication vector
TE Terminal Equipment
TEMSI Temporary Encrypted Mobile Subscriber Identity used for paging instead of IMSI
Text1 Optional Data Field
Text2 Optional Data Field
Text3 Public Key algorithm identifier and Public Key Version Number (eventually included in Public Key Certificate)
TMSI Temporary Mobile Subscriber Identity
TTP Trusted Third Party
UE User equipment
UEA UMTS Encryption Algorithm
UIA UMTS Integrity Algorithm
UIDN User Identity Decryption Node
USIM User Services Identity Module
VLR Visitor Location Register
X Network Identifier
XEMSI Extended Encrypted Mobile Subscriber Identity
XRES Expected Response
Y Network Identifier
All data variables in this specification are presented with the most significant substring on the left hand side and the least significant substring on the right hand side. A substring may be a bit, byte or other arbitrary length bitstring. Where a variable is broken down into a number of substrings, the leftmost (most significant) substring is numbered 0, the next most significant is numbered 1, and so on through to the least significant.