6.8 Security Function

03.603GPPGeneral Packet Radio Service (GPRS)Release 1998Service descriptionStage 2TS

The Security function:

– Guards against unauthorised GPRS service usage (authentication and service request validation).

– Provides user identity confidentiality (temporary identification and ciphering).

– Provides user data confidentiality (ciphering).

6.8.1 Authentication of Subscriber

Authentication procedures already defined in GSM shall be used, with the distinction that the procedures are executed from the SGSN. The GPRS Authentication procedure performs subscriber authentication, or selection of the ciphering algorithm and the synchronisation of the start of ciphering, or both. Authentication triplets are stored in the SGSN. The MSC/VLR shall not authenticate the MS via the SGSN upon IMSI attach, nor location update, but may authenticate the MS during CS connection establishment. Security-related network functions are described in GSM 03.20 [6].

The Authentication procedure is illustrated in Figure 23. Each step is explained in the following list.

Figure 23: Authentication Procedure

1) If the SGSN does not have previously stored authentication triplets, a Send Authentication Info (IMSI) message is sent to the HLR. The HLR responds with a Send Authentication Info Ack (Authentication Triplets) message. Each Authentication Triplet includes RAND, SRES, and Kc.

2) The SGSN sends an Authentication and Ciphering Request (RAND, CKSN, Ciphering Algorithm) message to the MS. The MS responds with an Authentication and Ciphering Response (SRES) message.

The MS starts ciphering after sending the Authentication and Ciphering Response message. The SGSN starts ciphering when a valid Authentication and Ciphering Response is received from the MS. In the routeing area update case, if ciphering was used before the routeing area update, and if the Authentication procedure is omitted, then the SGSN shall resume ciphering with the same algorithm when a ciphered Routeing Area Update Accept message is sent, and the MS shall resume ciphering when a ciphered Routeing Area Update Accept message is received. If the SGSN cannot determine the HLR address in order to establish the Send Authentication Info dialogue, the Authentication Procedure fails.

6.8.2 User Identity Confidentiality

A Temporary Logical Link Identity (TLLI) identifies a GPRS user. The relationship between TLLI and IMSI is known only in the MS and in the SGSN. TLLI is derived from the P‑TMSI allocated by the SGSN or built by the MS as described in subclause "NSAPI and TLLI".

The SGSN may reallocate the P‑TMSI at any time when the MS is in READY state. The reallocation procedure can be performed by the P‑TMSI Reallocation procedure, or it can be included in the Attach or Routeing Area Update procedures.

6.8.2.1 P‑TMSI Signature

P‑TMSI Signature is optionally sent by the SGSN to the MS in Attach Accept and Routeing Area Update Accept messages. If the P‑TMSI Signature has been sent by the SGSN to the MS since the current P‑TMSI was allocated, then the MS shall include the P‑TMSI Signature in the next Routeing Area Update Request and Attach Request for identification checking purposes. In the Attach and Routeing Area Update procedures, the SGSN shall compare the P‑TMSI Signature sent by the MS with the signature stored in the SGSN. If the values do not match, the SGSN should use the security functions to authenticate the MS. If the values match or if the P‑TMSI Signature is missing, the SGSN may use the security functions to authenticate the MS. The P‑TMSI Signature parameter has only local significance in the SGSN that allocated the signature.

If ciphering is supported by the network, the SGSN shall send the P‑TMSI Signature ciphered to the MS. Routeing Area Update Request and Attach Request, into which the MS includes the P‑TMSI Signature, are not ciphered.

6.8.2.2 P‑TMSI Reallocation Procedure

The P‑TMSI Reallocation procedure is illustrated in Figure 24. Each step is explained in the following list.

Figure 24: P‑TMSI Reallocation Procedure

1) The SGSN sends a P‑TMSI Reallocation Command (new P‑TMSI, P‑TMSI Signature, RAI) message to the MS. P‑TMSI Signature is an optional parameter that the MS, if received, shall return to the SGSN in the next Attach and Routeing Area Update procedures.

2) The MS returns a P‑TMSI Reallocation Complete message to the SGSN.

6.8.3 User Data and GMM/SM Signalling Confidentiality

6.8.3.1 Scope of Ciphering

In contrast to the scope of ciphering in existing GSM (a single logical channel between BTS and MS), the scope of GPRS ciphering is from the ciphering function at the SGSN to the ciphering function in the MS.

Ciphering is done in the LLC layer, and from the perspective of the existing GSM MS-BTS radio path, an LLC PDU is transmitted as plain text.

Figure 25: Scope of GPRS Ciphering

6.8.3.2 GPRS Ciphering Algorithm

A ciphering algorithm to be used for GPRS ciphering shall be selected. A new ciphering algorithm may be designed. GSM 01.61 [2] contains the requirements for the GPRS ciphering algorithm. The TDMA frame number is not known at the SGSN. Therefore, a Logical Link Control frame number may replace the TDMA frame number as an input to the algorithm.

The standard key management procedures for the Kc shall be used.

6.8.4 Identity Check Procedures

MS identity check procedures already defined in GSM shall be used, with the distinction that the procedures are executed from the SGSN.

The Identity Check procedure is illustrated in Figure 26. Each step is explained in the following list.

Figure 26: Identity Check Procedure

1) The SGSN sends Identity Request (Identity Type) to the MS. The MS responds with Identity Response (Mobile Identity).

2) If the SGSN decides to check the IMEI against the EIR, it sends Check IMEI (IMEI) to EIR. The EIR responds with Check IMEI Ack (IMEI).