G.S.M IDENTITY AUTHENTICATION
This is based on the use of a challenge response protocol through which the fixed network authenticates the identity of mobile subscribers. It is also to manage and establish encryption keys in the process of providing confidentiality services.
When a Mobile Station (MS) first signs on to a network. A 128-bit random number (Rand) is sent to the MS. The MS computes the 32-bit signed response (SRES) to rand using a one-way function A3 under control of a subscriber authentication key (Ki) is never transmitted over the radio channel. The Key (Ki) is unique to the subscriber being shares only between the subscriber’s home network HLR and the subscriber’s SIM.
The value of SRES computed by the MS with the A3 algorithm using the given challenge and the Ki residing in the SIM is signaled to the network for comparison with the SRES in the HLR. If the received SRES value tallies with the calculated value the mobile subscribers is authenticated and the call is allowed to proceed. If the values are different then access is denied.
The same mechanism is also used to establish a cipher key (Kc) to encrypt the user and signaling data on the radio path. The MS to compute the key uses a one-way function A8 again under the control of the subscriber authentication key (Kc). It is also pre-computed for the network by the authentication exchange both parties possess a fresh cipher key kc.
A network never re-uses a challenge once it is sent from the home network’s authentication center to visit networks on demand. The same pre-computed triples (Rand, SRES, Kc) held by the fixed networks for a particular subscriber cannot be sent to two distinct networks. The authentication algorithm, which is a combination of the functions A3, A8 to form a single algorithm A3/8 simultaneously, computes SRES and kc from RAND and ki. This algorithm is available only in the authentication centre and the MS that the AUC serves.
Another security procedure is to check the equipment identity. The network is able to identify all mobile devices accessing its network. It checks if the device is stolen, defective or if the RF quality has fallen below the recommended specifications or for some other reasons. Each of the mobile telephone has a unique international mobile equipment identity (IMEI) number. It is usually written in a BAR code in the place where the battery of the device is adapted. With the IMEI the network can check if the device is allowed to connect to it.
The IMEI is described as: 15digits unique code that is used to identify the GSM phones to a GSM network. When a phone is switched on this unique IMEI number is transmitted and checked against a database of blacklisted phones in the network’s equipment identity register EIR where all IMEI’s are kept.
Mobile phone unblocking codes are used to identify the owner of the mobile phone. The main purpose of the IMEI is to make sure that there are no stolen or unauthorized mobile phones used in the GSM network. In the EIR, the devices are kept in three categories.
* White List – for all the devices that can freely connect to the network.
* Grey List – for all the questionable devices. The MS can connect to the network but there may be problems with the equipment. Either way it should be investigated.
* Black List – for the devices that the connection in the network is no allowed. A device will be in the black list after it has been reported stolen to the company by their legal subscriber. So, connection to the network is allowed only after the IMEI’s check from the EIR database. i.e. if IMEI number of the mobile is authorized in the EIR, the MS is allowed to connect to the network.
EQUIPMENT IDENTIFICATION PROCESS
The equipment Identification Process starts with the MSC/VLR requesting for the IMEI from the MS. In response, the MS sends its identity, when it is positively checked, the EIR allows the MS to proceed further with the call. The MS is not allowed to continue with the call if the equipment identity does not match with the stored value of the identity in the register.
An IMEI is initiated by the MSC/VLR combination as a result of MS requesting a call set up. Upon receiving the IMEI request, the MS sends the equipment identification to the MSC/VLR, which subsequently checked against the stored value in the EIR.