This clause gives an overview of the authentication mechanism and cipher and integrity key generation which are invoked by the network. For the specification of the corresponding procedures across the USIM/ME interface see clause 5
The mechanism achieves mutual authentication by the user and the network showing knowledge of a secret key K which is shared between and available only to the USIM and the AuC in the user's HE. In addition, the USIM and the HE keep track of counters SQNMS
respectively to support network authentication. SQNHE
is a counter in the HLR/AuC, individual for each user and SQNMS denotes the highest sequence number the USIM has ever accepted.
When the SN/VLR initiates an authentication and key agreement, it selects the next authentication vector and sends the parameters RAND and AUTN (authentication token) to the user. Each authentication token consists of the following components: a sequence number SQN, an Authentication Management Field (AMF) and a message authentication code MAC over the RAND, SQN and AMF.
The USIM checks whether AUTN can be accepted and, if so, produces a response RES which is sent back to the SN/VLR. The SN/VLR compares the received RES with XRES. If they match the SN/VLR considers the authentication and key agreement exchange to be successfully completed. The USIM also computes CK and IK. The established keys CK and IK will be used by the ME to perform ciphering and integrity functions.
A permanent secret key K is used in this procedure. This key K has a length of 128 bits or 256 bits and is stored within the USIM for use in the algorithms described below. Also more than one secret key K can be stored in the USIM. The active key to be used by the algorithms is signalled within the AMF field in the AUTN.
The names and parameters of the cryptographic functions supported by the USIM are defined in TS 33.102
. These are:
a message authentication function for network authentication used to compute XMAC;
a message authentication function for support to re-synchronisation with the property that no valuable information can be inferred from the function values of f1* about those of f1, ..., f5, f5* and vice versa;
a message authentication function for user authentication used to compute SRES;
a key generating function to compute the cipher key CK;
a key generating function to compute the integrity key IK;
a key generating function to compute the anonymity key AK (optional);
a key generating function to compute AK in re-synchronisation procedures with the property that no valuable information can be inferred from the function values of f5* about those of f1, f1*, f2, ..., f5 and vice versa.
These cryptographic functions may exist either discretely or combined within the USIM.