Security Information

Security Information

Last updated: October 30, 2013

This section is only applicable to the lab application.

   
NOTE
Authentication and Ciphering procedure requires a special licence.
   

You can specify which security procedure (Authentication or ciphering) is performed using the Security Info setting. Authentication and ciphering procedure are described in 3GPP TS 24.008, 33.102, 42.009, 43.020.

   
NOTE
Authentication and Ciphering procedure can causes higher rate throughput when it turns on depending on the protocol processor.
   

Authentication

The authentication procedure checks the validity of a subscriber's SIM card to ensure that the MS is allowed to use network resources. During Authentication, the network challenges the MS which attempting to connect to it and sends an authentication request which contains a random number(RAND). The MS then runs the Authentication Algorithm(A3) using Ki and RAND as input parameters and returns the result, signed response(SRES) to the network. A3 and Ki are stored securely and never sent over the air interface(Um). On receipt of the SRES, the network tests to see if this is the expected response. If it is the expected response, MM/GMM procedure processing continues, otherwise the network simply rejects the connection or bar the SIM.

Configurable Parameters

You can set the following parameters before an authentication procedure is started:

  • Authentication State

    When this parameter is set to ON, the test set will perform an authentication challenge to the MS. If the authentication challenge is successful, the required MM or GMM procedure connection proceeds as normal, otherwise an AUTHENTICATION ERROR message is generated and the service request is rejected. For GPRS, Authentication only performed during Attach or Routing Area Update procedure.

    The GPIB command to set the Authentication parameter is CALL:SECurity:AUTHenticate:STATe .

  • Random(RAND) Value

    RAND is a 128 bit random number used as a challenge to MS in an authentication request.

    The GPIB command to set the Random(RAND) Value is CALL:SECurity:AUTHenticate:RANDom[:SELected] .

  • XRESThe Authentication Algorithm is implemented on per network and SIM card basis. There is no way that all the Authentication Algorithm variations of network SIM and test SIMs could be supported. In order to avoid implementing multiple A3 algorithms, the test set supports input of the expected response(XRES). When authentication is enabled, the test set compares the SRES sent from the MS with the input XRES. If they don't match, an AUTHENTICATION FAILED error message is reported and action is taken depend on the user selection of ACTION ON FAILSURE. The test SIM uses the A3 algorithm defined in 3GPP TS 34.108.

    The GPIB command to set the XRES Value is CALL:SECurity:AUTHenticate:XRESult[:SELected] .

  • Circular Authentication Timer

    This setting controls whether and how often the test set repeatedly sends Authentication Request to the UE. This setting can only be enabled when Authentication State is On .

    • when set to 0, no circular Authentication Request is sent to the UE.
    • when set to t (t=1 to 8), another Authentication Request is sent to the UE after t second since receiving Authentication Response.

    This parameter is only applicable in the Active Cell operating mode.

    GPIB command: CALL:SECurity:AUTHenticate:CIRCular:TIMer .

Authentication Results

The authentication results are reported by the test set include:

  • Success
  • Synch Failure
  • Unknown
  • RES Does Not Match

Authentication results are reported separately for the packet switched(PS) and circuit switched(CS) domains:

Ciphering

When Authentication is complete, ciphering of data transferred between MS and network can be achieved. During Ciphering, the raw data and the Ciphering Key(Kc) are used as the input to the Ciphering Algorithm. Then the resultant data is transmitted over the air interface and decrypted using the same algorithm and ciphering key at the other end.

You can set the following parameters before an ciphering procedure is started:

  • Ciphering Key(Kc)

    Ciphering Key is a 64 bit number used as an entry parameter to the selected encryption algorithm.

    The GPIB command to set the Ciphering Key(Kc) is CALL:SECurity:CIPHering[:KEY] .

  • Cipher Key Sequence Number (CKSN)

    The CKSN can be used by the test set to indicate the Kc stored within the MS to use for ciphering. See 3GPP TS 24.008 section 10.5.1.2 for more details.

    The GPIB command to set the CKSN is CALL:SECurity:CIPHering:CKSNumber .

  • GSM Ciphering Algorithm

    GSM Ciphering Algorithm determines which ciphering algorithm is used for GSM voice or circuit switched data.

    The GPIB command to set the GSM Ciphering Algorithm is CALL:SECurity:CIPHering:GSM:ALGorithm .

  • GPRS Ciphering Algorithm

    GPRS Ciphering Algorithm determines which ciphering algorithm is used for GPRS packet switched data.

    The GPIB command to set the GPRS Ciphering Algorithm is CALL:SECurity:CIPHering:GPRS:ALGorithm .

   
NOTE
The A5/3 encryption and GEA3 Encryption have not been fully tested.
   

How Do I Configure the Authentication and Ciphering State?

This procedure is only applicable to the EGPRS lab application. This procedure describes how you manually configure the ARAC Control parameters in the test set.

  1. Press the CALL SETUP screen key.
  2. Press More on the bottom left side of the screen until menu 3 of 3 of Control is displayed.
  3. Press Security Info ( F3 ).
  4. Press Authentication Parameters ( F1 ). This displays the Authentication Parameters menu.
  5. To change a parameter in this menu, use the knob to scroll to, highlight, and change the parameter settings.
  6. Press Close Menu ( F6 ) and then press Authentication Parameters ( F1 ). This displays the Ciphering Parameters menu.
  7. To change a parameter in this menu, use the knob to scroll to, highlight, and change the parameter settings.

Operating Considerations

The Security Information parameters are only available when the operating mode is set to Active Cell .

When Authentication is enabled, the call setup and GMM Attach procedures will take slightly longer.

When Ciphering is enabled, as more processing time will be required to run the Ciphering Algorithm. This may have an impact on maximum data throughput and the increased processor load may effect WPA logging.

The Security Information parameters can be changed after the security procedure started. And if the ciphering procedure is active, you can still change the algorithm.