ASME-Access Security Management Entity
Architecture
- HSS/HE – Home Subscriber Server– Contains the User credentials and profile settings
- ME – Mobile Equipment – UE without UICC / USIM
- UICC – Universal Integrated Circuit Card – Smart Card used in UMTS and GSM
- (U)SIM – (UMTS) Subscriber Identity Module – Application in the UICC for (3G) 2G
EPS AKA
- AKA – Authentication and Key Agreement
- RAND – AKA: Random challenge
- AUTN – AKA: Authentication Token
- XRES – AKA: Expected Response
- E-AV – EPS Authentication Vector – Contains: AUTN, XRES, KASME, RAND
IDENTITY
- IMSI – International Mobile Subscriber Identity (user id)
- IMEI – International Mobile Equipment Identity (device id)
- GUTI – Globally Unique Temporary Identity– Similar to P-TMSI in UMTS but longer
Identifiers
GUTI : ID which uniquely identifies a UE in EPS without revealing the users permanent ID. GUTI is allocated by a MME which can be used to
- Uniquely identify the MME which allocated the GUTI
- Uniquely identify the UE within the MME that allocated the GUTI
GUTI = GUMMEI + M-TMSI
Where
GUMMEI
GUMMEI: Globally unique MME Identifier which is used to identify a MME uniquely
GUMMEI
GUMMEI: Globally unique MME Identifier which is used to identify a MME uniquely
GUMMEI = MCC+MNC+MME Identifier
MME Identifier(MMEI) = MME Group ID(MMEGI)+MME Code(MMEC)
The MMEC provides a unique identity to an MME within the MME pool,
while the MMEGI isused to distinguish between different MME pools.
while the MMEGI isused to distinguish between different MME pools.
TMSI:
The TMSI is a temporary number used instead of the IMSI to identify an MS. (8 digits)
Mapping of the TMSI to the IMSI is done by the network and is typically handled by the VLR
Note:
IMSI is sent only when necessary, for example
- when the SIM is used for the first time
- when there is data loss at VLR
TAI: Tracking Area Identity
IMSI <=15 digits
The Serving Network identity i.e. MCC + MNC
Network Type : E-UTRAN
Similar to UMTS AKA, EPS AKA is also based on the shared key K between USIM and the networks.
Steps involved
1.Identity Request
2.AKA Procedure
3.Key Derivation
No comments:
Post a Comment