Skip navigation.
Home
3gppdecoder.free.fr
Home

Notes about security

UMTS security context
The UMTS security context consists of an authentication vector (quintet): MAC, XRES, CK, IK, AK (33.102 figure 7)
The authentication vector is derived from RAND, a random number, and K, the secret key stored on the USIM. For MAC, 2 additional parameters are required: AMF (authentication management field, stored on the USIM) and SQN (sequence number, derived from the sequence number of the PDU received from the network)
The functions f1, f2, f3, f4, f5 are used to derive the Authentication vector. see figure 7 and 9 in 33.102.
In section 6.3.2:
- a message authentication code MAC = f1K(SQN || RAND || AMF) where f1 is a message authentication function;
- an expected response XRES = f2K (RAND) where f2 is a (possibly truncated) message authentication function;
- a cipher key CK = f3K (RAND) where f3 is a key generating function;
- an integrity key IK = f4K (RAND) where f4 is a key generating function;
- an anonymity key AK = f5K (RAND) where f5 is a key generating function.
Finally the authentication token AUTN = SQN * AK || AMF || MAC is constructed.

The key generation function can be different:
UMTS Test: 34.108 section 8.1.2.1. Simple XOR of K and RAND and bitshift to obtain CK and IK
Milenage: 35.206: code in Annex 3, optimized code in Annex 4

MAC/I for UMTS: f9 (see 33.102 figure 16). f9 defined in 35.201.

Mapping between GSM security context and UMTS security context
GSM security context consists of the triplets RAND, SRES and Kc.
The GSM authentication and key agreement is defined in the 03.20. Note that the secret key is called Ki there, while it is called K in the 33.102.

When mapped from a UMTS security context (33.102 section 6.8.1.2):
c1: RAND[GSM] = RAND
c2: SRES[GSM] = XRES*1 xor XRES*2 xor XRES*3 xor XRES*4
c3: Kc[GSM] = CK1 xor CK2 xor IK1 xor IK2

When mapped from a GSM security context:
33.102 section 6.8.2.3
c4: CK[UMTS] = Kc || Kc;
c5: IK[UMTS] = Kc1 xor Kc2 || Kc || Kc1 xor Kc2;
Note that many network still use GSM security context (example in India).

Mapping between EPS security context and UMTS security context
The 33.401 defines the EPS security context and key derivation during mobility to and from LTE.
Derivation of CK and IK using the key derivation function with different inputs for the following cases:
A.8 KASME to CK', IK' derivation at handover
A.9 NAS token derivation for inter-RAT mobility
A.10 K’ASME from CK, IK derivation during handover
A.11 K’ASME from CK, IK derivation during idle mode mobility
A.12 KASME to CKSRVCC, IKSRVCC derivation
A.13 KASME to CK', IK' derivation at idle mobility

33.220 B2 Generic Key derivation function
Specification of the key derivation function KDF

3GPP link to security algorithms:
http://www.3gpp.org/Confidentiality-Algorithms