USIM Authentication

Cellular network technologies is still in it's evolution from 1G, 2G, 3G, 3.5G, and now reaching 4G. Mobile phones have become the most famous communication tools.

The usage of a mobile phone also increase from it's previous function to deliver voice and clear text. Now the mobile phones can also provide enterainment, multimedia messaging service,
mobile internet access, location based services, and so on.

Based on the data behaviour, 3G services can be described as follows :

- Conversation, such as voice, video telephony, video gaming
- Streaming, such as multimedia, video on demand, webcast
- Interactive, such as web browsing, network gaming
- Background, such as Email, SMS

As the services of 3G Mobile Phones has increase, the security of data also has become critical issue. Security mechanism in 3G Network is not just about subcriber authentication into the network. But it is also about how to secure 3G Services run on the network.

In this article, I will describe how a USIM application can be authenticated into 3G Network.
Authentication will perfomed in challenge - respond method combined with key establishment
for network authentication.

Initialization

After UICC activation the ME will SELECT USIM application in EF DIR. If no USIM application is listed or EF DIR not exist, then the ME will try ro select GSM application.

After a successful USIM application selection, the USIM AID (Application Identifier)
will stored in USIM. The last activated USIM application will remain in UICC until the UICC is reset.

UICC

Is a physical processor chip where USIM application reside. Usually the memory capacity to store USIM application are range from 64K to 256K.

Application Selection

USIM is an application reside in UICC card. It contain many security parameters needed for an UICC to access into UMTS network.USIM will perform some related security procedures before a 3G Subscriber can gain access into the network. I will describe just some of them.

1. Authentication algorithm computation.
The ME will select a USIM application using AUTHENTICATE command and
the response is sent back to ME. In 3G context is used when 3G authentication
variables are available such as RAND, XRES, CK, IK, AUTN.

2. IMSI Request
The ME perform READ procedure on EF IMSI.
This is also the procedure of User Identity request.

3. Access Control information request.
The ME perform READ procedure on EF ACC.

4. Higher Priority PLMN search period request.
The ME perform READ procedure on EF HPPLMN

5. Location Information
In this procedure, the ME perform request and update activity
which ME perform READ procedure on EF Keys. And the ME also
perform UPDATE procedure with EF Keys.

6. Forbidden PLMN
Also in this procedure, the ME perform request and update activity
on EF PLMN.

7. GSM Chiper Key
This procedure will be performed if service n 27 in UST ( USIM Service Table )
is available. The request and update procedure is on EF KC.

8. GPRS Chiper Key
This procedure will be performed if service n 27 in UST ( USIM Service Table )
is available. The request and update procedure is on EF KCGPRS.

Service n 27 in EF UST is where GSM Access Service

9. Initialization value of Hyperframe number
The ME perform READ and UPDATE procedure on EF START-HFN

10. Maximum value of START.
The ME perform READ procedure on EF THRESHOLD.

11. HPLMN Selector with Access Technology Request
The ME perform READ procedure on EF HPLMN w ACT

12. Packet Switch Location Information
The ME perform READ and UPDATE procedure on EF PSLOCI

13. Chiper and Integrity key for Packet Switch Domain
The ME perform READ and UPDATE procedure on EF KeysPS

14. LSA Information.
This procedure will be performed by the ME if service n 23
in EF UST is activated. The ME performs READ procedure with
EF SAI, EF SLL and it's associated LSA Descriptor files
and UPDATE procedure with EF SLL.

15. Voice Group Call Services.
This procedure will be perfomed by the ME if service n 57
in EF UST is activated.

Voice group call service
The ME perform READ procedure with EFVGCSS

Voice group call service status
The ME perform READ and UPDATE procedure on EFVGCSS

17. Voice broadcast services
This procedure will be perfomed by the ME if service n 58
in EF UST is activated.

Voice group call service
The ME perform READ procedure with EFVBS

Voice group call service status
The ME perform READ and UPDATE procedure on EFVBS

Source : Universal Mobile Telecommunications System (UMTS); LTE; Characteristics of the Universal Subscriber Identity Module (USIM) application (3GPP TS 31.102 version 8.6.0 Release 8)