CDMA Authentication

The first digital cellular technology is known as Interim Standard 95 (IS- 95) which was introduced by Qualcomm. It is a 2G Mobile Tellecommunication Standard that use CDMA technology which has multiple access scheme for digital radio, to send voice, data, and signalling.

Today many of the CDMA subscribers use Removeable User Identity Module or RUIM card inside their Mobile Phones. RUIM Card hold data those needed by subscriber to be authenticated into the network. Authentication is process to validate subscribers that done by the network. Just like if you go back home from a long vacation in the midnight, maybe your parrents, or your wife will ask you some questions to you before they really sure that it is really you and then let you in.

Subscriber Authentication

IMSI_M is an MIN based IMSI which uses the lower 10 digits to store the MIN. IMSI_M is used in IS-95A system. IMSI_M is a true IMSI which similar to IMSI for GSM which used in IS-95B system. In the authentication process if IMSI_M is personalized, the "MIN" part of IMSI_M will be used as parameter input for authentication calculation. Together with A-Key and RANDSSD, ESN is input for CAVE Algorithm (Cellular Authentication and Voice Encryption)
to generate 128 bit SSD (Shared Secret Data). SSD has two parts which is 64 bit SSD_A for creating authentication signatures, and 64 bit SSD_B for creating keys to encrypt voice and data message.

In CDMA network, the Mobile Station use SSD_A and the broadcast RAND as input for CAVE Algorithm to generate 18 bit Authentication Signature (AUTH_SIGNATURE), and send it to the Base Station. Base on this Authentication Signature, the Base Station will verify that the subscriber is authorized.

If IMSI_T is personalized, the 32 bit subset of IMSI_T will be used for authentication. IMSI is usually 15 digits long.

The following data is the minimum requirement for a RUIM card to be authenticated into the network :

IMSI_M, International Mobile Subscriber Identifier
MIN based IMSI, using the lower 10 digits to store MIN. Mobile Identification Number (MIN) it self is 34 bit number of digital representation of 10 bit number that assigned to a Mobile Phone.

IMSI_T
This is the true IMSI no associated with MIN. Just like IMSI in GSM system it contain 15 digits or fewer.

CDMA Home SID/ NID, System ID/ Network ID
This 5 bytes identifies SID and NID when the Mobile Station operates in CDMA mode. This is a unique number to identify a network in a wireless system.

PRL (Preferred Roaming List)
PRL is a database used during the CDMA Subscriber authentication into the network. It contain additional parameters such as bands, sub bands, and network provider identifier.

A-Key
A-Key is a 64 bit key stored in the RUIM and HLR/ AuC. It's used to generate or update Mobile Phone's Shared Secret Data.

References :
3GPP2 C.S0023-C, Removeable User Identity Module for Spread Spectrum System, Version 1.0, May 2006
www.gsm-security.net