Information

System

Security Management

A50016-D3102-C920-1-7629
Security Management Information
System

Trademarks:
All designations used in this document can be trademarks, the use of which by third parties for their
own purposes could violate the rights of their owners.

Copyright (C) Siemens AG 2000.

Issued by Information and Communication Mobile

Hofmannstraße 51
D-81359 München

Technical modifications possible.

Technical specifications and features are binding only insofar as
they are specifically and expressly agreed upon in a written contract.

2 A50016-D3102-C920-1-7629
Information Security Management
System

Reason for Update

Summary:
New document with a description of security management in the SGSN.

Issue History
Issue Date of issue Reason for Update
Number

01 05/2001 New version.

A50016-D3102-C920-1-7629 3
Security Management Information
System

4 A50016-D3102-C920-1-7629
Information Security Management
System

This document consists of a total of 16 pages. All pages are issue 1.

Contents
1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2 Mode of Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1 Security Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2 Security Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3 Call Charge Registration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

4 Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

5 Compatibility with other Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

A50016-D3102-C920-1-7629 5
Security Management Information
System

6 A50016-D3102-C920-1-7629
Information Security Management
System

1 Definition
The GPRS profile can also be assigned to mobile subscribers who are subscribed to the
GSM PLMN.
– Subscription to the Public Land Mobile Network (PLMN) allows them to use circuit
switched services.
– Subscription to the General Packet Radio Service (GPRS) profile allows them to ac-
cess the IP network for packet oriented services.
For both subscriptions network access is provided via a GSM base station controller
(BSC) as shown in Fig. 1.1. And as a high level of security is ensured in the PLMN for
both the user information and the signaling data, the same security-related functions
protect the subscriber when accessing the serving GPRS support node (SGSN). These
functions are classified under security management and avoid misusing the SGSN on
the one hand and on the other hand they guarantee the subscriber’s integrity for packet
oriented services, namely
– subscriber authentication
– user data confidentiality (ciphering)
– subscriber identity confidentiality
Subscriber authentication prevents unauthorized access to the network and its ser-
vices by verifying the identity of a mobile GPRS subscriber before allowing him access.
To this end, a personal authentication key is signed by the mobile station (MS) and re-
turned.
In addition, access rights violations and failing authentications are locally logged in se-
curity records and reported via notifications to a remote center for postprocessing.
Ciphering ensures the mobile GPRS subscriber privacy by confidentially transmitting
both data packets and associated signaling data on the radio path. To this end, a binary
combination of this data and a ciphering bit stream is transmitted through the air.
Subscriber identity confidentiality prevents an intruder from identifying a mobile
GPRS subscriber when monitoring the exchange of signaling data on the radio path. To
this end, a temporary allocated number is used between the MS and the SGSN for iden-
tification; this number changes each time the subscriber accesses another location ar-
ea.
However, if during initial access the SGSN cannot encounter the subscriber’s data
record via his temporary number, the MS will be requested to send the international mo-
bile subscriber identity (IMSI).

MS BSC

Gb
GPRS

SGSN

Gr
HLR/AC

Fig. 1.1 SGSN interfaces involved for security management

A50016-D3102-C920-1-7629 7
Security Management Information
System

As far as security management is concerned the following interfaces are involved for
handling the appropriate messages (see Fig. 1.1).
– Via the Gb-interface service requests from mobile stations (MSs) are sent to the
serving GSN where the subscriber’s identity is verified and security parameters are
checked before giving access to the network. Messages are exchanged as recom-
mended in GSM 08.64.
– The SGSN directly interfaces (Gr) with the home location register/authentication
center (HLR/AC) in order to retrieve the subscription data about the mobile subscrib-
er concerned and to provide location information. Messages at the Gr-interface com-
ply with GSM Recommendation 09.02.
– If a mobile station leaves the area of an SGSN, all active PDP contexts of the MS
have to be moved from the old SGSN to the new SGSN via the Gn-interface as rec-
ommended in GSM 09.60.

2 Mode of Operation
When a mobile subscriber activates his station in an SGSN area, the BSC will send an
attach request that will be handled by the MP:PD/SH serving the originating routing area
and which in turn involves the MP:MM (Fig. 2.1). After all, the latter contains a tempo-
rary record of the subscriber in the SGSN location register (SLR) provided he is known
there. This SLR record stores his subscription data with respect to both the security pa-
rameters retrieved from the HLR/AC and the packet data protocol (PDP) context, as well
as his mobility data.
The protection of transmitted signaling data and data packets when a GPRS subscriber
has attached the serving GPRS support node (SGSN) is handled by mobility manage-
ment, both at the mobile station (MS) and at the SGSN.
Subscriber mobility and radio related protocols towards the MS in the SGSN also in-
clude security-related functions involving:
– the Gb-interface for authentication, ciphering and temporary number reallocation
– and the Gr-interface for subscriber triple retrieval from the HLR/AC.
The GPRS mobility management functions at SGSN are carried out by main processors
(MPs) with a given load type for handling specific functions.
• The MP for mobility management (MP:MM) deals with the so-called mobility appli-
cation functions, such as
– access to subscriber data in the proper SLR record
– security control by means of individual triples stored there
– protocol termination for Gb- and Gr-interfaces
– routing area update
The MP:MM also sends notifications towards the MP for operation, administration
and maintenance (MP:OAM) in case of failing authentications.
• The MP for packet dispatching and session handling (MP:PD/SH) deals with the so-
called mobility transport functions, such as
– a base station system GPRS protocol (BSSGP) process for transferring data
packets via the Gb-interface
– follow up of subscriber location information
– paging
One MP:PD/SH serves one routing area.
• The physical connection to the Gb- and Gr-interface is realized via a line interface
card (LIC).

8 A50016-D3102-C920-1-7629
Information Security Management
System

– The server processor for BSSGP (SP:BSSGP) routes the data packets to the ap-
propriate MP:PD/SH.
– The MP for signaling link termination (MP:SLT) just serves the message transfer
part (MTP) handling as well as some SCCP functions including global title trans-
lation.

SGSN
MP:PD/SH
LIC SP:BSSGP
Gb

MP:MM
MP:SLT LIC
SLR
Gr

Fig. 2.1 Main processors for dealing with security functions

2.1 Security Mechanisms

Security covers authenticity, reliability and confidentiality.
Authenticity is based on
– identification by verifying the subscriber’s identity using secret triple parameters
Reliability is based on
– data integrity by adding a frame check sequence (FCS) to each frame from logical
link control (LLC).
Confidentiality is based on
– secrecy by ciphering data packets at the MS side as well as the SGSN side using
the GPRS encryption algorithm (GEA1).
– anonymity by using an internal temporary logical link identity (TLLI) being derived
from the packet temporary mobile subscriber identity (P-TMSI).

Subscriber authentication
Authentication is based on subscriber-specific parameters and algorithms, which are
available in the mobile station (MS) and the SGSN location register (SLR) after being
retrieved from the HLR/AC. The subscriber identity module (SIM) in the mobile station
uses this information to compute a further parameter for each authentication. This pa-
rameter is compared with one computed by the AC’s security box using the same meth-
ods and algorithms.
– If the two match then authentication was performed successfully.
– If the two do not match the authentication has failed and the MP for operation and
maintenance (MP:OAM) is informed which in turn informs a remote center. Howev-
er, a threshold value for the mismatches can be administrated enabling the
MP:OAM to be informed only after a number of authentications for the same sub-
scriber have failed.
The SGSN invokes an authentication at each GPRS attach procedure and at each rout-
ing area update procedure.

A50016-D3102-C920-1-7629 9
Security Management Information
System

Ciphering
Ciphering for GPRS is a transmission function involving the MS and the serving GPRS
node (SGSN) at the logical link control layer (LLC). Ciphering and deciphering are syn-
chronously executed at both sides when user information is transmitted.

Triple
Both authentication and ciphering rely on the security parameters of a triple. When ex-
ecuting the authentication procedure, the SGSN uses the mobile subscriber’s identity to
provide an appropriate triple, which was already created in advance by the AC’s security
box. Upon successful authentication the SGSN will initiate the ciphering sequence.
Each mobile subscriber has specific triples because they are computed from his secret
authentication key (Ki). In fact, these triples are continuously created because after be-
ing used for subscriber authentication, each triple is replaced with a new one.
The triple consists of three security parameters: a random number (RAND), a signed re-
sponse (SRES) and a GPRS cipherkey (simply denoted as Kc further on).
– RAND is randomly selected each time a triple has to be created.
– SRES is used to perform the actual mobile subscriber authentication. It is computed
from input parameters Ki and RAND, using cryptographic algorithm A3.
– Kc is used to generate a ciphering and deciphering bit stream for transmission on
the radio path. It is computed from the same input parameters Ki and RAND, using
cryptographic algorithm A8.
Each used triple is assigned a cipherkey sequence number (CKSN) by which it is pos-
sible to select the appropriate Kc for ciphering if authentication has not taken place. Ac-
cordingly, the SGSN compares the CKSN received from the MS with the one actually
stored in the SLR subscriber record in order to select the actual Kc being used in the MS
for ciphering and deciphering in the SGSN.

Subscriber identity confidentiality

To guarantee a high level of confidentiality for the exchanged messages and to offer
protection from tracking the subscriber’s position, the international mobile subscriber
identity (IMSI) is replaced with a packet temporary mobile subscriber identity (P-TMSI)
in the serving GPRS node. The P-TMSI is unique in the SGSN service area and is re-
ported to the mobile station via the radio interface at session setup. Furthermore, this P-
TMSI is used to derive an identity alias for the internal transport of subscriber data. This
alias is known as the temporary logical link identity (TLLI) and is unique within a given
routing area and is not disclosed to the public. This TLLI can be released and a new TLLI
can be assigned to a particular mobile subscriber after a certain event has been initiated
a number of times (e.g. attach).

10 A50016-D3102-C920-1-7629
Information Security Management
System

2.2 Security Procedures

The Gb process on the MP:MM controls security handling that is triggered during a
GPRS attach or a routing area update. This handling is responsible for
– getting the security parameters (i.e. triples) from the HLR/AC if they are not available
in the SLR
– authenticating the subscriber also implying the selection of the cipherkey
– triggering the security mode procedure in the MP:PD/SH
When the SGSN has established a PDP context for a GPRS subscriber during an attach
procedure or a routing area update, then two pools will be temporarily stored for him in
the SLR: a PDP record and a subscriber record.
– The former contains subscription data of a PDP context such as its identity, the PDP
address, the access point name.
– The latter contains GPRS specific data of subscription and location information such
as the IMSI or P-TMSI, the CKSN, triples, routing area code, HLR/AC number, a ci-
phering algorithm reference.

Authentication
When the SGSN does not find the subscriber record in its SLR, triples for the appropriate
subscriber (identified by his IMSI) are requested from a database of the HLR/AC
(Fig. 2.2), including an array of triples of corresponding RAND, SRES and Kc values.
The triples are stored in the SGSN location register as part of the security-related infor-
mation for that subscriber.
– SRES is an authentication parameter calculated with algorithm A3 for each RAND
and key Ki associated with the IMSI.
– Kc is a ciphering parameter calculated with algorithm A8 for each RAND and key Ki
associated with the IMSI.

SGSN HLR/AC
Send triples for a specific IMSI

Generate
RAND (1...n)
timer

Ki

Calculate
Algorithm A3 and A8
Response with RAND(1...n), SRES(1...n), Kc(1...n)

Store in SLR
RAND SRES Kc

Fig. 2.2 Security triples delivery

The SGSN performs authentication for each GPRS attach and each routing area update
within the same SGSN area by using a RAND value in the array corresponding to the
mobile subscriber. This RAND is sent to the mobile station for the calculation of a signed
response SRES that will be returned to the SGSN (Fig. 2.3). The SGSN then compares
this value with the SRES stored in the corresponding array. If the comparison results in
a positive value, the mobile subscriber is considered authenticated.

A50016-D3102-C920-1-7629 11
Security Management Information
System

MS SGSN

request with RAND (j)

Ki

timer
Calculate
Algorithm A3

response with SRES

SRES (j)

Yes or No

Fig. 2.3 Authentication procedure

Ciphering
The ciphering procedure can be triggered after successful authentication. The ciphering
algorithm is agreed based on the MS capabilities. To use ciphering, the feature must be
active and both MS and SGSN have to support the GPRS encryption algorithm GEA1.
The SGSN will trigger a negotiation sequence about the input value to be used for ci-
phering and deciphering on both sides.
To this end a dedicated encryption support logic (ESL) with GEA1 has to be installed in
the SGSN. This equipment makes it possible to execute the calculations and to verify
the frame check sequence that has been added to the frame.

MS SGSN

negotiation with input value

Ki RAND (j)

Calculate
Algorithm A8
Kc
input

GEA1
ciphered data

Fig. 2.4 Ciphering procedure

Reuse of security parameters in failure situations

The security parameters RAND, SRES and a cipherkey (Kc) are stored as triples in the
SGSN and the HLR/AC.
When an SGSN has used a triple for authentication and ciphering, it deletes the triple or
marks it as used. When an SGSN needs a triple again it uses an unmarked one in favor
of a triple being marked as used. If no unmarked triples are available, the SGSN may
use a triple that is marked as used. It is up to the operator to define how many times a
triple may be reused in the SGSN before it is deleted permanently there.

12 A50016-D3102-C920-1-7629
Information Security Management
System

When the HLR/AC receives a triple request, it sends unused triples unless it is not able
to do so. It is an operator’s option to allow the HLR/AC to send marked ones. And the
operator can also define the number of times a triple may be sent again before being
permanently deleted.

Packet temporary mobile subscriber identity

The packet temporary mobile subscriber identity (P-TMSI) is used together with other
elements such as the MP:MM identity to compose the temporary logical link identity (TL-
LI) as defined by GSM 03.03. The mobile station uses the P-TMSI when attaching the
SGSN (Fig. 2.5) or when performing a routing area update whereas the TLLI is a local
number applying to a given routing area in the SGSN. The P-TMSI is always accompa-
nied by the routing area identity (RAI) in order to avoid ambiguities upon accessing.
The SGSN is provided with suitable databases to manage the P-TMSI and IMSI rela-
tionship. When a P-TMSI is received with an RAI that does not correspond to the current
SGSN, the mobile subscriber’s IMSI is requested from the mobile station.
A P-TMSI being allocated or reallocated to an IMSI is combined with the site address of
the MP:MM that stores the mobile subscriber’s specific data into a TLLI within the routing
area controlled by the SGSN. The allocation of a new TLLI corresponds implicitly to the
de-allocation of the previous TLLI. When a P-TMSI is allocated to a mobile subscriber,
it is transmitted to the mobile station, where it is stored together with the RAI in non-vol-
atile memory.

MS SGSN

attach with RAI and old P-TMSI

Allocation of
new P-TMSI
accept with new P-TMSI

timer
complete

Deallocation of
old P-TMSI

Fig. 2.5 Attach in the same SGSN area

TLLI re-allocation
The network may initiate the TLLI re-allocation functions at any time for any GPRS at-
tached mobile subscriber.
When a new TLLI is allocated to a subscriber’s P-TMSI, the network prevents the old
TLLI from being allocated again. Furthermore, when the mobility management context
of a mobile subscriber is deleted in the SLR by an O&M action, the network also pre-
vents any TLLI associated with the deleted mobility management context from being al-
located again until a new TLLI is successfully allocated to that IMSI.

A50016-D3102-C920-1-7629 13
Security Management Information
System

3 Call Charge Registration

The security management as it is currently implemented in the SGSN does not play any
role for call charge registration.

4 Administration
• The SGSN network node is managed in a standard way by means of the CMISE-
based Q3-interface. Scripts allow the operator to send Q3 requests via a menu con-
trolled graphical user interface application on the switch commander; a script hides
the complex Q3-interface.
When the proper serving GPRS support node has been installed, several scripts are
provided for the administration of security management.

CR CONFIG
allows to define the SGSN equipment of the second generation.

DISP or REL SSLDFEA

allows to display or release SGSN sold features.

DISP or ACT SFEA

allows to display or activate SGSN features, e.g. for temporarily disabling ciphering
in case of problems.

CR or CAN or MOD or DISP SARP

allows to specify system access restricted parameters, such as
– whether or not the ciphering algorithm has to be used,
– whether or not a security record has to be generated after authentication has
failed a number of times (threshold).

MOD or DISP 2GSMOBP

allows to specify timer values to monitor the following:
– MS response to the authentication request (shown in Fig. 2.3)
– the number of failed authentications before a security record is generated
– indication from the MS after a P-TMSI reallocation (shown in Fig. 2.5)
– the MS answer to an identification request.

DISP or CAN SECLOGREC

allows to display a security log record when authentication failures occur during a
given period of time.

CR or DISP or CAN SECLOGFILE

allows to define the storage capacity of the file in order to log security records as a
result of authentication failures.

DISP or MOD 2GSMAPP

allows to define the timer value when the exchange of MAP messages with the HLR
for security parameters is supervised (shown in Fig. 2.2).

14 A50016-D3102-C920-1-7629
Information Security Management
System

5 Compatibility with other Features

Authentication
The SGSN can only initiate the ciphering/deciphering process with the mobile station
provided its subscriber has been authenticated beforehand.
Moreover, the cryptographic algorithm to be used requires its own GPRS export license
and will be therefore made available by means of specific equipment logic.

Traffic measurement
A number of counters are implemented with respect to security functions on the Gb-in-
terface.
– The number of logical link control frames being sent (downlink) and received (uplink)
at each SP:BSSGP.

A50016-D3102-C920-1-7629 15
Security Management Information
System

16 A50016-D3102-C920-1-7629