@@SECT

Do not delete this graphic elements in here:

Section @@SECTION
@@SECTIONTITLE
Module @@MODULE
@@MODULETITLE
@@MODULEPARTNUMBER Issue @@MODULEEDITION

@@PRODUCT
@@COURSENAME
@@COURSEPARTNUMBER Issue @@COURSEEDITION

All Rights Reserved Alcatel-Lucent @@YEAR

Module Objectives

Upon completion of this module, you should be able to:

Describe the USIM concept in LTE

Explain the HSS architecture
Describe what the AVs for LTE are

@@SECTION @@MODULE 3 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
 1 USIM and ISIM

@@SECTION @@MODULE 7 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
1 USIM and ISIM concepts
1.1 Alice and Johns UE
The end users will get a new IMSI but they keep their old MS-ISDN if they wish
UE is hosting the UICC (USIM) card
The IMSI is recorded onto the USIM card and identifies Alice and Johns subscription in the operator
database.

The only known number from Alice is

the MS-ISDN : her phone number
MS-ISDN= 33 622 200 001

IMSI= 208 30 2100 000 001

Security keys
Algorithms

IMSI and Alices subscription

information are In the
USIM card HLR (operator database)

4G UE

An IP Multimedia Services Identity Module (ISIM) is an application running on a UICC smart card in a
3G or 4G mobile telephone which allows the user to access to the IP Multimedia Subsystem (IMS)

@@SECTION @@MODULE 8 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
 2 HSS

@@SECTION @@MODULE 9 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
2 HSS
2.1 Overview

HSS stands for Home Subscriber Server

HSScontains the subscription-related information. And is composed of:
HLR
AuC
IMS database in case of IMS network
EIR (optionnal) HSS
MNP (optionnal)
SPR SPR
HLR AuC IMS DB
Standardized by the 3GPP

S6d/Gr S6a Gc Cx

SGSN MME GGSN CSCF

@@SECTION @@MODULE 10 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
2 HSS
2.2 LTE Subscriber profile in HSS (HLR)

IMSI IMSI is the main reference key

MSISDN The basic MSISDN of the UE (Presence of MSISDN is optional)

MME Address The IP address of the MME currently serving this MS

MS purged from Indicates that the contexts of the UE are deleted from the
EPS MME
EPS subscribed
charging The charging characteristics for the MS, e.g. normal,
characteristics prepaid, flat-rate, and/or hot billing subscription.
Subscribed-UE-AMBR The Maximum Aggregated uplink and downlink MBRs to be shared
across all Non-GBR bearers according to the subscription of the user

TS 23.401

@@SECTION @@MODULE 11 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
2 HSS
2.3 Insert Subscriber Data procedure during ATTACH

MME HSS

1. Insert Subscriber Data (IMSI, subscriber profile)

2.Insert Subscriber Data Ack (IMSI)

TS 23.401

@@SECTION @@MODULE 12 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
 3 Authentication Vectors for E-UTRAN
access

@@SECTION @@MODULE 13 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
3 Authentication vectors for E-UTRAN access
3.1 Access security in E-UTRAN

The mechanism is called EPS AKA (Authentication and key Agreement)

Both the USIM card and the network have access to the same secret key (K)

Few differences with UMTS AKA

@@SECTION @@MODULE 14 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
3 Authentication vectors for E-UTRAN access
3.1 Access security in E-UTRAN [cont.]

Authentication Information Request/Answer

eUTRAN ePC
MME HSS
9412 eNodeB

SGW PGW

Mutual authentication

NAS integrity/ciphering

RRC integrity
/ciphering

User Plane
ciphering

@@SECTION @@MODULE 15 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
3 Authentication vectors for E-UTRAN access
3.2 UMTS Authentication vectors

SQN incrementation INPUT

RAND generation Secret Key K

Algorithms

XRES CK IK AUTN

UMTS AVs AV=(RAND, XRES, CK, IK, AUTN)

@@SECTION @@MODULE 16 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
3 Authentication vectors for E-UTRAN access
3.3 E-UTRAN Authentication vectors

UMTS AVs XRES| AUTN | CK | IK | RAND

SN ID SQN

KDF
KDF

KASME

E-UTRAN AVs XRES| AUTN | KASME| RAND

@@SECTION @@MODULE 17 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
3 Authentication vectors for E-UTRAN access
3.4 Authentication Information Request / Answer

MME HSS

1.Authentication Information Request (IMSI)

2. Authentication Information Response(IMSI, AVs)

TS 23.401

@@SECTION @@MODULE 18 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
 4 Checkpoint

@@SECTION @@MODULE 19 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
4 Checkpoint
4.1 Associate the right to the left

UICC Physical card

IMSI IMS Application

IMPI 3G/4G application

ISIM User identifier in the HLR

USIM User identifier onto the USIM

Private identifier of the user in IMS

@@SECTION @@MODULE 20 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
4 Checkpoint
4.2 Fill in the HSS with DB

HLR

HSS VLR

AuC

IMSI

SPR

UE context

IMS DB

MSC

@@SECTION @@MODULE 21 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
 Annex

@@SECTION @@MODULE 22 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Annex
Reminder : SIM, USIM and UICC

In good old days of GSM, SIM was physical card with GSM application

In the brave new world of 3G+, UICC is the physical card with basic logical
functionality (3GPP TS 31.101)

USIM is 3G application on a UICC (3GPP TS 31.102)

The UICC can contain multiple applications like the SIM, USIM and ISIM for IMS

TS 31.101
TS 31.102

@@SECTION @@MODULE 23 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Annex
Main contents at the USIM Application level

Stored in Elementary files (EF):

Static data
TS 31.102
IMSI
Ciphering and Integrity Keys (seen later)
Forbidden PLMNs
Dynamic data
Location information
LAI
TMSI
EPS Location Information
Globally Unique Temporary Identifier (GUTI)
Last visited registered Tracking Area Identity (TAI)

Security features
EPS AKA procedure (seen later)

@@SECTION @@MODULE 24 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Annex
ISIM

An IP Multimedia Services Identity Module (ISIM) is an application running on

a UICC smart card in a 3G or 4G mobile telephone which allows the user to
access to the IP Multimedia Subsystem (IMS)

Among the data present on ISIM are:

The IMPI: IP Multimedia Private Identity
The home operator domain name
One or more IMPU: IP Multimedia PUblic identity
one or more Proxy Call Session Control Function (P-CSCF) addresses

TS 31.103

@@SECTION @@MODULE 25 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Annex
Home operator domain name

Example PURPLE.COM

For 3GPP systems, if there is no ISIM application, the UE shall

derive the home network domain name from the IMSI
Use the MCC and MNC to create the "mnc<MNC>.mcc<MCC>.3gppnetwork.org"
domain name
Add the label "ims." to the beginning of the domain.

Example of a home network domain name for Alice:

IMSI= 208301100000001
which gives the home network domain name:
ims.mnc208.mcc030.3gppnetwork.org

TS 23.003

@@SECTION @@MODULE 26 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Annex
IMPI

The private user identity shall take the form of an NAI, and shall have
the form username@realm

If the private user identity is not known, the private user identity
shall be derived from the IMSI.

The result will be a private user identity of the form

"<IMSI>@ims.mnc<MNC>.mcc<MCC>.3gppnetwork.org".

Example of an IMPI for Alice:

IMSI= 208301100000001
which gives the IMPI:
208301100000001@ims.mnc208.mcc030.3gppnetwork.org
TS 23.003

@@SECTION @@MODULE 27 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Annex
IMPU

The Public User Identity shall take the form of either a SIP URI or a Tel URI

A SIP URI for a Public User Identity shall take the canonical form
"sip:username@domain
Example for Alice:
alice@purple.com
A Tel URI for a Public User Identity representing an E.164 number shall take
the canonical form "tel:<Global Number>
Example for Alice:
33621100001

TS 31.103

@@SECTION @@MODULE 28 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Annex
LTE Subscriber profile in HSS (HLR)
Each subscription profile contains one or more PDN subscription contexts:

PDN adress Indicates subscribed PDN IP address(es)

PDN type Indicates the subscribed PDN Type (IPv4, IPv6, IPv4v6)
TS 23.401
Access Point Name A label according to DNS naming conventions describing the
access point to the packet data network (or a wildcard)
EPS subscribed QOS The bearer level QoS parameter values for that APN bearers (QCI
profile and ARP)
Subscribed-APN- The maximum aggregated uplink and downlink MBRs to be shared
AMBR across all Non-GBR bearers, which are established for this APN.
EPS PDN Subscribed The charging characteristics of this PDN subscription context for the
Charging Characteristics MS, e.g. normal, prepaid, hot billing subscription ...
VPLMN address allowed Specifies whether for this APN the UE is allowed to use the PGW
in the domain of the HPLMN only, or additionally the PGW in
the domain of the VPLMN
PDN GW identity The identity of the PDN GW used for this APN. The PDN GW
identity may be either an FQDN or an IP address.
PDN GW Allocation Indicates whether the PDN GW is statically allocated or dynamically
Type selected by other nodes. A statically allocated PDN GW is not
changed during PDN GW selection.
PLMN of PDN GW Identifies the PLMN in which the dynamically selected PGW is located
List of APN-PGW For PDN subscription context with wildcard APN
@@SECTION @@MODULE 29 All Rights Reserved Alcatel-Lucent @@YEAR
@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Annex
EPS bearer QOS parameters in HSS

An EPS bearer uniquely identifies traffic flows that receive a common QoS treatment
between a UE and a PDN GW for GTP-based S5/S8

Each EPS bearer (GBR and Non-GBR) is associated with the following bearer level QoS
parameters:
QoS Class Identifier (QCI);
Allocation and Retention Priority (ARP).

Each GBR bearer is additionally associated with the following bearer level QoS
parameters:
Guaranteed Bit Rate (GBR);
Maximum Bit Rate (MBR).

Each APN access, by a UE, is associated with the following QoS parameter:
per APN Aggregate Maximum Bit Rate (APN-AMBR)
The APN-AMBR is a subscription parameter stored per APN in the HSS.

Each UE in state EMM-REGISTERED is associated with the following bearer aggregate level
QoS parameter:
per UE Aggregate Maximum Bit Rate (UE-AMBR).
TS 23.401

@@SECTION @@MODULE 30 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Annex
PGW selection in HSS

The PDN subscription contexts provided by the HSS contain:

The identity of a PDN GW

An APN

An indication for this APN whether the allocation of a PDN GW from the visited PLMN is
allowed or whether a PDN GW from the home PLMN shall be allocated

If one of the PDN subscription contexts provided by the HSS contains a wild card APN, a
PDN connection with dynamic address allocation may be established towards any APN
requested by the UE.

The HSS also indicates which of the PDN subscription contexts is the Default
one for the UE.

TS 23.401
TS 23.003

@@SECTION @@MODULE 31 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
Self-assessment on the Objectives

Please be reminded to fill in the form

Self-Assessment on the Objectives
for this module
The form can be found in the first part
of this course documentation

@@SECTION @@MODULE 32 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME
 End of Module
@@MODULETITLE

@@SECTION @@MODULE 33 All Rights Reserved Alcatel-Lucent @@YEAR

@@SECTIONTITLE @@MODULETITLE
@@PRODUCT @@COURSENAME