Overview3Gdb logo

Module milenage

This module implements the MILENAGE algorithm set.

Copyright © 2008 Motivity Telecom Inc.

Authors: Vance Shipley (vances@motivity.ca) [web site: http://www.motivity.ca].

References

Description

This module implements the MILENAGE algorithm set.

Within the security architecture of the 3GPP system there are seven security functions; f1, f1*, f2, f3, f4, f5 and f5* used for authentication and key generation. The operation of these functions is to be specified by each operator and as such is not fully standardised. The algorithms implemented here follow the examples produced on request from 3GPP by ETSI SAGE Task Force and are based on the block cipher Rinjindael now known as Advanced Encryption Standard (AES).

Data Types

ak()

ak() = binary()

A 48 bit anonymity key (AK).

amf()

amf() = binary()

A 16 bit authentication management field (AMF).

ck()

ck() = binary()

A 128 bit confidentiality key (AK).

ik()

ik() = binary()

A 128 bit integrity key (AK).

k()

k() = binary()

A 128 bit subscriber authentication key (K) known only to the HSS and the ISIM/USIM application on the UICC.

mac()

mac() = binary()

A 64 bit message authentication code (MAC).

op()

op() = binary()

A 128 bit operator variant algorithm configuration field (OP).

opc()

opc() = binary()

A 128 bit key (OPc) derived from the Operator Variant Algorithm Configuration Field (OP) and K known only to the HSS and the ISIM/USIM application on the UICC.

rand()

rand() = binary()

A 128 bit random challenge (RAND).

res()

res() = binary()

A 64 bit challenge response (RES).

sqn()

sqn() = binary()

A 48 bit sequence number (SQN). The management of sequence numbers is specified in 3GPP TS 33.102 Annex C. The current implementation of the hss_server module uses sequence numbers which are not time-based as described in C.1.1.2 and C.3.2. SQN = SQE || IND where the length of IND is five bits or in Erlang terms SQN = <<SQE:43, IND:5>>.

Function Index

f1/5Computes network authentication code MAC-A.
f1star/5Computes resynch authentication code MAC-S.
f2345/3Computes response and keys.
f5/3Computes resynch anonymity key AK.
f5star/3Computes resynch anonymity key AK.
opc/2Encode the Operator Variant Algorithm Configuration Field (OP).

Function Details

f1/5

f1(OPc, K, RAND, SQN, AMF) -> MAC_A

Computes network authentication code MAC-A. Takes as input the derived OPc, subscriber key K, random challenge RAND, sequence number SQN and authentication management field AMF. Returns the network authentication code MAC-A.

f1star/5

f1star(OPc, K, RAND, SQN, AMF) -> MAC_S

Computes resynch authentication code MAC-S. Takes as input the derived OPc, subscriber key K, random challenge RAND, sequence number SQN and authentication management field AMF. Returns the resynch authentication code MAC-S.

f2345/3

f2345(OPc, K, RAND) -> {RES, CK, IK, AK}

Computes response and keys. Takes as input the derived OPc, subscriber key K and random challenge RAND. Returns response RES, confidentiality key CK, integrity key IK and anonymity key AK.

f5/3

f5(OPc, K, RAND) -> AK

Computes resynch anonymity key AK. Takes as input the derived OPc, subscriber key K and random challenge RAND. Returns the anonymity key AK.

f5star/3

f5star(OPc, K, RAND) -> AK

Computes resynch anonymity key AK. Takes as input the derived OPc, subscriber key K and random challenge RAND. Returns the anonymity key AK.

opc/2

opc(OP, K) -> OPc

Encode the Operator Variant Algorithm Configuration Field (OP). Each operator chooses a value of OP to provide separation between the functionality of the algorithms when used by different operators. The value OPc is used as input for the security functions and is derived from OP and the subscriber key (K).

Overview3Gdb logo

Generated by EDoc, Dec 29 2008, 15:46:25.