CAVE-based Authentication

CAVE-based Authentication

Articleissues
context = September 2008
deadend = September 2008
intromissing = September 2008
jargon = September 2008
unreferenced = September 2008
wikify = September 2008

"'CAVE-based Authentication

"a.k.a. HLR Authentication, 2G Authentication, Access Authentication (for CDMA/1xRTT)

Access authentication used in CDMA/1xRTT systems. There are two network entities involved in CAVE-based authentication when roaming::*Authentication Center (AC) "a.k.a. HLR/AC, AuC" – Located in a roamer’s home network, the AC controls the authentication process and either authenticates the Mobile Station (Mobile Phone, MS) or shares SSD with the serving VLR to allow this authentication to occur locally. The AC must be provisioned with an A-key value for each MS. Authentication is predicated on the assumption that A-key value provisioned in an MS is the same as the A-key value provisioned in the AC. The AC is often co-located with the HLR and referred to as the HLR/AC. However, the AC could be a standalone network entity that serves one or more HLRs. Though the CDMA abbreviation is AC, the GSM abbreviation of AuC is sometimes used (albeit incorrectly in CDMA networks).:*Visitor Location Register (VLR) – If SSD is shared with the visited network, the VLR locally authenticates the roamer. Otherwise, the VLR proxies authentication responses from roamers to their home HLR/AC for authentication.

The authentication controller is the entity that determines whether the response from the MS is correct. Depending upon whether SSD is shared, the authentication controller may be either the AC or VLR. In either case, CAVE-based authentication is based on the CAVE algorithm and the following two shared keys::*Authentication key (A-key) – A 64-bit primary secret key known only to the MS and AC. In the case of RUIM equipped mobiles, the A-key is stored on the RUIM; otherwise, it is stored in semi-permanent memory on the MS. The A-key is never shared with roaming partners. However, it is used to generate a secondary key known as SSD that may be shared with a roaming partner to enable local authentication in the visited network.:*Shared Secret Data (SSD) – A 128-bit secondary secret key that is calculated using the CAVE algorithm during an SSD Update procedure. During this procedure both MS and the AC in the user’s home network separately calculate SSD. It is this SSD, not the A-key that is used during authentication. SSD may or may not be shared between home and roaming partner networks to enable local authentication. SSD consists of two 64-bit keys: SSD_A, which is used during authentication to calculate authentication signatures, and SSD_B, which is used in the generation of session keys for encryption and voice privacy.

CAVE-based authentication provides two types of challenges::*Global challenge – Procedure that requires any MS attempting to access the serving network to respond to a common challenge value being broadcast in the overhead message train. The MS must generate an authentication signature response (AUTHR) using CAVE with inputs of the global challenge value, ESN, either the last six dialed digits (for an origination attempt) or IMSI_S1 (for any other system access attempt), and SSD_A.:*Unique challenge – Procedure that allows a visited network (if SSD is shared) and/or home network to uniquely challenge a particular MS for any reason. The MS must generate an authentication signature response (AUTHU) using CAVE with inputs of the unique challenge value, ESN, IMSI_S1, and SSD_A.

CAVE-based authentication is one-way authentication mechanism that always involves the network authenticating the MS (which the exception of the base station challenge procedure that only occurs only during an SSD update).

CAVE based authentication procedures are specified in TIA-41 (3GPP2 X.S0004).

For information about CAVE-based authentication in roaming, see CDG Reference Document #138.


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Access Authentication — in CDMA networks a.k.a. CAVE based Authentication (IS 95/1xRTT), A12 Authentication (1xEV DO)Authentication of a mobile device by the serving access network. The access authentication mechanism employed depends upon the type of service being used …   Wikipedia

  • Chauvet Cave — Drawings of horses from Chauvet Cave The Chauvet Pont d Arc Cave is a cave in the Ardèche department of southern France that contains the earliest known cave paintings, as well as other evidence of Upper Paleolithic life.[1] It is located near… …   Wikipedia

  • CDMA Roaming Terminology — NOTOC This page contains terminology related to CDMA International Roaming. To quickly find a term, click on the first letter of the term below:# | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y… …   Wikipedia

  • AKA (security) — AKA stands for the Authentication and Key Agreement. It is a security protocol used in 3G networks.AKA is also used for one time password generation mechanism for Hypertext Transfer Protocol (HTTP) Digest access authentication. The HTTP… …   Wikipedia

  • Cryptanalysis of TIA's Common Cryptographic Algorithms — In 1992, the TR 45 working group within the Telecommunications Industry Association (TIA) developed a standard for integration of cryptographic technology into tomorrow s digital cellular systems [TIA92] , which has been updated at least once… …   Wikipedia

  • Digital AMPS — IS 54 and IS 136 are second generation (2G) mobile phone systems, known as Digital AMPS (D AMPS). It was once prevalent throughout the Americas, particularly in the United States and Canada. D AMPS is considered end of life, and existing networks …   Wikipedia

  • Abkürzungen/Computer — Dies ist eine Liste technischer Abkürzungen, die im IT Bereich verwendet werden. A [nach oben] AA Antialiasing AAA authentication, authorization and accounting, siehe Triple A System AAC Advanced Audio Coding AACS …   Deutsch Wikipedia

  • Liste der Abkürzungen (Computer) — Dies ist eine Liste technischer Abkürzungen, die im IT Bereich verwendet werden. A [nach oben] AA Antialiasing AAA authentication, authorization and accounting, siehe Triple A System AAC Advanced Audio Coding AACS …   Deutsch Wikipedia

  • Liste von Abkürzungen (Computer) — Dies ist eine Liste technischer Abkürzungen, die im IT Bereich verwendet werden. Inhaltsverzeichnis A B C D E F G H I J K L M N O P Q R S T U V W X Y Z siehe auch: Liste von Dateiendu …   Deutsch Wikipedia

  • archaeology — archaeologist, n. /ahr kee ol euh jee/, n. 1. the scientific study of historic or prehistoric peoples and their cultures by analysis of their artifacts, inscriptions, monuments, and other such remains, esp. those that have been excavated. 2. Rare …   Universalium

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”