1 / 6

3GPP2 bootstrapping with CDMA 1x (CAVE) and CDMA 1x EV-DO (CHAP)

3GPP2 bootstrapping with CDMA 1x (CAVE) and CDMA 1x EV-DO (CHAP). 04-18-2005. Introduction. Initial authentication (ie. bootstrapping) of 3GPP GAA is based on AKA CDMA 2000 1x Revision C onwards AKA is taken into use by 3GPP2  3GPP GAA can be used without modifications in these networks

gareth-clark
Download Presentation

3GPP2 bootstrapping with CDMA 1x (CAVE) and CDMA 1x EV-DO (CHAP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 3GPP2 bootstrappingwith CDMA 1x (CAVE) and CDMA 1x EV-DO (CHAP) 04-18-2005

  2. Introduction • Initial authentication (ie. bootstrapping) of 3GPP GAA is based on AKA • CDMA 2000 1x Revision C onwards AKA is taken into use by 3GPP2  3GPP GAA can be used without modifications in these networks • Initial authentication of 3GPP GAA needs adaptation for networks that are based on earlier 3GPP2 releases: • Authentication in CDMA 1x networks is based on CAVE (Cellular Authentication and Voice Encryption) algorithm • Authentication in CDMA 1x EvDo (Evolution Data only) is based CHAP (Challenge Handshake Authentication Protocol) • This slide set describes how CAVE and CHAP can be used in 3GPP GAA architecture for initial authentication

  3. BootstrappingCDMA 1x (with CAVE) and CDMA 1x EvDo (with CHAP) • Bootstrapping procedures in CDMA 1x and CDMA 1x EvDo is based on X.P0028 • Major difference to X.P0028 is that HTTP Digest variant is used instead of EAP between terminal and BSF (H-AAA) • Password protected Diffie-Hellman is used • Password is either SMEKEY (CDMA 1x) or MN-AAA Key (CDMA 1x EvDo) • WLAN KEY (WKEY) is generated from the password (as described in X.P0028) • WKEY = GAA’s master key (Ks) • Normal HTTP Digest is used (steps refer to message sequences in the next slides): • Step 1: Identity is sent in the first message in “username” field (like in HTTP Digest AKA) • Step 3: Challenge • In CAVE case, the RAND is sent in the “nonce” field (similar to HTTP Digest AKA) • In CHAP case, the CHAP-Challenge is sent in the “nonce” (i.e, field is just random, like in normal HTTP Digest) • RAND and CHAP-Challenge can also be sent in the HTTP payload (but this not the case in the following slides) • Step 7: • Client Diffie-Hellman parameters are sent in HTTP payload, protected by HTTP Digest because qop=auth-int (i.e., also HTTP payload is included in HTTP Digest calculation of “response” field) • Diffie-Hellman parameters can be sent as is or can be protected as depicted in the next slides) • In CAVE case, the HTTP payload also contains the AUTHR • Step 13: • Server Diffie-Hellman parameters are sent in HTTP payload, protected by HTTP Digest because qop=auth-int (i.e., also HTTP payload is included in HTTP Digest calculation of “respauth” field) • Diffie-Hellman parameters can be sent as is or can be protected as depicted in the next slides) • There is no need to standardize anything in IETF

  4. Bootstrapping in CDMA 1x (with CAVE) Message sequence 1 – SMEKEY is used as password 1x Terminal CAVE BSF (H-AAA) HLR/AC GAA Ub Zh 1. GET / HTTP/1.1 Authorization: Digest username=“IMSI@realm.com” 2. Generate RAND (the global challenge) 3. HTTP/1.1 401 Not authorized WWW-Authenticate: Digest nonce=“<RAND>”, qop=“auth-int”, … 4. RAND 5. AUTHR, SMEKEY, … 6. Set parameters: MS_PW = SMEKEY H1’(MS_PW) • gx mod p x is secret random number generated by UE 7. GET / HTTP/1.1 Authorization: Digest nonce=“<RAND>”, response=“<MS_PW used as passwd>”, qop=auth-int, … (in HTTP playload “H1’(MS_PWD) • gx mod p” is delivered, and AUTHR) 8. AUTHREQ (AUTHR, RAND, …) 9. Verifies RAND/AUTHR, generates SMEKEY 10. Authreq (SMEKEY, …) 11. Set parameters: BS_PW = SMEKEY H1’(BS_PW) • gy mod p y is secret random number generated by UE 12. Generate GAA master key (Ks) from BS_PW (the same way as WKEY). 13. HTTP/1.1 200 OK Authentication-Info: Digest respauth=“<BS_PW used as passwd>, qop=auth-int, , … (in HTTP playload “H1’(BS_PW) • gy mod p”, B-TID, and key lifetime are delivered) 14. Generate GAA master key (Ks) from PS_PW (the same way as WKEY).

  5. Bootstrapping in CDMA 1x EvDo (with CHAP) Message sequence 2 – MN-AAA Key is used as password 1xEV-DO Terminal CHAP BSF (H-AAA) GAA Ub 1. GET / HTTP/1.1 Authorization: Digest username=“IMSI@realm.com” 3. HTTP/1.1 401 Not authorized WWW-Authenticate: Digest nonce=“<CHAP-challenge>”, … 4. CHAP-challenge 5. CHAP-Response, … 6. Set parameters: MS_PW = MN-AAA Key H1’(MS_PWD) • gx mod p x is secret random number generated by UE 7. GET / HTTP/1.1 Authorization: Digest nonce=“<RAND>”, response=“<MS_PW used as passwd>”, qop=auth-int, … (in HTTP playload “H1’(MS_PWD) • gx mod p” is delivered) 11. Set parameters: BS_PW = MN-AAA Key H1’(BS_PW) • gy mod p y is secret random number generated by UE 12. Generate GAA master key (Ks) from BS_PW (the same way as WKEY). 13. HTTP/1.1 200 OK Authentication-Info: Digest respauth=“<BS_PW used as passwd>, qop=auth-int, ,.. (in HTTP playload “H1’(BS_PW) • gy mod p”, B-TID, and key lifetime are delivered) 14. Generate GAA master key (Ks) from PS_PW (the same way as WKEY).

  6. MS Calculations MS_RESULT = (H’(pwd)*G^X mod P MS_PARAM = pwd|G^X mod P | (BS_RESULT/pwd) mod P | ((BS_RESULT/pwd)^X) mod P Root Key = H’’(MS_PARAM) BS Calculations BS_RESULT = (H’(pwd)*G^Y mod P BS_PARAM = pwd|(MS_RESULT/pwd) mod P | G^Y mod P | ((MS_RESULT/pwd)^Y) mod P Root Key = H’’(BS_PARAM) Password-protected D-H

More Related