A.4 Signalling flows demonstrating a synchronization failure in the bootstrapping procedure

24.1093GPPBootstrapping interface (Ub) and network application function interface (Ua)Protocol detailsRelease 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

If the UE considers the sequence number in the challenge to be not in the correct range, it sends a synchronization failure indication back to BSF. The parameter AUTS contains the concealed value of the counter value SQN_MS in the UE.

Figure A.4-1: The bootstrapping procedure in sequence number synchronization failure case.

1-4. Initial bootstrapping steps

Steps 1 through 4 are described in the corresponding steps in clause A.3.

5. SQN invalid, generate AUTS at UE

The UE identifies the sequence number is out of synchronization. The UE generates the AUTS parameter (112 bit value). The AUTS parameter is populated in Authorization header, as specified in RFC 3310 [6].

6. GET request (UE to BSF) – see example in table A.4-1

The UE sends HTTP GET request, with the AUTS parameter to the BSF.

Table A.4-1: GET request (UE to BSF)

GET / HTTP/1.1

Host: bsf.home1.net:80

User-Agent: Bootstrapping Client Agent; Release-6

Date: Thu, 08 Jan 2004 10:13:17 GMT

Accept: */*

Authorization: Digest

username="user1_private@home1.net",

realm="bsf.home1.net",

nonce="base64(RAND + AUTN + server specific data)",

uri="/",

qop=auth-int,

nc=00000001,

cnonce="6629fae49393a05397450978507c4ef1",

response="6629fae49393a05397450978507c4ef1",

opaque="5ccc069c403ebaf9f0171e9517f30e41",

algorithm=AKAv1-MD5,

auts="base64(AUTS)"

Authorization: This carries the response to the authentication challenge received in step 4 and contains the AUTS parameter.

7. Zh: Authentication procedure

If BSF does not have the corresponding AV indicated by the AUTS, the BSF shall retrieve it from the HSS.

For detailed signalling flows see 3GPP TS 29.109 [3].

Table A.4-2: BSF authentication information procedure (BSF to HSS)

Message source and destination	Zh Information element name	Information Source in GET	Description
BSF to HSS	Private User Identity	Authorization:	The Private User Identity is encoded in the username field according to the Authorization protocol.

8. Authentication vector selection

The BSF selects the AV indicated by the AUTS for use in the authentication challenge. For detailed description of the authentication vector, see 3GPP TS 33.203 [21].

9. 401 Unauthorized response (BSF to UE) – see example in table A.4-3

The BSF sends another challenge based on new range of sequence number.

Table A.4-3: 401 Unauthorized response (BSF to UE)

HTTP/1.1 401 Unauthorized

Server: Bootstrapping Server; Release-6

Date: Thu, 08 Jan 2004 10:13:17 GMT

WWW-Authenticate: Digest

realm="bsf.home1.net",

nonce="base64(RAND + AUTN + server specific data)",

algorithm=AKAv1-MD5,

qop="auth-int",

opaque="5ccc069c403ebaf9f0171e9517f30e41"

WWW-Authenticate: The BSF challenges the user with new range of sequence number. The nonce includes the quoted string, base64 encoded value of the concatenation of the AKA RAND, AKA AUTN and server specific data.

10. Continue with bootstrapping

The bootstrapping procedure continues from step 5 of clause A.3.

Annex A1 (informative):
Signalling flows of GBA Push procedure