9.2 Authentication
34.123-13GPPPart 1: Protocol conformance specificationRelease 15TSUser Equipment (UE) conformance specification
The purpose of this procedure is to verify the user identity. A correct response is essential to guarantee the establishment of the connection. If not, the connection will drop.
The SS shall be able to handle vectors of AUTN, RAND, CK, IK, AUTS and XRES in a similar way as the MSC/BSS entities. The SS and test USIM shall incorporate a test algorithm for generating RES and CK, IK from RAND, AUTN and IK which operates as described in TS 34.108 clause 8.1.2.
9.2.1 Authentication accepted
9.2.1.1 Definition
9.2.1.2 Conformance requirement
1) A UE shall correctly respond to an AUTHENTICATION REQUEST message by sending an AUTHENTICATION RESPONSE message with the RES information field set to the same value as the one produced by the authentication algorithm in the network.
2) A UE shall indicate in a PAGING RESPONSE message the ciphering key sequence number which was allocated to it through the authentication procedure.
Reference(s)
TS 24.008 clauses 4.3.2.2 and 4.3.2.4.
9.2.1.3 Test purpose
1) To check that a UE correctly responds to an AUTHENTICATION REQUEST message by sending an AUTHENTICATION RESPONSE message with the RES information field set to the same value as the one produced by the authentication algorithm in the network.
2) To check that a UE indicates in a PAGING RESPONSE message the ciphering key sequence number which was allocated to it through the authentication procedure.
9.2.1.4 Method of test
Initial conditions
– System Simulator:
– 1 cell, default parameters.
– User Equipment:
– the UE has valid TMSI, CKSN (CKSN1), CK, IK. It is "idle updated" on the cell.
Related ICS/IXIT statement(s)
None.
Test Procedure
The UE is paged. After the UE has sent a PAGING RESPONSE message to the SS, the SS initiates an authentication procedure and checks the value RES sent by the UE in the AUTHENTICATION RESPONSE message. The RRC CONNECTION is released. The UE is paged and the SS checks the value of the ciphering key sequence number sent by the UE in the PAGING RESPONSE message.
Expected sequence
|
Step |
Direction |
Message |
Comments |
|
|---|---|---|---|---|
|
UE |
SS |
|||
|
1 |
Mobile terminated establishment of Radio Resource Connection |
See TS 34.108 clause 7.1.2 Establishment Cause: Terminating Conversational Call. |
||
|
2 |
|
PAGING RESPONSE |
CKSN = CKSN1 |
|
|
3 |
|
AUTHENTICATION REQUEST |
The SS initiates authentication with CKSN2 different from CKSN1. |
|
|
4 |
|
AUTHENTICATION RESPONSE |
"Auth. parameter RES" IE shall be bit exact with the value as produced by the authentication algorithm. |
|
|
5 |
SS |
The SS releases the RRC connection. |
||
|
6 |
Void |
|||
|
6a |
The SS waits for 5 seconds to guarantee that the UE is in service. |
|||
|
7 |
Mobile terminated establishment of Radio Resource Connection |
See TS 34.108 clause 7.1.2 Establishment Cause: Terminating Conversational Call. |
||
|
8 |
|
PAGING RESPONSE |
"Ciphering key sequence number" shall be the same as the value that was sent in the last AUTHENTICATION REQUEST message (= CKSN2). |
|
|
9 |
SS |
The SS releases the RRC connection. |
||
|
10 |
Void |
|||
Specific message contents
None.
9.2.1.5 Test requirement
1) At step 4 the UE shall send an AUTHENTICATION RESPONSE message with the RES information field set to the same value as the XRES calculated by the SS.
2) At step 8 the UE shall indicate in a PAGING RESPONSE message the ciphering key sequence number which was allocated to it through the authentication procedure.
9.2.2 Authentication rejected by the network
9.2.2.1 Definition
9.2.2.2 Conformance requirement
1) After reception of an AUTHENTICATION REJECT message the UE shall:
1.1 not perform normal location updating;
1.2 not perform periodic location updating;
1.3 not respond to paging with TMSI;
1.4 reject any request from CM entity for MM connection except for emergency call;
1.5 not perform IMSI detach if deactivated.
2) After reception of an AUTHENTICATION REJECT message the UE, if it supports emergency speech call, shall accept a request for an emergency call by sending a RRC CONNECTION REQUEST message with the establishment cause set to "emergency call" and include an IMEI as mobile identity in the CM SERVICE REQUEST message.
3) After reception of an AUTHENTICATION REJECT message the UE shall delete the stored LAI, CKSN and TMSI.
Reference(s)
TS 24.008 clause 4.3.2.5.
9.2.2.3 Test purpose
1) To check that ,after reception of an AUTHENTICATION REJECT message, the UE:
1.1 does not perform normal location updating;
1.2 does not perform periodic location updating;
1.3 does not respond to paging with TMSI;
1.4 rejects any request from CM entity for MM connection except for emergency call;
1.5 does not perform IMSI detach if deactivated.
2) To check that, after reception of an AUTHENTICATION REJECT message the UE, if it supports emergency speech call, accepts a request for an emergency call by sending a RRC CONNECTION REQUEST message with the establishment cause set to "emergency call" and includes an IMEI as mobile identity in the CM SERVICE REQUEST message.
3) To check that, after reception of an AUTHENTICATION REJECT message and after having been deactivated and reactivated, the UE performs location updating using its IMSI as mobile identity and indicates deleted LAI and CKSN.
9.2.2.4 Method of test
Initial conditions
– System Simulator:
– two cells: A and B, belonging to different location areas a and b;
– IMSI attach/detach is allowed in both cells;
– the T3212 time-out value is 1/10 hour in both cells.
– User Equipment:
– the UE has valid TMSI, CKSN, CK and IK. It is "idle updated" on cell B.
Related ICS/IXIT statement(s)
USIM removal possible while UE is powered Yes/No.
Switch off on button Yes/No.
Support of emergency speech call Yes/No.
Test procedure
The SS rejects an authentication. The RRC CONNECTION is released. The SS checks that the UE has entered the state MM IDLE substate NO IMSI, i.e. does not perform normal location updating, does not perform periodic updating, does not respond to paging, rejects any requests from CM entities except emergency calls and does not perform IMSI detach if USIM detachment is performed, switch off is performed, or the power is removed, depending on the UE (see ICS/IXIT).
Expected sequence
|
Step |
Direction |
Message |
Comments |
|
|---|---|---|---|---|
|
UE |
SS |
|||
|
The following messages are sent and shall be received on cell B |
||||
|
1 |
Mobile terminated establishment of Radio Resource Connection |
See TS 34.108 clause 7.1.2 Establishment Cause: Terminating Conversational Call.. |
||
|
2 |
|
PAGING RESPONSE |
"Ciphering key sequence number" shall be the same as the value that was sent in the last AUTHENTICATION REQUEST. |
|
|
3 |
|
AUTHENTICATION REQUEST |
CKSN in this AUTHENTICATION REQUEST should be different from that received in PAGING RESPONSE message. |
|
|
4 |
|
AUTHENTICATION RESPONSE |
||
|
5 |
|
AUTHENTICATION REJECT |
||
|
6 |
SS |
The SS releases the RRC connection. |
||
|
7 |
Void |
|||
|
8 |
|
PAGING TYPE 1 |
The UE is paged in cell B. "UE identity " IE contains TMSI. Paging Cause: Terminating Conversational Call. |
|
|
9 |
UE |
The UE shall ignore this message. This is verified during 3 s. |
||
|
10 |
SS |
The SS waits for at least for 15 s. |
||
|
11 |
UE |
A MO CM connection is attempted. |
||
|
12 |
UE |
The UE shall not initiate an RRC connection establishment on cell A or cell B. This is checked during 30 s. |
||
|
13 |
UE |
If the UE supports emergency speech call (see ICS), an emergency call is attempted. |
||
|
14 |
SS |
The SS checks that the IE "Establishment cause" in the received RRC CONNECTION REQUEST message is set to "Emergency call". |
||
|
15 |
Void |
|||
|
16 |
Void |
|||
|
17 |
|
CM SERVICE REQUEST |
"CM service type": Emergency call establishment. "Mobile identity": type of identity is set to IMEI. |
|
|
18 |
|
CM SERVICE ACCEPT |
||
|
19 |
|
EMERGENCY SETUP |
||
|
20 |
|
RELEASE COMPLETE |
"Cause" = unassigned number. |
|
|
21 |
SS |
The SS releases the RRC connection. |
||
|
22 |
Void |
|||
|
The following messages are sent and shall be received on cell A. |
||||
|
23 |
SS |
Set the cell type of cell A to the "Serving cell". Set the cell type of cell B to the "non-suitable cell". (see note) |
||
|
24 |
UE |
The UE performs cell reselection according to procedure as specified in (this however is not checked until step 29). The UE shall not initiate an RRC connection establishment on cell A or on cell B. |
||
|
25 |
SS |
The SS waits at least 7 minutes for a possible periodic updating. |
||
|
26 |
UE |
The UE shall not initiate an RRC connection establishment on cell A or on cell B. |
||
|
27 |
UE |
If possible (see ICS) USIM detachment is performed. Otherwise if possible (see ICS) switch off is performed. Otherwise the power is removed. |
||
|
28 |
UE |
The UE shall not initiate an RRC connection establishment on cell A or on cell B. This is checked during 3 s. |
||
|
29 |
UE |
Depending on what has been performed in step 27 the UE is brought back to operation. The subsequent GMM attach should be rejected if received in the PS mode. |
||
|
30 |
SS |
The SS checks that the IE "Establishment cause" in the received RRC CONNECTION REQUEST message is set to "Registration". |
||
|
31 |
Void |
|||
|
32 |
Void |
|||
|
33 |
|
LOCATION UPDATING REQUEST |
"location updating type" = normal, "CKSN" = no key available, "Mobile Identity" = IMSI, "LAI" = deleted LAI (the MCC and MNC hold the previous values, the LAC is coded FFFE). |
|
|
34 |
|
AUTHENTICATION REQUEST |
CKSN in this AUTHENTICATION REQUEST should be different from that received in LOCATION UPDATING REQUEST message. |
|
|
35 |
|
AUTHENTICATION RESPONSE |
||
|
36 |
|
LOCATION UPDATING ACCEPT |
"Mobile Identity" = TMSI. |
|
|
37 |
|
TMSI REALLOCATION COMPLETE |
||
|
38 |
SS |
The SS releases the RRC connection. |
||
|
39 |
Void |
|||
|
NOTE: The definitions for "Serving cell" and "non-suitable cell" are specified in TS 34.108 clause 6.1 "Reference Radio Conditions for signalling test cases only". |
||||
Specific message contents
None.
9.2.2.5 Test requirement
1)
1.1 At step 24 the UE shall not send any RRC CONNECTION REQUEST on cell A or on cell B.
1.2 At step 26 the UE shall not send any RRC CONNECTION REQUEST on cell A or on cell B.
1.3 At step 9 the UE shall not respond to paging.
1.4 At step 12 the UE shall not send any RRC CONNECTION REQUEST on cell A or on cell B.
1.5 At step 28 the UE shall not send any RRC CONNECTION REQUEST on cell A or on cell B.
2) At step 14 the UE shall send a RRC CONNECTION REQUEST message with the establishment cause set to "emergency call"; and at step 17 the UE shall send a CM SERVICE REQUEST message with the "CM service type" set to "Emergency call establishment".
3) At step 33 the UE shall perform location updating using its IMSI as mobile identity and indicates deleted LAI and CKSN.
9.2.3 Authentication rejected by the UE (MAC code failure)
9.2.3.1 Definition
Following a UMTS authentication challenge, the UE may reject the core network, on the grounds of an incorrect AUTN parameter (see TS 33.102).
If the UE considers the MAC code (supplied by the core network in the AUTN parameter) to be invalid, it shall send an AUTHENTICATION FAILURE message to the network, with the reject cause ‘MAC failure’.
9.2.3.2 Conformance requirement
1) The UE shall respond to an AUTHENTICATION REQUEST message, with a MAC code failure in the AUTN parameter, by sending an AUTHENTICATION FAILURE message with the reject cause ‘MAC failure’ and start timer T3214. When an AUTHENTICATION REQUEST message containing an invalid MAC has been received by the UE from the network, the UE shall stop any of the retransmission timers that are running (i.e. T3210, T3220 or T3230).
2) Upon receipt of an AUTHENTICATION FAILURE message from the UE, with reject cause ‘MAC failure’ the network may initiate the identification procedure. Upon reception of an IDENTITY REQUEST message, the UE shall identify itself by sending an IDENTITY RESPONSE message including the IMSI to the network. The network may then check that the TMSI originally used in the authentication challenge corresponded to the correct IMSI.
3) If the TMSI/IMSI mapping in the network was incorrect, the network should respond by sending a new AUTHENTICATION REQUEST message to the UE. Upon receiving the second AUTHENTICATION REQUEST message from the network, the UE shall stop the timer T3214, if running, and then process the challenge information as normal. Upon successfully validating the network (an AUTHENTICATION REQUEST that contains a valid MAC in the AUTN parameter is received), the UE shall send the AUTHENTICATION RESPONSE message to the network and shall start any retransmission timers (e.g. T3210, T3220 or T3230) , if they were running and stopped when the UE received the first AUTHENTICATION REQUEST message containing an incorrect MAC.
Reference(s)
TS 24.008 clauses 4.3.2.5.1 and 4.3.2.6 (c)
9.2.3.3 Test purpose
1) To check that a UE shall correctly respond to an AUTHENTICATION REQUEST message, with a MAC code failure in the AUTN parameter, by sending an AUTHENTICATION FAILURE message with the reject cause ‘MAC failure’.
2) To check that upon reception of an IDENTITY REQUEST message, requesting for IMSI, the UE identifies itself by sending an IDENTITY RESPONSE message including the IMSI to the network.
3) To check that upon receiving the second AUTHENTICATION REQUEST message from the network, the UE shall stop the timer T3214, if running, and then process the challenge information as normal. To check that upon successfully validating the network (an AUTHENTICATION REQUEST that contains a valid MAC is received), the UE sends the AUTHENTICATION RESPONSE message to the network.
9.2.3.4 Method of test
Initial conditions
– System Simulator:
– 1 cell, default parameters.
– User Equipment:
– the UE has valid TMSI, CKSN (CKSN1), CK, IK. It is "idle updated" on the cell.
Related ICS/IXIT statement(s)
None.
Test procedure
The UE rejects an authentication. The AUTHENTICATION FAILURE is sent by UE. Upon receipt of the AUTHENTICATION FAILURE message the SS initiates identification procedure. The UE responds to the SS by sending IDENTITY RESPONSE message. The SS sends AUTHENTICATION REQUEST message with correct AUTN parameter.
Expected sequence
|
Step |
Direction |
Message |
Comments |
|
|
UE |
SS |
|||
|
1 |
Mobile terminated establishment of Radio Resource Connection |
See TS 34.108 clause 7.1.2 Establishment Cause: Terminating Conversational Call. |
||
|
2 |
|
PAGING RESPONSE |
CKSN = CKSN1 |
|
|
3 |
|
AUTHENTICATION REQUEST |
With AUTN parameter having a MAC value different from what is calculated in 34.108 clause 8.1.2.1 step 4. |
|
|
4 |
|
AUTHENTICATION FAILURE |
With reject cause "MAC failure" |
|
|
5 |
|
IDENTITY REQUEST |
With identity type IMSI |
|
|
6 |
|
IDENTITY RESPONSE |
With IMSI in Mobile Identity IE |
|
|
7 |
|
AUTHENTICATION REQUEST |
With the AUTN parameter having a valid MAC code, see 34.108 clause 8.1.2.1 step 4. |
|
|
8 |
|
AUTHENTICATION RESPONSE |
Authentication Response Parameter IE (RES) shall be bit exact with the value as produced by the authentication algorithm. |
|
|
9 |
|
RRC CONNECTION RELEASE |
||
|
10 |
|
RRC CONNECTION RELEASE COMPLETE |
||
Specific message contents
None.
9.2.3.5 Test requirement
1) At step 4 the UE shall send AUTHENTICATION FAILURE message with reject cause set to "MAC failure".
2) At step 6 the UE shall send an IDENTITY RESPONSE message including the IMSI.
3) At step 8 the UE shall send an AUTHENTICATION RESPONSE message.
9.2.4 Authentication rejected by the UE (SQN failure)
9.2.4.1 Definition
Following a UMTS authentication challenge, the UE may reject the core network, on the grounds of an incorrect AUTN parameter (see TS 33.102).
If the UE considers the SQN (supplied by the core network in the AUTN parameter) to be out of range, it shall send an AUTHENTICATION FAILURE message to the network, with the reject cause ‘Synch failure’ and a re-synchronisation token AUTS provided by the USIM (see TS 33.102).
9.2.4.2 Conformance requirement
1) The UE shall respond to an AUTHENTICATION REQUEST message, with an SQN failure in the AUTN parameter, by sending an AUTHENTICATION FAILURE message with the reject cause ‘Synch failure’ and start the timer T3216 and stop any of the retransmission timers that are running (i.e. T3210, T3220 or T3230). Upon receipt of an AUTHENTICATION FAILURE message from the UE with the reject cause ‘synch failure,’ the network shall use the returned AUTS parameter from the authentication failure parameter IE in the AUTHENTICATION FAILURE message, to re-synchronise.
2) Upon successfully validating the network (a second AUTHENTICATION REQUEST is received which contains a valid SQN in the AUTN parameter) while T3216 is running, the UE shall send the AUTHENTICATION RESPONSE message to the network and shall start any retransmission timers (e.g. T3210, T3220 or T3230), if they were running and stopped when the UE received the first AUTHENTICATION REQUEST message containing an invalid SQN.
Reference(s)
TS 24.008 clause 4.3.2.5.1, 4.3.2.6 (d)
9.2.4.3 Test purpose
1) To check that a UE shall correctly respond to an AUTHENTICATION REQUEST message, with an SQN failure in the AUTN parameter, by sending an AUTHENTICATION FAILURE message with the reject cause ‘Synch failure’.
2) To check that upon successfully validating the network (a second AUTHENTICATION REQUEST is received which contains a valid SQN) while T3216 is running, the UE shall send the AUTHENTICATION RESPONSE message to the network.
9.2.4.4 Method of test
Initial conditions
– System Simulator:
– 1 cell, default parameters.
– User Equipment:
– the UE has valid TMSI, CKSN (CKSN1), CK, IK. It is "idle updated" on the cell.
Related ICS/IXIT statement(s)
None.
Test procedure
The SS sends an AUTHENTICATION REQUEST having an invalid SQN code (i.e. uses the predefined AMFRESYNCH value to trigger the SQN re-synchronisation procedure, see TS 34.108 clause 8.1.2.2) to the UE. The SS verifies that the UE rejects the authentication.
The SS sends a second AUTHENTICATION REQUEST with a valid SQN code (i.e. uses an AMF value different from AMFRESYNCH value, see TS 34.108 clause 8.1.2.2). The SS checks that the UE accepts the authentication request.
Expected sequence
|
Step |
Direction |
Message |
Comments |
|
|
UE |
SS |
|||
|
1 |
Mobile terminated establishment of Radio Resource Connection |
See TS 34.108 clause 7.1.2 Establishment Cause: Terminating Conversational Call. |
||
|
2 |
|
PAGING RESPONSE |
CKSN = CKSN1 |
|
|
3 |
|
AUTHENTICATION REQUEST |
with the AMF information field set to AMFRESYNCH value to trigger SQN re-synchronisation procedure in test USIM, see TS 34.108 clause 8.1.2.2. |
|
|
4 |
|
AUTHENTICATION FAILURE |
including the AUTS parameter and with the reject cause set to ‘Synch failure’ |
|
|
5 |
|
AUTHENTICATION REQUEST |
with the AMF information field set to value different from AMFRESYNCH value to cause test USIM to treat SQN value as valid, see TS 34.108 clause 8.1.2.2. |
|
|
6 |
|
AUTHENTICATION RESPONSE |
"Auth. parameter RES" IE shall be bit exact with the value as produced by the authentication algorithm. |
|
|
7 |
|
RRC CONNECTION RELEASE |
||
|
8 |
|
RRC CONNECTION RELEASE COMPLETE |
||
Specific message contents
None.
9.2.4.5 Test requirement
1) At step 4 the UE shall reject an authentication and the AUTHENTICATION FAILURE is sent to SS with reject cause "Synch failure".
2) At step 6 the UE shall send an AUTHENTICATION RESPONSE message with the RES information field set to the same value as the XRES calculated by SS.
9.2.5 Authentication rejected by the UE / fraudulent network
9.2.5.1 Definition
9.2.5.2 Conformance requirement
R99 and REL-4:
1. It can be assumed that the source of the authentication challenge is not genuine (authentication not accepted by the UE) if any of the following occur:
– After sending the AUTHENTICATION FAILURE message with the reject cause ‘MAC failure’ the timer T3214 expires;
– Upon receipt of the second AUTHENTICATION REQUEST while T3214 is running and the MAC value cannot be resolved.
When it has been deemed by the UE that the source of the authentication challenge is not genuine (i.e. authentication not accepted by the UE), the UE shall behave as described in 3GPP TS 24.008 clause 4.3.2.6.1.
2. In addition to the cases specified in 3GPP TS 24.008 subclause 4.3.2.6, the UE may deem that the network has failed the authentication check after any combination of three consecutive authentication failures, regardless whether ‘MAC failure’, ‘invalid SQN’, or ‘GSM authentication unacceptable’ was diagnosed. The authentication failures shall be considered as consecutive only, if the authentication challenges causing the second and third authentication failure are received by the UE, while the timer T3214 or T3216 started after the previous authentication failure is running.
If the UE deems that the network has failed the authentication check, then it shall request RR or RRC to release the RR connection and the PS signalling connection, if any, and bar the active cell or cells (see 3GPP TS 25.331 and 3GPP TS 04.18).
Reference(s)
3GPP TS 24.008 clauses 4.3.2.6 (c) and 4.3.2.6.1.
REL-5 and later releases:
1. It can be assumed that the source of the authentication challenge is not genuine (authentication not accepted by the UE) if any of the following occur:
– after sending the AUTHENTICATION FAILURE message with the reject cause "MAC failure" the timer T3214 expires;
– the UE detects any combination of the authentication failures: "MAC failure", "invalid SQN", and "GSM authentication unacceptable", during three consecutive authentication challenges. The authentication challenges shall be considered as consecutive only, if the authentication challenges causing the second and third authentication failure are received by the UE, while the timer T3214 or T3216 started after the previous authentication failure is running.
When it has been deemed by the UE that the source of the authentication challenge is not genuine (i.e. authentication not accepted by the UE), the UE shall behave as described in 3GPP TS 24.008 subclause 4.3.2.6.1.
2. If the UE deems that the network has failed the authentication check, then it shall request RR or RRC to release the RR connection and the PS signalling connection, if any, and bar the active cell or cells (see 3GPP TS 25.331 and 3GPP TS 44.018).
Reference(s)
3GPP TS 24.008 clauses 4.3.2.6 (c) and 4.3.2.6.1.
9.2.5.3 Test purpose
R99 and REL-4:
To test UE treating a cell as barred:
1. when the UE receives the second or third AUTHENTICATION REQUEST message with invalid MAC value during the T3214 is running.
2. when the timer T3214 has expired.
REL-5 and later releases:
To test UE treating a cell as barred:
1. when the UE receives the third AUTHENTICATION REQUEST message with invalid MAC value during the T3214 is running.
2. when the timer T3214 has expired.
9.2.5.4 Method of test
Initial conditions
– System Simulator:
– two cells: A and B, belonging to different location areas a and b.
– User Equipment:
– the UE has a valid TMSI. It is "idle updated" on cell A.
Related ICS/IXIT statement(s)
None.
Test procedure
A location updating procedure is initiated in cell B. The SS sends an AUTHENTICATION REQUEST message with invalid MAC value and the UE responds with an AUTHENTICATION FAILURE message. The SS resends an AUTHENTICATION REQUEST message with invalid MAC value.
For R99 and REL-4: The SS waits 30 seconds. If the UE sends an AUTHENTICATION FAILURE message during this time then the SS repeats the authentication procedure a third time and then waits 30 seconds. The UE moves into idle mode and do not make any access attempt on cell B.
For REL-5 and later release: The SS repeats a third time the authentication procedure, again with invalid MAC value in its AUTHENTICATION REQUEST message. The UE moves into idle mode and do not make any access attempt on cell B.
It is checked that the UE shall not attempt to access the network in cell B.
A location updating procedure is initiated in cell A. The SS sends an AUTHENTICATION REQUEST message with invalid MAC value and the UE responds with an AUTHENTICATION FAILURE message. The SS waits T3214 expiry.
It is checked that the UE shall not attempt to access the network in cell A.
Expected sequence
|
Step |
Direction |
Message |
Comments |
|
|
UE |
SS |
|||
|
The following messages shall be sent and received on Cell B. |
||||
|
1 |
SS |
Set the cell type of cell B to the “Serving cell”. Set the cell type of cell A to the “non-suitable cell”. (see note) |
||
|
2 |
SS |
The SS verifies that the IE "Establishment cause" in the received RRC CONNECTION REQUEST message is set to “Registration”. If PS mode: a routing area updating procedure should be performed. |
||
|
3 |
|
LOCATION UPDATING REQUEST |
||
|
4 |
|
AUTHENTICATION REQUEST |
with AUTN parameter having a MAC value different from what is calculated in 34.108 clause 8.1.2.1 step 4. |
|
|
5 |
|
AUTHENTICATION FAILURE |
with reject cause "MAC failure" |
|
|
6 |
|
AUTHENTICATION REQUEST |
with AUTN parameter having a MAC value different from what is calculated in 34.108 clause 8.1.2.1 step 4. |
|
|
7 |
|
AUTHENTICATION FAILURE |
with reject cause "MAC failure" R99 and REL-4: In case message is not received within 30s then the SS should continue from step 10. |
|
|
8 |
|
AUTHENTICATION REQUEST |
with AUTN parameter having a MAC value different from what is calculated in 34.108 clause 8.1.2.1 step 4. R99 and REL-4: Optional step |
|
|
9 |
SS |
The SS verifies that the UE does not attempt to access the network for 30s. R99 and REL-4: Optional step |
||
|
The following messages shall be sent and received on Cell A |
||||
|
10 |
SS |
Set the cell type of cell A to the "Serving cell". Set the cell type of cell B to the "non-suitable cell". (see note) |
||
|
11 |
SS |
The SS verifies that the IE "Establishment cause" in the received RRC CONNECTION REQUEST message is set to “Registration”. If PS mode: a routing area updating procedure should be performed. |
||
|
12 |
|
LOCATION UPDATING REQUEST |
||
|
13 |
|
AUTHENTICATION REQUEST |
with AUTN parameter having a MAC value different from what is calculated in 34.108 clause 8.1.2.1 step 4. |
|
|
14 |
|
AUTHENTICATION FAILURE |
with reject cause "MAC failure" |
|
|
15 |
SS |
The SS waits T3214 expiry. |
||
|
16 |
SS |
The SS verifies that the UE does not attempt to access the network for 30s. |
||
|
NOTE: The definitions for "Serving cell" and "non-suitable cell" are specified in TS 34.108 clause 6.1 "Reference Radio Conditions for signalling test cases only". |
||||
Specific message contents
None.
9.2.5.5 Test requirement
For R99 and REL-4 UE:
Alternative 1:
– After step 6, when the UE have received the second AUTHENTICATION REQUEST message with invalid MAC value, the UE shall not attempt to access the network in cell B.
Alternative 2:
– After step6, when the UE have received the second AUTHENTICATION REQUEST message with invalid MAC value while the timer T3214 is running, the UE shall send an AUTHENTICATION FAILURE message with reject cause "MAC failure" to the SS; and
– After step 8, when the UE have received the third AUTHENTICATION REQUEST message with invalid MAC value, the UE shall not attempt to access the network in cell B.
For REL-5 UE:
– After step 6, when the UE have received the second AUTHENTICATION REQUEST message with invalid MAC value while the timer T3214 is running, the UE shall send an AUTHENTICATION FAILURE message with reject cause "MAC failure" to the SS; and
– After step 8, when the UE have received the third AUTHENTICATION REQUEST message with invalid MAC value, the UE shall not attempt to access the network in cell B.
After step 15, when the timer T3214 has expired, the UE shall not attempt to access the network in cell A.