44.2.5 GPRS authentication and ciphering
3GPP51.010-1Mobile Station (MS) conformance specificationPart 1: Conformance specificationTS
44.2.5.1 Test of authentication
The purpose of this procedure is to verify the user identity. A correct response is essential to guarantee the establishment of the connection. If not, the connection will drop.
44.2.5.1.1 Authentication accepted
44.2.5.1.1.1 Conformance requirement
A Mobile Station shall correctly respond in an authentication and ciphering procedure by sending a response with the SRES information field set to the same value as the one produced by the authentication and ciphering algorithm in the network.
Reference(s):
3GPP TS 04.08 / 3GPP TS 24.008 subclause 4.7.7.
44.2.5.1.1.2 Test purpose
To test the behaviour of the MS if the network accepts the authentication and ciphering procedure.
44.2.5.1.1.3 Method of test
Initial conditions
System Simulator:
Two cells (not simultaneously activated), cell A in MCC1/MNC1/LAC1/RAC1, cell B in MCC1/MNC1/LAC1/RAC2.
Both cells are operating in network operation mode II.
Mobile Station:
The MS has a valid IMSI. MS is Idle Updated on cell A.
Specific PICS statements:
– MS operation mode B (TSPC_operation_mode_B).
– MS operation mode C (TSPC_operation_mode_C).
– Switch off on button (TSPC_Feat_OnOff).
– Automatic GPRS attach procedure at switch on or power on (TSPC_AddInfo_on_auto_GPRS_AP).
PIXIT statements:
–
Test procedure
A GPRS attach is performed, and the SS initiates an authentication and ciphering procedure.
The SS checks the value SRES sent by the MS in the AUTHENTICATION AND CIPHERING RESPONSE message.
The MS initiates a routing area updating procedure and the SS checks the value of the GPRS Ciphering Key Sequence Number sent by the MS in the ROUTING AREA REQUEST message.
Maximum duration of test
10 minutes.
Expected sequence
Step |
Direction |
Message |
Comments |
The following messages are sent and shall be received on cell A. |
|||
1 |
SS |
The SS activates cell A. |
|
2 |
MS |
The MS is set in MS operation mode C (see PICS). If MS operation mode C not supported, goto step 18. |
|
3 |
MS |
The MS is powered up or switched on and initiates an attach (see PICS). |
|
4 |
MS -> SS |
ATTACH REQUEST |
Attach type = ‘GPRS attach’ Mobile identity = IMSI |
5 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request authentication. RAND |
6 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
SRES |
7 |
SS |
The SS checks the SRES value. "Auth. Response Parameter (extension)" IE might be included if the RES value is more than 4 octets long. |
|
8 |
SS -> MS |
ATTACH ACCEPT |
Attach result = ‘GPRS only attached’ Mobile identity = P-TMSI-2 P-TMSI-2 signature Routing area identity = RAI-1 |
9 |
MS -> SS |
ATTACH COMPLETE |
|
The following messages are sent and shall be received on cell B. |
|||
10 |
SS |
Activate cell B with a lower signal strength than cell A The RF level of cell A is lowered until cell B is preferred by the MS. |
|
11 |
MS -> SS |
ROUTING AREA UPDATING REQUEST |
Update type = ‘RA updating’ P-TMSI-2 signature Routing area identity = RAI-1 GPRS-CKSN-1 |
12 |
SS |
The value of GPRS-CKSN is checked |
|
13 |
SS -> MS |
ROUTING AREA UPDATING ACCEPT |
Update result = ‘RA updated’ Mobile identity = P-TMSI-1 P-TMSI-1 signature Routing area identity = RAI-4 |
14 |
MS -> SS |
ROUTING AREA UPDATING COMPLETE |
|
15 |
MS |
The MS is switched off or power is removed (see PICS). |
|
16 |
MS -> SS |
DETACH REQUEST |
Message not sent if power is removed. Detach type = ‘power switched off, GPRS detach’ |
17 |
SS |
Reset the RF level of cell A to default state. Deactivate cell B. |
|
18 |
MS |
The MS is set in MS operation mode B (see PICS) and the test is repeated from step 3 to step 16. |
Specific message contents
None.
44.2.5.1.2 Authentication rejected
44.2.5.1.2.1 Conformance requirement
1. Upon receipt of an AUTHENTICATION AND CIPHERING REJECT message, the MS shall set the GPRS update status to GU3 ROAMING NOT ALLOWED and shall delete the P-TMSI, P-TMSI signature, RAI and GPRS ciphering key sequence number stored.
2. The SIM shall be considered as invalid until switching off or the SIM is removed.
3. If the AUTHENTICATION AND CIPHERING REJECT message is received, the MS shall abort any GMM procedure, shall stop the timers T3310 and T3330 (if running) and shall enter state GMM-DEREGISTERED.
Reference(s):
3GPP TS 04.08 / 3GPP TS 24.008 subclause 4.7.7.5.
44.2.5.1.2.2 Test purpose
To test the behaviour of the MS if the network rejects the authentication and ciphering procedure.
44.2.5.1.2.3 Method of test
Initial conditions
System Simulator:
Two cells (not simultaneously activated), cell A in MCC1/MNC1/LAC1/RAC1, cell B in MCC1/MNC1/LAC1/RAC2.
Both cells are operating in network operation mode II.
Mobile Station:
The MS has a valid IMSI. MS is Idle Updated on cell A.
Specific PICS statements:
– MS operation mode B (TSPC_operation_mode_B).
– MS operation mode C (TSPC_operation_mode_C).
– Switch off on button (TSPC_Feat_OnOff).
– Automatic GPRS attach procedure at switch on or power on (TSPC_AddInfo_on_auto_GPRS_AP).
PIXIT statements:
–
Test procedure
The test sequence is repeated for k = 1, 2.
A complete GPRS attach procedure is performed. The SS rejects the following authentication and ciphering procedure. The MS is paged with its former P-TMSI and shall not respond.
The Cell is changed into a new Routing Area.
The SS checks that the MS does not perform normal routing area updating.
The SS then checks that the MS does not perform a GPRS attach.
The SS checks that the MS does not perform a GPRS detach if switched off.
The MS is switched on or powered up. The SS checks that the MS performs a GPRS Attach procedure.
Maximum duration of test
10 minutes.
Expected sequence
The test sequence is repeated for k = 1, 2.
For k =1, the MS is set in MS operation mode C. If MS operation mode C not supported then k = 2.
For k = 2 the MS is set in MS operation mode B.
Step |
Direction |
Message |
Comments |
The following messages are sent and shall be received on cell A. |
|||
1 |
SS |
The SS activates cell A. |
|
2 |
MS |
The MS is powered up or switched on and initiates an attach (see PICS). |
|
3 |
MS -> SS |
ATTACH REQUEST |
Attach type = ‘GPRS attach’ Mobile identity = IMSI |
4 |
SS -> MS |
ATTACH ACCEPT |
Attach result = ‘GPRS only attached’ Mobile identity = P-TMSI-1 P-TMSI-1 signature Routing area identity = RAI-1 |
5 |
MS -> SS |
ATTACH COMPLETE |
|
6 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request authentication. RAND |
7 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
SRES |
8 |
SS -> MS |
AUTHENTICATION AND CIPHERING REJECT |
|
9 |
SS -> MS |
The SS pages the MS with mobile identity P-TMSI-1 and paging order for TBF establishment according to the channel combination of the cell. |
|
10 |
MS |
No response from the MS to the request. This is checked for 10 s. |
|
The following messages are sent and shall be received on cell B. |
|||
11 |
SS |
The SS deactivates cell A and activates cell B. |
|
12 |
MS |
Cell B is preferred by the MS. |
|
13 |
MS |
No ROUTING AREA UPDATING REQUEST sent to the SS |
|
14 |
MS |
If possible (see PICS) the MS initiates an attach by MMI or by AT command. |
|
15 |
MS |
No ATTACH REQUEST sent to the SS |
|
16 |
MS |
The MS is switched off (see PICS). |
|
17 |
SS |
No DETACH REQUEST sent to the SS |
|
18 |
The MS is powered up or switched on. |
||
Step 19 is only performed for k =2 |
|||
19 |
{Location Update Procedure} |
Macro. Location Update Procedure initiated from the MS. Parameter mobile identity is IMSI. |
|
19a |
MS initiates an attach (see PICS). |
||
20 |
MS -> SS |
ATTACH REQUEST |
Attach type = ‘GPRS only attached’ Mobile identity = IMSI |
21 |
SS -> MS |
ATTACH ACCEPT |
Attach result = ‘GPRS attach’ Mobile identity = P-TMSI-1 P-TMSI-1 signature |
22 |
MS -> SS |
ATTACH COMPLETE |
|
23 |
MS |
The MS is switched off or power is removed. (see Pics) |
|
24 |
MS -> SS |
DETACH REQUEST |
Message not sent if power is removed. |
25 |
MS |
If k=1 then the test is repeated for k=2. |
Specific message contents
None.
44.2.5.1.3 Authentication accepted with USIM
44.2.5.1.1.1 Conformance requirement
A Mobile Station shall correctly respond in an authentication and ciphering procedure by sending a response with the SRES information field set to the same value as the one produced by the authentication and ciphering algorithm in the network.
In a UMTS authentication challenge, if the AUTHENTICATION_AND_CIPHERING REQUEST message includes the UMTS authentication parameters GPRS CKSN, RAND and AUTN, then upon receipt of the message, the MS verifies the AUTN parameter and if this is accepted, the MS processes the challenge information and sends an AUTHENTICATION_AND_CIPHERING RESPONSE message to the network.
Reference(s):
3GPP TS 24.008 subclause 4.7.7.2.
44.2.5.1.1.2 Test purpose
To verify that the MS is able to authenticate itself for GPRS transmission using the USIM application through an UMTS challenge.
44.2.5.1.1.3 Method of test
Initial conditions
System Simulator:
Two cells (not simultaneously activated), cell A in MCC1/MNC1/LAC1/RAC1, cell B in MCC1/MNC1/LAC1/RAC2.
Both cells are operating in network operation mode II, SGSN is R99
Mobile Station:
Test USIM is plugged into the MS.
The MS has a valid IMSI. MS is Idle Updated on cell A.
Specific PICS statements:
– MS operation mode B (TSPC_operation_mode_B).
– MS operation mode C (TSPC_operation_mode_C).
– Switch off on button (TSPC_Feat_OnOff).
– Automatic GPRS attach procedure at switch on or power on (TSPC_AddInfo_on_auto_GPRS_AP).
PIXIT statements:
–
Test procedure
A GPRS attach is performed, and the SS initiates an authentication and ciphering procedure with an UMTS challenge request.
The SS checks the value RES sent by the MS in the AUTHENTICATION AND CIPHERING RESPONSE message (calculated with UMTS AKA algorithm).
The MS initiates a routing area updating procedure and the SS checks the value of the GPRS Ciphering Key Sequence Number sent by the MS in the ROUTING AREA REQUEST message.
Expected sequence
Step |
Direction |
Message |
Comments |
The following messages are sent and shall be received on cell A. |
|||
1 |
SS |
The SS activates cell A. |
|
2 |
MS |
The MS is set in MS operation mode C (see PICS). If MS operation mode C not supported, goto step 18. |
|
3 |
MS |
The MS is powered up or switched on and initiates an attach (see PICS). |
|
4 |
MS -> SS |
ATTACH REQUEST |
Attach type = ‘GPRS attach’ Mobile identity = IMSI |
5 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request UMTS authentication. RAND & AUTN included (see specific message content) |
6 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
RES |
7 |
SS |
The SS checks the RES value. |
|
8 |
SS -> MS |
ATTACH ACCEPT |
Attach result = ‘GPRS only attached’ Mobile identity = P-TMSI-2 P-TMSI-2 signature Routing area identity = RAI-1 |
9 |
MS -> SS |
ATTACH COMPLETE |
|
The following messages are sent and shall be received on cell B. |
|||
10 |
SS |
Activate cell B with a lower signal strength than cell A The RF level of cell A is lowered until cell B is preferred by the MS. |
|
11 |
MS -> SS |
ROUTING AREA UPDATING REQUEST |
Update type = ‘RA updating’ P-TMSI-2 signature Routing area identity = RAI-1 GPRS-CKSN-1 |
12 |
SS |
The value of GPRS-CKSN is checked |
|
13 |
SS -> MS |
ROUTING AREA UPDATING ACCEPT |
Update result = ‘RA updated’ Mobile identity = P-TMSI-1 P-TMSI-1 signature Routing area identity = RAI-4 |
14 |
MS -> SS |
ROUTING AREA UPDATING COMPLETE |
|
15 |
MS |
The MS is switched off or power is removed (see PICS). |
|
16 |
MS -> SS |
DETACH REQUEST |
Message not sent if power is removed. Detach type = ‘power switched off, GPRS detach’ |
17 |
SS |
Reset the RF level of cell A to default state. Deactivate cell B. |
|
18 |
MS |
The MS is set in MS operation mode B (see PICS) and the test is repeated from step 3 to step 16. |
Specific message contents
AUTHENTICATION AND CIPHERING REQUEST in step 5:
Same as default content except:
Information element |
Value/remark |
IE AUTN |
Calculated as defined for Test USIM |
44.2.5.2 Test of ciphering mode setting
The purpose of this procedure is to let the network to trigger the start and stop of stream ciphering.
The SS shall start and synchronise ciphering and deciphering according to 3GPP TS 03.20 / 3GPP TS 33.102, 3GPP TS 33.220. The bitstream shall be generated according to the commanded algorithm GExA.
44.2.5.2.1 Ciphering mode / start ciphering
44.2.5.2.1.1 Conformance requirements
1. When the MS receives the AUTHENTICATION AND CIPHERING REQUEST message during the attach procedure, with Ciphering indicator information element set to ‘ciphering mode off’, the Mobile Station shall:
1.1. responds with an AUTHENTICATION AND CIPHERING RESPONSE message;
1.2. not start ciphering.
2. When the MS receives the AUTHENTICATION AND CIPHERING REQUEST message during the routing area updating procedure, with Ciphering indicator information element set to ‘ciphering mode on’, the Mobile Station shall:
2.1. responds with an AUTHENTICATION AND CIPHERING RESPONSE message;
2.2. start ciphering and deciphering with the algorithm indicated by the Ciphering algorithm information element;
2.3. the ciphering uses the cipher key determined during the authentication procedure.
Reference(s):
3GPP TS 04.08 / 3GPP TS 24.008 subclause 4.7.7.
44.2.5.2.1.2 Test purpose
To test the behaviour of the MS if the network accepts the authentication and ciphering procedure with ciphering.
44.2.5.2.1.3 Method of test
Initial conditions
System Simulator:
Two cells (not simultaneously activated), cell A in MCC1/MNC1/LAC1/RAC1, cell B in MCC1/MNC1/LAC1/RAC2.
Both cells are operating in network operation mode II.
Mobile Station:
For execution counter K = 4 (GEA4) Test USIM has to be plugged into the MS
The MS has a valid IMSI. MS is Idle Updated on cell A.
Specific PICS statements:
– MS operation mode B (TSPC_operation_mode_B).
– MS operation mode C (TSPC_operation_mode_C).
– Switch off on button (TSPC_Feat_OnOff).
– Automatic GPRS attach procedure at switch on or power on (TSPC_AddInfo_on_auto_GPRS_AP).
– Supported encryption Algorithm: GEA1 (TSPC_Feat_GEA1)
– Supported encryption Algorithm: GEA2 (TSPC_Feat_GEA2)
– Supported encryption Algorithm: GEA3 (TSPC_Feat_GEA3)
– Supported encryption Algorithm: GEA4 (TSPC_Feat_GEA4)
PIXIT statements:
–
Test procedure
A GPRS attach is performed. Authentication procedure without ciphering is performed.
The MS initiates a routing area updating procedure, and the SS initiates an authentication and ciphering procedure to start ciphering. GEA1, GEA2, GEA3 or GEA4 encryption is used depending on the execution counter K.
The test is performed for all GEAx encryption algorithm supported by the MS.
Maximum duration of test
15 minutes.
Expected sequence
The sequence is performed for execution counter K=1 when the MS supports GEA1, for K=2 when the MS supports GEA2, for K=3 when the MS supports GEA3 and for K=4 when the MS supports GEA4.
Step |
Direction |
Message |
Comments |
---|---|---|---|
The following messages are sent and shall be received on cell A. |
|||
1 |
SS |
The SS activates cell A. |
|
2 |
MS |
The MS is set in MS operation mode C (see PICS). If MS operation mode C not supported, goto step 28. |
|
3 |
MS |
The MS is powered up or switched on and initiates an attach (see PICS). |
|
4 |
MS -> SS |
ATTACH REQUEST |
Attach type = ‘GPRS attach’ Mobile identity = IMSI |
5 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request authentication. Set GPRS-CKSN-1 RANDFor K=4 AUTN Message not ciphered |
6 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
For K=1,2,3 SRES For K=4 RES "Auth. Response Parameter (extension)" IE might be included if the RES value is more than 4 octets long. Message not ciphered |
7 |
SS -> MS |
ATTACH ACCEPT |
Attach result = ‘GPRS only attached’ Mobile identity = P-TMSI-2 P-TMSI-2 signature Routing area identity = RAI-1 |
8 |
MS -> SS |
ATTACH COMPLETE |
Message not ciphered |
9 |
SS -> MS |
PAGING REQUEST TYPE 1 |
Mobile identity = P-TMSI-2 Message not ciphered |
10 |
MS -> SS |
UPLINK RLC DATA BLOCK |
LLC PDU implicitly indicating paging response. Message not ciphered |
The following messages are sent and shall be received on cell B. |
|||
11 |
SS |
Activate cell B with a lower signal strength than cell A The RF level of cell A is lowered until cell B is preferred by the MS. |
|
12 |
MS -> SS |
ROUTING AREA UPDATING REQUEST |
Update type = ‘RA updating’ P-TMSI-2 signature Routing area identity = RAI-1 |
13 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request authentication. GEA1 for K=1, GEA2 for K=2, GEA3 for K=3. GEA4 for K=4. Set GPRS-CKSN-2 RAND For K=4 AUTN |
14 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
For K=1,2,3 SRES For K=4 RES "Auth. Response Parameter (extension)" IE might be included if the RES value is more than 4 octets long. Message not ciphered |
15 |
SS -> MS |
ROUTING AREA UPDATING ACCEPT |
Update result = ‘RA updated’ Mobile identity = P-TMSI-1 P-TMSI-1 signature Routing area identity = RAI-4 |
16 |
MS -> SS |
ROUTING AREA UPDATING COMPLETE |
Message ciphered |
17 |
SS -> MS |
PAGING REQUEST TYPE 1 |
Mobile identity = P-TMSI-1 |
18 |
MS -> SS |
UPLINK RLC DATA BLOCK |
LLC PDU implicitly indicating paging response. Message may be ciphered depending on the type of LLC PDU that are sent. The ‘E’ bit is therefore not checked. |
19 |
SS -> MS |
P-TMSI REALLOCATION COMMAND |
Mobile identity = P-TMSI-2 P-TMSI-2 signature Message ciphered |
20 |
MS -> SS |
P-TMSI REALLOCATION COMPLETE |
Message ciphered |
21 |
SS -> MS |
IDENTITY REQUEST |
Identity type = IMEI |
22 |
MS -> SS |
IDENTITY RESPONSE |
Mobile identity = IMEI |
23 |
SS -> MS |
P-TMSI REALLOCATION COMMAND |
Mobile identity = P-TMSI-1 P-TMSI-1 signature Message ciphered |
24 |
MS -> SS |
P-TMSI REALLOCATION COMPLETE |
Message ciphered |
25 |
MS |
The MS is switched off or power is removed (see PICS). |
|
26 |
MS -> SS |
DETACH REQUEST |
Message not sent if power is removed. Detach type = ‘power switched off, GPRS detach’ Message ciphered |
27 |
SS |
Cell B is powered down and Cell A is restored to full power. |
|
28 |
MS |
The MS is set in MS operation mode B (see PICS) and the test is repeated from step 3 to step 26. |
Note that due to the test of ciphering, it is in this test case indicated whether each message is ciphered or not.
Specific message contents
AUTHENTICATION AND CIPHERING REQUEST in step 5:
Same as default content except:
Information element |
Value/remark |
IE AUTN |
Not present for K = 1 Not present for K = 2 Not present for K = 3 Present for K = 4, calculated as defined for Test USIM |
Ciphering Algorithm |
|
Type of Algorithm |
No ciphering |
AUTHENTICATION AND CIPHERING REQUEST in step 13:
Same as default content except:
Information element |
Value/remark |
IE AUTN |
Not present for K = 1 Not present for K = 2 Not present for K = 3 Present for K = 4, calculated as defined for Test USIM |
Ciphering Algorithm |
|
Type of Algorithm |
GEA/1 for K = 1 GEA/2 for K = 2 GEA/3 for K = 3 GEA/4 for K = 4 |
44.2.5.2.2 Ciphering mode / stop ciphering
44.2.5.2.2.1 Conformance requirements
1. When the MS receives the AUTHENTICATION AND CIPHERING REQUEST message during the attach procedure, with Ciphering indicator information element set to ‘ciphering mode on’, the Mobile Station shall:
1.1. responds with an AUTHENTICATION AND CIPHERING RESPONSE message;
1.2. start ciphering and deciphering with the algorithm indicated by the Ciphering algorithm information element;
1.3. the ciphering uses the cipher key determined during the authentication procedure.
2. When the MS receives the AUTHENTICATION AND CIPHERING REQUEST message during the routing area updating procedure, with Ciphering indicator information element set to ‘ciphering mode off’, the Mobile Station shall:
2.1. responds with an AUTHENTICATION AND CIPHERING RESPONSE message;
2.2. stop ciphering.
Reference(s):
3GPP TS 04.08 / 3GPP TS 24.008 subclause 4.7.7.
44.2.5.2.2.2 Test purpose
To test the behaviour of the MS if the network accepts the authentication and ciphering procedure without ciphering.
44.2.5.2.2.2 Method of test
Initial conditions
System Simulator:
Two cells, cell A in MCC1/MNC1/LAC1/RAC1, cell B in MCC1/MNC1/LAC1/RAC2.
Both cells are operating in network operation mode II.
Mobile Station:
The MS has a valid IMSI. MS is Idle Updated on cell A.
Specific PICS statements:
– MS operation mode B (TSPC_operation_mode_B).
– MS operation mode C (TSPC_operation_mode_C).
– Switch off on button (TSPC_Feat_OnOff).
– Automatic GPRS attach procedure at switch on or power on (TSPC_AddInfo_on_auto_GPRS_AP).
PIXIT statements:
–
Test procedure
A GPRS attach is performed, and the SS initiates an authentication and ciphering procedure to start ciphering.
A RA updating procedure is initiated, and authentication procedure without ciphering is performed. Ciphering is turned off.
Maximum duration of test
15 minutes.
Expected sequence
Step |
Direction |
Message |
Comments |
---|---|---|---|
The following messages are sent and shall be received on cell A. |
|||
1 |
MS |
The MS is set in MS operation mode C (see PICS). If MS operation mode C not supported, goto step 22. |
|
2 |
SS |
The SS activates cell A. |
|
3 |
MS |
The MS is powered up or switched on and initiates an attach (see PICS). |
|
4 |
MS -> SS |
ATTACH REQUEST |
Attach type = ‘GPRS attach’ Mobile identity = IMSI |
5 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request authentication. Set GPRS-CKSN-1 RAND |
6 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
SRES |
7 |
SS -> MS |
ATTACH ACCEPT |
Attach result = ‘GPRS only attached’ Mobile identity = P-TMSI-2 P-TMSI-2 signature Routing area identity = RAI-1 |
8 |
MS -> SS |
ATTACH COMPLETE |
Message ciphered |
9 |
SS -> MS |
The SS pages the MS with mobile identity P-TMSI-2 and paging order for TBF establishment according to the channel combination of the cell. |
|
10 |
MS -> SS |
Verify that the MS initiates a TBF connection And sends an UPLINK RLC DATA BLOCK as a Response to the paging request. Message may or may not be ciphered |
|
The following messages are sent and shall be received on cell B. |
|||
11 |
SS |
Activate cell B with a lower signal strength than cell A. The RF level of cell A is lowered until cell B is preferred by the MS. |
|
12 |
MS -> SS |
ROUTING AREA UPDATING REQUEST |
Update type = ‘RA updating’ P-TMSI-2 signature Routing area identity = RAI-1 |
13 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request authentication. Set GPRS-CKSN-2 RAND |
14 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
SRES |
15 |
SS -> MS |
ROUTING AREA UPDATING ACCEPT |
Update result = ‘RA updated’ Mobile identity = P-TMSI-1 P-TMSI-1 signature Routing area identity = RAI-4 |
16 |
MS -> SS |
ROUTING AREA UPDATING COMPLETE |
Message not ciphered |
17 |
SS -> MS |
The SS pages the MS with mobile identity P-TMSI-1 and paging order for TBF establishment according to the channel combination of the cell. |
|
18 |
MS -> SS |
Verify that the MS initiates a TBF connection And sends an UPLINK RLC DATA BLOCK as a Response to the paging request. Message not ciphered |
|
19 |
MS |
The MS is switched off or power is removed (see PICS). |
|
20 |
MS -> SS |
DETACH REQUEST |
Message not sent if power is removed. Detach type = ‘power switched off, GPRS detach’ Message not ciphered |
21 |
SS |
Cell B is switched off and Cell A is restored to full power. |
|
22 |
MS |
The MS is set in MS operation mode B (see PICS) and the test is repeated from step 3 to step 20. |
Note that due to the test of ciphering, it is in this test case indicated whether each message is ciphered or not.
Specific message contents
None.
44.2.5.2.3 Ciphering mode / IMEISV request
44.2.5.2.3.1 Conformance requirements
1 When the MS receives the AUTHENTICATION AND CIPHERING REQUEST message during the attach procedure, with Ciphering indicator information element set to ‘ciphering mode on’ and ‘IMEISV requested’, the Mobile Station shall:
1.1 responds with an AUTHENTICATION AND CIPHERING RESPONSE message;
1.2 include IMEISV;
1.3 start ciphering and deciphering with the algorithm indicated by the Ciphering algorithm information element;
1.4 the ciphering uses the cipher key determined during the authentication procedure.
2 When the MS receives the AUTHENTICATION AND CIPHERING REQUEST message during the routing area updating procedure, with Ciphering indicator information element set to ‘ciphering mode off’ and ‘IMEISV not requested’, the Mobile Station shall:
2.1 responds with an AUTHENTICATION AND CIPHERING RESPONSE message;
2.2 not include IMEISV;
2.3 not start ciphering.
Reference(s):
3GPP TS 04.08 / 3GPP TS 24.008 subclause 4.7.7.
44.2.5.2.3.2 Test purpose
To test the behaviour of the MS with respect to return IMEISV on request only.
44.2.5.2.3.3 Method of test
Initial conditions
System Simulator:
Two cells, cell A in MCC1/MNC1/LAC1/RAC1, cell B in MCC1/MNC1/LAC1/RAC2.
Both cells are operating in network operation mode II.
Mobile Station:
The MS has a valid IMSI. MS is Idle Updated on cell A.
Specific PICS statements:
– MS operation mode B (TSPC_operation_mode_B).
– MS operation mode C (TSPC_operation_mode_C).
– Switch off on button (TSPC_Feat_OnOff).
– Automatic GPRS attach procedure at switch on or power on (TSPC_AddInfo_on_auto_GPRS_AP).
PIXIT statements:
–
Test procedure
A GPRS attach is performed, and the SS initiates an authentication and ciphering procedure. IMEISV is requested.
The MS initiates a routing area updating procedure, and the SS initiates a new authentication and ciphering procedure without requesting IMEISV.
Maximum duration of test
15 minutes.
Expected sequence
Step |
Direction |
Message |
Comments |
---|---|---|---|
The following messages are sent and shall be received on cell A. |
|||
1 |
MS |
The MS is set in MS operation mode C (see PICS). If MS operation mode C not supported, goto step 21. |
|
2 |
SS |
The SS activates cell A. |
|
3 |
MS |
The MS is powered up or switched on and initiates an attach (see PICS). |
|
4 |
MS -> SS |
ATTACH REQUEST |
Attach type = ‘GPRS attach’ Mobile identity = IMSI |
5 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request authentication. IMEISV requested |
6 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
SRES Mobile identity = IMEISV |
7 |
SS -> MS |
ATTACH ACCEPT |
Attach result = ‘GPRS only attached’ Mobile identity = P-TMSI-2 P-TMSI-2 signature Routing area identity = RAI-1 |
8 |
MS -> SS |
ATTACH COMPLETE |
Message ciphered |
9 |
SS -> MS |
The SS pages the MS with mobile identity P-TMSI-2 and paging order for TBF establishment according to the channel combination of the cell. |
|
10 |
MS -> SS |
Verify that the MS initiates a TBF connection and sends an UPLINK RLC DATA BLOCK as a response to the paging request. Message may or may not be ciphered |
|
The following messages are sent and shall be received on cell B. |
|||
11 |
SS |
Activate cell B with a lower signal strength than cell A The RF level of cell A is lowered until cell B is preferred by the MS. |
|
12 |
MS -> SS |
ROUTING AREA UPDATING REQUEST |
Update type = ‘RA updating’ P-TMSI-2 signature Routing area identity = RAI-1 |
13 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request authentication. IMEISV not requested |
14 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
SRES No IMEISV included |
15 |
SS -> MS |
ROUTING AREA UPDATING ACCEPT |
Update result = ‘RA updated’ Mobile identity = P-TMSI-1 P-TMSI-1 signature Routing area identity = RAI-4 |
16 |
MS -> SS |
ROUTING AREA UPDATING COMPLETE |
Message not ciphered |
17 |
SS -> MS |
The SS pages the MS with mobile identity P-TMSI-1 and paging order for TBF establishment according to the channel combination of the cell. |
|
18 |
MS -> SS |
Verify that the MS initiates a TBF connection and sends an UPLINK RLC DATA BLOCK as a response to the paging request. Message not ciphered |
|
19 |
MS |
The MS is switched off or power is removed (see PICS). |
|
20 |
MS -> SS |
DETACH REQUEST |
Message not sent if power is removed. Detach type = ‘power switched off, GPRS detach’ Message not ciphered |
21 |
MS |
The MS is set in MS operation mode B (see PICS), cell B is switched off, Cell A is restored to full power and the test is repeated from step 3 to step 20. |
Note that due to the test of ciphering, it is in this test case indicated whether each message is ciphered or not.
Specific message contents
None.
44.2.5.2.4 Ciphering mode/Cipher key Kc128 and algorithm changes
44.2.5.2.4.1 Conformance requirement
A Mobile Station shall correctly respond in an authentication and ciphering procedure by sending a response with the SRES information field set to the same value as the one produced by the authentication and ciphering algorithm in the network.
In a UMTS authentication challenge, if the AUTHENTICATION_AND_CIPHERING REQUEST message includes the UMTS authentication parameters GPRS CKSN, RAND and AUTN, then upon receipt of the message, the MS verifies the AUTN parameter and if this is accepted, the MS processes the challenge information and sends an AUTHENTICATION_AND_CIPHERING RESPONSE message to the network.
In a UMTS authentication challenge, the new UMTS ciphering key, the new GSM ciphering key and the new UMTS integrity key calculated from the challenge information shall overwrite the previous UMTS ciphering key, GSM ciphering key and UMTS integrity key. The new UMTS ciphering key, GSM ciphering key and UMTS integrity key are stored on the USIM together with the ciphering key sequence number. Furthermore, in A/Gb mode when after the authentication procedure an A5 ciphering algorithm that requires a 128-bit ciphering key is taken into use, then a new GSM Kc128 shall also be calculated as described in the subclause 4.3.2.3a
Reference(s):
3GPP TS 24.008 subclause 4.7.7.2.
3GPP TS 24.008 subclause 4.3.2.2.
44.2.5.2.4.2 Test purpose
To verify that the MS uses correctly Kc and Kc128 when the GPRS Encryption Algorithm is changed from GEA2/GEA3 to GEA4 and from GEA4 to GEA2/GEA3.
44.2.5.2.4.3 Method of test
Initial conditions
System Simulator:
Two cells (not simultaneously activated), cell A in MCC1/MNC1/LAC1/RAC1, cell B in MCC1/MNC1/LAC1/RAC2.
Both cells are operating in network operation mode II, SGSN is R99
Mobile Station:
Test USIM is plugged into the MS. The MS has a valid IMSI. MS is Idle Updated on cell A.
Specific PICS statements:
– MS operation mode B (TSPC_operation_mode_B).
– MS operation mode C (TSPC_operation_mode_C).
– Switch off on button (TSPC_Feat_OnOff).
– Automatic GPRS attach procedure at switch on or power on (TSPC_AddInfo_on_auto_GPRS_AP).
– Supported encryption Algorithm: GEA2 (TSPC_Feat_GEA2)
– Supported encryption Algorithm: GEA3 (TSPC_Feat_GEA3)
PIXIT statements:
–
Test procedure
A GPRS attach is performed, and the SS initiates an authentication and ciphering procedure with an UMTS challenge request; type of algorithm is GEA2 or GEA3 dependent on supported algorithm.
The SS checks the value RES sent by the MS in the AUTHENTICATION AND CIPHERING RESPONSE message (calculated with UMTS AKA algorithm).
The cell A is deactivated and cell B activated .
The MS initiates a routing area updating procedure and the SS initiates an authentication and ciphering procedure with an UMTS challenge request. The SS sends ROUTING ARE UPDATING ACCEPT ciphered with GEA4 and the MS answer with ciphered ROUTING ARE UPDATING COMPLETE.
The cell B is deactivated and cell A activated
The MS initiates a routing area updating procedure and the SS initiates an authentication and ciphering procedure with an UMTS challenge request. The SS sends ROUTING ARE UPDATING ACCEPT ciphered with GEA2/GEA3 and the MS answer with ciphered ROUTING ARE UPDATING COMPLETE.
Expected sequence
The sequence is executed with GEAx = GEA3 when GEA2 is not supported or GEA2 when GEA2 is supported.
Step |
Direction |
Message |
Comments |
The following messages are sent and shall be received on cell A. |
|||
1 |
SS |
The SS activates cell A. |
|
2 |
MS |
The MS is set in MS operation mode C (see PICS). If MS operation mode C not supported, goto step 23. |
|
3 |
MS |
The MS is powered up or switched on and initiates an attach (see PICS). |
|
4 |
MS -> SS |
ATTACH REQUEST |
Attach type = ‘GPRS attach’ Mobile identity = IMSI |
5 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request UMTS authentication. RAND & AUTN included (see specific message content) Type of algorithm: GEAx |
6 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
The SS checks the RES value. "Auth. Response Parameter (extension)" IE included if the RES value is more than 4 octets long. |
7 |
SS -> MS |
ATTACH ACCEPT |
Message ciphered with GEAx Attach result = ‘GPRS only attached’ Mobile identity = P-TMSI-2 P-TMSI-2 signature Routing area identity = RAI-1 |
8 |
MS -> SS |
ATTACH COMPLETE |
Message ciphered |
9 |
SS |
The SS deactivates cell A and activates cell B. |
|
The following messages are sent and shall be received on cell B. |
|||
10 |
MS -> SS |
ROUTING AREA UPDATING REQUEST |
Update type = ‘RA updating’ P-TMSI-2 signature Routing area identity = RAI-1 GPRS-CKSN-1 |
11 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request UMTS authentication. Set GPRS-CKSN-1 RAND & AUTN included (see specific message content) Type of algorithm: GEA4 |
12 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
The SS checks the RES value. "Auth. Response Parameter (extension)" IE included if the RES value is more than 4 octets long. |
13 |
SS -> MS |
ROUTING AREA UPDATING ACCEPT |
Message ciphered with GEA4 Update result = ‘RA updated’ Mobile identity = P-TMSI-1 P-TMSI-1 signature Routing area identity = RAI-4 |
14 |
MS -> SS |
ROUTING AREA UPDATING COMPLETE |
Message ciphered |
15 |
SS |
The SS deactivates cell B and activates cell A. |
|
The following messages are sent and shall be received on cell A. |
|||
16 |
MS -> SS |
ROUTING AREA UPDATING REQUEST |
Update type = ‘RA updating’ P-TMSI-1 signature Routing area identity = RAI-4 GPRS-CKSN-1 |
17 |
SS -> MS |
AUTHENTICATION AND CIPHERING REQUEST |
Request UMTS authentication. Set GPRS-CKSN-1 RAND & AUTN included (see specific message content) Type of algorithm: GEAx |
18 |
MS -> SS |
AUTHENTICATION AND CIPHERING RESPONSE |
The SS checks the RES value. "Auth. Response Parameter (extension)" IE included if the RES value is more than 4 octets long. |
19 |
SS -> MS |
ROUTING AREA UPDATING ACCEPT |
Message ciphered with GEAx Update result = ‘RA updated’ Mobile identity = P-TMSI-2 P-TMSI-2 signature Routing area identity = RAI-1 |
20 |
MS -> SS |
ROUTING AREA UPDATING COMPLETE |
Message ciphered |
21 |
MS |
The MS is switched off or power is removed (see PICS). |
|
22 |
MS -> SS |
DETACH REQUEST |
Message not sent if power is removed. Detach type = ‘power switched off, GPRS detach’ |
23 |
MS |
The MS is set in MS operation mode B (see PICS) and the test is repeated from step 3 to step 22. |
Specific message contents
AUTHENTICATION AND CIPHERING REQUEST in step 5:
Same as default content except:
Information element |
Value/remark |
IE AUTN |
Calculated as defined for Test USIM |
Ciphering Algorithm |
|
Type of Algorithm |
GPRS Encryption Algorithm – GEA2 when supported – GEA3 when GEA2 is not supported |
AUTHENTICATION AND CIPHERING REQUEST in step 11:
Same as default content except:
Information element |
Value/remark |
IE AUTN |
Calculated as defined for Test USIM |
Ciphering Algorithm |
|
Type of Algorithm |
GPRS Encryption Algorithm GEA4 |
AUTHENTICATION AND CIPHERING REQUEST in step 17:
Same as default content except:
Information element |
Value/remark |
IE AUTN |
Calculated as defined for Test USIM |
Ciphering Algorithm |
|
Type of Algorithm |
GPRS Encryption Algorithm – GEA2 when supported – GEA3 when GEA2 is not supported |
44.2.5.2.5 Ciphering mode / Non support of GEA1
44.2.5.2.5.1 Conformance requirement
It is mandatory for GEA3 and non encrypted mode (i.e. GEA0) to be implemented in mobile stations. GEA4 may be implemented in the mobile stations.
NOTE 1: Mobile stations are not allowed to implement GEA1 from Release 11 onwards.
NOTE 2: It is strongly discouraged to support GEA2 in mobile stations from Release 11 onwards.
Reference(s):
3GPP TS 43.020 Annex D.4.9
44.2.5.2.5.2 Test Purpose
To verify that MS does not apply GEA1 ciphering algorithm.
44.2.5.2.5.3 Method of Test
Initial Conditions
System Simulator:
One cell operating in network operation mode II.
Mobile Station:
MS has a valid IMSI. MS is Idle Updated.
Specific PICS statements:
– MS operation mode B (TSPC_operation_mode_B).
– MS operation mode C (TSPC_operation_mode_C).
– Switch off on button (TSPC_Feat_OnOff).
– Automatic GPRS attach procedure at switch on or power on (TSPC_AddInfo_on_auto_GPRS_AP).
PIXIT statements:
–
Test procedure
MS sends ATTACH REQUEST. The SS checks that GPRS Encryption Algorithm GEA/1 bit is 0.
The SS sends GMM CIPHERING AND AUTHENTICATION REQUEST with Cipher algorithm GEA1. MS sends GMM STATUS message with Cause Value #95.
Maximum duration of test
5 minutes.
Expected sequence
Step |
Direction |
Message |
Comments |
1 |
MS |
The MS is set in MS operation mode B or C (see PICS). |
|
2 |
MS |
The MS is powered up or switched on and initiates an attach (see PICS). |
|
3 |
MS -> SS |
ATTACH REQUEST |
GPRS Encryption Algorithm GEA/1= 0 Attach type = ‘GPRS attach’ Mobile identity = IMSI Message not ciphered |
4 |
SS -> MS |
GMM AUTHENTICATION AND CIPHERING REQUEST |
Request authentication. Cipher algorithm = GEA1 Ciphering On Set GPRS-CKSN-1 RAND Message not ciphered |
5 |
MS -> SS |
GMM STATUS |
Cause Value #95 Message not ciphered |
6 |
SS -> MS |
ATTACH REJECT |
GMM cause = ”Network failure’ Message not ciphered |
Specific message contents
None.