| Confidentiality and security are weakened by the use of radioelectric channel to carry information: subscribers may be victims of fraudulent use of their account by unauthorised people using their identity. In the other hand, their communications may be intercepted.Authentication is carried out when a subscriber initiates a registration in a serving network service area. It is then carried out after a number of calling set up attempts (currently 6). The Serving network requests vectors from the HLR / AUC. These vectors (triplets for a 2G network or Quintuplets for a 3G network) are then generated and passed back to the serving network.We develop a method of insteading of the old mode (single K2/K4) with the new mode (multi K2/K4).The old mode is used (and the new mode can't) until the new mode is selected using the configuration data interface. As soon the new mode is used, the old mode can't be used anymore. Internally, the old mode is managed as the new mode is, except that only the KeyId 0 is useable. When a K2 has been changed, all the individual authentication keys that were encrypted using it must be reencrypted within the data base. The normal service must not be disturbed during reencryption which must overcome defence situations such as switchover or restart from disk during the operation. Therefore, the old K2 keys values, the new K2 keys values must be saved in the data base. Reencryption is a background job with a low priority.Many customers request to be able to quickly replace the use of some algorithm (i.e. Milenage) by another one (i.e. BRUT), without modifying subscribers'data (no change of algorithm positions in IMSI tables). This change is applicable globally for all the IMSI concerned by this algorithm position. |
PDF Full Text Request