Ø In an EPS authentication challenge, the UE shall check the authenticity of the core network by means of the AUTN parameter received in the AUTHENTICATION REQUEST message. This enables the UE to detect a false network. The UE shall send AUTHENTICATION FAILURE message to indicate the EPS authentication failure
Ø As explained in the post AUTHENTICATION REQUEST, the AUTN parameter is formed by SQN, AK, AMF, and MAC. There could be 3 possible causes for the authentication failure as explained below:
a) MAC code failure: If the UE finds that the MAC code supplied by the core network in the AUTN parameter is invalid, then the UE shall send an AUTHENTICATION FAILURE message to the network, with the EMM cause #20 "MAC failure". The network may initiate an identification procedure to obtain the IMSI from the UE or may also decides to terminate the authentication procedure
b) Non-EPS authentication unacceptable: If the UE finds that the "separation bit" in the AMF field of AUTN supplied by the core network is 0, then the UE shall send an AUTHENTICATION FAILURE message to the network, with the EMM cause #26 "non-EPS authentication unacceptable". The network may initiate an identification procedure to obtain the IMSI from the UE or may also decides to terminate the authentication procedure
c) SQN failure: If the UE finds that the SQN (supplied by the core network in the AUTN parameter) is out of range, then the UE shall send an AUTHENTICATION FAILURE message to the network, with the EMM cause #21 "synch failure". In this message, the UE should also include a re-synchronization token AUTS provided by the USIM. By using this AUTS the network starts re-synchronization procedure. The re-synchronization procedure requires the MME to delete all unused authentication vectors for that IMSI and obtain new vectors from the HSS. Once the re-synchronization is complete, the network shall initiate a new authentication procedure. Upon receipt of two consecutive AUTHENTICATION FAILURE messages from the UE with EMM cause #21 "synch failure", the network may terminate the authentication procedure by sending an AUTHENTICATION REJECT message
Ø The only important IE in the AUTHENTICATION FAILURE message is authentication failure parameter which is sent if and only if the EMM cause is #21 "synch failure". It shall include the response to the authentication challenge from the USIM, which is made up of the AUTS parameter
Reference: 3GPP TS 24.301
Example1: AUTHENTICATION FAILURE – Synch failure
Example2: AUTHENTICATION FAILURE – MAC failure
Does the AMF separation bit matter ? will the UE say mac failure if the AMF separation bit is wrong ?
ReplyDeletewhat if I set the AMF deliberately to 1... will the UE still say non-eps vector ?
ReplyDeleteHi Do you have stuff for GPRS network...
ReplyDeleteAMF bit is used to distinguish the transfer of the CK and IK from the Auc to the ASME.
ReplyDeleteThe most significant bit , if set to 0 , shall allow the transfer of above credentials out of AuC to MSC (CS Domain)/S-CSCF in IMS domain. If set to 1 , then the not leave CK and IF shall not leave AuC. Here CK and IK are used to derive KASME which is transferred to MME.
Hi, In which scenario Network sends SQN (supplied by the core network in the AUTN parameter) which is out of range causing Auth Synch Failure (Cause:21)? And how can we fix this?
ReplyDeleteI have same problem that example2. What can I do for solve it?
ReplyDeleteThe value sqn = "" , rand ="000000000"", OPC= "". IMSI="9599556112.....",Ki="987456564.......".
The file hss.conf I have the value OPC. this value is the same as OPC of my USIM CARD given for maker.
Authentication Failure" is a term commonly used in the field of telecommunications, particularly in mobile networks. Unwatchable Stream Lag It indicates that an attempt to verify the identity of a user or device has not been successful.
ReplyDelete