In a third generation (3G) universal mobile telecommunication system (UMTS), during an initial connection for attachment and authentication procedure, a wireless transmit/receive unit (WTRU) identity, (i.e., international mobile subscriber identity (IMSI)), is transmitted via a radio interface to a core network for authentication purposes. However, the IMSI and some messages exchanged during the initial connection for attachment and authentication procedure are not protected, but transmitted in an open environment unprotected.
FIG. 1 shows an initial attachment and authentication procedure in a 3G UMTS network 10. Upon power up of a WTRU 12, a non-access stratum (NAS) layer 14 of the WTRU 12 sends a signal (ATTACH) to a radio resource control (RRC) layer 16 of the WTRU 12 to trigger an RRC connection (step 102). The RRC layer 16 sends an RRC connection request to a universal terrestrial radio access network (UTRAN) 18 with a WTRU initial identity, (i.e., IMSI), to establish an RRC connection (step 104). The UTRAN 18 responds with an RRC setup request message (step 106). The RRC layer 16 sends an RRC setup complete message to the UTRAN 18 (step 108). The RRC layer 16 then sends a layer 3 message (INITIAL DIRECT TRANSFER) to the UTRAN 18 (step 110). The UTRAN 18 then sends an INITIAL UE MESSAGE with the IMSI to a visitor location register (VLR) 20, (or serving general packet radio services (GPRS) support node (SGSN)) (step 112). A user is identified with the use of the IMSI. Under certain conditions, (e.g., if the user has not been authenticated), the VLR/SGSN 20 requires an authentication and key agreement (AKA) and sends an authentication data request to a home location register (HLR) 22, (or authentication center (AuC)), (step 114). Upon receipt of the authentication data request, the HLR/AuC 22 sends a set of authentication vectors (AVs) to the VLR/SGSN 20 (step 116).
Each AV contains a quintet of numbers that includes a random number (RAND), an expected response (XRES) which is used to authenticate the user, a cipher key (CK) for establishing confidentiality, an integrity key (IK), and an authentication token (AUTN). The AUTN comprises a sequence number (SQN) hidden by an anonymity key (AK), an authentication management field (AMF) which specifies certain authentication components, (such as algorithms to be used, key lifetime, etc.), and a message authentication code (MAC) which is functionally dependent on the SQN, the AMF, and the RAND.
The VLR/SGSN 20 sends the RAND and the AUTN from the AV that it has selected to the NAS layer 14 via the UTRAN 18 (steps 118, 120). The NAS layer 14 then authenticates the network by calculating an expected MAC (XMAC) and determining whether the XMAC matches the MAC (step 122). The NAS layer 14 also computes session security keys to the WTRU 12, (i.e., the CK and IK in the AV) at step 122. The key generation is performed using predefined UMTS algorithms which take RAND as input and apply the shared secret key K.
The NAS layer 14 computes a response (RES) and sends the RES to the VLR/SGSN 20 via the UTRAN 18 (steps 124, 126). The VLR/SGSN 20 determines if the RES matches the XRES to authenticate the WTRU 12 (step 128). An authentication failure occurs if either of these authentication attempts fails at steps 122 and 128. Once mutual authentication has succeeded, the VLR/SGSN 20 sends an authentication complete message to the HLR/AuC 22 (step 130) and a local security activation procedure starts.
The VLR/SGSN 20 sends a security mode command to the UTRAN 18 including the negotiated UMTS encryption algorithms (UEAs) and UMTS integrity algorithms (UIAs), and the current session keys, CK and IK (step 132). As secure communication can now begin the UTRAN 18 sends a security mode command to the RRC layer 16 with a message authentication code for integrity (MAC-I) (step 134). The MAC-I value protects the integrity of the security mode command message. The MAC-I is a type of hash computed by a UIA on the message's contents using the session key IK.
The RRC layer 16 sends a security mode indicator to the NAS layer 14 (step 136) and the NAS layer 14 loads security session keys IK and CK to the RRC layer 16 (step 138). The RRC integrity protection entity verifies the integrity of the received message by calculating a MAC-I in a similar manner, using the UIA with the IK on the security mode command message's contents, and comparing it to the received MAC-I. The RRC layer 16 also loads the CK to an RLC ciphering entity to start ciphering (step 140). If the authentication codes match, the RRC layer 16 sends a security mode complete message to the UTRAN 18 (step 142). The VLR/SGSN 20 sends an attach accept message to the NAS layer 12 (step 144).
For the process illustrated in FIG. 1, the RRC connection request message with the IMSI, the RRC setup request message, the RRC setup complete message, the initial direct transfer message with an optional IMSI, the authentication request message and the authentication response message are not protected, but transmitted in an open environment unprotected. The fact that the important WTRU identity, (i.e., IMSI), is sent over the air unprotected provokes an “IMSI catching threat.” The caught IMSI could be used by a malignant denial of service (DoS) attack or other possible attacks to the network and users.
Therefore, it would be desirable to provide a method and system for protecting initial control signaling messages and especially the WTRU identity, (i.e., IMSI), during the initial connection for attachment and authentication procedure