next generation Telecommunication Technology Testing Tools
Forensics and IT-Security

LTE Re-Authentication after network caused SQN failure

IT-Security

If the UE receives an AUTHENTICATION REQUEST message (e.g. as part of the ATTACH procedure) and detects that the Sequence Number SQN (supplied by the core network as part of the Authentication Token AUTN) is out of range, then the UE answers with an AUTHENTICATION FAILURE, EMM cause: SYNC FAILURE. The UE includes the Re-Synchronization Token AUTS provided by the USIM: AUTS = SQN_MS xor AK
The core network starts a re-synchronization procedure. Without knowledge of the Anonymity Key AK, it must not be possible to derive SQN_MS. Suppress "educated guessing": If the second SQN delivered by the core is out of range again, then the whole procedure will be terminated and an AUTHENTICATION REJECT message will be sent.
If the re-synchronization between UE and Core was successful, then the UE acknowledges this with an AUTHENTICATION RESPONSE. The re-synchronization procedure requires the MME to delete all unused authentication vectors for that IMSI and to obtain new vectors from the HSS.

PCAP Trace
Application Note

Above procedure is one of many functions implemented in the network emulator NG40.
Soon you will find here our application note "Mobile Security". Please visit this page again.

ng4T offers advanced solutions for IT-Security.

Don't hesitate to contact us if you have any specific request!

ng4T - Telecommunication Technology Testing Tools

2009-2013 ng4T GmbH - All rights reserved    |     www.ng4t.com                     Impressum  (German)                     Legal Notice  (English)