1. Call origination from the IM CN subsystem
2. Call origination from CS domain
3. Terminating call directed to IM CN subsystem
4. Terminating call directed to CS
5. Terminating call coming from CS domain (using CAMEL)
6. Terminating call coming in through CS domain and delivered through the CS domain (1)
7. Terminating call coming in through CS domain and delivered through the CS domain (2)
8. CS domain to IM CN subsystem call transfer
9. IM CN subsystem to CS domain call transfer
Search This Blog
Tuesday, October 12, 2010
Monday, October 11, 2010
UMTS to GSM Handover procedures
1. Basic handover procedure requiring a circuit connection between 3G MSC-A and MSC-B (UMTS to GSM)
2. Basic handover procedure not requiring the establishment of a circuit connection between 3G MSC-A and MSC-B (UMTS to GSM)
3. Subsequent Handover from 3G MSC-B back to MSC-A (UMTS to GSM)
4. Subsequent Handover from 3G MSC-B to MSC-B’ (UMTS to GSM)
5. Subsequent Handover from 3G MSC-B back to MSC-A without circuit connections (UMTS to GSM)
6. Subsequent Handover from 3G MSC-B to MSC-B’ without circuit connections (UMTS to GSM)
7. Circuit-switched call establishment after a Basic UMTS to GSM Handover without circuit connection (UMTS to GSM)
2. Basic handover procedure not requiring the establishment of a circuit connection between 3G MSC-A and MSC-B (UMTS to GSM)
3. Subsequent Handover from 3G MSC-B back to MSC-A (UMTS to GSM)
4. Subsequent Handover from 3G MSC-B to MSC-B’ (UMTS to GSM)
5. Subsequent Handover from 3G MSC-B back to MSC-A without circuit connections (UMTS to GSM)
6. Subsequent Handover from 3G MSC-B to MSC-B’ without circuit connections (UMTS to GSM)
7. Circuit-switched call establishment after a Basic UMTS to GSM Handover without circuit connection (UMTS to GSM)
Friday, October 8, 2010
GSM to UMTS Handover Procedures
1. Basic handover procedure requiring a circuit connection between MSC-A and 3G MSC-B (GSM to UMTS)
2. Basic handover procedure not requiring the establishment of a circuit connection between MSC-A and 3G MSC-B (GSM to UMTS)
3. Subsequent Handover from MSC-B back to 3G MSC-A (GSM to UMTS)
4. Subsequent Handover from MSC-B to 3G MSC-B’ (GSM to UMTS)
5. Subsequent Handover from MSC-B back to 3G MSC-A without circuit connections (GSM to UMTS)
6. Subsequent Handover from MSC-B to 3G MSC-B’ without circuit connections (GSM to UMTS)
7. Circuit-switched call establishment after a Basic GSM to UMTS Handover without circuit connection (GSM to UMTS)
2. Basic handover procedure not requiring the establishment of a circuit connection between MSC-A and 3G MSC-B (GSM to UMTS)
3. Subsequent Handover from MSC-B back to 3G MSC-A (GSM to UMTS)
4. Subsequent Handover from MSC-B to 3G MSC-B’ (GSM to UMTS)
5. Subsequent Handover from MSC-B back to 3G MSC-A without circuit connections (GSM to UMTS)
6. Subsequent Handover from MSC-B to 3G MSC-B’ without circuit connections (GSM to UMTS)
7. Circuit-switched call establishment after a Basic GSM to UMTS Handover without circuit connection (GSM to UMTS)
Thursday, October 7, 2010
UMTS Handover Procedures
1. Basic handover procedure requiring a circuit connection between 3G MSC-A and 3G MSC-B
2. Basic handover procedure not requiring the establishment of a circuit connection between 3G MSC-A and 3G MSC-B
3. Subsequent Handover from 3G MSC-B back to 3G MSC-A
4. Subsequent Handover from 3G MSC-B to 3G MSC-B’
5. Subsequent Handover from 3G MSC-B back to 3G MSC-A without circuit connections
6. Subsequent Handover from 3G MSC-B to 3G MSC-B’ without circuit connections
7. Circuit-switched call establishment after a Basic UMTS to UMTS Handover without circuit connection
2. Basic handover procedure not requiring the establishment of a circuit connection between 3G MSC-A and 3G MSC-B
3. Subsequent Handover from 3G MSC-B back to 3G MSC-A
4. Subsequent Handover from 3G MSC-B to 3G MSC-B’
5. Subsequent Handover from 3G MSC-B back to 3G MSC-A without circuit connections
6. Subsequent Handover from 3G MSC-B to 3G MSC-B’ without circuit connections
7. Circuit-switched call establishment after a Basic UMTS to UMTS Handover without circuit connection
Wednesday, October 6, 2010
GSM Handover Procedures
1. Basic handover procedure requiring a circuit connection between MSC-A and MSC-B
2. Basic handover procedure not requiring the establishment of a circuit connection between MSC-A and MSC-B
3. Subsequent Handover from MSC-B back to MSC-A
4. Subsequent Handover from MSC-B to MSC-B’
5. Subsequent Handover from MSC-B back to MSC-A without circuit connections
6. Subsequent Handover from MSC-B to MSC-B’ without circuit connections
7. Circuit-switched call establishment after a Basic GSM to GSM Handover without circuit connection
2. Basic handover procedure not requiring the establishment of a circuit connection between MSC-A and MSC-B
3. Subsequent Handover from MSC-B back to MSC-A
4. Subsequent Handover from MSC-B to MSC-B’
5. Subsequent Handover from MSC-B back to MSC-A without circuit connections
6. Subsequent Handover from MSC-B to MSC-B’ without circuit connections
7. Circuit-switched call establishment after a Basic GSM to GSM Handover without circuit connection
Tuesday, October 5, 2010
Voice Call Continuity: 3GPP v.s. 3GPP2 -- Registration
Voice Call Continuity: 3GPP v.s. 3GPP2 -- Architecture
1. Some background information
VCC is a 3GPP and 3GPP2 concept referring to the voice call continuity function in the new IP based IMS mobile core and the traditional circuit based mobile core convergence environment. VCC function will not only provide mobile operators the capability of non service interrupting seamless network evolution, but also enable them with new service accessing methods (such as WiFi, wireline, WiMax etc.) and new service capabilities (such as domain transfer etc.).
In both 3GPP and 3GPP2 worlds, there are two major VCC functions, respective the single radio VCC (SRVCC) which addresses the VCC function over the same radio but different air access methods: circuit and packet accesses respectively, and multiple/dual radio VCC which addresses the VCC function over different radio frequencies and access methods such as ordinary mobile access and WiFi/WiMax access etc.
Here we will focus on the comparison between the 3GPP and 3GPP2 multiple/dual radio VCC functions.
2. 3GPP VCC Architecture Reference Model
3. 3GPP2 VCC Architecture Reference Model
VCC is a 3GPP and 3GPP2 concept referring to the voice call continuity function in the new IP based IMS mobile core and the traditional circuit based mobile core convergence environment. VCC function will not only provide mobile operators the capability of non service interrupting seamless network evolution, but also enable them with new service accessing methods (such as WiFi, wireline, WiMax etc.) and new service capabilities (such as domain transfer etc.).
In both 3GPP and 3GPP2 worlds, there are two major VCC functions, respective the single radio VCC (SRVCC) which addresses the VCC function over the same radio but different air access methods: circuit and packet accesses respectively, and multiple/dual radio VCC which addresses the VCC function over different radio frequencies and access methods such as ordinary mobile access and WiFi/WiMax access etc.
Here we will focus on the comparison between the 3GPP and 3GPP2 multiple/dual radio VCC functions.
2. 3GPP VCC Architecture Reference Model
3. 3GPP2 VCC Architecture Reference Model
Tuesday, September 28, 2010
IMS Mobile Network Convergence Server Architecture
Slides illustrate a general architecture of a IMS mobile convergence server. Click to view details...
IMS mobile convergence server architecture
IMS mobile convergence server architecture
Saturday, September 25, 2010
Voice over LTE General Overview
A general overview about voice over LTE is presented in the following slides, click to view....
Voice over LTE General Overview
Voice over LTE General Overview
3GPP MMTel Architectural Overview
3GPP Multi-media Tephony service architectural overview is presented in the following slides, click to view details...
3GPP MMTel Architectural Overview
3GPP MMTel Architectural Overview
Friday, September 24, 2010
3GPP ICS General Overview
3GPP ICS general overview is demonstrated in the slides pointed by the following link. Click to view.
3GPP ICS general overview
3GPP ICS general overview
3GPP UMTS HNB Architectuure
3GPP UMTS HNB Architectuure is briefed in the slides pointed by the following link. Click to view.
3GPP UMTS HNB Architectuure
3GPP UMTS HNB Architectuure
System High Availability Architecture
System High Availability Architecture
The slides pointed by above link demonstrated the generic architectural concept of a system high availability implementation.
The slides pointed by above link demonstrated the generic architectural concept of a system high availability implementation.
IMS Signaling Convergence Architecture
The slides pointed by the following link showed the architectural outlines of an IMS signaling convergence system. For more details, click on the following link.
IMS Signaling Convergence Architecture
IMS Signaling Convergence Architecture
System Event Log Architecture Guidelines
The following document described the generic architectural guidelines in implementing a switching system event log. For more details, click on the following link.
Event Log Architecture Guidelines
Event Log Architecture Guidelines
A Generic System Management Plane Architecture
The following document described a generic system management plane architecture. To view the documentm please click the following link.
A Generic System Management Plane Architecture
A Generic System Management Plane Architecture
3GPP2 Femto Architecture Meeting Summary
These slides presented the 3GPP2 femto architecture standard activities in 2008. To view the slides, click on the following link.
3GPP2 Femto Architecture Meeting Summary
3GPP2 Femto Architecture Meeting Summary
Friday, August 6, 2010
3GPP2 CDMA Authentication
1. Introduction
CDMA mobile network authentication mechanism evolved with the network evolution from CDMAone to CDMA2000 Rev.0, A, B, C and later.
Cellular Authentication and Voice Encryption (CAVE) is the mechanism used in CDMA2000 Rev.B and earlier generations. Authentication and Key Agreement (AKA) plus optional UIM authentication procedure to prove presence of a valid UIM and prevent rogue shell attacks is an enhanced mechanism used by CDMA2000 Rev C and later generations. With the network gradually migrates toward all IP solutions, IS-856 specified the authentication and security key assignment mechanism used for authenticating mobile users with RAN/PDSN etc. core network elements.
2. CAVE
CAVE is the access authentication mechanism used in CDMA/1xRTT Rev.B and earlier systems. Two key network entities involved in the CAVE-based authentication are the Authentication Center (AC) a.k.a. HLR/AC, AuC, and the Visitor Location Register (VLR).
Authentication Center (AC) is a home network element, responsible for controlling the authentication process by either authenticating the Mobile Station or sharing the shared secret data (SSD) with the serving VLR to allow authentication bing done locally.
Visitor Location Register (VLR) is in the visiting network. If SSD is shared with the visited network, the VLR can locally authenticates a roamer. Otherwise, the VLR proxies authentication requests and responses between the roamers and their home HLR/AC for authentication.
CAVE uses a symmetry key cryptosystem together with a Challenge-Response protocol to achieve the authentication functions. It is based on the CAVE algorithm and two shared keys, respectively the Authentication key (A-key) – A 64-bit primary secret key known only to the MS and AC, and the Shared Secret Data (SSD) – A 128-bit secondary secret key that is calculated using the CAVE algorithm during an SSD Update procedure. SSD consists of two 64-bit keys: SSD_A, which is used during authentication to calculate authentication signatures, and SSD_B, which is used in the generation of session keys for encryption and voice privacy.
CAVE-based authentication provides two types of challenges, Global challenge and Unique challenge respectively.
Global challenge is the procedure that requires any MS attempting to access the serving network to respond to a common challenge value being broadcast in the overhead message train. The MS must generate an authentication signature response (AUTHR) using CAVE with inputs of the global challenge value, ESN, either the last six dialed digits (for an origination attempt) or IMSI_S1 (for any other system access attempt), and SSD_A.
AUTHU generation for global challenge
Global challenge when SSD is not shared
Global challenge when SSD is shared
Unique challenge is the procedure that allows a visited network (if SSD is shared) and/or home network to uniquely challenge a particular MS for any reason. The MS must generate an authentication signature response (AUTHU) using CAVE with inputs of the unique challenge value, ESN, IMSI_S1, and SSD_A.
AUTHU generation for unique challenge
Unique challenge initiated by roamer’s home system
Unique challenge initiated by visited system
SSD update process when SSD is not shared
SSD update process when SSD is shared
3. AKA
AKA stands for the Authentication and Key Agreement. It is a security protocol used in 3G networks (both CDMA and UMTS). In the CDMA world, it is the successor to the CAVE-based Authentication. AKA provides procedures for mutual authentication of the MS and serving system. The successful execution of AKA results in the establishment of a security association (i.e., set of security data) between the MS and serving system.
Compared to the CAVE-based authentication, AKA has the following advantages
--> Larger authentication keys (128-bit )
--> Stronger hash function (SHA-1)
--> Support for mutual authentication
--> Support for signaling message data integrity
--> Support for signaling information encryption
--> Support for user data encryption
--> Protection from rogue MS when dealing with R-UIM
In order to ensure interoperability with current devices and partner networks, support for AKA in CDMA networks and handsets will likely be in addition to CAVE-based authentication.
Authentication vectors (AVs)
A fundamental concept in AKA is the authentication vector (AV). An AV is essentially a group of information used for one AKA attempt. AVs are generated by the home AC and distributed to the visited network. Each AV contains all information required by the visited network to locally perform AKA with an AKA-enabled mobile station.
AKA authentication process
Similar to CAVE, AKA relies on an authentication key associated with the MS and available only to the MS and its home AC. In CAVE, this key is known as the authentication key (A-key). In AKA, the key is known as the master key (K).
Also similar to CAVE, AKA involves a challenge process that allows the network to authenticate the MS. However, in AKA the information provided during this challenge also enables the MS to authenticate the network, providing for bilateral authentication.
An AKA process includes 4 phases
1. Distribution of AVs. Authentication vectors (AVs) are generated by the home system and provided to the visited system in an AV list
2. Authentication of the network by the MS. The message authentication code (MAC_A) received from the network is verified against the expected MAC_A (XMAC_A) generated by the MS. The sequence number (SQN) received from the network is verified against the SQN locally maintained by the MS.
3. Authentication of the MS by the network. The authentication response (RES) received from the MS is verified against the expected RES (XRES) received from the home system in the network authentication token (AUTN).
4. Establishment of security association between MS and MSC. Cipher key (CK), integrity key (IK), and UIM authentication key (UAK) are generated by the MS in such a way that they are identical to the ones provided to the visited network in the AV. The security association between MS and MSC involves using these keys to support security services such as confidentiality and integrity.
4. IS-856 Authentication
In IS-856 Authentication mechanism, RAN and PDSN are the two network elements that serve authenticating the mobile users.
* RAN:
--> Initial connection establishment is neither authenticated nor encrypted.
--> Session establishment includes Diffie-Hellman key negotiation.
--> Subsequent RAN-domain messages can be authenticated and/or encrypted using the negotiated keys.
--> PPP/LCP setup follows session establishment.
--> RAN user identity is optionally authenticated by CHAP via the RAN-AAA.
--> Data integrity protection (encryption, keyed MAC) prevents packet insertion or similar theft of service.
* PDSN:
--> Separate PPP/LCP instance created.
--> CHAP and/or MIP authentication of PDSN user identity via the home AAA server.
--> RAN security ensures integrity of the PPP connection.
CDMA mobile network authentication mechanism evolved with the network evolution from CDMAone to CDMA2000 Rev.0, A, B, C and later.
Cellular Authentication and Voice Encryption (CAVE) is the mechanism used in CDMA2000 Rev.B and earlier generations. Authentication and Key Agreement (AKA) plus optional UIM authentication procedure to prove presence of a valid UIM and prevent rogue shell attacks is an enhanced mechanism used by CDMA2000 Rev C and later generations. With the network gradually migrates toward all IP solutions, IS-856 specified the authentication and security key assignment mechanism used for authenticating mobile users with RAN/PDSN etc. core network elements.
2. CAVE
CAVE is the access authentication mechanism used in CDMA/1xRTT Rev.B and earlier systems. Two key network entities involved in the CAVE-based authentication are the Authentication Center (AC) a.k.a. HLR/AC, AuC, and the Visitor Location Register (VLR).
Authentication Center (AC) is a home network element, responsible for controlling the authentication process by either authenticating the Mobile Station or sharing the shared secret data (SSD) with the serving VLR to allow authentication bing done locally.
Visitor Location Register (VLR) is in the visiting network. If SSD is shared with the visited network, the VLR can locally authenticates a roamer. Otherwise, the VLR proxies authentication requests and responses between the roamers and their home HLR/AC for authentication.
CAVE uses a symmetry key cryptosystem together with a Challenge-Response protocol to achieve the authentication functions. It is based on the CAVE algorithm and two shared keys, respectively the Authentication key (A-key) – A 64-bit primary secret key known only to the MS and AC, and the Shared Secret Data (SSD) – A 128-bit secondary secret key that is calculated using the CAVE algorithm during an SSD Update procedure. SSD consists of two 64-bit keys: SSD_A, which is used during authentication to calculate authentication signatures, and SSD_B, which is used in the generation of session keys for encryption and voice privacy.
CAVE-based authentication provides two types of challenges, Global challenge and Unique challenge respectively.
Global challenge is the procedure that requires any MS attempting to access the serving network to respond to a common challenge value being broadcast in the overhead message train. The MS must generate an authentication signature response (AUTHR) using CAVE with inputs of the global challenge value, ESN, either the last six dialed digits (for an origination attempt) or IMSI_S1 (for any other system access attempt), and SSD_A.
AUTHU generation for global challenge
Global challenge when SSD is not shared
Global challenge when SSD is shared
Unique challenge is the procedure that allows a visited network (if SSD is shared) and/or home network to uniquely challenge a particular MS for any reason. The MS must generate an authentication signature response (AUTHU) using CAVE with inputs of the unique challenge value, ESN, IMSI_S1, and SSD_A.
AUTHU generation for unique challenge
Unique challenge initiated by roamer’s home system
Unique challenge initiated by visited system
SSD update process when SSD is not shared
SSD update process when SSD is shared
3. AKA
AKA stands for the Authentication and Key Agreement. It is a security protocol used in 3G networks (both CDMA and UMTS). In the CDMA world, it is the successor to the CAVE-based Authentication. AKA provides procedures for mutual authentication of the MS and serving system. The successful execution of AKA results in the establishment of a security association (i.e., set of security data) between the MS and serving system.
Compared to the CAVE-based authentication, AKA has the following advantages
--> Larger authentication keys (128-bit )
--> Stronger hash function (SHA-1)
--> Support for mutual authentication
--> Support for signaling message data integrity
--> Support for signaling information encryption
--> Support for user data encryption
--> Protection from rogue MS when dealing with R-UIM
In order to ensure interoperability with current devices and partner networks, support for AKA in CDMA networks and handsets will likely be in addition to CAVE-based authentication.
Authentication vectors (AVs)
A fundamental concept in AKA is the authentication vector (AV). An AV is essentially a group of information used for one AKA attempt. AVs are generated by the home AC and distributed to the visited network. Each AV contains all information required by the visited network to locally perform AKA with an AKA-enabled mobile station.
AKA authentication process
Similar to CAVE, AKA relies on an authentication key associated with the MS and available only to the MS and its home AC. In CAVE, this key is known as the authentication key (A-key). In AKA, the key is known as the master key (K).
Also similar to CAVE, AKA involves a challenge process that allows the network to authenticate the MS. However, in AKA the information provided during this challenge also enables the MS to authenticate the network, providing for bilateral authentication.
An AKA process includes 4 phases
1. Distribution of AVs. Authentication vectors (AVs) are generated by the home system and provided to the visited system in an AV list
2. Authentication of the network by the MS. The message authentication code (MAC_A) received from the network is verified against the expected MAC_A (XMAC_A) generated by the MS. The sequence number (SQN) received from the network is verified against the SQN locally maintained by the MS.
3. Authentication of the MS by the network. The authentication response (RES) received from the MS is verified against the expected RES (XRES) received from the home system in the network authentication token (AUTN).
4. Establishment of security association between MS and MSC. Cipher key (CK), integrity key (IK), and UIM authentication key (UAK) are generated by the MS in such a way that they are identical to the ones provided to the visited network in the AV. The security association between MS and MSC involves using these keys to support security services such as confidentiality and integrity.
4. IS-856 Authentication
In IS-856 Authentication mechanism, RAN and PDSN are the two network elements that serve authenticating the mobile users.
* RAN:
--> Initial connection establishment is neither authenticated nor encrypted.
--> Session establishment includes Diffie-Hellman key negotiation.
--> Subsequent RAN-domain messages can be authenticated and/or encrypted using the negotiated keys.
--> PPP/LCP setup follows session establishment.
--> RAN user identity is optionally authenticated by CHAP via the RAN-AAA.
--> Data integrity protection (encryption, keyed MAC) prevents packet insertion or similar theft of service.
* PDSN:
--> Separate PPP/LCP instance created.
--> CHAP and/or MIP authentication of PDSN user identity via the home AAA server.
--> RAN security ensures integrity of the PPP connection.
Subscribe to:
Posts (Atom)