5.1.1. EAP-AKA method

The authentication and key agreement (AKA) mechanism allows mutual authentication and then the distribution of keys for data confidentiality and signaling data confidentiality and integrity, during the attachment of the mobile to the 4G mobile network.

Authentication is based on AUTN (Authentication Network) and RES (Result) seals generated by the home subscriber server (HSS) and the mobile from a RAND sequence and the secret key Ki.

The RAND sequence is generated by the HSS entity and then transmitted to the mobile. The secret key Ki is stored in the universal subscriber identity module (USIM) of the universal integrated circuit card (UICC) of the mobile and in the HSS entity during the creation of the subscription.

The integrity key (IK) and the cipher key (CK) are generated by the HSS entity and the mobile from a derivation of the Ki key using the RAND sequence. The pairwise master key (PMK) is derived from the keys CK and IK.

The EAP-AKA method is applied in the case of an untrusted Wi-Fi access when establishing the SWu tunnel.

In the case of a trusted Wi-Fi access, the EAP-AKA’ method replaces the EAP-AKA method. The modification concerns the derivation of the keys CK and IK, which takes into account the identity of the access network and the derivation algorithm.

The three components involved in the authentication procedure are integrated into the following entities:

• – the supplicant ...