ETSI ETS 300 534 ed.3 (1997-08)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Digital cellular telecommunications system (Phase 2) (GSM); Security related network functions (GSM 03.20 version 4.4.1)33.070.50Globalni sistem za mobilno telekomunikacijo (GSM)Global System for Mobile Communication (GSM)ICS:Ta slovenski standard je istoveten z:ETS 300 534 Edition 3SIST ETS 300 534 E3:2003en01-december-2003SIST ETS 300 534 E3:2003SLOVENSKI
STANDARD



SIST ETS 300 534 E3:2003



EUROPEANETS 300 534TELECOMMUNICATIONAugust 1997STANDARDThird EditionSource: ETSI SMGReference: RE/SMG-030320PRICS:33.020Key words:Digital cellular telecommunications system, Global System for Mobile communications (GSM)GLOBAL SYSTEM
FOR MOBILE COMMUNICATIONSRDigital cellular telecommunications system (Phase 2);Security related network functions(GSM 03.20 version 4.4.1)ETSIEuropean Telecommunications Standards InstituteETSI SecretariatPostal address: F-06921 Sophia Antipolis CEDEX - FRANCEOffice address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCEX.400: c=fr, a=atlas, p=etsi, s=secretariat - Internet: secretariat@etsi.frTel.: +33 4 92 94 42 00 - Fax: +33 4 93 65 47 16Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and theforegoing restriction extend to reproduction in all media.© European Telecommunications Standards Institute 1997. All rights reserved.SIST ETS 300 534 E3:2003



Page 2ETS 300 534 (GSM 03.20 version 4.4.1): August 1997Whilst every care has been taken in the preparation and publication of this document, errors in content,typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to"ETSI Editing and Committee Support Dept." at the address shown on the title page.SIST ETS 300 534 E3:2003



Page 3ETS 300 534 (GSM 03.20 version 4.4.1): August 1997ContentsForeword.50 Scope.70.1Normative references.70.2Abbreviations.71General.82Subscriber identity confidentiality.92.1Generality.92.2Identifying method.92.3Procedures.102.3.1Location updating in the same MSC area.102.3.2Location updating in a new MSCs area, within the same VLR area.112.3.3Location updating in a new VLR; old VLR reachable.122.3.4Location Updating in a new VLR; old VLR not reachable.132.3.5Reallocation of a new TMSI.142.3.6Local TMSI unknown.152.3.7Location updating in a new VLR in case of a loss of information.162.3.8Unsuccessful TMSI allocation.163Subscriber identity authentication.173.1Generality.173.2The authentication procedure.173.3Subscriber Authentication Key management.183.3.1General authentication procedure.183.3.2Authentication at location updating in a new VLR, using TMSI.193.3.3Authentication at location updating in a new VLR, using IMSI.203.3.4Authentication at location updating in a new VLR, using TMSI, TMSIunknown in "old" VLR.213.3.5Authentication at location updating in a new VLR, using TMSI, old VLRnot reachable.223.3.6Authentication with IMSI if authentication with TMSI fails.223.3.7Re-use of security related information in failure situations.234Confidentiality of signalling information elements, connectionless data and user informationelements on physical connections.244.1Generality.244.2The ciphering method.244.3Key setting.254.4Ciphering key sequence number.264.5Starting of the ciphering and deciphering processes.264.6Synchronization.264.7Handover.274.8Negotiation of A5 algorithm.275Synthetic summary.28Annex A (informative):Security issues related to signalling schemes and key management.29A.1Introduction.29A.2Short description of the schemes.29A.3List of abbreviations.30SIST ETS 300 534 E3:2003



Page 4ETS 300 534 (GSM 03.20 version 4.4.1): August 1997Annex B (informative):Security information to be stored in the entities of the GSM system.44B.1Introduction.44B.2Entities and security information.44B.2.1Home Location Register (HLR).44B.2.2Visitor Location Register (VLR).44B.2.3Mobile services Switching Centre (MSC)/Base Station System (BSS).44B.2.4Mobile Station (MS).45B.2.5Authentication Centre (AuC).45Annex C (normative):External specifications of security related algorithms.46C.0Scope.46C.1Specifications for Algorithm A5.46C.1.1Purpose.46C.1.2Implementation indications.46C.1.3External specifications of Algorithm A5.48C.1.4Internal specification of Algorithm A5.48C.2Algorithm A3.48C.2.1Purpose.48C.2.2Implementation and operational requirements.48C.3Algorithm A8.49C.3.1Purpose.49C.3.2Implementation and operational requirements.49Annex D (informative):Status of Technical Specification GSM 03.20.50History.51SIST ETS 300 534 E3:2003



Page 5ETS 300 534 (GSM 03.20 version 4.4.1): August 1997ForewordThis European Telecommunication Standard (ETS) has been produced by the Special Mobile Group(SMG) of the European Telecommunications Standards Institute (ETSI).This ETS defines the security related network functions for the Digital cellular telecommunications system(Phase 2).The specification from which this ETS has been derived was originally based on CEPT documentation,hence the presentation of this ETS may not be entirely in accordance with the ETSI rules.Transposition datesDate of adoption:25 July 1997Date of latest announcement of this ETS (doa):30 November 1997Date of latest publication of new National Standardor endorsement of this ETS (dop/e):31 May 1998Date of withdrawal of any conflicting National Standard (dow):31 May 1998SIST ETS 300 534 E3:2003



Page 6ETS 300 534 (GSM 03.20 version 4.4.1): August 1997Blank pageSIST ETS 300 534 E3:2003



Page 7ETS 300 534 (GSM 03.20 version 4.4.1): August 19970ScopeThis European Telecommunication Standard (ETS) specifies the network functions needed to provide thesecurity related service and functions specified in technical specification GSM 02.09.This ETS does not address the cryptological algorithms that are needed to provide different securityrelated features. This topic is addressed in annex C. Wherever a cryptological algorithm or mechanism isneeded, this is signalled with a reference to annex C. The references refers only to functionalities, andsome algorithms may be identical or use common hardware.0.1Normative referencesThis ETS incorporates by dated and undated reference, provisions from other publications. Thesenormative references are cited at the appropriate places in the text and the publications are listedhereafter. For dated references, subsequent amendments to or revisions of any of these publicationsapply to this ETS only when incorporated in it by amendment or revision. For undated references, thelatest edition of the publication referred to applies.[1]GSM 01.04 (ETR 100): "Digital cellular telecommunications system (Phase 2);Abbreviations and acronyms".[2]GSM 02.07 (ETS 300 505): "Digital cellular telecommunications system(Phase 2); Mobile Station (MS) features".[3]GSM 02.09 (ETS 300 506): "Digital cellular telecommunications system(Phase 2); Security aspects".[4]GSM 02.17 (ETS 300 509): "Digital cellular telecommunications system(Phase 2); Subscriber identity modules
Functional characteristics".[5]GSM 03.03 (ETS 300 523): "Digital cellular telecommunications system(Phase 2); Numbering, addressing and identification".[6]GSM 04.08 (ETS 300 557): "Digital cellular telecommunications system(Phase 2); Mobile radio interface layer 3 specification".[7]GSM 05.01 (ETS 300 573): "Digital cellular telecommunications system(Phase 2); Physical layer on the radio path
General description".[8]GSM 05.02 (ETS 300 574): "Digital cellular telecommunications system(Phase 2); Multiplexing and multiple access on the radio path".[9]GSM 05.03 (ETS 300 575): "Digital cellular telecommunications system(Phase 2); Channel coding".[10]GSM 09.02 (ETS 300 599): "Digital cellular telecommunications system(Phase 2); Mobile Application Part (MAP) specification".0.2AbbreviationsAbbreviations used in this ETS are listed in GSM 01.04.Specific abbreviations used in annex A are listed in clause A.3.SIST ETS 300 534 E3:2003



Page 8ETS 300 534 (GSM 03.20 version 4.4.1): August 19971GeneralThe different security related services and functions that are listed in GSM 02.09 are grouped as follows:-Subscriber identity confidentiality;-Subscriber identity authentication;-Signalling information element and connectionless user data confidentiality and data confidentialityfor physical connections (ciphering).It shall be possible to introduce new authentication and ciphering algorithms during the systems lifetime.The fixed network may support more than one authentication and ciphering algorithm.The security procedures include mechanisms to enable recovery in event of signalling failures. Theserecovery procedures are designed to minimize the risk of a breach in the security of the system.General on figures in this ETS:-In the figures below, signalling exchanges are referred to by functional names. The exact messagesand message types are specified in GSM 04.08 and GSM 09.02.-No assumptions are made for function splitting between MSC (Mobile Switching Centre), VLR(Visitor Location Register) and BSS (Base Station System). Signalling is described directly betweenMS and the local network (i.e. BSS, MSC and VLR denoted in the figures by BSS/MSC/VLR). Thesplitting in annex A is given only for illustrative purposes.-Addressing fields are not given; all information relates to the signalling layer. The TMSI allowsaddressing schemes without IMSI, but the actual implementation is specified in the GSM 04-series.-The term HPLMN in the figures below is used as a general term which should be understood asHLR (Home Location Register) or AuC (Authentication Centre).-What is put in a box is not part of the described procedure but it is relevant to the understanding ofthe figure.SIST ETS 300 534 E3:2003



Page 9ETS 300 534 (GSM 03.20 version 4.4.1): August 19972Subscriber identity confidentiality2.1GeneralityThe purpose of this function is to avoid the possibility for an intruder to identify which subscriber is using agiven resource on the radio path (e.g. TCH (Traffic Channel) or signalling resources) by listening to thesignalling exchanges on the radio path. This allows both a high level of confidentiality for user data andsignalling and protection against the tracing of a user's location.The provision of this function implies that the IMSI (International Mobile Subscriber Identity), or anyinformation allowing a listener to derive the IMSI easily, should not normally be transmitted in clear text inany signalling message on the radio path.Consequently, to obtain the required level of protection, it is necessary that:-a protected identifying method is normally used instead of the IMSI on the radio path; and-the IMSI is not normally used as addressing means on the radio path (see GSM 02.09);-when the signalling procedures permit it, signalling information elements that convey informationabout the mobile subscriber identity must be ciphered for transmission on the radio path.The identifying method is specified in the following subclause. The ciphering of communication over theradio path is specified in clause 4.2.2Identifying methodThe means used to identify a mobile subscriber on the radio path consists of a TMSI (Temporary MobileSubscriber Identity). This TMSI is a local number, having a meaning only in a given location area; theTMSI must be accompanied by the LAI (Location Area Identification) to avoid ambiguities. The maximumlength and guidance for defining the format of a TMSI are specified in GSM 03.03.The network (e.g. a VLR) manages suitable data bases to keep the relation between TMSIs and IMSIs.When a TMSI is received with an LAI that does not correspond to the current VLR, the IMSI of the MSmust be requested from the VLR in charge of the indicated location area if its address is known; otherwisethe IMSI is requested from the MS.A new TMSI must be allocated at least in each location updating procedure. The allocation of a new TMSIcorresponds implicitly for the MS to the de-allocation of the previous one. In the fixed part of the network,the cancellation of the record for an MS in a VLR implies the de-allocation of the corresponding TMSI.To cope with some malfunctioning, e.g. arising from a software failure, the fixed part of the network canrequire the identification of the MS in clear. This procedure is a breach in the provision of the service, andshould be used only when necessary.When a new TMSI is allocated to an MS, it is transmitted to the MS in a ciphered mode. This cipheredmode is the same as defined in clause 4.The MS must store its current TMSI in a non volatile memory, together with the LAI, so that these data arenot lost when the MS is switched off.SIST ETS 300 534 E3:2003



Page 10ETS 300 534 (GSM 03.20 version 4.4.1): August 19972.3ProceduresThis subclause presents the procedures, or elements of procedures, pertaining to the management ofTMSIs.2.3.1Location updating in the same MSC areaThis procedure is part of the location updating procedure which takes place when the original locationarea and the new location area depend on the same MSC. The part of this procedure relative to TMSImanagement is reduced to a TMSI re-allocation (from TMSIo with "o" for "old" to TMSIn with "n" for"new").The MS sends TMSIo as an identifying field at the beginning of the location updating procedure.The procedure is schematized in figure 2.1.¸¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¹·06··5DGLRSDWK··%6606&9/5·º¶¶¾¶¶»º¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»º¶¶¶¶¶¶¾¶¶¶¶¶»···/$,706,R·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½··¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹·0DQDJHPHQWRIPHDQVIRUQHZFLSKHULQJ··VHHFODXVH·º¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»···¸¶¶¶¶¶¶¶¶¶¶¶¶¹··$OORFDWLRQ···RI706,Q··º¶¶¶¶¶¶¶¶¶¶¶¶»·&LSKHU706,Q·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½···$FNQRZOHGJH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½··¸¶¶¶¶¶¶¶¶¶¶¶¶¶¹·'HDOORFDWLRQ··RI706,R·º¶¶¶¶¶¶¶¶¶¶¶¶¶»Figure 2.1: Location updating in the same MSC areaSignalling Functionalities:Management of means for new ciphering:The MS and BSS/MSC/VLR agree on means for ciphering signalling information elements, inparticular to transmit TMSIn.SIST ETS 300 534 E3:2003



Page 11ETS 300 534 (GSM 03.20 version 4.4.1): August 19972.3.2Location updating in a new MSCs area, within the same VLR areaThis procedure is part of the location updating procedure which takes place when the original locationarea and the new location area depend on different MSCs, but on the same VLR.The procedure is schematized on figure 2.2.¸¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¹·06··5DGLRSDWK··%6606&9/5··+3/01·º¶¶¾¶¶»º¶¶¶¶¶¶¶¶¶¶»º¶¶¶¶¶¾¶¶¶¶¶¶»º¶¶¶¶¾¶¶»····/$,706,R··¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½····¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹··0DQDJHPHQWRIPHDQVIRUQHZ···FLSKHULQJVHHFODXVH··º¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»··¸¶¶¶¶¶¶¶¶¶¶¶¶¹···DOORFDWLRQ····RI706,Q···º¶¶¶¶¶¶¶¶¶¶¶¶»········QRWH··&LSKHU706,QQRWH··/RF8SGDWLQJ·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½·······QRWH··$FNQRZOHGJHQRWH··$FNQRZOHGJH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½¸¶¶¶¶¶¶¶¶¶¶¶¶¶¹·'HDOORFDWLRQ··RI706,R·º¶¶¶¶¶¶¶¶¶¶¶¶¶»NOTE:From a security point of view, the order of the procedures is irrelevant.Figure 2.2: Location updating in a new MSCs area, within the same VLR areaSignalling functionalities:Loc.Updating:stands for Location UpdatingThe BSS/MSC/VLR indicates that the location of the MS must be updated.SIST ETS 300 534 E3:2003



Page 12ETS 300 534 (GSM 03.20 version 4.4.1): August 19972.3.3Location updating in a new VLR; old VLR reachableThis procedure is part of the normal location updating procedure, using TMSI and LAI, when the originallocation area and the new location area depend on different VLRs.The MS is still registered in VLRo ("o" for old or original) and requests registration in VLRn ("n" for new).LAI and TMSIo are sent by MS as identifying fields during the location updating procedure.The procedure is schematized in figure 2.3.¸¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¹·06··5DGLRSDWK··%6606&9/5Q··06&9/5R··+3/01·º¶¶¾¶¶»º¶¶¶¶¶¶¶¶¶¶¶¶¶»º¶¶¶¶¶¶¾¾¶¶¶¶»º¶¶¶¶¾¶¶¶»º¶¶¶¾¶»······/$,706,R··706,R··¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½¼¶¶¶¶¶¶¶¶¶¶!½·········,06,····¼¶¶¶¶¶¶¶¶¶¶½·¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹·6HF5HO,QI···0DQDJHPHQWRIPHDQVIRUQHZ····FLSKHULQJVHHFODXVH···º¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»···¸¶¶¶¶¶¶¶¶¶¶¶¶¹····$OORFDWLRQ·····RI706,Q····º¶¶¶¶¶¶¶¶¶¶¶¶»··········&LSKHU706,QQRWH··/RF8SGDWLQJQRWH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½·········$FNQRZOHGJHQRWH··$FNQRZOHGJHQRWH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½···&DQFHOODWLRQ¼¶¶¶¶¶¶¶½¸¶¶¶¶¶¶¶¶¶¶¶¶¶¹·'HDOORFDWLRQ··RI706,R·º¶¶¶¶¶¶¶¶¶¶¶¶¶»NOTE:From a security point of view, the order of the procedures is irrelevant.Figure 2.3: Location updating in a new VLR; old VLR reachableSignalling functionalities:Sec.Rel.Info.:Stands for Security Related informationThe MSC/VLRn needs some information for authentication and ciphering; this information isobtained from MSC/VLRo.Cancellation:The HLR indicates to VLRo that the MS is now under control of another VLR. The "old" TMSI is freefor allocation.SIST ETS 300 534 E3:2003



Page 13ETS 300 534 (GSM 03.20 version 4.4.1): August 19972.3.4Location Updating in a new VLR; old VLR not reachableThis variant of the procedure in subclause 2.3.3 arises when the VLR receiving the LAI and TMSIo cannotidentify the VLRo. In that case the relation between TMSIo and IMSI is lost, and the identification of theMS in clear is necessary.The procedure is schematized in figure 2.4¸¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¹·06··5DGLRSDWK··%6606&9/5Q··06&9/5R··+3/01·º¶¾¶¶»º¶¶¶¶¶¶¶¶¶¶¶¶¶¶»º¶¶¶¶¶¶¾¶¶¶¶¶»º¶¶¶¶¶¶¶¶»º¶¶¶¾¶»····/$,706,R··¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½··¸¶¶¶¶¶¶¶¶¶¶¶¶¹···ROG9/5QRW····UHDFKDEOH···,GHQWLW\5HTXHVWº¶¶¶¶¶¶¶¶¶¶¶¶»·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½·····,06,··¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½····¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹·0DQDJHPHQWRIPHDQVIRUQHZ··FLSKHULQJVHHFODXVH·º¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»·¸¶¶¶¶¶¶¶¶¶¶¶¶¹···$OORFDWLRQ····RI706,Q···º¶¶¶¶¶¶¶¶¶¶¶¶»··········&LSKHU706,QQRWH··/RFDWLRQ8SGDWLQJQRWH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½·····$FNQRZOHGJHQRWH··$FNQRZOHGJHQRWH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½···&DQFHOODWLRQ·¼¶¶¶¶¶¶¶¶¶¶¶½¸¶¶¶¶¶¶¶¶¶¶¶¶¶¹·'HDOORFDWLRQ··RI706,R·º¶¶¶¶¶¶¶¶¶¶¶¶¶»NOTE:From a security point of view, the order of the procedures is irrelevant.Figure 2.4: Location Updating in a new VLR; old VLR not reachableSIST ETS 300 534 E3:2003



Page 14ETS 300 534 (GSM 03.20 version 4.4.1): August 19972.3.5Reallocation of a new TMSIThis function can be initiated by the network whenever a radio connection exists. The procedure can beincluded in other procedures, e.g. through the means of optional parameters. The execution of thisfunction is left to the network operator.When a new TMSI is allocated to an MS the network must prevent the old TMSI from being allocatedagain until the MS has acknowledged the allocation of the new TMSI.If an IMSI record is deleted in the VLR by O&M action, the network must prevent any TMSI associatedwith the deleted IMSI record from being allocated again until a new TMSI is successfully allocated to thatIMSI.If an IMSI record is deleted in the HLR by O&M action, it is not possible to prevent any TMSI associatedwith the IMSI record from being allocated again. However, if the MS whose IMSI record was deletedshould attempt to access the network using the TMSI after the TMSI has been allocated to a differentIMSI, then authentication or ciphering of the MS whose IMSI was deleted will almost certainly fail, whichwill cause the TMSI to be deleted from the MS.The case where allocation of a new TMSI is unsuccessful is described in subclause 2.3.8.This procedure is schematized in figure 2.5.¸¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¹·06··5DGLRSDWK··%6606&9/5·º¶¶¶¶¶»º¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»º¶¶¶¶¶¶¶¶¶¶¶¶»·¸¶¶¶¶¶¶¶¶¶¶¶¶¹··$OORFDWLRQ···RI706,Q··º¶¶¶¶¶¶¶¶¶¶¶¶»·&LSKHU706,Q·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½···$FNQRZOHGJH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½··¸¶¶¶¶¶¶¶¶¶¶¶¶¶¹·'HDOORFDWLRQ··RI706,R·º¶¶¶¶¶¶¶¶¶¶¶¶¶»Figure 2.5: Reallocation of a new TMSISIST ETS 300 534 E3:2003



Page 15ETS 300 534 (GSM 03.20 version 4.4.1): August 19972.3.6Local TMSI unknownThis procedure is a variant of the procedure described in subclauses 2.3.1 and 2.3.2, and happens whena data loss has occurred in a VLR and when a MS uses an unknown TMSI, e.g. for a communicationrequest or for a location updating request in a location area managed by the same VLR.This procedure is schematized in figure 2.6.¸¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¹·06··5DGLRSDWK··%6606&9/5··+3/01·º¶¶¾¶¶»º¶¶¶¶¶¶¶¶¶¶¶¶¶¶»º¶¶¶¶¶¶¾¶¶¶¶¶»º¶¶¶¶¾¶¶»····706,RQRWH··¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½··¸¶¶¶¶¶¶¶¶¶¶¶¶¹···706,RLV····XQNQRZQ···,GHQWLW\5HTXHVWº¶¶¶¶¶¶¶¶¶¶¶¶»·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½·····,06,··¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½····¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹·0DQDJHPHQWRIPHDQVIRUQHZ··FLSKHULQJVHHFODXVH·º¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»·¸¶¶¶¶¶¶¶¶¶¶¶¶¹··$OORFDWLRQ···RI706,Q··&LSKHU706,Qº¶¶¶¶¶¶¶¶¶¶¶¶»¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½···$FNQRZOHGJH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½··NOTE:Any message in which TMSIo is used as an identifying means in a location area managed bythe same VLR.Figure 2.6: Location updating in the same MSC area; local TMSI unknownSIST ETS 300 534 E3:2003



Page 16ETS 300 534 (GSM 03.20 version 4.4.1): August 19972.3.7Location updating in a new VLR in case of a loss of informationThis variant of the procedure described in 2.3.3 arises when the VLR in charge of the MS has suffered aloss of data. In that case the relation between TMSIo and IMSI is lost, and the identification of the MS inclear is necessary.The procedure is schematized in figure 2.7.¸¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¶¶¶¹¸¶¶¶¶¶¹·06··5DGLRSDWK··%6606&9/5Q··06&9/5R··+3/01·º¶¾¶¶»º¶¶¶¶¶¶¶¶¶¶¶¶¶¶»º¶¶¶¶¶¶¾¾¶¶¶¶»º¶¶¶¾¶¶¶¶»º¶¶¶¾¶»······/$,706,R··706,R··¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½¼¶¶¶¶¶¶¶¶¶¶!½·········8QNQRZQ···,GHQWLW\5HTXHVW·¼¶¶¶¶¶¶¶¶¶¶½·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½·······,06,··¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½····¸¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¹·0DQDJHPHQWRIPHDQVIRUQHZ··FLSKHULQJVHHFODXVH·º¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶»·¸¶¶¶¶¶¶¶¶¶¶¶¶¹···$OORFDWLRQ····RI706,Q···º¶¶¶¶¶¶¶¶¶¶¶¶»······&LSKHU706,QQRWH··/RFDWLRQ8SGDWLQJQRWH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½·····$FNQRZOHGJHQRWH··$FNQRZOHGJHQRWH·¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶!½¼¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶½···&DQFHOODWLRQ·¼¶¶¶¶¶¶¶¶¶¶¶½¸¶¶¶¶¶¶¶¶¶¶¶¶¶¹·'HDOORFDWLRQ··RI706,R·º¶¶¶¶¶¶¶¶¶¶¶¶¶»NOTE:From a security point of view, the order of the procedures is irrelevant.Figure 2.7: Location updating in a new VLR in case of a loss of information2.3.8Unsuccessful TMSI allocationIf the MS does not acknowledge the allocation of a new TMSI, the network shall maintain the associationbetween the old TMSI and the IMSI and between the new TMSI and the IMSI.For an MS-originated transaction, the network shall allow the MS to identify itself by either the old TMSI orthe new TMSI. This will allow the network to determine the TMSI stored in the MS; the associationbetween the other TMSI and the IMSI shall then be deleted, to allow the unused TMSI to be allocated toanother MS.For a network-originated transaction, the network shall identify the MS by its IMSI. When radio contact hasbeen established, the network shall instruct the MS to delete any stored TMSI. When the MS hasacknowledged this instruction, the network shall delete the association between the IMSI of the MS andany TMSI; this will allow the released TMSIs to be allocated to another MS.In either of the cases above, the network may initiate the normal TMSI reallocation procedure.Repeated failure of TMSI reallocation (passing a limit set by the operator) may be reported for O&Maction.SIST ETS 300 534 E3:2003



Page 17ETS 300 534 (GSM 03.20 version 4.4.1): August 19973Subscriber identity authentication3.1GeneralityThe definition and operational requirements of subscriber identity authentication are given in GSM 02.09.The authentication procedure will also be used to set the ciphering key
...