GPRS from the inside out. Part 2

    We continue our acquaintance with packet transmission in the networks of mobile operators, which we started with in the first part about GPRS / EDGE technologies. This article will focus on the authentication and authorization process, the so-called GPRS Attach procedure, as well as activating the service requested by the subscriber - raising the PDP Context. Let's see what data is stored on the SGSN'a side, and which on the subscriber side.
    Well, let's go ...


    GPRS Attach

    I will miss some of the processes immediately preceding and accompanying the GPRS Attach procedure, and more specifically:
    • radio resource allocation
    • service information exchange on logical channels between the base station and the subscriber terminal
    • establishment of a data transmission channel
    • terminal state change

    If anyone is interested in the details, please ask questions. We will start right away with the GPRS Attach procedure, which allows you to identify the subscriber, determine which services are available to the subscriber, check the legality of using the subscriber’s mobile terminal in the operator’s network (the IMEI Check procedure is optional) and, in fact, provide the subscriber with the opportunity to activate the service that he requests.

    The authentication and authorization process, the so-called GPRS Attach procedure, shown in the diagram below (the picture is clickable).

    image

    1. Attach Request
      The GPRS Attach procedure starts with the subscriber’s request from their mobile terminal, GPRS / EDGE service (or when the subscriber selects on the device a permanent connection to the packet network: Menu -> Settings -> Device Connection -> Packet Data -> Packet Connection -> By requirement / Permanent access), i.e. opening a mobile browser / checking mail / trying to send MMS / etc., which in turn initiates the sending of an Attach Request if the subscriber has not yet been connected to the packet network of the operator. If the subscriber is going to connect to the network for the first time, then the following basic data will be present in the request:
      • Attach type: GPRS Attach (subscription only for packet data), IMSI attach (subscription only for voice services, if the subscriber is registered to make / receive voice services), Combined Attach (combined subscription = voice + packet data)
      • P-TMSI (replacement of IMSI , if the subscriber is already “known” to SGSN)
      • RAI = MCC + MNC + LAC + RAC, i.e. subscriber coordinates within the base station subnet
        RAI - Routing Are Identity
        MCC - Mobile Country Code (international country code)
        MNC - Mobile Network Code (international operator code within the country)
        LAC - Location Area Code (a set of base stations united by one code)
        RAC - Routing Area Code (zone, lesser or equal to LAC)
      • MS network capability - subscriber terminal capabilities in terms of data transfer
      • MS radio access capability - capabilities of the subscriber terminal in terms of radio transmission

    2. Identification Request
      If the subscriber was previously in the service area of ​​another SGSN, then when switching to service in the new SGSN, the subscriber does not need to re-provide all the information for his identification, because it will be requested from the previous item. If the subscriber at that time used the services of GPRS / EDGE, i.e. he had PDP Context open, the new SGSN will “take” the subscriber along with his session, without interrupting the provision of the service.
    3. Identity Request (Req) / Response (Res)
      This procedure is carried out for new subscribers, or for subscribers whose data has not been transmitted (or transmitted incorrectly) from the old SGSN, then SGSN again requests all the data from the subscriber who we examined the Attach Request procedure (instead of the P-TMSI [Packet-TMSI], the TMSI [Temporary Mobile Station Identity] is necessarily requested by the IMSI [International Mobile Subscriber Identity]).
    4. Send Authentication Info Req / Res
      During this procedure, the SGSN, based on the IMSI of the subscriber, makes a request to the HLR / AuC, which is a database of subscribers of the operator’s network. On the HLR / AuC side, the subscriber’s IMSI corresponds to a certain checksum / secret number - K i , also on the HLR / AuC side there is a random generator that generates a random number for our request. Then formed, the so-called triplet [TRIPLETS = RAND + SRES (Signed Response) + K s ] of data, which consists of:
      • RAND - random number
      • SRES - result, “sweep” of a random number of RAND through algorithm A3
      • K with - the result, "sweep" the number K i through algorithm A5
      Then the data triplet is sent to the SGSN.
    5. Authentication and Cyphering Req / Res
      Values ​​received from HLR / AuC are stored on the SGSN'a side, and the value of the RAND number is transmitted to the subscriber’s mobile terminal, based on which the SRES and K s values ​​are “calculated” , because in the subscriber’s SIM card, the A3 / A5 encryption algorithms, as well as the secret number K i, are “protected” .
    6. Identity Check Request (Req) / Response (Res)
      This procedure is optional and allows you to check the legality of using the subscriber terminal in the operator’s network, i.e. request IMEI code of the terminal and its comparison with the bases of White, Gray and Black lists. If the subscriber is on the Black List, then at this stage he will be denied service, but this is all in theory. In practice, the opposite is true, because really blocking the blacklist still does not work (I speak for the territory of Ukraine).
    7. Check IMEI Req / Res
      Check IMEI on EIR , on the basis of which a decision will be made on the legitimacy of using the subscriber terminal in the operator’s network.
    8. Location Update Procedures Req / Res
      During the GPRS Attach procedure, the location information of the subscriber is updated, i.e. The SGSN updates the information in the HLR, and then the HLR updates the data in the MSC / VLR.
      If the subscriber makes a Combined Attach, then the SGSN updates the subscriber information in the MSC / VLR
    9. Attach Accept
      After successful completion of all the above operations, SGSN informs the subscriber that the GPRS Attach has been accepted and the subscriber can now use the packet data services in the operator’s network.
    10. TMSI Realocation Complete The
      final steps are to update / notify the MSC / VLR of the new TMSI value assigned to the subscriber.

    This is exactly how authentication and authorization of the subscriber takes place, in order to provide packet data transmission in the operator’s network. After this procedure, the letter “G” (or “E” :) will appear on the subscriber’s terminal, indicating the successful completion of the connection to the packet network, but this will not allow the subscriber to use any service * in the packet network, because You must also activate PDP Context for the requested service.
    * - after the successful GPRS Attach procedure, the subscriber is only able to send short messages via the GPRS / EDGE network, the so-called SMS over GPRS.

    PDP Context Activation

    After successfully completing the GPRS Attach procedure, the user can activate the PDP Context, which allows him to use the packet data services.

    The context activation procedure itself is somewhat reminiscent of the procedure for activating communication with a Dial-Up connection. Let's look at these two procedures in comparison.
    To simplify, the activation procedure of the Dial-Up link can be represented as a scheme: Now let's look at the PDP Context'a activation scheme: As you can see, the similarities between these two procedures consist in using the same protocols, the steps and procedures that are used are quite similar at the stages of establishing a connection, as well as similar key nodes involved in the process of establishing communication.

    image



    image



    Having determined the key points when activating PDP Context, we will consider the full procedure and determine what data is transferred during this procedure.

    The activation scheme for PDP Context is presented in the figure below:

    image

    1. Activate PDP Context Request
      This request sends quite a lot of different data, but we will be more interested in the following:
      • QoS requested - requested subscriber service profile, qualitative characteristics of the connection, if this field is empty, then SGSN will decide on the assigned profile
      • PDP type - determines what type of protocol the terminal will use for a specific IP / X.25 / etc service.
      • Address - type of address given to the subscriber for communication in the network [IPv4, IPv6, auto]
      • APN * [Access Point Name] - the name of the access point that defines the address of the GGSN, which will serve the user's session.
        * - in more detail about the choice and use of APN in the process of context activation, you can read in the article: "It does not matter who you are ... it is important what APN you have"

    2. DNS Query / Response
      Having received a specific APN from the subscriber in the request, SGSN will generate the full address, adding to the APN, the so-called GOI [GGSN Operator Identifier], the full address will look something like this:

      internet.mnc009.mcc255.gprs , where

      internet is the APN registered in the subscriber terminal,
      mnc009.mcc255.gprs is the GOI of some virtual operator (Ukraine).

      Then, a request is generated to the local DNS server of the operator, the result of which will be the IP address (s) of the GGSNs that provide the requested service to the user.
      If the local DNS server cannot "recognize" the full address (for example, for a roaming subscriber), then the request is redirected to the top-level DNS server (here, everything is very similar to the structure of IP networks).
    3. Create PDP Context Req / Res
      All collected data from an authorized user, including requests for the issuance of IP addresses, IMSI, MSISDN , APN (in case of access to the internal network, for example) is transmitted by special requests [Create PDP Context Request] to GGSN. This event opens a billing record for the subscriber's session.
    4. Activate PDP Context Accept
      The response message, which is sent to the subscriber terminal, contains all the necessary information to complete the activation of the PDP Context. With this message, the user is assigned a specific IP address in the operator’s network, service profiles are agreed upon, and the requested service begins.

    After the successful PDP Context activation procedure, on the user terminal the letter “G” (or “E” :), is surrounded by a square and symbolizes the use of packet data transmission.

    Information stored before / after GPRS Attach

    Let's see what data is stored on the subscriber side and which on the SGSN side before and after the authentication and authorization process in the operator’s packet network.
    A summary table is presented below:

    MsSGSNHlr
    Before GPRS AttachIMSI
    MSISDN
    RAI
    K i
    QoS profile
    IMSI
    MSISDN
    K i
    QoS profile
    After GPRS AttachPMM State
    P-TMSI
    PMM State
    P-TMSI
    MSISDN
    RAI
    K with
    QoS profile
    SGSN address


    Small Assistant:

    APN - Access Point Name
    CHAP - Challenge Handshake Authentication Protocol
    EIR - Equipment Identity Register
    GGSN - Gateway GPRS Support Node
    GOI - GGSN Operator Identifier
    GPRS - General Packet Radio Service
    HLR - Home Location Register
    HPLMN - Home PLMN
    IMSI - International Mobile Subscriber Identity
    IPCP - Internet Protocol Control Protocol
    MS - Mobile Station
    MSC - Mobile Switching Center
    MSISDN - Mobile Station Integrated Services Digital Number
    PAP- Password Authentication Protocol
    PDN - Packet Data Networks
    PDP - Packet Data Protocol
    PLMN - Public Land Mobile Network
    PPP - Point-to-Point Protocol
    RAS - Registration, Admission and Status
    RNC - Radio Network Controller
    SGSN - Serving GPRS Support Node
    VLR - Visitors Location Register
    VPLMN - Visitor PLMN

    Related Links (en):

    Also popular now: