Content deleted Content added
It doesn't have anything to do with Mobile System GB, does it? |
No edit summary |
||
Line 1:
==Introduction:==
In mobile phones, '''Generic Bootstrapping Architecture''' (GBA) is one technology enabling the authentication of a user. This authentication is possible if the user owns a valid identity on an HLR [[GSM_core_network#Home_Location_Register_.28HLR.29|Home Location Register]] or a [[Home Subscriber Server]]
Line 6 ⟶ 8:
Instead of asking to the service provider to trust the [[BSF]] and relying on it for every authentication request, the [[BSF]] establishes a shared secret between the [[simcard]] card and the service provider. This shared secret is limited in time and for a specific ___domain.
[[Image:GBA.JPG]]
==Strong points==
This solution has some strong points of certificate and shared secrets without having some of their weaknesses:
-
- Another advantage is the ease with which the authentication method may be integrated into terminals and service providers, as it is based on [[HTTP]]'s well known "[[Digest access authentication]]". Every Web server already implement HTTP [[digest authentication]] and the effort to implement GBA on top of digest authentication is minimal. For example it could be implemented on SimpleSAMLPhP http://rnd.feide.no/simplesamlphp with 500 PHP lines of code and only a few tens of LoC are SP specific amking it really easy to port it to another Web site.
- On the service provider side, all that is needed is a small library named NAF.
==Technical overview:==
There are two ways to use GAA.
* The first is based on a shared secret between the client and server
* The second is based on public-private key pairs and digital certificates.
In the shared secret cases, the customer and the operator are first mutually authenticated through 3G and authentication key (AKA) and they agree on session keys which can then be used between the client and services that the customer wants to use.
This is called bootstrap.
After the services can retrieve the key Session of the operator, and can be used in specific applications protocol
between the client and services [3].
Fig. 1 shows the network GAA entities and interfaces between them. Optional entities are drawn with lines
network and borders dotted the scoreboard. The User Equipment (EU) is, for example, the user's mobile phone. The EU and
Bootstrapping function server (BSF) mutually authenticate themselves during the Ub interface, using the [[HTTP
Digest AKA]] protocol. The EU also communicate with the network application functions (NAF), which are the implementation
servers, over the Ua interface, which can use any specific application protocol necessary.
BSF retrieves data from the subscriber from the Home Subscriber Server (HSS) during the Zh interface, which uses the
[[Diameter]] Base Protocol. If there are several HSS in the network, BSF must first know which one to use. This
can be done by either setting up a pre-defined HSS to BSF, or by querying the subscriber Locator Function (SLF).
Nafs recover the key session of BSF during the Zn interface, which also uses the diameter at the base Protocol [5]. If
NFA is not in the home network, it must use a proxy-Zn contact BSF .
[[Category:Cryptographic protocols]]
| |||