Geekly Articles each Day
📜 ⬆️ ⬇️

GPRS inside. Part 2

We continue our acquaintance with the packet transmission in the networks of mobile operators, which we started with you in the first part about GPRS / EDGE technologies. This article will discuss the process of authentication and authorization, the so-called. the GPRS Attach procedure, as well as the activation of the service requested by the subscriber - raising the PDP Context. Let's see what data is stored on the SGSN side, and which data is on the subscriber side.
Well, let's go ...


GPRS Attach

I will miss some of the processes immediately preceding and accompanying the GPRS Attach procedure, and more specifically:

If anyone is interested in the details, please ask questions. We will start immediately with the GPRS Attach procedure, which allows identifying the subscriber, determining which services are available to the subscriber, checking the legality of using the mobile terminal of the subscriber in the operator’s network ( IMEI Check procedure is optional) and actually enabling the subscriber to activate the service he requests.

The process of authentication and authorization, the so-called. GPRS Attach procedure, is shown in the diagram below (the image is clickable).
')
image

  1. Attach Request
    The GPRS Attach procedure starts with a subscriber request from your mobile terminal, GPRS / EDGE service (or when the subscriber selects a permanent connection to the packet network on the device: Menu -> Settings -> Device connection -> Packet data -> Packet connection -> On Demand / Permanent access), i.e. opening a mobile browser / checking mail / trying to send MMS / etc., which in turn initiates sending an Attach Request request if the subscriber has not been connected to the operator’s packet network before. If the subscriber is going to connect to the network for the first time, then the request will contain the following basic data:
    • Attach type: GPRS Attach (subscription for packet data only), IMSI attach (subscription for voice services only, if the subscriber is registered to perform / accept voice services), Combined Attach (combined subscription = voice + packet data)
    • P-TMSI ( IMSI replacement, in case the subscriber is already “known” to SGSN)
    • RAI = MCC + MNC + LAC + RAC, i.e. subscriber coordinates within the base station subnet
      RAI - Routing Are Identity
      MCC - Mobile Country Code (international country code)
      MNC - Mobile Network Code (international operator code within the country)
      LAC - Location Area Code (set of base stations united by one code)
      RAC - Routing Area Code (zone smaller or equal to LAC)
    • MS network capability - subscriber terminal capabilities in terms of data transfer
    • MS radio access capability - subscriber terminal capabilities in terms of radio transmission

  2. Identification Request
    If the subscriber was previously in the service area of ​​another SGSN, then when switching to service at the new SGSN, the subscriber does not need to re-provide all the information for his identification, since it will be requested from the previous item. If the subscriber at that time used the services of GPRS / EDGE, i.e. he had the PDP Context open, the new SGSN would “pick up” the subscriber along with his session, without interrupting the service.
  3. Identity Request (Req) / Response (Res)
    This procedure is carried out, for new subscribers, or for subscribers, the data about which were not transmitted (or transferred incorrectly) from the old SGSN, then the SGSN again asks for all the data from the subscriber that we considered in the Attach Request procedure (instead of P- TMSI [Packet-TMSI], TMSI [Temporary Mobile Station Identity] are required by IMSI [International Mobile Subscriber Identity]).
  4. Send Authentication Info Req / Res
    During this procedure, the SGSN, based on the IMSI of the subscriber, makes a request to the HLR / AuC, which is a database of subscribers of the operator’s network. On the HLR / AuC, IMSI side of the subscriber there corresponds a certain checksum / secret number - K i , and also on the HLR / AuC side there is a randomized generator that generates a random number for our request. Then formed, so-called. triplet [TRIPLETS = RAND + SRES (Signed Response) + K with ] data, which consists of:
    • Rand is a random number
    • SRES - the result of “sweeping” a random number RAND through the algorithm A3
    • K with - the result, “sweep” the number of K i through the algorithm A5
    The data triple is then sent to the SGSN.
  5. Authentication and Cyphering Req / Res
    The values ​​obtained from the HLR / AuC are stored on the SGSN side, and the value of the RAND number is transmitted to the subscriber’s mobile terminal, based on which the SRES and K c values ​​are “calculated” on the subscriber side. The A3 / A5 encryption algorithms, as well as the secret number K i, are “sewn up” in the subscriber’s SIM card.
  6. Identity Check Request (Req) / Response (Res)
    This procedure is optional and allows you to check the legality of using the subscriber’s terminal in the operator’s network, i.e. request the IMEI code of the terminal and compare it with the databases of the White, Gray and Black lists. If the subscriber is on the Black List, he will be denied service at this stage, but this is all in theory. In practice, it turns out the opposite, because in fact, the blacklist blocking is still not working (I speak for the territory of Ukraine).
  7. Check IMEI Req / Res
    Check IMEI on the EIR , on the basis of which a decision will be made on the legitimacy of using the subscriber’s terminal in the operator’s network.
  8. Location Update Procedures Req / Res
    During the GPRS Attach procedure, the subscriber’s location information is updated, i.e. The SGSN updates the information in the HLR, and then the HLR updates the data in the MSC / VLR.
    If the subscriber performs Combined Attach, the SGSN updates the subscriber information in the MSC / VLR
  9. Attach Accept
    After successfully completing all the above operations, SGSN informs the subscriber that the GPRS Attach is accepted and the subscriber can now use the packet data services in the operator’s network.
  10. TMSI Realocation Complete
    The final stages is the update / notification of the MSC / VLR of the new TMSI value assigned to the subscriber.

This is actually the way the subscriber is authenticated and authorized to provide the transfer of packet data to the operator’s network. After this procedure, a letter “G” (or “E” :) will appear on the subscriber’s terminal, indicating that the connection to the packet network has been successfully completed, but this still does not allow the subscriber to use any service * in the packet network, since you must also activate the PDP Context for the requested service.
* - after a successful GPRS Attach procedure, the subscriber can only send short messages via the GPRS / EDGE network, so-called. SMS over GPRS.

PDP Context Activation

After successfully completing the GPRS Attach procedure, the user can activate the PDP Context, which will allow him to use the packet data services.

The context activation procedure itself is somewhat similar to the communication activation procedure during a dial-up connection. Let's look at these two procedures in comparison.
Simply put, the procedure for activating the Dial-Up link can be represented as a scheme:

image

Now let's look at the PDP Context'a concept of activation:

image

As you can see, the similarity between these two procedures consists in applying the same protocols, the steps themselves and the procedures that are used during the connection establishment stages, and the key nodes involved in the communication establishment process are similar.

Having determined the key moments, when PDP Context is activated, we consider the full procedure and determine what data is transmitted during this procedure.

The PDP Context'a activation scheme is shown in the figure below:

image

  1. Activate PDP Context Request
    In this request, quite a lot of different data is transmitted, but we will be more interested in the following:
    • QoS requested - the requested subscriber service profile, quality characteristics of the connection, if this field is empty, the SGSN will decide on the assigned profile
    • PDP type - determines what type of protocol will be used by the terminal for a specific IP / X.25 / etc service.
    • Address - type of address issued to the subscriber for communication in the network [IPv4, IPv6, auto]
    • APN * [Access Point Name] - the name of the access point that defines the address of the GGSN, which will serve the user's session.
      * - in more detail about the choice and use of APN in the process of activating the context, you can read in the article: "It does not matter who you are ... it is important what your APN is"

  2. DNS Query / Response
    Having received a specific APN from the subscriber in the request, the SGSN will form a complete address, adding to the APN, the so-called. GOI [GGSN Operator Identifier], the full address will look something like this:

    internet.mnc009.mcc255.gprs , where

    internet - APN registered in the subscriber’s terminal,
    mnc009.mcc255.gprs - GOI of some virtual operator (Ukraine).

    Then, a request is made to the local DNS server of the operator, which results in the IP address of (a) GGSNs, which provide the requested service to the user.
    If the local DNS server cannot “recognize” the full address (for example, for a roaming subscriber), the request is redirected to the DNS server of the highest level (here, everything is very similar to the structure of IP networks).
  3. Create PDP Context Req / Res
    All collected data from an authorized user, including requests for issuing an IP address, IMSI, MSISDN , APN (in the case of access to the internal network, for example) are transmitted by a special [Create PDP Context Request] request to the GGSN. For this event, a billing entry is opened for the subscriber session.
  4. Activate PDP Context Accept
    The response message that is sent to the subscriber’s terminal contains all the necessary information to complete the activation of the PDP Context. With this message, the user is assigned a specific IP address in the operator’s network, the service profiles are negotiated, and the provision of the requested service begins.

After successful activation of the PDP Context, on the user terminal, the letter “G” (or “E” :) is surrounded by a square and symbolizes the use of packet data.

Information stored before / after GPRS Attach

Let's find out what data is stored on the subscriber side, and which data is on the SGSN side before and after the authentication and authorization process in the operator's packet network.
The summary table is presented below:

MSSGSNHlr
Before GPRS AttachIMSI
MSISDN
RAI
K i
QoS profile
IMSI
MSISDN
K i
QoS profile
After GPRS AttachPMM State
P-TMSI
PMM State
P-TMSI
MSISDN
RAI
K c
QoS profile
SGSN address


A small assistant:

APN - Access Point Name
CHAP - Challenge Handshake Authentication Protocol
EIR - Equipment Identity Register
GGSN - Gateway GPRS Support Node
GOI - GGSN Operator Identifier
GPRS - General Packet Radio Service
HLR - Home Location Register
HPLMN - Home PLMN
IMSI - International Mobile Subscriber Identity
IPCP - Internet Protocol Control Protocol
MS - Mobile Station
MSC - Mobile Switching Center
MSISDN - Mobile Station Integrated Services Digital Number
PAP - Password Authentication Protocol
PDN - Packet Data Networks
PDP - Packet Data Protocol
PLMN - Public Land Mobile Network
PPP - Point-to-Point Protocol
RAS - Registration, Admission and Status
RNC - Radio Network Controller
SGSN - Serving GPRS Support Node
VLR - Visitors Location Register
VPLMN - Visitor PLMN

Related links (en):

Source: https://habr.com/ru/post/81385/

More articles:


All Articles