World Library  
Flag as Inappropriate
Email this Article

Generic Bootstrapping Architecture

Article Id: WHEBN0014447758
Reproduction Date:

Title: Generic Bootstrapping Architecture  
Author: World Heritage Encyclopedia
Language: English
Subject: GBA (disambiguation), Generic Authentication Architecture
Collection:
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Generic Bootstrapping Architecture

In mobile phones, Generic Bootstrapping Architecture (GBA) is one technology enabling the authentication of a user. This authentication is possible if the user owns a valid identity on an HLR Home Location Register or a Home Subscriber Server

GBA is standardized at the smartcard inside the mobile phone and the other is on the HLR/HSS.

GBA authenticates by making a network component challenge the simcard card and verify that the answer is similar by the one predicted by the HLR/HSS.

Instead of asking the service provider to trust the BSF and relying on it for every authentication request, the BSF establishes a shared secret between the simcard card and the service provider. This shared secret is limited in time and for a specific domain.

Strong points

This solution has some strong points of certificate and shared secrets without having some of their weaknesses:

- There is no need for user enrollment phase nor secure deployment of keys, making this solution a very low cost one when compared to PKI.

- Another advantage is the ease with which the authentication method may be integrated into terminals and service providers, as it is based on http://rnd.feide.no/simplesamlphp with 500 PHP lines of code and only a few tens of lines of code are Service Provider specific making it really easy to port it to another Web site.

- On device side is needed:

  • A Web browser (in fact an HTTP client) implementing digest authentication and the special case designed by a "3gpp" string in the HTTP header.
  • A means to dialog with a smartcard and signed the challenge sent by the BSF, either Bluetooth SAP or a Java or native application could be used to serve the request coming from the browser.

Technical overview

Actually, contents in this section are from external literature.[1]

There are two ways to use GAA (Generic Authentication Architecture).

  • The first, GBA, is based on a shared secret between the client and server
  • The second, SSC, is based on public-private key pairs and digital certificates.

In the shared secret cases, the customer and the operator are first mutually authenticated through 3G and Authentication Key (AKA) and they agree on session keys which can then be used between the client and services that the customer wants to use. This is called bootstrapping. After that, the services can retrieve the session keys from the operator, and they can be used in some application specific protocol between the client and services.

Figure above shows the network GAA entities and interfaces between them. Optional entities are drawn with lines network and borders dotted the scoreboard. The User Equipment (UE) is, for example, the user's mobile phone. The UE and Bootstrapping function server (BSF) mutually authenticate themselves during the Ub (number [2] above) interface, using the Digest access authentication AKA protocol. The UE also communicates with the Network Application Functions (NAF), which are the implementation servers, over the Ua [4] interface, which can use any specific application protocol necessary.

BSF retrieves data from the subscriber from the Home Subscriber Server (HSS) during the Zh [3] interface, which uses the Diameter Base Protocol. If there are several HSS in the network, BSF must first know which one to use. This can be done by either setting up a pre-defined HSS to BSF, or by querying the Subscriber Locator Function (SLF). NAFs recover the key session of BSF during the Zn [5] interface, which also uses the diameter at the base Protocol. If NAF is not in the home network, it must use a Zn-proxy to contact BSF .

Uses

  • The SPICE project developed an extended Use Case named "split terminal" where a user on a PC can authenticate with her mobile phone: http://www.ist-spice.org/demos/demo3.htm. The NAF was developed on SimpleSAMLPhP and a Firefox extension was developed to process the GBA digest authencation request from the BSF. Bluetooth SIM Access Profile was used between the Firefox browser and the mobile phone. Later a partner developed a "zero installation" concept.
  • The Fraunhofer Fokus Presentation at ICIN 2008 by Peter Weik
  • The Open Mobile Terminal Platform recommendation, first released in May 2008.

References

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.