IMS AKA Authentication Flow

This flow follows the general procedure outlined in 3GPP TS 33.203 and TS 24.229, focusing on the interaction between UE, P-CSCF, S-CSCF, and HSS.

 

 

3GPP IMS AKA Authentication Flow

sequenceDiagram participant UE as UE participant P_CSCF as P-CSCF participant I_CSCF as I-CSCF participant S_CSCF as S-CSCF participant HSS as HSS %% Registration Initiation UE->>P_CSCF: SIP REGISTER (IMPU, IMPI) P_CSCF->>I_CSCF: SIP REGISTER I_CSCF->>HSS: Cx-Query (IMPU) HSS-->>I_CSCF: Cx-Query Resp (S-CSCF assigned) I_CSCF->>S_CSCF: SIP REGISTER %% AKA Challenge S_CSCF->>HSS: Cx-Auth-Request (IMPI) HSS-->>S_CSCF: Cx-Auth-Answer (RAND, AUTN, XRES) S_CSCF-->>P_CSCF: 401 Unauthorized (with AKA challenge) P_CSCF-->>UE: 401 Unauthorized (RAND, AUTN) %% Response with RES UE->>P_CSCF: SIP REGISTER (with RES) P_CSCF->>S_CSCF: SIP REGISTER (with RES) %% RES Validation S_CSCF->>HSS: Cx-Auth-Answer-Validation (RES) HSS-->>S_CSCF: RES == XRES → Success %% Registration Success S_CSCF-->>P_CSCF: 200 OK P_CSCF-->>UE: 200 OK

 

 

🧾 Description of Key Elements:

• IMPU / IMPI:
  • IMPU: Public identity (e.g., SIP URI)
  • IMPI: Private identity (used for authentication)
• RAND, AUTN, XRES:
  • RAND: Random challenge
  • AUTN: Authentication token
  • XRES: Expected response
• RES:
  • UE's calculated response based on RAND, AUTN, and ISIM keys