Bootstrapping Server Function

Bootstrapping Server Function ( BSF ) referred to in the mobile a technical intermediary element between each other previously unknown devices and servers, which mutual authentication and - the exchange of secret keys permits - building on that. This use of general additional services and applications is possible that require authentication and secure communication link, such as Mobile TV.

Operation

Architecture

Overall involved in the conversation of such a generic security relationship are ( shortened ) the following functional elements. Overall, it refers to the structure and function of these elements as a generic authentication architecture (GAA ) or Generic Bootstrapping Architecture ( GBA):

  • Terminal, eg a mobile phone, short User Equipment (UE ) that want to use a particular service
  • Application server, such as Mobile TV, shortly Network Application Function ( NAF ); provides the service ready
  • A Home Subscriber Server (HSS ) of the ( mobile ) network provider; manages the respective user-specific profiles of its terminal user

The term bootstrapping means here the technical function to establish a security relationship initially at a previously unknown device safety in order to then install each in the device itself and the BSF security elements ( keys) can.

Essentially, the protocols Diameter and HTTP are used; may can between BSF and NAF instead Diameter find using SOAP.

Expiration

The BSF is consulted by the application server (NAF ) after a terminal has asked for this to service access. Since the application server, the terminal does not know at this point, he refers this first on to the BSF. The terminal and the BSF authenticate now on both sides; this is done by means of the protocol 3GPP AKA ( Authentication and Key Agreement ) and by requests from the BSFs to the Home Subscriber Server (HSS ). Afterwards, the BSF and equipment (UE ) to agree on a session key (NAF ) is to be used for encrypted communication with the application server. The terminal is now applied again to the application server, this may reflect the session key as well as user-specific data from the BSF and related data exchange start with the terminal (UE). The matching session key for the cryptographic protection be used.

The security relationship itself between the device and server, it never leaves the jurisdiction of the ( mobile ) network provider, only this security relationship derived data (key) can be queried and used by applications.

Norms and Standards

BSF is standardized in the newer versions of the 3GPP standards:

  • Generic Authentication Architecture ( GAA)
  • Generic Bootstrapping Architecture ( GBA).

For details see, inter alia, 3GPP TS 33,919, 33,220 24,109, 29,109

138664
de