Generic Bootstrapping Architecture

From Wikipedia, the free encyclopedia

GBA is one technology enabling to authenticate a user. This authentication is possible if the user owns a valid identity to an HLR Home Location Register or a Home Subscriber Server

GBA is standardized at the 3GPP. The user authentication is instantiated by a shared secret, one in the smartcard inside the mobile phone and the other is on the HLR/HSS.

GBA authenticate by making a network component challenge the simcard card and verifying that the answer is similar by the one predicted by the HLR/HSS.

Instead of asking to the service provider to trust the BSF and relying on it at every authentication request, the BSF establish a shared secret between the simcard card and the service provider. This shared secret is limited in time and for a domain.

This solution has some strong points of certificate and shared secrets without having some of their weaknesses:

- A very strong point is that there are no needs for secure deployment of keys.

- Another example of advantage is the easiness to integrate this authentication method in terminals and service providers as it is based on the HTTP well known "Digest access authentication".

- On the service provider side all is needed is a small library named NAF.