CH1

CTS Random Challenge Value of the CTS-FP

Security
Introduced in Rel-8
CH1 is a random challenge value used in the Cordless Telephony System - Fixed Part (CTS-FP) authentication protocol. It serves as a cryptographic nonce to prevent replay attacks during the authentication process between a mobile station and the fixed network. This security mechanism ensures that each authentication session is unique and resistant to interception.

Description

CH1 is a critical component within the authentication and key agreement (AKA) protocol specified for the Cordless Telephony System - Fixed Part (CTS-FP) in 3GPP TS 43.020. It functions as a random challenge value generated by the network's authentication center (AuC) or equivalent fixed network entity. This value is transmitted to the mobile station (MS) during the authentication procedure to initiate a cryptographic exchange that verifies the identity of both parties and establishes secure session keys.

The technical operation involves the network generating CH1 as a random number (typically 128 bits) and sending it to the mobile station along with other authentication parameters. The mobile station uses this CH1 value, along with a shared secret key (Ki) and other network-specific data, as input to cryptographic algorithms (originally COMP128 variants) to compute a response value (SRES) and ciphering key (Kc). The mobile station returns the SRES to the network, which performs the same computation independently. If the computed SRES values match, authentication succeeds, and the derived Kc is used for encrypting subsequent communications.

Architecturally, CH1 is part of the challenge-response mechanism that prevents replay attacks. By ensuring each CH1 value is random and used only once within its validity period, the system guarantees that an intercepted authentication sequence cannot be reused by an attacker. The generation of CH1 requires a cryptographically secure random number generator within the network's security infrastructure. The value's integrity during transmission is protected, though in early CTS implementations, this protection might rely on the inherent difficulty of predicting the random sequence rather than encryption of the challenge itself.

The role of CH1 extends beyond simple authentication; it is the seed for the entire key derivation process. The randomness and unpredictability of CH1 directly impact the strength of the derived session key Kc. A weak or predictable CH1 could compromise the entire session's security. Within the CTS-FP protocol stack, CH1 is carried in specific authentication signaling messages between the fixed network controller and the mobile handset, following the protocols defined for the DECT/GSM interworking specified in TS 43.020.

Purpose & Motivation

CH1 was created to provide a secure authentication mechanism for Cordless Telephony Systems (CTS) that interwork with GSM networks, as standardized in 3GPP Release 8. Prior to standardized interworking, proprietary cordless systems often used weaker or non-existent authentication, making them vulnerable to cloning and unauthorized access. The CTS-FP specification aimed to bring GSM-grade security to cordless telephony environments, particularly for residential and business base stations that connect to the public network.

The fundamental problem CH1 addresses is the need for mutual authentication and secure key establishment in a lightweight, cost-effective cordless system. Without a random challenge like CH1, authentication protocols could be susceptible to replay attacks where an attacker records a legitimate authentication exchange and replays it to gain network access. By introducing a unique, network-generated random value for each authentication attempt, the system ensures freshness and prevents such attacks.

The historical context involves the convergence of DECT (Digital Enhanced Cordless Telecommunications) technology with GSM core network security principles. CTS-FP allowed DECT handsets to authenticate using GSM SIM cards and algorithms. CH1's design follows the GSM AKA pattern but adapts it for the CTS architecture, solving the limitation of static authentication tokens by introducing dynamic, session-specific challenges. This enabled secure cordless extensions to GSM networks while maintaining compatibility with existing subscriber identity modules and authentication infrastructure.

Key Features

  • Random number generation for cryptographic freshness
  • Prevention of authentication replay attacks
  • Seed input for ciphering key (Kc) derivation
  • Integration with GSM authentication algorithms (COMP128)
  • Part of challenge-response protocol in CTS-FP
  • Enables mutual authentication between mobile and fixed parts

Evolution Across Releases

Rel-8 Initial

Introduced CH1 as part of the initial CTS-FP specification in TS 43.020. Defined as the random challenge value generated by the network for CTS authentication, using the same fundamental principles as GSM RAND but within the CTS architecture. Established the basic challenge-response mechanism where CH1 is sent to the mobile station to compute authentication response and session key.

TS 43.020

Defining Specifications

SpecificationTitle
TS 43.020 3GPP TR 43.020