Upload
lizhaohui
View
230
Download
6
Embed Size (px)
DESCRIPTION
Data
Citation preview
RAN Feature Description Table of Contents
Table of Contents
Chapter 6 Data Integrity Protection and Encryption................................................................6-16.1 Introduction...................................................................................................................... 6-1
6.1.1 Definition...............................................................................................................6-16.1.2 Purposes...............................................................................................................6-16.1.3 Terms and Abbreviations.......................................................................................6-1
6.2 Availability........................................................................................................................ 6-46.2.1 Network Elements Involved...................................................................................6-46.2.2 Software Releases................................................................................................6-46.2.3 Miscellaneous........................................................................................................6-5
6.3 Impact.............................................................................................................................. 6-56.3.1 On System Performance.......................................................................................6-56.3.2 On Other Features.................................................................................................6-5
6.4 Restrictions...................................................................................................................... 6-56.5 Technical Description.......................................................................................................6-5
6.5.1 Data Integrity Protection and Encryption Configuration Model..............................6-56.5.2 System Architecture..............................................................................................6-66.5.3 Algorithms of Data Integrity Protection and Encryption.........................................6-6
6.6 Capabilities....................................................................................................................6-126.7 Implementation..............................................................................................................6-12
6.7.1 Enabling Data Integrity Protection and Encryption..............................................6-136.7.2 Reconfiguring Parameters...................................................................................6-136.7.3 Disabling Data Integrity Protection and Encryption..............................................6-14
6.8 Maintenance Information................................................................................................6-146.8.1 Alarms.................................................................................................................6-146.8.2 Counters..............................................................................................................6-14
6.9 References..................................................................................................................... 6-15
Huawei Technologies Proprietary
i
RAN Feature Description List of Figures
List of Figures
Figure 6-1 Data Integrity Protection and Encryption configuration model.............................6-5
Figure 6-2 Integrity protection and encryption procedures....................................................6-6
Figure 6-3 Encryption and decryption of user and signaling data.........................................6-9
Figure 6-4 Derivation of MAC-I or XMAC-I from a signaling message................................6-10
Figure 6-5 Summary of UMTS access security...................................................................6-11
Huawei Technologies Proprietary
ii
RAN Feature Description List of Tables
List of Tables
Table 6-1 NEs required for data integrity protection and encryption......................................6-4
Table 6-2 RAN products and related versions.......................................................................6-4
Table 6-3 Algorithms for integrity protection and encryption..................................................6-6
Table 6-4 Parameters of integrity protection and encryption algorithms................................6-8
Table 6-5 Commands for the reconfiguration on the RNC side...........................................6-13
Table 6-6 Data integrity protection and encryption counters................................................6-14
Huawei Technologies Proprietary
iii
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
Chapter 6 Data Integrity Protection and Encryption
6.1 Introduction
6.1.1 Definition
To protect user data from illegal interception and networks from illegal access, the WCDMA system introduces data integrity protection and encryption.
The data integrity protection function enables receiving entity (UE or RNC) to verify if the signaling data is illegally changed.
The WCDMA system uses longer cipher keys, as well as more robust encryption and data integrity algorithms for security of user data and networks.
6.1.2 Purposes
The purposes of this feature are as follows:
To enhance network and user data security To protect the data and networks from illegal interception and changing To prevent the imitation behavior
6.1.3 Terms and Abbreviations
I. Terms
Term Description
Quintet, UMTS authentication vector
Temporary protocol of authentication and key, which enables UMTS AKA function for a certain user in a VLR/SGSN. A quintet consists of five elements:
Random Number (RAND)
Expected Response (XRES)
Cipher Key (CK)
Integrity Key (IK)
Authentication Token (AUTN)
Huawei Technologies Proprietary
1
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
Term Description
Triplet, GSM authentication vector
Temporary protocol data of authentication and key ,which enables GSM AKA function for a particular user in a VLR/SGSN. A triplet consists of three elements:
Random Number (RAND)
Signed Response (SRES)
Ciphering Key (Kc)
Data integrity No signaling data is changed in an unauthorized manner.
UMTS security context
A state established between a UE and a serving network domain as a result of the execution of UMTS AKA. In this state, both sides store UMTS security context data. The data consists of at least UMTS CK, IK and key set identifier (KSI). When CK or IK is converted into Kc to work in a GSM BSS, both sides remain in the UMTS security context state.
GSM security context
A state established between a UE and a serving network domain as a result of the execution of GSM AKA. In this state, both ends store GSM security context data. The data consists at least of GSM cipher Kc and cipher key sequence number (CKSN).
Authentication vector Either a quintet or a triplet
R98-A network node or ME that conforms to R97 or R98 specifications
R99+A network node or ME that conforms to specifications of R99 or later releases
R99 + ME capable of UMTS AKA
Either an R99 + UMTS only ME, an R99 + GSM/UMTS ME, or an R99 + GSM only ME that supports USIM-ME interface
R99 + ME incapable of UMTS AKA
An R99 + GSM only ME that does not support USIM-ME interface
II. Symbols
This chapter uses the following symbols:
Huawei Technologies Proprietary
2
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
f 1: message authentication function used to calculate message authentication code (MAC)
f 8: encryption algorithm f 9: integrity algorithm
III. Abbreviations
Abbreviation Full Spelling
AKA Authentication and Key Agreement
AUTN Authentication Token
BSS Base Station System
BTS Base Transceiver Station
CK Cipher Key
CKSN Cipher Key Sequence Number
CS Circuit Switched
HE Home Environment
HLR Home Location Register
IK Integrity Key
IMSI International Mobile Subscriber Identity
KSI Key Set Identifier
LAI Location Area Identity
MACMessage Authentication Code included in AUTN, computed using f1
MS Mobile Station
MSC Mobile Services Switching Center
PS Packet Switched
RAND Random Number
RNC Radio Network Controller
SGSN Serving GPRS Support Node
SQN Sequence number
Huawei Technologies Proprietary
3
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
Abbreviation Full Spelling
SN Serving Network
UE User Equipment
UEA UMTS Encryption Algorithm
UIA UMTS Integrity Algorithm
UMTS Universal Mobile Telecommunications System
USIM User Services Identity Module
UTRAN Universal Terrestrial Radio Access Network
Uu Radio interface between UTRAN and UE
VLR Visitor Location Register
XRES Expected Response
6.2 Availability
6.2.1 Network Elements Involved
Table 6-1 describes the NEs involved with data integrity protection and encryption.
Table 6-1 NEs required for data integrity protection and encryption
UE NodeB RNCMSC
ServerMGW SGSN GGSN HLR
√ √ √ - - - - -
Note:
–: not required √: required
Note:
This chapter describes only the availability of the NodeB and the RNC.
Huawei Technologies Proprietary
4
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
6.2.2 Software Releases
Table 6-2 describes the versions of RAN products that support data integrity protection and encryption.
Table 6-2 RAN products and related versions
Product Version
RNC BSC6800 V100R002 and later releases
NodeB
DBS3800 V100R005 and later releases
BTS3812A V100R005 and later releases
BTS3812E V100R005 and later releases
6.2.3 Miscellaneous
This feature requires UE and network to support the encryption and integrity algorithms.
6.3 Impact
6.3.1 On System Performance
None.
6.3.2 On Other Features
None.
6.4 RestrictionsNone
6.5 Technical Description
6.5.1 Data Integrity Protection and Encryption Configuration Model
The configuration model for Data Integrity Protection and Encryption is as show in Figure 6-2.
Huawei Technologies Proprietary
5
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
GlobalParaClass
RNC
RadioClass
UEA .Class
Encryption algorithm
UIA.Class
Integrity protection algorithm
Figure 6-2 Data Integrity Protection and Encryption configuration model
6.5.2 System Architecture
As shown in Figure 6-3, encryption and integrity protection are implemented on Uu interface. The object of integrity protection is signaling, and that of encryption can either be signaling or data.
UE RNC
Integrity Procedure
Signaling
Encrypt Procedure
Signaling and Data
Figure 6-3 Integrity protection and encryption procedures
6.5.3 Algorithms of Data Integrity Protection and Encryption
I. Algorithm Introduction
Table 6-1 describes the algorithms for integrity protection and encryption.
Table 6-1 Algorithms for integrity protection and encryption
Algorithm Description
UMTS Integrity Algorithm (UIA)
According to protocols, currently RNC supports only UIA1, namely, the f9 integrity protection.
UMTS Encryption Algorithm (UEA)
According to protocols, RNC supports only two encryption algorithms:
UEA0: no encryption
UEA1: f8 encryption algorithm
Huawei Technologies Proprietary
6
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
Parameter name Encryption algorithm
Parameter ID ENCRYPTIONALGO
GUI range UEA0, UEA1
Physical range& unit -
Default value -
Optional / Mandatory Optional
MML command SET UEA
Description:
The encryption algorithm supported by RNC. Both UEA0 and UEA1 can be selected at one time.
Parameter name Integrity protection algorithm
Parameter ID INTEGRITYPROTECTALGO
GUI range UIA1
Physical range& unit -
Default value UIA1
Optional / Mandatory Optional
MML command SET UIA
Description:
The integrity protection algorithm supported by RNC. Only UIA1 is supported currently.
Configuration Rule and Restriction:
UE is required to support the encryption and integrity algorithms.
Table 6-2 describes the parameters of the algorithms.
Huawei Technologies Proprietary
7
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
Table 6-2 Parameters of integrity protection and encryption algorithms
Parameter Name Description
IKIntegrity key
IK is composed of 128 bits.It is used to establish CS connection (IKCS) between CS domain and UE, or PS connection (IKPS) between PS domain and UE, or using the latest IK received from either IKCS or IKPS for integrity protection. For UMTS subscribers, IK is established during the implementation of UMTS AKA and stored in the USIM card with a copy in ME.
IK can be sent:
From the USIM card to ME upon request of ME
From the HLR/AuC to the VLR/SGSN and stored in the VLR/SGSN as part of a quintet
From the VLR/SGSN to the RNC in the (RANAP) security mode command message
CKCipher key
CK is 128 bits long. It is used to establish CS connection (CKCS) between CS domain and UE, or PS connection (CKPS) between PS service domain and UE. Signaling Radio Barrier (SRB) CK refers to the latest CK received from either CKCS or CKPS. For UMTS subscribers, CK is established during the implementation of UMTS AKA. It is stored in the USIM card with a copy in ME.
CK can be sent:
From the USIM card to ME upon request of ME
From the HLR/AuC to the VLR/SGSN and stored in the VLR/SGSN as part of the quintet
From the VLR/SGSN to the RNC in the (RANAP) security mode command message.
II. UTRAN Encryption of Signaling and Data
Authentication allows safe communications between UE and network. CN and UE share a CK after a successful authentication
Encryption and decryption are implemented in UE and the RNC (L2). Therefore, it needs the CN sends the CK to the RNC in a RANAP security mode command message, and then RNC sends the CK to UE in a RRC security mode command message to initiate the encryption.
Huawei Technologies Proprietary
8
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
As shown in Figure 6-4, the UMTS encryption mechanism is based on the stream cipher concept. To be more specific, plain text data is added bit by bit to pseudo-random mask data generated by CK and other parameters. The benefit of such encryption mechanism is that the generation of the pseudo-random mask data is independent of the plain text data. Therefore, the final encryption process is fast. The decryption on the receiving side is the same, because adding the pseudo-random mask bits twice has the same result as adding zeros once.
PLAINTEXTBLOCK
f8
COUNT - C/32 DIRECTION/1BEARER/5 LENGTH
CK/128
KEYSTREAMBLOCK(MASK)
CIPHERTEXTBLOCK
f8
COUNT - C/32
BEARER/5 LENGTH
CK/128
KEYSTREAMBLOCK(MASK)
PLAINTEXTBLOCK
SenderUE or RNC
ReceiverRNC or UE
DIRECTION/1
Figure 6-4 Encryption and decryption of user and signaling data
The algorithm involves following parameters:
Cipher Key (CK) Cipher sequence number (COUNT-C) Direction bit (DIRECTION) Length indication (LENGTH) Radio bearer identifier (BEARER)
Since the pseudo-random mask data does not depend on the plain text, there has to be another parameter that changes every time when a new mask is generated. Otherwise, two different plain texts, say P1 and P2, would be protected by the same mask. When P1 is added to P2 bit by bit, the encrypted counterpart of P1 is added to that of P2 at the same time. The resultant bit strings of these two processes are exactly the same because two identical masks cancel each other in the bit-by-bit addition. In this case, any attacker can get the bit-by-bit sum of P1 and P2 and wiretap the encrypted messages on the radio interface.
If two bit strings of meaningful data are added to P1 and P2 bit by bit, the resultant bit string will reveal them totally. This interrupts the encryption of messages P1 and P2.
Huawei Technologies Proprietary
9
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
III. UMTS Intergrity Protection of Signalling
The purpose of integrity protection is to authenticate individual signaling messages. Independent authentications ensure correct identification of the communicating parties.
Integrity protection is implemented at the RRC layer of the radio interface by the UE and RNC. The IK is generated during AKA, and sent to RNC with CK in the security mode command message.
Figure 6-5 shows how to authenticate the data integrity of a signaling message with integrity algorithm f9.
f 9
COUNT -I/32 DIRECTION/1
MESSAGE FRESH/32
IK/128
MAC –I/32
f 9
COUNT -I/32 DIRECTION/1
MESSAGE FRESH/32
IK/128
XMAC –I/32
SenderUE or RNC
ReceiverRNC or UE
Figure 6-5 Derivation of MAC-I or XMAC-I from a signaling message
This algorithm involves the following parameters:
Integrity Key (IK) Integrity sequence number (COUNT-I) A random value generated at the network side (FRESH) Direction bit (DIRECTION) Signaling data (MESSAGE)
Based on these input parameters, UE uses integrity algorithm f9 to calculate MAC-I, that is, the message authentication code for data integrity. The MAC-I is then appended to the message when it is sent over the radio access link. The receiver calculates XMAC-I by the same algorithm and verifies the data integrity by comparing the XMAC-I with the received MAC-I.
Huawei Technologies Proprietary
10
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
IV. Summary of Access Security
AKA Algorithms
Encryption and IntegrityProtection Algorithms
AKA Algorithms
VLR
RES
Encryption and IntegrityProtection Algorithms
K SQN AuC
Authentication Vectors
K SQNUSIM
Securecommunication
CKcs,I Kcs
HLR/AUC
SGSN
CKps,I Kps
RNC
CKps,I Kps
ME
USIM
RAND,AUTN
CKcs,I Kcs
Figure 6-6 Summary of UMTS access security
As a summary of this section, Figure 6-6 shows the most important access security mechanisms and the relationship between them. For clarity, the figure does not show all the parameters.
Huawei Technologies Proprietary
11
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
V. Negotiation of Encryption and Integrity Mode
Before connecting to the network, UE sends an MS/USIM Classmark message to confirm its encryption and integrity algorithms. This message needs no integrity protection because RNC receives and stores the message without using IK. The latest generated IK is used to protect the data integrity of the message during the setup of the security mode.
The network compares the information with UE, including integrity protection capabilities, preference, and special requirements that are signed on CN and indicated by UE. Then, the network acts according to the following rules:
If the network and UE do not share any version of UIA algorithm, the connection will be released.
If the network and UE share at least one version of UIA algorithm, the network will choose one of the mutually acceptable versions for the connection.
The network compares the information with UE, including integrity protection capabilities, preference, and special requirements that are signed on CN and indicated by UE. Then the network acts according to the following rules:
If the network and UE do not share any version of UEA algorithm, and the CN does not indicate that unencrypted connection can be set up, then no unencrypted connection can be set up, and the connection will be released.
If the network and UE do not share any version of UEA algorithm in use, and UE (home environment of UE) and CN allow an unencrypted connection, the unencrypted connection will be used.
If the network and UE share at least one UEA algorithm, the network will choose one of the mutually acceptable versions for the connection.
Neither the mode nor the algorithm of integrity protection and encryption can be changed when UE is connected to another CN. The CS and PS domains share the same preferences and special requirements for setting the encryption and integrity modes, for example, the preference of the algorithms.
If there are RABs connecting UE to both CS and PS domains, the user data for CS domain is always encrypted by the CK received from the CS domain, and that for PS domain by the CK received from the PS domain. However, the signaling data shall always be encrypted by the latest CK received from the PS or CS domain.
6.6 CapabilitiesNone.
Huawei Technologies Proprietary
12
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
6.7 ImplementationHuawei WCDMA network supports integrity protection algorithm UIA1, as well as the encryption algorithms UEA0 and UEA1. According to related protocols, the CS and PS domains of CN must use the same algorithm. Therefore, RNC must choose at least one integrity protection algorithm and one encryption algorithm, and ensure that there is intersection of the chosen algorithms between CN and RNC.
The default settings are as follows:
Integrity protection algorithm: UIA1 Encryption algorithm: UEA0 and UEA1
6.7.1 Enabling Data Integrity Protection and Encryption
This feature does not need extra hardware or initialization. It takes effect automatically.
For the network planning or optimization, the data can be adjusted on the RNC LMT as required.
6.7.2 Reconfiguring Parameters
I. Parameter Reconfiguration on the RNC Side
Table 6-1 describes the commands used for the reconfiguration on the RNC side.
Table 6-1 Commands for the reconfiguration on the RNC side
Function Command
About the encryption algorithm that the RNC supports
To query the encryption algorithm that the RNC supports
LST UEA
To set the encryption algorithm that the RNC supports
SET UEA
About the integrity protection algorithm that the RNC supports
To query the integrity protection algorithm that the RNC supports
LST UIA
To set the integrity protection algorithm that the RNC supports
SET UIA
II. Parameter Reconfiguration on the NodeB Side
None.
Huawei Technologies Proprietary
13
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
III. Examples
//Set the encryption algorithms to UEA0 and UEA1.
SET UEA: ENCRYPTIONALGO=UEA0-1&UEA1-1;
//Set the integrity protection algorithm to UIA1.
SET UIA: INTEGRITYPROTECTALGO=UIA1-1;
6.7.3 Disabling Data Integrity Protection and Encryption
Data integrity protection and encryption can be set and reconfigured, but not disabled.
6.8 Maintenance Information
6.8.1 Alarms
None.
6.8.2 Counters
The counters related with data integrity protection and encryption belong to RNC -> SM.RNC, where RNC is measurement object type, and SM.RNC is measurement unit. Table 6-2 lists the counters.
Table 6-2 Data integrity protection and encryption counters
Item Description
VS.IU.Att.SecMode Number of SECURITY MODE COMMAND Messages Received by RNC from CN
VS.IU.SuccSecModeNumber of SECURITY MODE COMPLETE Messages Sent from RNC to CN
VS.IU.RejSecMd.RnlNumber of SECURITY MODE REJECT Messages Sent from RNC to CN due to Radio Network Layer Cause
VS.IU.RejSecMd.TnlNumber of SECURITY MODE REJECT Messages Sent from RNC to CN due to Transport Layer Cause
VS.IU.RejSecMd.NASNumber of SECURITY MODE REJECT Messages Sent from RNC to CN due to NAS Cause
VS.IU.RejSecMd.OptNumber of SECURITY MODE REJECT Messages Sent from RNC to CN due to Network Optimization
VS.IU.RejSecMd.UnspNumber of SECURITY MODE REJECT Messages Sent from RNC to CN due to Unspecified Failure
Huawei Technologies Proprietary
14
RAN Feature Description Chapter 6 Data Integrity Protection and Encryption
Item Description
VS.Uu.Att.SecModeNumber of SECURITY MODE COMMAND Messages Sent from RNC to UE
VS.Uu.Succ.SecModeNumber of SECURITY MODE COMPLETE Messages Received by RNC from UE
6.9 References 3GPP TS 33.102 "3rd Generation Partnership Project; Technical Specification
Group Services and System Aspects; 3G Security; Security Architecture" 3GPP TS 31.111 "USIM Application Toolkit (USAT)"
Huawei Technologies Proprietary
15