Rrc security procedure overview

08/20/13 Security Procedure Overview 1

UMTS Security Procedure Overview

08/20/13 Security Procedure Overview2

Introduction

Security Procedure Authentication procedure (NAS procedure. The

successful outcome will be used for IP and ciphering)

Integrity protection Ciphering

Related RRC message, procedure Basic configuration primitive to L1, RLC and

MM What to look in the RTA log and MDI trace


Authentication

Mutual operation between UE and NW Authentication key K is shared between USIM of the

user and the Authentication Centre (AuC). 128 bit Never transferred from UE to NW or vice versa

Authentication procedure also derives the keys for encryption (ciphering): CK, and integrity checking: IK


Authentication


Integrity Protection check

Security feature is provided with respect to integrity of data on the network access link: verify the signalling data has not been modified in an unauthorised way

Only applies to messages transmitted on SRBs (SRB0 – SRB 4). TM SRBx is NOT integrity protected.

RRC layer is responsible for integrity protection check at UE and NW side.

MM layer supervises the integrity protection procedure by only accepting very limited NAS message if the integrity protection is NOT started at layer 3 level.


Integrity Protection Parameters

Integrity protection calculation parameters COUNT-I : The integrity sequence number (32

bits). IK: The integrity key (128 bits) FRESH: 32 bit DIRECTION: 1 bit MESSAGE Algorithm: UIA1, UIA2 (new algorithm supported in

R7)


Integrity Protection Parameters

COUNT_I:

One COUNT_I value per up-link on each of the SRB (0-4) and one COUNT_I value per down-link on each of the SRB.

The RRC HFN is initialised by START, the remaining bits of the RRC HFN are initialised to 0.

RRC HFN (28 bits)

RRC SN (4 bits)

COUNT_I


Integrity Protection check

Integrity protection in RRC messageUL/DL-CCCH/DCCH-Message ::= SEQUENCE {

integrityCheckInfo IntegrityCheckInfo OPTIONAL,

message xx-xxxx-MessageType} IntegrityCheckInfo ::= SEQUENCE {

messageAuthenticationCode B_32

rrc-MessageSequenceNumber B_4}


Ciphering

Security feature is provided with respect to confidentiality of data on the network access link

Applies on the data transmission on all RBs other than SRB0

RRC is responsible for ciphering configuration to RLC and L1

AM/UM ciphering done by RLC

TM data ciphering done by MAC (e.g.: P2P call)

TM voice ciphering is done by DSP (e.g.: AMR call)


Ciphering Parameters

Ciphering calculation parameters

COUNT-C : ciphering sequence number (32 bits)

CK: cipher key (128 bits)

BEARER: (rb_id – 1) (5 bits)

DIRECTION: 1 bit

Length indicator: 16 bits

Algorithm: UEA0 (transparent ciphering), UEA1, UEA2 (new algorithm introduced in R7)


Ciphering Parameters

COUNT_C:

COUNT_C structure is different based on the RB entity RLC mode.

AM, UM RLC entities: One COUNT_C value per up-link on each of the RB and one COUNT_C value per down-link on each of the RB.

TM RLC entities: radio bearers of the same CN domain COUNT-C is the same, and COUNT-C is also the same for uplink and downlink.


START value

START value:

20 bits

CN domain based: STARTcs and STARTps

START values are stored in USIM

START value reflects how long the security key set (CK and IK) has been used for that particular CN domain

START value is calculated and updated by UE

If SECURITY MODE COMMAND triggers a new key to be used, START value for that CN domain will be reset to ZERO

At the end of rrc connection, if START exceed THRESHOLD value in USIM, UE shall remove keys (CK, IK) for the correspond cn domain


START value

START value: UE sends the START value to NW in following

messages: RRC CONNECTION SETUP COMPLETE, CELL UPDATE

(both cn domain) Corresponding CN domain START value in INITIAL DIRECT

TRANSFER message Corresponding CN domain START value in RADIO BEARER

SETUP COMPLETE message when RAB is established Both CN domain START value in any of the

RECONFIGURATION COMPLETE message if reconfiguration triggers a time re-initialized HHO when

ciphering is started with existing TM entities Reconfiguration/Cell update confirm moves UE from FACH to

DCH state with TM ciphering is started with existing TM entities.

AM RLC data PDU size is changed due to the reconfiguration/CUC procedure


Security Mode Command

Security Mode Command (SMC) Initialisation of Integrity Protection for

certain CN domain Integrity Protection modification in case of

new keys Start Ciphering for certain CN domainShall always integrity protected


Security Mode Command IE

Integrity Protection Mode InfoCommand : START / MODITYAlgorithm: UIA1 DL Integrity Protection Activation Time ( if

command is MODIFY) Init Number ( FRESH) ( if command is

START)


Security Parameter IE

Ciphering Mode InfoCommand : START Algorithm: UEA0/ UEA1Radio bearer downlink ciphering activation

time info (for AM/UM RLC entity)



ue-SystemSpecificSecurityCap Optional IE Only present if the security related capability has

been sent to NW through RRC CONNECTION SETUP COMPLETE or INTER_RAT HANDOVER INFO

NW suppose to repeat UE security capability If security capability doesn’t match, UE will release

the RRC connection



CN-Domain idSecurity procedure is CN domain based.


Security Mode Command procedure related primitives

Security Mode Command (SMC) Configuration to RLC and L1 (Needed only when CIPHERING MODE INFO is included in the message) RLCRR_UTRA_CIPH_CONF_REQ RLCRR_UTRA_CIPH_CONF_CNF RRPH_UTRA_CIPH_CONF_REQ RLCRR_UTRA_RESUME_REQ (end of the SMC procedure

if ciphering is enabled) Security Mode command (SMC) configuration to MM

RRMM_SYNC_IND RRMM_PS_SEC_COMPLETE_IND


Security Mode Command procedure sequence


Procedure impact security configuration

SRNS relocation impacts IP or ciphering configuration. SRNS relocation happens when NW changes UE’s serving

RNC (the RNC connects UE to the core nw) During SRNS relocation:

the fresh value used for integrity protection will be changed (fresh value is random value generated at serving RNC end )

The algorithm of the ciphering and Integrity protection can be potentially changed.

AM/UM entity will be re-established. SRNS relocation indication:

dl-CounterSynchronisationInfo is present in the configuration message For R99 RADO BEARER RECONFIGURATION message: U-

RNTI is present


Other primitives can include security parameter

RLCRR_UTRA_CONFIG_REQ, RLCRR_UTRA_EVENT_REQ

RRPH_UTRA_DCH_CONF_REQ, RRPH_UTRA_DCH_CONF_CNF, RRPH_UTRA_DCH_SYNC_IND includes the ciphering configuration parameter

RRMM_CLEAR_KEY_INFO_IND


Examples from LOGs

Security Mode Command procedure Two domain connection initialization

Radio Bearer Setup procedureTime Re-initialized Hard handover

combine with SRNS relocation with voice call ciphering enabled


MDI logging

Ciphering configuration from MCU to DSP in case of voice call ciphering: MCU_DSP_L1_WCDMA_CIPHER_KEYUEA - UMTS Encryption AlgorithmACTIVATION_CFNCOUNT_CCK

…


Simulation Tool

IP_ciph Simulation on integrity protection calculation Simulation on ciphering Used for log analysis

Identify GEM function properly (GEM is the HW perform the IP and ciphering related configuration)

Guessing the possible parameter used by NW side to identify the issue.

Download link: http://compass.mot.com/go/232935691


Spec Reference

3GPP TS 33.102 3GPP TS 25.331

Section 8.1.12 --- security mode command procedure

Section 8.5.9 --- START value calculation Section 8.5.10 --- integrity protection Section 8.6.4.3---integrity protection mode info IE

handling Section 8.6.3.4 --- ciphering mode info IE handling

Technology

Rrc security procedure overview